diff --git a/.gitignore b/.gitignore index 038d357..a559709 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/iproute-3.10.0-55.el7.tar.xz +SOURCES/iproute-3.10.0-74.el7.tar.xz diff --git a/.iproute.metadata b/.iproute.metadata index 75c6ec1..ba7fa72 100644 --- a/.iproute.metadata +++ b/.iproute.metadata @@ -1 +1 @@ -038cea3b78fd901da51be8718e3f41ae880644ea SOURCES/iproute-3.10.0-55.el7.tar.xz +603fecb6e4911850c8316c38f7ea576856744e57 SOURCES/iproute-3.10.0-74.el7.tar.xz diff --git a/SOURCES/0001-man-lnstat-rewrite-manpage.patch b/SOURCES/0001-man-lnstat-rewrite-manpage.patch deleted file mode 100644 index 38eeca1..0000000 --- a/SOURCES/0001-man-lnstat-rewrite-manpage.patch +++ /dev/null @@ -1,249 +0,0 @@ -From b5c8d07b3e6c4c4b86636b6cb85f812eb634ea34 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 16 Feb 2016 20:03:30 +0100 -Subject: [PATCH] man: lnstat: rewrite manpage - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269133 -Upstream Status: commit f3737abf8ca5e - -commit f3737abf8ca5e446f71d99b4f8e77460ede6f7ef -Author: Phil Sutter -Date: Fri Sep 18 20:17:04 2015 +0200 - - man: lnstat: rewrite manpage - - Signed-off-by: Phil Sutter ---- - man/man8/lnstat.8 | 197 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 192 insertions(+), 5 deletions(-) - -diff --git a/man/man8/lnstat.8 b/man/man8/lnstat.8 -index a76940b..b817bcf 100644 ---- a/man/man8/lnstat.8 -+++ b/man/man8/lnstat.8 -@@ -9,9 +9,21 @@ This manual page documents briefly the - .B lnstat - command. - .PP --\fBlnstat\fP is a generalized and more feature-complete replacement for the old rtstat program. --In addition to routing cache statistics, it supports any kind of statistics the linux kernel --exports via a file in /proc/net/stat/. -+\fBlnstat\fP is a generalized and more feature-complete replacement for the old -+rtstat program. It is commonly used to periodically print a selection of -+statistical values exported by the kernel. -+In addition to routing cache statistics, it supports any kind of statistics the -+linux kernel exports via a file in /proc/net/stat/. -+.PP -+Each file in /proc/net/stat/ contains a header line listing the column names. -+These names are used by \fBlnstat\fP as keys for selecting which statistics to -+print. For every CPU present in the system, a line follows which lists the -+actual values for each column of the file. \fBlnstat\fP sums these values up -+(which in fact are counters) before printing them. After each interval, only -+the difference to the last value is printed. -+.PP -+Files and columns may be selected by using the \fB-f\fP and \fB-k\fP -+parameters. By default, all columns of all files are printed. - .SH OPTIONS - lnstat supports the following options. - .TP -@@ -28,13 +40,15 @@ Print number of intervals. - Dump list of available files/keys. - .TP - .B \-f, \-\-file --Statistics file to use. -+Statistics file to use, may be specified multiple times. By default all files in /proc/net/stat are scanned. - .TP - .B \-i, \-\-interval - Set interval to 'intv' seconds. - .TP - .B \-k, \-\-keys k,k,k,... --Display only keys specified. -+Display only keys specified. Each key \fBk\fP is of the form \fB[file:]key\fP. If \fB\fP -+is given, the search for the given key is limited to that file. Otherwise the first file containing -+the searched key is being used. - .TP - .B \-s, \-\-subject [0-2] - Specify display of subject/header. '0' means no header at all, '1' prints a header only at start of the program and '2' prints a header every 20 lines. -@@ -63,6 +77,179 @@ Print a header at start and every 20 lines. - .TP - .B # lnstat -c -1 -i 1 -f rt_cache -k entries,in_hit,in_slow_tot - Display statistics for keys entries, in_hit and in_slow_tot of field rt_cache every second. -+ -+.SH FILES -+.TP -+.B /proc/net/stat/arp_cache, /proc/net/stat/ndisc_cache -+Statistics around neighbor cache and ARP. \fBarp_cache\fP is for IPv4, \fBndisc_cache\fP is the same for IPv6. -+.sp -+.B entries -+Number of entries in the neighbor table. -+.sp -+.B allocs -+How many neighbor entries have been allocated. -+.sp -+.B destroys -+How many neighbor entries have been removed. -+.sp -+.B hash_grows -+How often the neighbor (hash) table was increased. -+.sp -+.B lookups -+How many lookups were performed. -+.sp -+.B hits -+How many \fBlookups\fP were successful. -+.sp -+.B res_failed -+How many neighbor lookups failed. -+.sp -+.B rcv_probes_mcast -+How many multicast neighbor solicitations were received. (IPv6 only.) -+.sp -+.B rcv_probes_ucast -+How many unicast neighbor solicitations were received. (IPv6 only.) -+.sp -+.B periodic_gc_runs -+How many garbage collection runs were executed. -+.sp -+.B forced_gc_runs -+How many forced garbage collection runs were executed. Happens when adding an -+entry and the table is too full. -+.sp -+.B unresolved_discards -+How many neighbor table entries were discarded due to lookup failure. -+.sp -+.B table_fulls -+Number of table overflows. Happens if table is full and forced GC run (see -+\fBforced_gc_runs\fP) has failed. -+ -+.TP -+.B /proc/net/stat/ip_conntrack, /proc/net/stat/nf_conntrack -+Conntrack related counters. \fBip_conntrack\fP is for backwards compatibility -+with older userspace only and shows the same data as \fBnf_conntrack\fP. -+.sp -+.B entries -+Number of entries in conntrack table. -+.sp -+.B searched -+Number of conntrack table lookups performed. -+.sp -+.B found -+Number of \fBsearched\fP entries which were successful. -+.sp -+.B new -+Number of conntrack entries added which were not expected before. -+.sp -+.B invalid -+Number of packets seen which can not be tracked. -+.sp -+.B ignore -+Number of packets seen which are already connected to a conntrack entry. -+.sp -+.B delete -+Number of conntrack entries which were removed. -+.sp -+.B delete_list -+Number of conntrack entries which were put to dying list. -+.sp -+.B insert -+Number of entries inserted into the list. -+.sp -+.B insert_failed -+Number of entries for which list insertion was attempted but failed (happens if -+the same entry is already present). -+.sp -+.B drop -+Number of packets dropped due to conntrack failure. Either new conntrack entry -+allocation failed, or protocol helper dropped the packet. -+.sp -+.B early_drop -+Number of dropped conntrack entries to make room for new ones, if maximum table -+size was reached. -+.sp -+.B icmp_error -+Number of packets wich could not be tracked due to error situation. This is a -+subset of \fBinvalid\fP. -+.sp -+.B expect_new -+Number of conntrack entries added after an expectation for them was already -+present. -+.sp -+.B expect_create -+Number of expectations added. -+.sp -+.B expect_delete -+Number of expectations deleted. -+.sp -+.B search_restart -+Number of conntrack table lookups which had to be restarted due to hashtable -+resizes. -+ -+.TP -+.B /proc/net/stat/rt_cache -+Routing cache statistics. -+.sp -+.B entries -+Number of entries in routing cache. -+.sp -+.B in_hit -+Number of route cache hits for incoming packets. Deprecated since IP route -+cache removal, therefore always zero. -+.sp -+.B in_slow_tot -+Number of routing cache entries added for input traffic. -+.sp -+.B in_slow_mc -+Number of multicast routing cache entries added for input traffic. -+.sp -+.B in_no_route -+Number of input packets for which no routing table entry was found. -+.sp -+.B in_brd -+Number of matched input broadcast packets. -+.sp -+.B in_martian_dst -+Number of incoming martian destination packets. -+.sp -+.B in_martian_src -+Number of incoming martian source packets. -+.sp -+.B out_hit -+Number of route cache hits for outgoing packets. Deprecated since IP route -+cache removal, therefore always zero. -+.sp -+.B out_slow_tot -+Number of routing cache entries added for output traffic. -+.sp -+.B out_slow_mc -+Number of multicast routing cache entries added for output traffic. -+.sp -+.B gc_total -+Total number of garbage collection runs. Deprecated since IP route cache -+removal, therefore always zero. -+.sp -+.B gc_ignored -+Number of ignored garbage collection runs due to minimum GC interval not -+reached and routing cache not full. Deprecated since IP route cache removal, -+therefore always zero. -+.sp -+.B gc_goal_miss -+Number of garbage collector goal misses. Deprecated since IP route cache -+removal, therefore always zero. -+.sp -+.B gc_dst_overflow -+Number of destination cache overflows. Deprecated since IP route cache removal, -+therefore always zero. -+.sp -+.B in_hlist_search -+Number of hash table list traversals for input traffic. Deprecated since IP -+route cache removal, therefore always zero. -+.sp -+.B out_hlist_search -+Number of hash table list traversals for output traffic. Deprecated since IP -+route cache removal, therefore always zero. -+ - .SH SEE ALSO - .BR ip (8), - and /usr/share/doc/iproute-doc/README.lnstat (package iproute-doc on Debian) --- -1.8.3.1 - diff --git a/SOURCES/0001-misc-ss-tcp-cwnd-should-be-unsigned.patch b/SOURCES/0001-misc-ss-tcp-cwnd-should-be-unsigned.patch new file mode 100644 index 0000000..a8ad76f --- /dev/null +++ b/SOURCES/0001-misc-ss-tcp-cwnd-should-be-unsigned.patch @@ -0,0 +1,66 @@ +From f9a228a373bc7dc77a7ddc5c601c801c8e8498aa Mon Sep 17 00:00:00 2001 +From: Davide Caratti +Date: Fri, 18 Nov 2016 11:45:54 +0100 +Subject: [PATCH] misc/ss: tcp cwnd should be unsigned + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1375215 +Upstream Status: iproute2.git commit d1f338b31858 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=12041044 +Tested: on local VM using iperf3 on loopback + +commit d1f338b31858005b2550da05098d56ea4e8fd401 +Author: Hangbin Liu +Date: Thu Sep 22 16:40:28 2016 +0800 + + misc/ss: tcp cwnd should be unsigned + + tcp->snd_cwd is a u32, but ss treats it like a signed int. This may + results in negative bandwidth calculations. + + Signed-off-by: Hangbin Liu + Acked-by: Phil Sutter + +Signed-off-by: Davide Caratti +--- + misc/ss.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/misc/ss.c b/misc/ss.c +index c385d47..45fb4b0 100644 +--- a/misc/ss.c ++++ b/misc/ss.c +@@ -759,11 +759,12 @@ struct tcpstat + int probes; + char cong_alg[16]; + double rto, ato, rtt, rttvar; +- int qack, cwnd, ssthresh, backoff; ++ int qack, ssthresh, backoff; + double send_bps; + int snd_wscale; + int rcv_wscale; + int mss; ++ unsigned int cwnd; + unsigned int lastsnd; + unsigned int lastrcv; + unsigned int lastack; +@@ -1692,7 +1693,7 @@ static void tcp_stats_print(struct tcpstat *s) + if (s->mss) + printf(" mss:%d", s->mss); + if (s->cwnd) +- printf(" cwnd:%d", s->cwnd); ++ printf(" cwnd:%u", s->cwnd); + if (s->ssthresh) + printf(" ssthresh:%d", s->ssthresh); + +@@ -1783,7 +1784,7 @@ static int tcp_show_line(char *line, const struct filter *f, int family) + return 0; + + opt[0] = 0; +- n = sscanf(data, "%x %x:%x %x:%x %x %d %d %u %d %llx %d %d %d %d %d %[^\n]\n", ++ n = sscanf(data, "%x %x:%x %x:%x %x %d %d %u %d %llx %d %d %d %u %d %[^\n]\n", + &s.ss.state, &s.ss.wq, &s.ss.rq, + &s.timer, &s.timeout, &s.retrans, &s.ss.uid, &s.probes, + &s.ss.ino, &s.ss.refcnt, &s.ss.sk, &rto, &ato, &s.qack, &s.cwnd, +-- +1.8.3.1 + diff --git a/SOURCES/0002-lnstat-fix-header-displaying-mechanism.patch b/SOURCES/0002-lnstat-fix-header-displaying-mechanism.patch deleted file mode 100644 index d4eaff9..0000000 --- a/SOURCES/0002-lnstat-fix-header-displaying-mechanism.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 54a2e1a045adae87ccd7b3047c1ccc3b1eea1351 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 16 Feb 2016 20:48:44 +0100 -Subject: [PATCH] lnstat: fix header displaying mechanism - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1263392 -Upstream Status: commit fdb347f7fd6c3 -Conflicts: Patch practically rewritten due to missing commit - a4f9e8df37b23 ("lnstat: add json output format") and - follow-ups. - -commit fdb347f7fd6c36b270a8c571cbe9a124a281b2b5 -Author: Phil Sutter -Date: Wed Nov 18 16:57:47 2015 +0100 - - lnstat: fix header displaying mechanism - - The algorithm depends on the loop counter ('i') to increment by one in - each iteration. Though if running endlessly (count==0), the counter was - not incremented at all. - - Also change formatting of the header printing conditional a bit so it's - hopefully easier to read. - - Fixes: e7e2913 ("lnstat: run indefinitely by default") - Signed-off-by: Phil Sutter ---- - misc/lnstat.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/misc/lnstat.c b/misc/lnstat.c -index fcd7dd3..f2bb695 100644 ---- a/misc/lnstat.c -+++ b/misc/lnstat.c -@@ -332,16 +332,15 @@ int main(int argc, char **argv) - if (interval < 1 ) - interval=1; - -- for (i = 0; i < count || !count; ) { -- if ((hdr > 1 && (! (i % 20))) || (hdr == 1 && i == 0)) -- print_hdr(stdout, header); -+ for (i = 0; i < count || !count; i++) { - lnstat_update(lnstat_files); -+ if ((hdr > 1 && !(i % 20)) || -+ (hdr == 1 && i == 0)) -+ print_hdr(stdout, header); - print_line(stdout, lnstat_files, &fp); - fflush(stdout); - if (i < count - 1 || !count) - sleep(interval); -- if (count) -- ++i; - } - } - --- -1.8.3.1 - diff --git a/SOURCES/0002-macsec-fix-input-of-port-improve-documentation-of-ad.patch b/SOURCES/0002-macsec-fix-input-of-port-improve-documentation-of-ad.patch new file mode 100644 index 0000000..93dc48b --- /dev/null +++ b/SOURCES/0002-macsec-fix-input-of-port-improve-documentation-of-ad.patch @@ -0,0 +1,129 @@ +From 9c3efe55ac335b744aa993351f20ea9488aeaae5 Mon Sep 17 00:00:00 2001 +From: Davide Caratti +Date: Fri, 25 Nov 2016 10:43:09 +0100 +Subject: [PATCH] macsec: fix input of 'port', improve documentation of + 'address' + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1355629 +Upstream Status: iproute2.git commit 5898bd667a48 + +commit 5898bd667a483c12ba0ca53aa0ef39f9b98d2fc9 +Author: Davide Caratti +Date: Tue Aug 30 13:23:12 2016 +0200 + + macsec: fix input of 'port', improve documentation of 'address' + + remove hardcoded base 10 parsing of 'port' parameter, update man page + and fix usage() functions as well. Fix misleading line in man page that + theoretically allowed specifying 'port' keyword right after 'sci' keyword. + Provide documentation of 'address' parameter in man pages and in usage() + functions as well. + + Signed-off-by: Davide Caratti + +Signed-off-by: Davide Caratti +--- + ip/ipmacsec.c | 6 +++--- + man/man8/ip-link.8.in | 14 +++++++++++--- + man/man8/ip-macsec.8 | 12 +++++++++--- + 3 files changed, 23 insertions(+), 9 deletions(-) + +diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c +index 329be00..21e53be 100644 +--- a/ip/ipmacsec.c ++++ b/ip/ipmacsec.c +@@ -110,7 +110,7 @@ static void ipmacsec_usage(void) + fprintf(stderr, "where OPTS := [ pn ] [ on | off ]\n"); + fprintf(stderr, " ID := 128-bit hex string\n"); + fprintf(stderr, " KEY := 128-bit hex string\n"); +- fprintf(stderr, " SCI := { sci | port address }\n"); ++ fprintf(stderr, " SCI := { sci | port { 1..2^16-1 } address }\n"); + + exit(-1); + } +@@ -154,7 +154,7 @@ static int get_sci(__u64 *sci, const char *arg) + + static int get_port(__be16 *port, const char *arg) + { +- return get_be16(port, arg, 10); ++ return get_be16(port, arg, 0); + } + + #define _STR(a) #a +@@ -1083,7 +1083,7 @@ static bool check_txsc_flags(bool es, bool scb, bool sci) + static void usage(FILE *f) + { + fprintf(f, +- "Usage: ... macsec [ port PORT | sci SCI ]\n" ++ "Usage: ... macsec [ [ address ] port { 1..2^16-1 } | sci ]\n" + " [ cipher { default | gcm-aes-128 } ]\n" + " [ icvlen { 8..16 } ]\n" + " [ encrypt { on | off } ]\n" +diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in +index 8968cf2..fd665b8 100644 +--- a/man/man8/ip-link.8.in ++++ b/man/man8/ip-link.8.in +@@ -782,7 +782,9 @@ For a link of type + the following additional arguments are supported: + + .BI "ip link add link " DEVICE " name " NAME " type macsec" +-[ ++[ [ ++.BI address " " ++] + .BI port " PORT" + | + .BI sci " SCI" +@@ -806,8 +808,14 @@ the following additional arguments are supported: + + .in +8 + .sp +-.BI port " PORT " +-- sets the port number for this MACsec device. ++.BI address " " ++- sets the system identifier component of secure channel for this MACsec device. ++ ++.sp ++.BI port " PORT " ++- sets the port number component of secure channel for this MACsec device, in a ++range from 1 to 65535 inclusive. Numbers with a leading " 0 " or " 0x " are ++interpreted as octal and hexadecimal, respectively. + + .sp + .BI sci " SCI " +diff --git a/man/man8/ip-macsec.8 b/man/man8/ip-macsec.8 +index 105aeec..1aca3bd 100644 +--- a/man/man8/ip-macsec.8 ++++ b/man/man8/ip-macsec.8 +@@ -3,10 +3,12 @@ + ip-macsec \- MACsec device configuration + .SH "SYNOPSIS" + .BI "ip link add link " DEVICE " name " NAME " type macsec " +-[ ++[ [ ++.BI address " " ++] + .BI port " PORT" + | +-.BI sci " SCI" ++.BI sci " " + ] [ + .BR cipher " { " default " | " gcm-aes-128 " } ] [" + .BI icvlen " ICVLEN" +@@ -62,8 +64,12 @@ ip-macsec \- MACsec device configuration + .IR SCI " := { " + .B sci + .IR " | " +-.BI port " " address " " ++.BI port ++.IR PORT ++.BI address " " + } ++.br ++.IR PORT " := { " 1..2^16-1 " } " + + + .SH DESCRIPTION +-- +1.8.3.1 + diff --git a/SOURCES/0003-iproute2-Ignore-EADDRNOTAVAIL-errors-during-address-.patch b/SOURCES/0003-iproute2-Ignore-EADDRNOTAVAIL-errors-during-address-.patch deleted file mode 100644 index 6eecb61..0000000 --- a/SOURCES/0003-iproute2-Ignore-EADDRNOTAVAIL-errors-during-address-.patch +++ /dev/null @@ -1,66 +0,0 @@ -From fe077314f11f76536a7952e8b96951be104f89d1 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 17 Feb 2016 14:03:59 +0100 -Subject: [PATCH] iproute2: Ignore EADDRNOTAVAIL errors during address flush - operation - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291825 -Upstream Status: commit e149d4e84384f - -commit e149d4e84384f88965ce43a6390acf7ba356187c -Author: Neil Horman -Date: Thu Nov 5 14:54:17 2015 -0500 - - iproute2: Ignore EADDRNOTAVAIL errors during address flush operation - - I found recently that, if I disabled address promotion in the kernel, that - ip addr flush dev - - would fail with an EADDRNOTAVAIL errno (though the flush operation would in fact - flush all addresses from an interface properly) - - Whats happening is that, if I add a primary and multiple secondary addresses to - an interface, the flush operation first ennumerates them all with a GETADDR | - DUMP operation, then sends a delete request for each address. But the kernel, - having promotion disabled, deletes all secondary addresses when the primary is - removed. That means, that several delete requests may still be pending in the - netlink request for addresses that have been removed on our behalf, resulting in - EADDRNOTAVAIL return codes. - - It seems the simplest thing to do is to understand that EADDRUNAVAIL isn't a - fatal outcome on a flush operation, as it just indicates that an address which - you want to remove is already removed, so it can safely be ignored. - - Signed-off-by: Neil Horman - CC: Stephen Hemminger - CC: Alexey Kuznetsov ---- - ip/ipaddress.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 53c7001..f4537db 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -651,7 +651,17 @@ int print_linkinfo(const struct sockaddr_nl *who, - - static int flush_update(void) - { -- if (rtnl_send_check(&rth, filter.flushb, filter.flushp) < 0) { -+ -+ /* -+ * Note that the kernel may delete multiple addresses for one -+ * delete request (e.g. if ipv4 address promotion is disabled). -+ * Since a flush operation is really a series of delete requests -+ * its possible that we may request an address delete that has -+ * already been done by the kernel. Therefore, ignore EADDRNOTAVAIL -+ * errors returned from a flush request -+ */ -+ if ((rtnl_send_check(&rth, filter.flushb, filter.flushp) < 0) && -+ (errno != EADDRNOTAVAIL)) { - perror("Failed to send flush request"); - return -1; - } --- -1.8.3.1 - diff --git a/SOURCES/0003-macsec-fix-byte-ordering-on-input-display-of-sci.patch b/SOURCES/0003-macsec-fix-byte-ordering-on-input-display-of-sci.patch new file mode 100644 index 0000000..ff4ab89 --- /dev/null +++ b/SOURCES/0003-macsec-fix-byte-ordering-on-input-display-of-sci.patch @@ -0,0 +1,138 @@ +From 22f1d933f66b7e87734fcefd7b70fb0db3ebce16 Mon Sep 17 00:00:00 2001 +From: Davide Caratti +Date: Fri, 25 Nov 2016 10:43:10 +0100 +Subject: [PATCH] macsec: fix byte ordering on input/display of 'sci' + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1355629 +Upstream Status: iproute2.git commit 0330f49ea06e + +Conflicts: +- ntohll() and htonll() have been added manually because of missing +upstream commit 1e5293056a02. +- get_be64() has been aded manually _ it was left behind while +backporting upstream commit 9f7401fa4967, because of the missing +implementation of htonll()/ntohll(). + +commit 0330f49ea06eed134b51a6924faf64ec6b1bb3ed +Author: Davide Caratti +Date: Tue Aug 30 13:23:14 2016 +0200 + + macsec: fix byte ordering on input/display of 'sci' + + use get_be64() in place of get_u64() when parsing input 'sci' parameter, + so that 'sci' can be entered using network byte order regardless the + endianness of target system; use ntohll() when printing out 'sci'. While + at it, improve documentation of 'sci' in ip-link.8. + + Signed-off-by: Davide Caratti + +Signed-off-by: Davide Caratti +--- + include/utils.h | 4 ++++ + ip/ipmacsec.c | 8 ++++---- + lib/utils.c | 11 +++++++++++ + man/man8/ip-link.8.in | 4 +++- + 4 files changed, 22 insertions(+), 5 deletions(-) + +diff --git a/include/utils.h b/include/utils.h +index fad82dc..2d1e390 100644 +--- a/include/utils.h ++++ b/include/utils.h +@@ -98,6 +98,7 @@ extern int get_u16(__u16 *val, const char *arg, int base); + extern int get_s16(__s16 *val, const char *arg, int base); + extern int get_u8(__u8 *val, const char *arg, int base); + extern int get_s8(__s8 *val, const char *arg, int base); ++int get_be64(__be64 *val, const char *arg, int base); + int get_be32(__be32 *val, const char *arg, int base); + int get_be16(__be16 *val, const char *arg, int base); + +@@ -159,6 +160,9 @@ int print_timestamp(FILE *fp); + + #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + ++#define htonll(x) ((1==htonl(1)) ? (x) : ((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32)) ++#define ntohll(x) ((1==ntohl(1)) ? (x) : ((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32)) ++ + extern int cmdlineno; + extern ssize_t getcmdline(char **line, size_t *len, FILE *in); + extern int makeargs(char *line, char *argv[], int maxargs); +diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c +index 21e53be..596594f 100644 +--- a/ip/ipmacsec.c ++++ b/ip/ipmacsec.c +@@ -149,7 +149,7 @@ static int get_an(__u8 *val, const char *arg) + + static int get_sci(__u64 *sci, const char *arg) + { +- return get_u64(sci, arg, 16); ++ return get_be64(sci, arg, 16); + } + + static int get_port(__be16 *port, const char *arg) +@@ -791,7 +791,7 @@ static void print_tx_sc(const char *prefix, __u64 sci, __u8 encoding_sa, + struct rtattr *a; + int rem; + +- printf("%sTXSC: %016llx on SA %d\n", prefix, sci, encoding_sa); ++ printf("%sTXSC: %016llx on SA %d\n", prefix, ntohll(sci), encoding_sa); + print_secy_stats(prefix, secy_stats); + print_txsc_stats(prefix, txsc_stats); + +@@ -860,7 +860,7 @@ static void print_rx_sc(const char *prefix, __u64 sci, __u8 active, + struct rtattr *a; + int rem; + +- printf("%sRXSC: %016llx, state %s\n", prefix, sci, ++ printf("%sRXSC: %016llx, state %s\n", prefix, ntohll(sci), + values_on_off[!!active]); + print_rxsc_stats(prefix, rxsc_stats); + +@@ -1032,7 +1032,7 @@ static void macsec_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + + if (tb[IFLA_MACSEC_SCI]) { + fprintf(f, "sci %016llx ", +- rta_getattr_u64(tb[IFLA_MACSEC_SCI])); ++ ntohll(rta_getattr_u64(tb[IFLA_MACSEC_SCI]))); + } + + print_flag(f, tb, "protect", IFLA_MACSEC_PROTECT); +diff --git a/lib/utils.c b/lib/utils.c +index b310166..d3ed875 100644 +--- a/lib/utils.c ++++ b/lib/utils.c +@@ -363,6 +363,17 @@ int get_s8(__s8 *val, const char *arg, int base) + return 0; + } + ++int get_be64(__be64 *val, const char *arg, int base) ++{ ++ __u64 v; ++ int ret = get_u64(&v, arg, base); ++ ++ if (!ret) ++ *val = htonll(v); ++ ++ return ret; ++} ++ + int get_be32(__be32 *val, const char *arg, int base) + { + __u32 v; +diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in +index fd665b8..73cd86d 100644 +--- a/man/man8/ip-link.8.in ++++ b/man/man8/ip-link.8.in +@@ -819,7 +819,9 @@ interpreted as octal and hexadecimal, respectively. + + .sp + .BI sci " SCI " +-- sets the SCI for this MACsec device. ++- sets the secure channel identifier for this MACsec device. ++.I SCI ++is a 64bit wide number in hexadecimal format. + + .sp + .BI cipher " CIPHER_SUITE " +-- +1.8.3.1 + diff --git a/SOURCES/0004-libnetlink-introduce-nc_flags.patch b/SOURCES/0004-libnetlink-introduce-nc_flags.patch deleted file mode 100644 index 40ffc16..0000000 --- a/SOURCES/0004-libnetlink-introduce-nc_flags.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 81112a9fc77aa269f3fa7cde80facb9b9056854f Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 17 Feb 2016 14:03:59 +0100 -Subject: [PATCH] libnetlink: introduce nc_flags - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291825 -Upstream Status: commit 8e72880f6bfa3 -Conflicts: Changes in context and removed code due to missing commit - 892e21248cfdb ("remove unnecessary extern") - -commit 8e72880f6bfa39f439b9c4a88eb84b635b991687 -Author: Phil Sutter -Date: Tue Nov 24 15:31:01 2015 +0100 - - libnetlink: introduce nc_flags - - Allow for a filter to ignore certain nlmsg_flags. - - Signed-off-by: Phil Sutter ---- - include/libnetlink.h | 8 ++++++-- - lib/libnetlink.c | 10 ++++++---- - 2 files changed, 12 insertions(+), 6 deletions(-) - -diff --git a/include/libnetlink.h b/include/libnetlink.h -index bd9bde0..058dc64 100644 ---- a/include/libnetlink.h -+++ b/include/libnetlink.h -@@ -58,12 +58,16 @@ struct rtnl_dump_filter_arg - { - rtnl_filter_t filter; - void *arg1; -+ __u16 nc_flags; - }; - - extern int rtnl_dump_filter_l(struct rtnl_handle *rth, - const struct rtnl_dump_filter_arg *arg); --extern int rtnl_dump_filter(struct rtnl_handle *rth, rtnl_filter_t filter, -- void *arg); -+int rtnl_dump_filter_nc(struct rtnl_handle *rth, -+ rtnl_filter_t filter, -+ void *arg, __u16 nc_flags); -+#define rtnl_dump_filter(rth, filter, arg) \ -+ rtnl_dump_filter_nc(rth, filter, arg, 0) - extern int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, - unsigned groups, struct nlmsghdr *answer) - __attribute__((warn_unused_result)); -diff --git a/lib/libnetlink.c b/lib/libnetlink.c -index 424a5b6..95675be 100644 ---- a/lib/libnetlink.c -+++ b/lib/libnetlink.c -@@ -234,6 +234,8 @@ int rtnl_dump_filter_l(struct rtnl_handle *rth, - while (NLMSG_OK(h, msglen)) { - int err = 0; - -+ h->nlmsg_flags &= ~a->nc_flags; -+ - if (nladdr.nl_pid != 0 || - h->nlmsg_pid != rth->local.nl_pid || - h->nlmsg_seq != rth->dump) -@@ -292,13 +294,13 @@ skip_it: - } - } - --int rtnl_dump_filter(struct rtnl_handle *rth, -+int rtnl_dump_filter_nc(struct rtnl_handle *rth, - rtnl_filter_t filter, -- void *arg1) -+ void *arg1, __u16 nc_flags) - { - const struct rtnl_dump_filter_arg a[2] = { -- { .filter = filter, .arg1 = arg1, }, -- { .filter = NULL, .arg1 = NULL, }, -+ { .filter = filter, .arg1 = arg1, .nc_flags = nc_flags, }, -+ { .filter = NULL, .arg1 = NULL, .nc_flags = 0, }, - }; - - return rtnl_dump_filter_l(rth, a); --- -1.8.3.1 - diff --git a/SOURCES/0004-update-inet_diag.h-header.patch b/SOURCES/0004-update-inet_diag.h-header.patch new file mode 100644 index 0000000..6f58343 --- /dev/null +++ b/SOURCES/0004-update-inet_diag.h-header.patch @@ -0,0 +1,33 @@ +From 219f04e854453e7386ba6e3fb81b3c40a6591c1c Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 1 Feb 2017 12:09:36 +0100 +Subject: [PATCH] update inet_diag.h header + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1063934 +Upstream Status: iproute2.git commit 8b5be9ecfff49 + +commit 8b5be9ecfff493d06189234405be210404dc38bb +Author: Stephen Hemminger +Date: Tue Apr 19 08:06:11 2016 -0700 + + update inet_diag.h header +--- + include/linux/inet_diag.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/linux/inet_diag.h b/include/linux/inet_diag.h +index 1db4116..b806fcf 100644 +--- a/include/linux/inet_diag.h ++++ b/include/linux/inet_diag.h +@@ -113,6 +113,8 @@ enum { + INET_DIAG_DCTCPINFO, + INET_DIAG_PROTOCOL, /* response attribute only */ + INET_DIAG_SKV6ONLY, ++ INET_DIAG_LOCALS, ++ INET_DIAG_PEERS, + }; + + #define INET_DIAG_MAX INET_DIAG_SKV6ONLY +-- +1.8.3.1 + diff --git a/SOURCES/0005-include-Add-linux-sctp.h.patch b/SOURCES/0005-include-Add-linux-sctp.h.patch new file mode 100644 index 0000000..0a8828b --- /dev/null +++ b/SOURCES/0005-include-Add-linux-sctp.h.patch @@ -0,0 +1,1036 @@ +From fc2a51e9d65617dfcc0271aa94781cae597f89d3 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 1 Feb 2017 12:09:59 +0100 +Subject: [PATCH] include: Add linux/sctp.h + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1063934 +Upstream Status: iproute2.git commit 5dec02d7b4b70 + +commit 5dec02d7b4b70128a661bab1ff991c605ba28b3f +Author: Phil Sutter +Date: Wed Nov 9 12:12:23 2016 +0100 + + include: Add linux/sctp.h + + Add sanitized UAPI linux/sctp.h header file. + + Signed-off-by: Phil Sutter +--- + include/linux/sctp.h | 1005 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 1005 insertions(+) + create mode 100644 include/linux/sctp.h + +diff --git a/include/linux/sctp.h b/include/linux/sctp.h +new file mode 100644 +index 0000000..eee08c0 +--- /dev/null ++++ b/include/linux/sctp.h +@@ -0,0 +1,1005 @@ ++/* SCTP kernel implementation ++ * (C) Copyright IBM Corp. 2001, 2004 ++ * Copyright (c) 1999-2000 Cisco, Inc. ++ * Copyright (c) 1999-2001 Motorola, Inc. ++ * Copyright (c) 2002 Intel Corp. ++ * ++ * This file is part of the SCTP kernel implementation ++ * ++ * This header represents the structures and constants needed to support ++ * the SCTP Extension to the Sockets API. ++ * ++ * This SCTP implementation is free software; ++ * you can redistribute it and/or modify it under the terms of ++ * the GNU General Public License as published by ++ * the Free Software Foundation; either version 2, or (at your option) ++ * any later version. ++ * ++ * This SCTP implementation is distributed in the hope that it ++ * will be useful, but WITHOUT ANY WARRANTY; without even the implied ++ * ************************ ++ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ++ * See the GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GNU CC; see the file COPYING. If not, see ++ * . ++ * ++ * Please send any bug reports or fixes you make to the ++ * email address(es): ++ * lksctp developers ++ * ++ * Or submit a bug report through the following website: ++ * http://www.sf.net/projects/lksctp ++ * ++ * Written or modified by: ++ * La Monte H.P. Yarroll ++ * R. Stewart ++ * K. Morneau ++ * Q. Xie ++ * Karl Knutson ++ * Jon Grimm ++ * Daisy Chang ++ * Ryan Layer ++ * Ardelle Fan ++ * Sridhar Samudrala ++ * Inaky Perez-Gonzalez ++ * Vlad Yasevich ++ * ++ * Any bugs reported given to us we will try to fix... any fixes shared will ++ * be incorporated into the next SCTP release. ++ */ ++ ++#ifndef _SCTP_H ++#define _SCTP_H ++ ++#include ++#include ++ ++typedef __s32 sctp_assoc_t; ++ ++/* The following symbols come from the Sockets API Extensions for ++ * SCTP . ++ */ ++#define SCTP_RTOINFO 0 ++#define SCTP_ASSOCINFO 1 ++#define SCTP_INITMSG 2 ++#define SCTP_NODELAY 3 /* Get/set nodelay option. */ ++#define SCTP_AUTOCLOSE 4 ++#define SCTP_SET_PEER_PRIMARY_ADDR 5 ++#define SCTP_PRIMARY_ADDR 6 ++#define SCTP_ADAPTATION_LAYER 7 ++#define SCTP_DISABLE_FRAGMENTS 8 ++#define SCTP_PEER_ADDR_PARAMS 9 ++#define SCTP_DEFAULT_SEND_PARAM 10 ++#define SCTP_EVENTS 11 ++#define SCTP_I_WANT_MAPPED_V4_ADDR 12 /* Turn on/off mapped v4 addresses */ ++#define SCTP_MAXSEG 13 /* Get/set maximum fragment. */ ++#define SCTP_STATUS 14 ++#define SCTP_GET_PEER_ADDR_INFO 15 ++#define SCTP_DELAYED_ACK_TIME 16 ++#define SCTP_DELAYED_ACK SCTP_DELAYED_ACK_TIME ++#define SCTP_DELAYED_SACK SCTP_DELAYED_ACK_TIME ++#define SCTP_CONTEXT 17 ++#define SCTP_FRAGMENT_INTERLEAVE 18 ++#define SCTP_PARTIAL_DELIVERY_POINT 19 /* Set/Get partial delivery point */ ++#define SCTP_MAX_BURST 20 /* Set/Get max burst */ ++#define SCTP_AUTH_CHUNK 21 /* Set only: add a chunk type to authenticate */ ++#define SCTP_HMAC_IDENT 22 ++#define SCTP_AUTH_KEY 23 ++#define SCTP_AUTH_ACTIVE_KEY 24 ++#define SCTP_AUTH_DELETE_KEY 25 ++#define SCTP_PEER_AUTH_CHUNKS 26 /* Read only */ ++#define SCTP_LOCAL_AUTH_CHUNKS 27 /* Read only */ ++#define SCTP_GET_ASSOC_NUMBER 28 /* Read only */ ++#define SCTP_GET_ASSOC_ID_LIST 29 /* Read only */ ++#define SCTP_AUTO_ASCONF 30 ++#define SCTP_PEER_ADDR_THLDS 31 ++#define SCTP_RECVRCVINFO 32 ++#define SCTP_RECVNXTINFO 33 ++#define SCTP_DEFAULT_SNDINFO 34 ++ ++/* Internal Socket Options. Some of the sctp library functions are ++ * implemented using these socket options. ++ */ ++#define SCTP_SOCKOPT_BINDX_ADD 100 /* BINDX requests for adding addrs */ ++#define SCTP_SOCKOPT_BINDX_REM 101 /* BINDX requests for removing addrs. */ ++#define SCTP_SOCKOPT_PEELOFF 102 /* peel off association. */ ++/* Options 104-106 are deprecated and removed. Do not use this space */ ++#define SCTP_SOCKOPT_CONNECTX_OLD 107 /* CONNECTX old requests. */ ++#define SCTP_GET_PEER_ADDRS 108 /* Get all peer address. */ ++#define SCTP_GET_LOCAL_ADDRS 109 /* Get all local address. */ ++#define SCTP_SOCKOPT_CONNECTX 110 /* CONNECTX requests. */ ++#define SCTP_SOCKOPT_CONNECTX3 111 /* CONNECTX requests (updated) */ ++#define SCTP_GET_ASSOC_STATS 112 /* Read only */ ++#define SCTP_PR_SUPPORTED 113 ++#define SCTP_DEFAULT_PRINFO 114 ++#define SCTP_PR_ASSOC_STATUS 115 ++ ++/* PR-SCTP policies */ ++#define SCTP_PR_SCTP_NONE 0x0000 ++#define SCTP_PR_SCTP_TTL 0x0010 ++#define SCTP_PR_SCTP_RTX 0x0020 ++#define SCTP_PR_SCTP_PRIO 0x0030 ++#define SCTP_PR_SCTP_MAX SCTP_PR_SCTP_PRIO ++#define SCTP_PR_SCTP_MASK 0x0030 ++ ++#define __SCTP_PR_INDEX(x) ((x >> 4) - 1) ++#define SCTP_PR_INDEX(x) __SCTP_PR_INDEX(SCTP_PR_SCTP_ ## x) ++ ++#define SCTP_PR_POLICY(x) ((x) & SCTP_PR_SCTP_MASK) ++#define SCTP_PR_SET_POLICY(flags, x) \ ++ do { \ ++ flags &= ~SCTP_PR_SCTP_MASK; \ ++ flags |= x; \ ++ } while (0) ++ ++#define SCTP_PR_TTL_ENABLED(x) (SCTP_PR_POLICY(x) == SCTP_PR_SCTP_TTL) ++#define SCTP_PR_RTX_ENABLED(x) (SCTP_PR_POLICY(x) == SCTP_PR_SCTP_RTX) ++#define SCTP_PR_PRIO_ENABLED(x) (SCTP_PR_POLICY(x) == SCTP_PR_SCTP_PRIO) ++ ++/* These are bit fields for msghdr->msg_flags. See section 5.1. */ ++/* On user space Linux, these live in as an enum. */ ++enum sctp_msg_flags { ++ MSG_NOTIFICATION = 0x8000, ++#define MSG_NOTIFICATION MSG_NOTIFICATION ++}; ++ ++/* 5.3.1 SCTP Initiation Structure (SCTP_INIT) ++ * ++ * This cmsghdr structure provides information for initializing new ++ * SCTP associations with sendmsg(). The SCTP_INITMSG socket option ++ * uses this same data structure. This structure is not used for ++ * recvmsg(). ++ * ++ * cmsg_level cmsg_type cmsg_data[] ++ * ------------ ------------ ---------------------- ++ * IPPROTO_SCTP SCTP_INIT struct sctp_initmsg ++ */ ++struct sctp_initmsg { ++ __u16 sinit_num_ostreams; ++ __u16 sinit_max_instreams; ++ __u16 sinit_max_attempts; ++ __u16 sinit_max_init_timeo; ++}; ++ ++/* 5.3.2 SCTP Header Information Structure (SCTP_SNDRCV) ++ * ++ * This cmsghdr structure specifies SCTP options for sendmsg() and ++ * describes SCTP header information about a received message through ++ * recvmsg(). ++ * ++ * cmsg_level cmsg_type cmsg_data[] ++ * ------------ ------------ ---------------------- ++ * IPPROTO_SCTP SCTP_SNDRCV struct sctp_sndrcvinfo ++ */ ++struct sctp_sndrcvinfo { ++ __u16 sinfo_stream; ++ __u16 sinfo_ssn; ++ __u16 sinfo_flags; ++ __u32 sinfo_ppid; ++ __u32 sinfo_context; ++ __u32 sinfo_timetolive; ++ __u32 sinfo_tsn; ++ __u32 sinfo_cumtsn; ++ sctp_assoc_t sinfo_assoc_id; ++}; ++ ++/* 5.3.4 SCTP Send Information Structure (SCTP_SNDINFO) ++ * ++ * This cmsghdr structure specifies SCTP options for sendmsg(). ++ * ++ * cmsg_level cmsg_type cmsg_data[] ++ * ------------ ------------ ------------------- ++ * IPPROTO_SCTP SCTP_SNDINFO struct sctp_sndinfo ++ */ ++struct sctp_sndinfo { ++ __u16 snd_sid; ++ __u16 snd_flags; ++ __u32 snd_ppid; ++ __u32 snd_context; ++ sctp_assoc_t snd_assoc_id; ++}; ++ ++/* 5.3.5 SCTP Receive Information Structure (SCTP_RCVINFO) ++ * ++ * This cmsghdr structure describes SCTP receive information ++ * about a received message through recvmsg(). ++ * ++ * cmsg_level cmsg_type cmsg_data[] ++ * ------------ ------------ ------------------- ++ * IPPROTO_SCTP SCTP_RCVINFO struct sctp_rcvinfo ++ */ ++struct sctp_rcvinfo { ++ __u16 rcv_sid; ++ __u16 rcv_ssn; ++ __u16 rcv_flags; ++ __u32 rcv_ppid; ++ __u32 rcv_tsn; ++ __u32 rcv_cumtsn; ++ __u32 rcv_context; ++ sctp_assoc_t rcv_assoc_id; ++}; ++ ++/* 5.3.6 SCTP Next Receive Information Structure (SCTP_NXTINFO) ++ * ++ * This cmsghdr structure describes SCTP receive information ++ * of the next message that will be delivered through recvmsg() ++ * if this information is already available when delivering ++ * the current message. ++ * ++ * cmsg_level cmsg_type cmsg_data[] ++ * ------------ ------------ ------------------- ++ * IPPROTO_SCTP SCTP_NXTINFO struct sctp_nxtinfo ++ */ ++struct sctp_nxtinfo { ++ __u16 nxt_sid; ++ __u16 nxt_flags; ++ __u32 nxt_ppid; ++ __u32 nxt_length; ++ sctp_assoc_t nxt_assoc_id; ++}; ++ ++/* ++ * sinfo_flags: 16 bits (unsigned integer) ++ * ++ * This field may contain any of the following flags and is composed of ++ * a bitwise OR of these values. ++ */ ++enum sctp_sinfo_flags { ++ SCTP_UNORDERED = (1 << 0), /* Send/receive message unordered. */ ++ SCTP_ADDR_OVER = (1 << 1), /* Override the primary destination. */ ++ SCTP_ABORT = (1 << 2), /* Send an ABORT message to the peer. */ ++ SCTP_SACK_IMMEDIATELY = (1 << 3), /* SACK should be sent without delay. */ ++ SCTP_NOTIFICATION = MSG_NOTIFICATION, /* Next message is not user msg but notification. */ ++ SCTP_EOF = MSG_FIN, /* Initiate graceful shutdown process. */ ++}; ++ ++typedef union { ++ __u8 raw; ++ struct sctp_initmsg init; ++ struct sctp_sndrcvinfo sndrcv; ++} sctp_cmsg_data_t; ++ ++/* These are cmsg_types. */ ++typedef enum sctp_cmsg_type { ++ SCTP_INIT, /* 5.2.1 SCTP Initiation Structure */ ++#define SCTP_INIT SCTP_INIT ++ SCTP_SNDRCV, /* 5.2.2 SCTP Header Information Structure */ ++#define SCTP_SNDRCV SCTP_SNDRCV ++ SCTP_SNDINFO, /* 5.3.4 SCTP Send Information Structure */ ++#define SCTP_SNDINFO SCTP_SNDINFO ++ SCTP_RCVINFO, /* 5.3.5 SCTP Receive Information Structure */ ++#define SCTP_RCVINFO SCTP_RCVINFO ++ SCTP_NXTINFO, /* 5.3.6 SCTP Next Receive Information Structure */ ++#define SCTP_NXTINFO SCTP_NXTINFO ++} sctp_cmsg_t; ++ ++/* ++ * 5.3.1.1 SCTP_ASSOC_CHANGE ++ * ++ * Communication notifications inform the ULP that an SCTP association ++ * has either begun or ended. The identifier for a new association is ++ * provided by this notificaion. The notification information has the ++ * following format: ++ * ++ */ ++struct sctp_assoc_change { ++ __u16 sac_type; ++ __u16 sac_flags; ++ __u32 sac_length; ++ __u16 sac_state; ++ __u16 sac_error; ++ __u16 sac_outbound_streams; ++ __u16 sac_inbound_streams; ++ sctp_assoc_t sac_assoc_id; ++ __u8 sac_info[0]; ++}; ++ ++/* ++ * sac_state: 32 bits (signed integer) ++ * ++ * This field holds one of a number of values that communicate the ++ * event that happened to the association. They include: ++ * ++ * Note: The following state names deviate from the API draft as ++ * the names clash too easily with other kernel symbols. ++ */ ++enum sctp_sac_state { ++ SCTP_COMM_UP, ++ SCTP_COMM_LOST, ++ SCTP_RESTART, ++ SCTP_SHUTDOWN_COMP, ++ SCTP_CANT_STR_ASSOC, ++}; ++ ++/* ++ * 5.3.1.2 SCTP_PEER_ADDR_CHANGE ++ * ++ * When a destination address on a multi-homed peer encounters a change ++ * an interface details event is sent. The information has the ++ * following structure: ++ */ ++struct sctp_paddr_change { ++ __u16 spc_type; ++ __u16 spc_flags; ++ __u32 spc_length; ++ struct sockaddr_storage spc_aaddr; ++ int spc_state; ++ int spc_error; ++ sctp_assoc_t spc_assoc_id; ++} __attribute__((packed, aligned(4))); ++ ++/* ++ * spc_state: 32 bits (signed integer) ++ * ++ * This field holds one of a number of values that communicate the ++ * event that happened to the address. They include: ++ */ ++enum sctp_spc_state { ++ SCTP_ADDR_AVAILABLE, ++ SCTP_ADDR_UNREACHABLE, ++ SCTP_ADDR_REMOVED, ++ SCTP_ADDR_ADDED, ++ SCTP_ADDR_MADE_PRIM, ++ SCTP_ADDR_CONFIRMED, ++}; ++ ++ ++/* ++ * 5.3.1.3 SCTP_REMOTE_ERROR ++ * ++ * A remote peer may send an Operational Error message to its peer. ++ * This message indicates a variety of error conditions on an ++ * association. The entire error TLV as it appears on the wire is ++ * included in a SCTP_REMOTE_ERROR event. Please refer to the SCTP ++ * specification [SCTP] and any extensions for a list of possible ++ * error formats. SCTP error TLVs have the format: ++ */ ++struct sctp_remote_error { ++ __u16 sre_type; ++ __u16 sre_flags; ++ __u32 sre_length; ++ __u16 sre_error; ++ sctp_assoc_t sre_assoc_id; ++ __u8 sre_data[0]; ++}; ++ ++ ++/* ++ * 5.3.1.4 SCTP_SEND_FAILED ++ * ++ * If SCTP cannot deliver a message it may return the message as a ++ * notification. ++ */ ++struct sctp_send_failed { ++ __u16 ssf_type; ++ __u16 ssf_flags; ++ __u32 ssf_length; ++ __u32 ssf_error; ++ struct sctp_sndrcvinfo ssf_info; ++ sctp_assoc_t ssf_assoc_id; ++ __u8 ssf_data[0]; ++}; ++ ++/* ++ * ssf_flags: 16 bits (unsigned integer) ++ * ++ * The flag value will take one of the following values ++ * ++ * SCTP_DATA_UNSENT - Indicates that the data was never put on ++ * the wire. ++ * ++ * SCTP_DATA_SENT - Indicates that the data was put on the wire. ++ * Note that this does not necessarily mean that the ++ * data was (or was not) successfully delivered. ++ */ ++enum sctp_ssf_flags { ++ SCTP_DATA_UNSENT, ++ SCTP_DATA_SENT, ++}; ++ ++/* ++ * 5.3.1.5 SCTP_SHUTDOWN_EVENT ++ * ++ * When a peer sends a SHUTDOWN, SCTP delivers this notification to ++ * inform the application that it should cease sending data. ++ */ ++struct sctp_shutdown_event { ++ __u16 sse_type; ++ __u16 sse_flags; ++ __u32 sse_length; ++ sctp_assoc_t sse_assoc_id; ++}; ++ ++/* ++ * 5.3.1.6 SCTP_ADAPTATION_INDICATION ++ * ++ * When a peer sends a Adaptation Layer Indication parameter , SCTP ++ * delivers this notification to inform the application ++ * that of the peers requested adaptation layer. ++ */ ++struct sctp_adaptation_event { ++ __u16 sai_type; ++ __u16 sai_flags; ++ __u32 sai_length; ++ __u32 sai_adaptation_ind; ++ sctp_assoc_t sai_assoc_id; ++}; ++ ++/* ++ * 5.3.1.7 SCTP_PARTIAL_DELIVERY_EVENT ++ * ++ * When a receiver is engaged in a partial delivery of a ++ * message this notification will be used to indicate ++ * various events. ++ */ ++struct sctp_pdapi_event { ++ __u16 pdapi_type; ++ __u16 pdapi_flags; ++ __u32 pdapi_length; ++ __u32 pdapi_indication; ++ sctp_assoc_t pdapi_assoc_id; ++}; ++ ++enum { SCTP_PARTIAL_DELIVERY_ABORTED=0, }; ++ ++/* ++ * 5.3.1.8. SCTP_AUTHENTICATION_EVENT ++ * ++ * When a receiver is using authentication this message will provide ++ * notifications regarding new keys being made active as well as errors. ++ */ ++struct sctp_authkey_event { ++ __u16 auth_type; ++ __u16 auth_flags; ++ __u32 auth_length; ++ __u16 auth_keynumber; ++ __u16 auth_altkeynumber; ++ __u32 auth_indication; ++ sctp_assoc_t auth_assoc_id; ++}; ++ ++enum { SCTP_AUTH_NEWKEY = 0, }; ++ ++/* ++ * 6.1.9. SCTP_SENDER_DRY_EVENT ++ * ++ * When the SCTP stack has no more user data to send or retransmit, this ++ * notification is given to the user. Also, at the time when a user app ++ * subscribes to this event, if there is no data to be sent or ++ * retransmit, the stack will immediately send up this notification. ++ */ ++struct sctp_sender_dry_event { ++ __u16 sender_dry_type; ++ __u16 sender_dry_flags; ++ __u32 sender_dry_length; ++ sctp_assoc_t sender_dry_assoc_id; ++}; ++ ++/* ++ * Described in Section 7.3 ++ * Ancillary Data and Notification Interest Options ++ */ ++struct sctp_event_subscribe { ++ __u8 sctp_data_io_event; ++ __u8 sctp_association_event; ++ __u8 sctp_address_event; ++ __u8 sctp_send_failure_event; ++ __u8 sctp_peer_error_event; ++ __u8 sctp_shutdown_event; ++ __u8 sctp_partial_delivery_event; ++ __u8 sctp_adaptation_layer_event; ++ __u8 sctp_authentication_event; ++ __u8 sctp_sender_dry_event; ++}; ++ ++/* ++ * 5.3.1 SCTP Notification Structure ++ * ++ * The notification structure is defined as the union of all ++ * notification types. ++ * ++ */ ++union sctp_notification { ++ struct { ++ __u16 sn_type; /* Notification type. */ ++ __u16 sn_flags; ++ __u32 sn_length; ++ } sn_header; ++ struct sctp_assoc_change sn_assoc_change; ++ struct sctp_paddr_change sn_paddr_change; ++ struct sctp_remote_error sn_remote_error; ++ struct sctp_send_failed sn_send_failed; ++ struct sctp_shutdown_event sn_shutdown_event; ++ struct sctp_adaptation_event sn_adaptation_event; ++ struct sctp_pdapi_event sn_pdapi_event; ++ struct sctp_authkey_event sn_authkey_event; ++ struct sctp_sender_dry_event sn_sender_dry_event; ++}; ++ ++/* Section 5.3.1 ++ * All standard values for sn_type flags are greater than 2^15. ++ * Values from 2^15 and down are reserved. ++ */ ++ ++enum sctp_sn_type { ++ SCTP_SN_TYPE_BASE = (1<<15), ++ SCTP_ASSOC_CHANGE, ++#define SCTP_ASSOC_CHANGE SCTP_ASSOC_CHANGE ++ SCTP_PEER_ADDR_CHANGE, ++#define SCTP_PEER_ADDR_CHANGE SCTP_PEER_ADDR_CHANGE ++ SCTP_SEND_FAILED, ++#define SCTP_SEND_FAILED SCTP_SEND_FAILED ++ SCTP_REMOTE_ERROR, ++#define SCTP_REMOTE_ERROR SCTP_REMOTE_ERROR ++ SCTP_SHUTDOWN_EVENT, ++#define SCTP_SHUTDOWN_EVENT SCTP_SHUTDOWN_EVENT ++ SCTP_PARTIAL_DELIVERY_EVENT, ++#define SCTP_PARTIAL_DELIVERY_EVENT SCTP_PARTIAL_DELIVERY_EVENT ++ SCTP_ADAPTATION_INDICATION, ++#define SCTP_ADAPTATION_INDICATION SCTP_ADAPTATION_INDICATION ++ SCTP_AUTHENTICATION_EVENT, ++#define SCTP_AUTHENTICATION_INDICATION SCTP_AUTHENTICATION_EVENT ++ SCTP_SENDER_DRY_EVENT, ++#define SCTP_SENDER_DRY_EVENT SCTP_SENDER_DRY_EVENT ++}; ++ ++/* Notification error codes used to fill up the error fields in some ++ * notifications. ++ * SCTP_PEER_ADDRESS_CHAGE : spc_error ++ * SCTP_ASSOC_CHANGE : sac_error ++ * These names should be potentially included in the draft 04 of the SCTP ++ * sockets API specification. ++ */ ++typedef enum sctp_sn_error { ++ SCTP_FAILED_THRESHOLD, ++ SCTP_RECEIVED_SACK, ++ SCTP_HEARTBEAT_SUCCESS, ++ SCTP_RESPONSE_TO_USER_REQ, ++ SCTP_INTERNAL_ERROR, ++ SCTP_SHUTDOWN_GUARD_EXPIRES, ++ SCTP_PEER_FAULTY, ++} sctp_sn_error_t; ++ ++/* ++ * 7.1.1 Retransmission Timeout Parameters (SCTP_RTOINFO) ++ * ++ * The protocol parameters used to initialize and bound retransmission ++ * timeout (RTO) are tunable. See [SCTP] for more information on how ++ * these parameters are used in RTO calculation. ++ */ ++struct sctp_rtoinfo { ++ sctp_assoc_t srto_assoc_id; ++ __u32 srto_initial; ++ __u32 srto_max; ++ __u32 srto_min; ++}; ++ ++/* ++ * 7.1.2 Association Parameters (SCTP_ASSOCINFO) ++ * ++ * This option is used to both examine and set various association and ++ * endpoint parameters. ++ */ ++struct sctp_assocparams { ++ sctp_assoc_t sasoc_assoc_id; ++ __u16 sasoc_asocmaxrxt; ++ __u16 sasoc_number_peer_destinations; ++ __u32 sasoc_peer_rwnd; ++ __u32 sasoc_local_rwnd; ++ __u32 sasoc_cookie_life; ++}; ++ ++/* ++ * 7.1.9 Set Peer Primary Address (SCTP_SET_PEER_PRIMARY_ADDR) ++ * ++ * Requests that the peer mark the enclosed address as the association ++ * primary. The enclosed address must be one of the association's ++ * locally bound addresses. The following structure is used to make a ++ * set primary request: ++ */ ++struct sctp_setpeerprim { ++ sctp_assoc_t sspp_assoc_id; ++ struct sockaddr_storage sspp_addr; ++} __attribute__((packed, aligned(4))); ++ ++/* ++ * 7.1.10 Set Primary Address (SCTP_PRIMARY_ADDR) ++ * ++ * Requests that the local SCTP stack use the enclosed peer address as ++ * the association primary. The enclosed address must be one of the ++ * association peer's addresses. The following structure is used to ++ * make a set peer primary request: ++ */ ++struct sctp_prim { ++ sctp_assoc_t ssp_assoc_id; ++ struct sockaddr_storage ssp_addr; ++} __attribute__((packed, aligned(4))); ++ ++/* For backward compatibility use, define the old name too */ ++#define sctp_setprim sctp_prim ++ ++/* ++ * 7.1.11 Set Adaptation Layer Indicator (SCTP_ADAPTATION_LAYER) ++ * ++ * Requests that the local endpoint set the specified Adaptation Layer ++ * Indication parameter for all future INIT and INIT-ACK exchanges. ++ */ ++struct sctp_setadaptation { ++ __u32 ssb_adaptation_ind; ++}; ++ ++/* ++ * 7.1.13 Peer Address Parameters (SCTP_PEER_ADDR_PARAMS) ++ * ++ * Applications can enable or disable heartbeats for any peer address ++ * of an association, modify an address's heartbeat interval, force a ++ * heartbeat to be sent immediately, and adjust the address's maximum ++ * number of retransmissions sent before an address is considered ++ * unreachable. The following structure is used to access and modify an ++ * address's parameters: ++ */ ++enum sctp_spp_flags { ++ SPP_HB_ENABLE = 1<<0, /*Enable heartbeats*/ ++ SPP_HB_DISABLE = 1<<1, /*Disable heartbeats*/ ++ SPP_HB = SPP_HB_ENABLE | SPP_HB_DISABLE, ++ SPP_HB_DEMAND = 1<<2, /*Send heartbeat immediately*/ ++ SPP_PMTUD_ENABLE = 1<<3, /*Enable PMTU discovery*/ ++ SPP_PMTUD_DISABLE = 1<<4, /*Disable PMTU discovery*/ ++ SPP_PMTUD = SPP_PMTUD_ENABLE | SPP_PMTUD_DISABLE, ++ SPP_SACKDELAY_ENABLE = 1<<5, /*Enable SACK*/ ++ SPP_SACKDELAY_DISABLE = 1<<6, /*Disable SACK*/ ++ SPP_SACKDELAY = SPP_SACKDELAY_ENABLE | SPP_SACKDELAY_DISABLE, ++ SPP_HB_TIME_IS_ZERO = 1<<7, /* Set HB delay to 0 */ ++}; ++ ++struct sctp_paddrparams { ++ sctp_assoc_t spp_assoc_id; ++ struct sockaddr_storage spp_address; ++ __u32 spp_hbinterval; ++ __u16 spp_pathmaxrxt; ++ __u32 spp_pathmtu; ++ __u32 spp_sackdelay; ++ __u32 spp_flags; ++} __attribute__((packed, aligned(4))); ++ ++/* ++ * 7.1.18. Add a chunk that must be authenticated (SCTP_AUTH_CHUNK) ++ * ++ * This set option adds a chunk type that the user is requesting to be ++ * received only in an authenticated way. Changes to the list of chunks ++ * will only effect future associations on the socket. ++ */ ++struct sctp_authchunk { ++ __u8 sauth_chunk; ++}; ++ ++/* ++ * 7.1.19. Get or set the list of supported HMAC Identifiers (SCTP_HMAC_IDENT) ++ * ++ * This option gets or sets the list of HMAC algorithms that the local ++ * endpoint requires the peer to use. ++ */ ++/* This here is only used by user space as is. It might not be a good idea ++ * to export/reveal the whole structure with reserved fields etc. ++ */ ++enum { ++ SCTP_AUTH_HMAC_ID_SHA1 = 1, ++ SCTP_AUTH_HMAC_ID_SHA256 = 3, ++}; ++ ++struct sctp_hmacalgo { ++ __u32 shmac_num_idents; ++ __u16 shmac_idents[]; ++}; ++ ++/* Sadly, user and kernel space have different names for ++ * this structure member, so this is to not break anything. ++ */ ++#define shmac_number_of_idents shmac_num_idents ++ ++/* ++ * 7.1.20. Set a shared key (SCTP_AUTH_KEY) ++ * ++ * This option will set a shared secret key which is used to build an ++ * association shared key. ++ */ ++struct sctp_authkey { ++ sctp_assoc_t sca_assoc_id; ++ __u16 sca_keynumber; ++ __u16 sca_keylength; ++ __u8 sca_key[]; ++}; ++ ++/* ++ * 7.1.21. Get or set the active shared key (SCTP_AUTH_ACTIVE_KEY) ++ * ++ * This option will get or set the active shared key to be used to build ++ * the association shared key. ++ */ ++ ++struct sctp_authkeyid { ++ sctp_assoc_t scact_assoc_id; ++ __u16 scact_keynumber; ++}; ++ ++ ++/* ++ * 7.1.23. Get or set delayed ack timer (SCTP_DELAYED_SACK) ++ * ++ * This option will effect the way delayed acks are performed. This ++ * option allows you to get or set the delayed ack time, in ++ * milliseconds. It also allows changing the delayed ack frequency. ++ * Changing the frequency to 1 disables the delayed sack algorithm. If ++ * the assoc_id is 0, then this sets or gets the endpoints default ++ * values. If the assoc_id field is non-zero, then the set or get ++ * effects the specified association for the one to many model (the ++ * assoc_id field is ignored by the one to one model). Note that if ++ * sack_delay or sack_freq are 0 when setting this option, then the ++ * current values will remain unchanged. ++ */ ++struct sctp_sack_info { ++ sctp_assoc_t sack_assoc_id; ++ uint32_t sack_delay; ++ uint32_t sack_freq; ++}; ++ ++struct sctp_assoc_value { ++ sctp_assoc_t assoc_id; ++ uint32_t assoc_value; ++}; ++ ++/* ++ * 7.2.2 Peer Address Information ++ * ++ * Applications can retrieve information about a specific peer address ++ * of an association, including its reachability state, congestion ++ * window, and retransmission timer values. This information is ++ * read-only. The following structure is used to access this ++ * information: ++ */ ++struct sctp_paddrinfo { ++ sctp_assoc_t spinfo_assoc_id; ++ struct sockaddr_storage spinfo_address; ++ __s32 spinfo_state; ++ __u32 spinfo_cwnd; ++ __u32 spinfo_srtt; ++ __u32 spinfo_rto; ++ __u32 spinfo_mtu; ++} __attribute__((packed, aligned(4))); ++ ++/* Peer addresses's state. */ ++/* UNKNOWN: Peer address passed by the upper layer in sendmsg or connect[x] ++ * calls. ++ * UNCONFIRMED: Peer address received in INIT/INIT-ACK address parameters. ++ * Not yet confirmed by a heartbeat and not available for data ++ * transfers. ++ * ACTIVE : Peer address confirmed, active and available for data transfers. ++ * INACTIVE: Peer address inactive and not available for data transfers. ++ */ ++enum sctp_spinfo_state { ++ SCTP_INACTIVE, ++ SCTP_PF, ++ SCTP_ACTIVE, ++ SCTP_UNCONFIRMED, ++ SCTP_UNKNOWN = 0xffff /* Value used for transport state unknown */ ++}; ++ ++/* ++ * 7.2.1 Association Status (SCTP_STATUS) ++ * ++ * Applications can retrieve current status information about an ++ * association, including association state, peer receiver window size, ++ * number of unacked data chunks, and number of data chunks pending ++ * receipt. This information is read-only. The following structure is ++ * used to access this information: ++ */ ++struct sctp_status { ++ sctp_assoc_t sstat_assoc_id; ++ __s32 sstat_state; ++ __u32 sstat_rwnd; ++ __u16 sstat_unackdata; ++ __u16 sstat_penddata; ++ __u16 sstat_instrms; ++ __u16 sstat_outstrms; ++ __u32 sstat_fragmentation_point; ++ struct sctp_paddrinfo sstat_primary; ++}; ++ ++/* ++ * 7.2.3. Get the list of chunks the peer requires to be authenticated ++ * (SCTP_PEER_AUTH_CHUNKS) ++ * ++ * This option gets a list of chunks for a specified association that ++ * the peer requires to be received authenticated only. ++ */ ++struct sctp_authchunks { ++ sctp_assoc_t gauth_assoc_id; ++ __u32 gauth_number_of_chunks; ++ uint8_t gauth_chunks[]; ++}; ++ ++/* The broken spelling has been released already in lksctp-tools header, ++ * so don't break anyone, now that it's fixed. ++ */ ++#define guth_number_of_chunks gauth_number_of_chunks ++ ++/* Association states. */ ++enum sctp_sstat_state { ++ SCTP_EMPTY = 0, ++ SCTP_CLOSED = 1, ++ SCTP_COOKIE_WAIT = 2, ++ SCTP_COOKIE_ECHOED = 3, ++ SCTP_ESTABLISHED = 4, ++ SCTP_SHUTDOWN_PENDING = 5, ++ SCTP_SHUTDOWN_SENT = 6, ++ SCTP_SHUTDOWN_RECEIVED = 7, ++ SCTP_SHUTDOWN_ACK_SENT = 8, ++}; ++ ++/* ++ * 8.2.6. Get the Current Identifiers of Associations ++ * (SCTP_GET_ASSOC_ID_LIST) ++ * ++ * This option gets the current list of SCTP association identifiers of ++ * the SCTP associations handled by a one-to-many style socket. ++ */ ++struct sctp_assoc_ids { ++ __u32 gaids_number_of_ids; ++ sctp_assoc_t gaids_assoc_id[]; ++}; ++ ++/* ++ * 8.3, 8.5 get all peer/local addresses in an association. ++ * This parameter struct is used by SCTP_GET_PEER_ADDRS and ++ * SCTP_GET_LOCAL_ADDRS socket options used internally to implement ++ * sctp_getpaddrs() and sctp_getladdrs() API. ++ */ ++struct sctp_getaddrs_old { ++ sctp_assoc_t assoc_id; ++ int addr_num; ++ struct sockaddr *addrs; ++}; ++ ++struct sctp_getaddrs { ++ sctp_assoc_t assoc_id; /*input*/ ++ __u32 addr_num; /*output*/ ++ __u8 addrs[0]; /*output, variable size*/ ++}; ++ ++/* A socket user request obtained via SCTP_GET_ASSOC_STATS that retrieves ++ * association stats. All stats are counts except sas_maxrto and ++ * sas_obs_rto_ipaddr. maxrto is the max observed rto + transport since ++ * the last call. Will return 0 when RTO was not update since last call ++ */ ++struct sctp_assoc_stats { ++ sctp_assoc_t sas_assoc_id; /* Input */ ++ /* Transport of observed max RTO */ ++ struct sockaddr_storage sas_obs_rto_ipaddr; ++ __u64 sas_maxrto; /* Maximum Observed RTO for period */ ++ __u64 sas_isacks; /* SACKs received */ ++ __u64 sas_osacks; /* SACKs sent */ ++ __u64 sas_opackets; /* Packets sent */ ++ __u64 sas_ipackets; /* Packets received */ ++ __u64 sas_rtxchunks; /* Retransmitted Chunks */ ++ __u64 sas_outofseqtsns;/* TSN received > next expected */ ++ __u64 sas_idupchunks; /* Dups received (ordered+unordered) */ ++ __u64 sas_gapcnt; /* Gap Acknowledgements Received */ ++ __u64 sas_ouodchunks; /* Unordered data chunks sent */ ++ __u64 sas_iuodchunks; /* Unordered data chunks received */ ++ __u64 sas_oodchunks; /* Ordered data chunks sent */ ++ __u64 sas_iodchunks; /* Ordered data chunks received */ ++ __u64 sas_octrlchunks; /* Control chunks sent */ ++ __u64 sas_ictrlchunks; /* Control chunks received */ ++}; ++ ++/* ++ * 8.1 sctp_bindx() ++ * ++ * The flags parameter is formed from the bitwise OR of zero or more of the ++ * following currently defined flags: ++ */ ++#define SCTP_BINDX_ADD_ADDR 0x01 ++#define SCTP_BINDX_REM_ADDR 0x02 ++ ++/* This is the structure that is passed as an argument(optval) to ++ * getsockopt(SCTP_SOCKOPT_PEELOFF). ++ */ ++typedef struct { ++ sctp_assoc_t associd; ++ int sd; ++} sctp_peeloff_arg_t; ++ ++/* ++ * Peer Address Thresholds socket option ++ */ ++struct sctp_paddrthlds { ++ sctp_assoc_t spt_assoc_id; ++ struct sockaddr_storage spt_address; ++ __u16 spt_pathmaxrxt; ++ __u16 spt_pathpfthld; ++}; ++ ++/* ++ * Socket Option for Getting the Association/Stream-Specific PR-SCTP Status ++ */ ++struct sctp_prstatus { ++ sctp_assoc_t sprstat_assoc_id; ++ __u16 sprstat_sid; ++ __u16 sprstat_policy; ++ __u64 sprstat_abandoned_unsent; ++ __u64 sprstat_abandoned_sent; ++}; ++ ++struct sctp_default_prinfo { ++ sctp_assoc_t pr_assoc_id; ++ __u32 pr_value; ++ __u16 pr_policy; ++}; ++ ++struct sctp_info { ++ __u32 sctpi_tag; ++ __u32 sctpi_state; ++ __u32 sctpi_rwnd; ++ __u16 sctpi_unackdata; ++ __u16 sctpi_penddata; ++ __u16 sctpi_instrms; ++ __u16 sctpi_outstrms; ++ __u32 sctpi_fragmentation_point; ++ __u32 sctpi_inqueue; ++ __u32 sctpi_outqueue; ++ __u32 sctpi_overall_error; ++ __u32 sctpi_max_burst; ++ __u32 sctpi_maxseg; ++ __u32 sctpi_peer_rwnd; ++ __u32 sctpi_peer_tag; ++ __u8 sctpi_peer_capable; ++ __u8 sctpi_peer_sack; ++ __u16 __reserved1; ++ ++ /* assoc status info */ ++ __u64 sctpi_isacks; ++ __u64 sctpi_osacks; ++ __u64 sctpi_opackets; ++ __u64 sctpi_ipackets; ++ __u64 sctpi_rtxchunks; ++ __u64 sctpi_outofseqtsns; ++ __u64 sctpi_idupchunks; ++ __u64 sctpi_gapcnt; ++ __u64 sctpi_ouodchunks; ++ __u64 sctpi_iuodchunks; ++ __u64 sctpi_oodchunks; ++ __u64 sctpi_iodchunks; ++ __u64 sctpi_octrlchunks; ++ __u64 sctpi_ictrlchunks; ++ ++ /* primary transport info */ ++ struct sockaddr_storage sctpi_p_address; ++ __s32 sctpi_p_state; ++ __u32 sctpi_p_cwnd; ++ __u32 sctpi_p_srtt; ++ __u32 sctpi_p_rto; ++ __u32 sctpi_p_hbinterval; ++ __u32 sctpi_p_pathmaxrxt; ++ __u32 sctpi_p_sackdelay; ++ __u32 sctpi_p_sackfreq; ++ __u32 sctpi_p_ssthresh; ++ __u32 sctpi_p_partial_bytes_acked; ++ __u32 sctpi_p_flight_size; ++ __u16 sctpi_p_error; ++ __u16 __reserved2; ++ ++ /* sctp sock info */ ++ __u32 sctpi_s_autoclose; ++ __u32 sctpi_s_adaptation_ind; ++ __u32 sctpi_s_pd_point; ++ __u8 sctpi_s_nodelay; ++ __u8 sctpi_s_disable_fragments; ++ __u8 sctpi_s_v4mapped; ++ __u8 sctpi_s_frag_interleave; ++ __u32 sctpi_s_type; ++ __u32 __reserved3; ++}; ++ ++#endif /* _SCTP_H */ +-- +1.8.3.1 + diff --git a/SOURCES/0005-ipaddress-simplify-ipaddr_flush.patch b/SOURCES/0005-ipaddress-simplify-ipaddr_flush.patch deleted file mode 100644 index 966545a..0000000 --- a/SOURCES/0005-ipaddress-simplify-ipaddr_flush.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 6a865378a9e17df5ae352b3b41c96deb32a5b16d Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 17 Feb 2016 14:05:14 +0100 -Subject: [PATCH] ipaddress: simplify ipaddr_flush() - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291825 -Upstream Status: commit c6995c4802523 - -commit c6995c48025233902a5b0c5fe88654e17ea934f6 -Author: Phil Sutter -Date: Tue Nov 24 15:31:00 2015 +0100 - - ipaddress: simplify ipaddr_flush() - - Since it's no longer relevant whether an IP address is primary or - secondary when flushing, ipaddr_flush() can be simplified a bit. - - Signed-off-by: Phil Sutter ---- - ip/ipaddress.c | 38 +------------------------------------- - 1 file changed, 1 insertion(+), 37 deletions(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index f4537db..6f50354 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -885,28 +885,6 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, - return 0; - } - --static int print_addrinfo_primary(const struct sockaddr_nl *who, -- struct nlmsghdr *n, void *arg) --{ -- struct ifaddrmsg *ifa = NLMSG_DATA(n); -- -- if (ifa->ifa_flags & IFA_F_SECONDARY) -- return 0; -- -- return print_addrinfo(who, n, arg); --} -- --static int print_addrinfo_secondary(const struct sockaddr_nl *who, -- struct nlmsghdr *n, void *arg) --{ -- struct ifaddrmsg *ifa = NLMSG_DATA(n); -- -- if (!(ifa->ifa_flags & IFA_F_SECONDARY)) -- return 0; -- -- return print_addrinfo(who, n, arg); --} -- - struct nlmsg_list - { - struct nlmsg_list *next; -@@ -1149,26 +1127,12 @@ static int ipaddr_flush(void) - filter.flushe = sizeof(flushb); - - while ((max_flush_loops == 0) || (round < max_flush_loops)) { -- const struct rtnl_dump_filter_arg a[3] = { -- { -- .filter = print_addrinfo_secondary, -- .arg1 = stdout, -- }, -- { -- .filter = print_addrinfo_primary, -- .arg1 = stdout, -- }, -- { -- .filter = NULL, -- .arg1 = NULL, -- }, -- }; - if (rtnl_wilddump_request(&rth, filter.family, RTM_GETADDR) < 0) { - perror("Cannot send dump request"); - exit(1); - } - filter.flushed = 0; -- if (rtnl_dump_filter_l(&rth, a) < 0) { -+ if (rtnl_dump_filter(&rth, print_addrinfo, stdout) < 0) { - fprintf(stderr, "Flush terminated\n"); - exit(1); - } --- -1.8.3.1 - diff --git a/SOURCES/0006-ipaddress-fix-ipaddr_flush-for-Linux-3.1.patch b/SOURCES/0006-ipaddress-fix-ipaddr_flush-for-Linux-3.1.patch deleted file mode 100644 index 23914ac..0000000 --- a/SOURCES/0006-ipaddress-fix-ipaddr_flush-for-Linux-3.1.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 09bf564447edb4b024c0db0bd1c6b6aa43974a08 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 17 Feb 2016 14:05:14 +0100 -Subject: [PATCH] ipaddress: fix ipaddr_flush for Linux >= 3.1 - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291825 -Upstream Status: commit d25ec03e1dce4 - -commit d25ec03e1dce4cf22093a9f7106e9401ab5bf066 -Author: Phil Sutter -Date: Tue Nov 24 15:31:02 2015 +0100 - - ipaddress: fix ipaddr_flush for Linux >= 3.1 - - Linux version 3.1 introduced a consistency check for netlink dumps in - commit 670dc28 ("netlink: advertise incomplete dumps"). This bites - iproute2 when flushing more addresses than can fit into a single - RTM_GETADDR response. To silence the spurious error message "Dump was - interrupted and may be inconsistent.", advise rtnl_dump_filter_l() to - not care about NLM_F_DUMP_INTR. - - Signed-off-by: Phil Sutter ---- - ip/ipaddress.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 6f50354..197f5ae 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -1132,7 +1132,8 @@ static int ipaddr_flush(void) - exit(1); - } - filter.flushed = 0; -- if (rtnl_dump_filter(&rth, print_addrinfo, stdout) < 0) { -+ if (rtnl_dump_filter_nc(&rth, print_addrinfo, -+ stdout, NLM_F_DUMP_INTR) < 0) { - fprintf(stderr, "Flush terminated\n"); - exit(1); - } --- -1.8.3.1 - diff --git a/SOURCES/0006-ss-Add-support-for-SCTP-protocol.patch b/SOURCES/0006-ss-Add-support-for-SCTP-protocol.patch new file mode 100644 index 0000000..9f8a16b --- /dev/null +++ b/SOURCES/0006-ss-Add-support-for-SCTP-protocol.patch @@ -0,0 +1,454 @@ +From 48d997511c1537ec8e2d6227251f8be1ede064d4 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 1 Feb 2017 12:10:00 +0100 +Subject: [PATCH] ss: Add support for SCTP protocol + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1063934 +Upstream Status: iproute2.git commit f89d46ad63f6f +Conflicts: +* missing commit 6885e3bf8efa3 + ("ss: Include -E option for socket destroy events") +* missing commit acd1e437befbb ("misc: fix style issues") +* missing commit 82d73ea03a149 ("ss: Refactor inet_show_sock") +* missing other commandline flags/features +* fixed for missing commit a418e451643e7 + ("make format_host non-reentrant by default") + +commit f89d46ad63f6f606f777da964205bc53b2197cfa +Author: Phil Sutter +Date: Wed Nov 9 12:12:24 2016 +0100 + + ss: Add support for SCTP protocol + + This makes use of the sctp_diag interface recently added to the kernel. + + Joint work with Xin Long who provided the PoC implementation which I + merely polished up a bit. + + Signed-off-by: Phil Sutter +--- + man/man8/ss.8 | 3 + + misc/ss.c | 215 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- + 2 files changed, 210 insertions(+), 8 deletions(-) + +diff --git a/man/man8/ss.8 b/man/man8/ss.8 +index f4d5264..b02a68c 100644 +--- a/man/man8/ss.8 ++++ b/man/man8/ss.8 +@@ -114,6 +114,9 @@ Display RAW sockets. + .B \-x, \-\-unix + Display Unix domain sockets (alias for -f unix). + .TP ++.B \-S, \-\-sctp ++Display SCTP sockets. ++.TP + .B \-f FAMILY, \-\-family=FAMILY + Display sockets of type FAMILY. + Currently the following families are supported: unix, inet, inet6, link, netlink. +diff --git a/misc/ss.c b/misc/ss.c +index 45fb4b0..d438428 100644 +--- a/misc/ss.c ++++ b/misc/ss.c +@@ -42,6 +42,7 @@ + #include + #include + #include ++#include + + #define MAGIC_SEQ 123456 + +@@ -99,6 +100,7 @@ int show_proc_ctx = 0; + int show_sock_ctx = 0; + /* If show_users & show_proc_ctx only do user_ent_hash_build() once */ + int user_ent_hash_build_init = 0; ++int sctp_ino; + + int netid_width; + int state_width; +@@ -108,6 +110,7 @@ int serv_width; + int screen_width; + + static const char *TCP_PROTO = "tcp"; ++static const char *SCTP_PROTO = "sctp"; + static const char *UDP_PROTO = "udp"; + static const char *RAW_PROTO = "raw"; + static const char *dg_proto = NULL; +@@ -124,13 +127,14 @@ enum + PACKET_DG_DB, + PACKET_R_DB, + NETLINK_DB, ++ SCTP_DB, + MAX_DB + }; + + #define PACKET_DBM ((1<ino) ++ return false; ++ return true; ++} ++ + static void sock_state_print(struct sockstat *s, const char *sock_name) + { + if (netid_width) +- printf("%-*s ", netid_width, sock_name); +- if (state_width) +- printf("%-*s ", state_width, sstate_name[s->state]); ++ printf("%-*s ", netid_width, ++ is_sctp_assoc(s, sock_name) ? "" : sock_name); ++ if (state_width) { ++ if (is_sctp_assoc(s, sock_name)) ++ printf("`- %-*s ", state_width - 3, ++ sctp_sstate_name[s->state]); ++ else ++ printf("%-*s ", state_width, sstate_name[s->state]); ++ } + + printf("%-6d %-6d ", s->rq, s->wq); + } +@@ -895,6 +944,8 @@ static void init_service_resolver(void) + c->proto = TCP_PROTO; + else if (strcmp(proto, UDP_PROTO) == 0) + c->proto = UDP_PROTO; ++ else if (strcmp(proto, SCTP_PROTO) == 0) ++ c->proto = SCTP_PROTO; + else + c->proto = NULL; + c->next = rlist; +@@ -1566,6 +1617,8 @@ static char *proto_name(int protocol) + return "udp"; + case IPPROTO_TCP: + return "tcp"; ++ case IPPROTO_SCTP: ++ return "sctp"; + case IPPROTO_DCCP: + return "dccp"; + } +@@ -1658,6 +1711,56 @@ static char *sprint_bw(char *buf, double bw) + return buf; + } + ++static void sctp_stats_print(struct sctp_info *s) ++{ ++ if (s->sctpi_tag) ++ printf(" tag:%x", s->sctpi_tag); ++ if (s->sctpi_state) ++ printf(" state:%s", sctp_sstate_name[s->sctpi_state]); ++ if (s->sctpi_rwnd) ++ printf(" rwnd:%d", s->sctpi_rwnd); ++ if (s->sctpi_unackdata) ++ printf(" unackdata:%d", s->sctpi_unackdata); ++ if (s->sctpi_penddata) ++ printf(" penddata:%d", s->sctpi_penddata); ++ if (s->sctpi_instrms) ++ printf(" instrms:%d", s->sctpi_instrms); ++ if (s->sctpi_outstrms) ++ printf(" outstrms:%d", s->sctpi_outstrms); ++ if (s->sctpi_inqueue) ++ printf(" inqueue:%d", s->sctpi_inqueue); ++ if (s->sctpi_outqueue) ++ printf(" outqueue:%d", s->sctpi_outqueue); ++ if (s->sctpi_overall_error) ++ printf(" overerr:%d", s->sctpi_overall_error); ++ if (s->sctpi_max_burst) ++ printf(" maxburst:%d", s->sctpi_max_burst); ++ if (s->sctpi_maxseg) ++ printf(" maxseg:%d", s->sctpi_maxseg); ++ if (s->sctpi_peer_rwnd) ++ printf(" prwnd:%d", s->sctpi_peer_rwnd); ++ if (s->sctpi_peer_tag) ++ printf(" ptag:%x", s->sctpi_peer_tag); ++ if (s->sctpi_peer_capable) ++ printf(" pcapable:%d", s->sctpi_peer_capable); ++ if (s->sctpi_peer_sack) ++ printf(" psack:%d", s->sctpi_peer_sack); ++ if (s->sctpi_s_autoclose) ++ printf(" autoclose:%d", s->sctpi_s_autoclose); ++ if (s->sctpi_s_adaptation_ind) ++ printf(" adapind:%d", s->sctpi_s_adaptation_ind); ++ if (s->sctpi_s_pd_point) ++ printf(" pdpoint:%d", s->sctpi_s_pd_point); ++ if (s->sctpi_s_nodelay) ++ printf(" nodealy:%d", s->sctpi_s_nodelay); ++ if (s->sctpi_s_disable_fragments) ++ printf(" nofrag:%d", s->sctpi_s_disable_fragments); ++ if (s->sctpi_s_v4mapped) ++ printf(" v4mapped:%d", s->sctpi_s_v4mapped); ++ if (s->sctpi_s_frag_interleave) ++ printf(" fraginl:%d", s->sctpi_s_frag_interleave); ++} ++ + static void tcp_stats_print(struct tcpstat *s) + { + char b1[64]; +@@ -1762,6 +1865,13 @@ static void tcp_timer_print(struct tcpstat *s) + } + } + ++static void sctp_timer_print(struct tcpstat *s) ++{ ++ if (s->timer) ++ printf(" timer:(T3_RTX,%s,%d)", ++ print_ms_timer(s->timeout), s->retrans); ++} ++ + static int tcp_show_line(char *line, const struct filter *f, int family) + { + int rto = 0, ato = 0; +@@ -2007,6 +2117,67 @@ static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r, + } + } + ++static const char *format_host_sa(struct sockaddr_storage *sa) ++{ ++ char buf[1024]; ++ union { ++ struct sockaddr_in sin; ++ struct sockaddr_in6 sin6; ++ } *saddr = (void *)sa; ++ ++ switch (sa->ss_family) { ++ case AF_INET: ++ return format_host(AF_INET, 4, &saddr->sin.sin_addr, ++ buf, sizeof(buf)); ++ case AF_INET6: ++ return format_host(AF_INET6, 16, &saddr->sin6.sin6_addr, ++ buf, sizeof(buf)); ++ default: ++ return ""; ++ } ++} ++ ++static void sctp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r, ++ struct rtattr *tb[]) ++{ ++ struct sockaddr_storage *sa; ++ int len; ++ ++ print_skmeminfo(tb, INET_DIAG_SKMEMINFO); ++ ++ if (tb[INET_DIAG_LOCALS]) { ++ len = RTA_PAYLOAD(tb[INET_DIAG_LOCALS]); ++ sa = RTA_DATA(tb[INET_DIAG_LOCALS]); ++ ++ printf("locals:%s", format_host_sa(sa)); ++ for (sa++, len -= sizeof(*sa); len > 0; sa++, len -= sizeof(*sa)) ++ printf(",%s", format_host_sa(sa)); ++ ++ } ++ if (tb[INET_DIAG_PEERS]) { ++ len = RTA_PAYLOAD(tb[INET_DIAG_PEERS]); ++ sa = RTA_DATA(tb[INET_DIAG_PEERS]); ++ ++ printf(" peers:%s", format_host_sa(sa)); ++ for (sa++, len -= sizeof(*sa); len > 0; sa++, len -= sizeof(*sa)) ++ printf(",%s", format_host_sa(sa)); ++ } ++ if (tb[INET_DIAG_INFO]) { ++ struct sctp_info *info; ++ len = RTA_PAYLOAD(tb[INET_DIAG_INFO]); ++ ++ /* workaround for older kernels with less fields */ ++ if (len < sizeof(*info)) { ++ info = alloca(sizeof(*info)); ++ memcpy(info, RTA_DATA(tb[INET_DIAG_INFO]), len); ++ memset((char *)info + len, 0, sizeof(*info) - len); ++ } else ++ info = RTA_DATA(tb[INET_DIAG_INFO]); ++ ++ sctp_stats_print(info); ++ } ++} ++ + static int inet_show_sock(struct nlmsghdr *nlh, struct filter *f, int protocol) + { + struct rtattr * tb[INET_DIAG_MAX+1]; +@@ -2047,7 +2218,10 @@ static int inet_show_sock(struct nlmsghdr *nlh, struct filter *f, int protocol) + t.timer = r->idiag_timer; + t.timeout = r->idiag_expires; + t.retrans = r->idiag_retrans; +- tcp_timer_print(&t); ++ if (protocol == IPPROTO_SCTP) ++ sctp_timer_print(&t); ++ else ++ tcp_timer_print(&t); + } + + if (show_details) { +@@ -2066,8 +2240,12 @@ static int inet_show_sock(struct nlmsghdr *nlh, struct filter *f, int protocol) + + if (show_mem || show_tcpinfo) { + printf("\n\t"); +- tcp_show_info(nlh, r, tb); ++ if (protocol == IPPROTO_SCTP) ++ sctp_show_info(nlh, r, tb); ++ else ++ tcp_show_info(nlh, r, tb); + } ++ sctp_ino = s.ino; + + printf("\n"); + return 0; +@@ -2392,6 +2570,17 @@ outerr: + } while (0); + } + ++static int sctp_show(struct filter *f) ++{ ++ if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6)) ++ return 0; ++ ++ if (!getenv("PROC_NET_SCTP") && !getenv("PROC_ROOT") ++ && inet_show_netlink(f, NULL, IPPROTO_SCTP) == 0) ++ return 0; ++ ++ return 0; ++} + + static int dgram_show_line(char *line, const struct filter *f, int family) + { +@@ -3343,6 +3532,7 @@ static void _usage(FILE *dest) + " -6, --ipv6 display only IP version 6 sockets\n" + " -0, --packet display PACKET sockets\n" + " -t, --tcp display only TCP sockets\n" ++" -S, --sctp display only SCTP sockets\n" + " -u, --udp display only UDP sockets\n" + " -d, --dccp display only DCCP sockets\n" + " -w, --raw display only RAW sockets\n" +@@ -3419,6 +3609,7 @@ static const struct option long_opts[] = { + { "bpf", 0, 0, 'b' }, + { "dccp", 0, 0, 'd' }, + { "tcp", 0, 0, 't' }, ++ { "sctp", 0, 0, 'S' }, + { "udp", 0, 0, 'u' }, + { "raw", 0, 0, 'w' }, + { "unix", 0, 0, 'x' }, +@@ -3452,7 +3643,7 @@ int main(int argc, char *argv[]) + int ch; + int state_filter = 0; + +- while ((ch = getopt_long(argc, argv, "dhaletuwxnro460spbf:miA:D:F:vVzZN:", ++ while ((ch = getopt_long(argc, argv, "dhaletuwxnro460spbf:miA:D:F:vVzZN:S", + long_opts, NULL)) != EOF) { + switch(ch) { + case 'n': +@@ -3488,6 +3679,9 @@ int main(int argc, char *argv[]) + case 't': + filter_db_set(¤t_filter, TCP_DB); + break; ++ case 'S': ++ filter_db_set(¤t_filter, SCTP_DB); ++ break; + case 'u': + filter_db_set(¤t_filter, UDP_DB); + break; +@@ -3551,6 +3745,7 @@ int main(int argc, char *argv[]) + filter_db_set(¤t_filter, UDP_DB); + filter_db_set(¤t_filter, DCCP_DB); + filter_db_set(¤t_filter, TCP_DB); ++ filter_db_set(¤t_filter, SCTP_DB); + filter_db_set(¤t_filter, RAW_DB); + } else if (strcmp(p, "udp") == 0) { + filter_db_set(¤t_filter, UDP_DB); +@@ -3558,6 +3753,8 @@ int main(int argc, char *argv[]) + filter_db_set(¤t_filter, DCCP_DB); + } else if (strcmp(p, "tcp") == 0) { + filter_db_set(¤t_filter, TCP_DB); ++ } else if (strcmp(p, "sctp") == 0) { ++ filter_db_set(¤t_filter, SCTP_DB); + } else if (strcmp(p, "raw") == 0) { + filter_db_set(¤t_filter, RAW_DB); + } else if (strcmp(p, "unix") == 0) { +@@ -3682,7 +3879,7 @@ int main(int argc, char *argv[]) + filter_merge_defaults(¤t_filter); + + if (resolve_services && resolve_hosts && +- (current_filter.dbs&(UNIX_DBM|(1< -Date: Thu, 18 Feb 2016 12:37:52 +0100 -Subject: [PATCH] bridge: drop reference to unused option embedded from manpage - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1075692 -Upstream Status: iproute2.git commit 822e9609e7ae8 - -commit 822e9609e7ae8e7dee27355d89d778f14cc27a2d -Author: Andy Gospodarek -Date: Tue Mar 17 11:34:10 2015 -0400 - - bridge: drop reference to unused option embedded from manpage - - While looking at the manpage, I noticed a reference to 'embedded' that was - added by this commit: - - commit d611682a8c8f28205158e6d3a7d5e2d01db022cc - Author: John Fastabend - Date: Thu Sep 13 23:50:36 2012 -0700 - - iproute2: bridge: finish removing replace option in man pages - - I no longer see any reference to the 'embedded' option in any c- or h-files, so - it seems worthwhile to remove. - - Signed-off-by: Andy Gospodarek - CC: John Fastabend ---- - man/man8/bridge.8 | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 -index 96312da..519640e 100644 ---- a/man/man8/bridge.8 -+++ b/man/man8/bridge.8 -@@ -50,7 +50,7 @@ bridge \- show / manipulate bridge addresses and devices - .B dev - .IR DEV " { " - .BR local " | " temp " } { " --.BR self " } { " embedded " } { " router " } [ " -+.BR self " } { " router " } [ " - .B dst - .IR IPADDR " ] [ " - .B vni -@@ -296,10 +296,6 @@ the interface to which this address is associated. - - the address is associated with a software fdb (default) - .sp - --.B embedded --- the address is associated with an offloaded fdb --.sp -- - .B router - - the destination address is associated with a router. - Valid if the referenced device is a VXLAN type device and has --- -1.8.3.1 - diff --git a/SOURCES/0007-remove-unnecessary-extern.patch b/SOURCES/0007-remove-unnecessary-extern.patch new file mode 100644 index 0000000..3edbd6c --- /dev/null +++ b/SOURCES/0007-remove-unnecessary-extern.patch @@ -0,0 +1,330 @@ +From c1bb5cac86c0665c596d3fc9057c536e136675e2 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 1 Feb 2017 14:19:26 +0100 +Subject: [PATCH] remove unnecessary extern + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1329730 +Upstream Status: iproute2.git commit 892e21248cfdb +Conflicts: Parts applied manually due to multiple context changes. + +commit 892e21248cfdb8c1332d46a01df253eae748c9d8 +Author: Stephen Hemminger +Date: Thu Aug 13 14:09:58 2015 -0700 + + remove unnecessary extern + + No need for extern on function prototypes. +--- + include/dlfcn.h | 2 +- + include/libnetlink.h | 78 +++++++++++++++++++++++++++------------------------- + include/ll_map.h | 18 ++++++------ + include/namespace.h | 6 ++-- + include/utils.h | 56 ++++++++++++++++++------------------- + 5 files changed, 82 insertions(+), 78 deletions(-) + +diff --git a/include/dlfcn.h b/include/dlfcn.h +index c54f8d8..f15bc2c 100644 +--- a/include/dlfcn.h ++++ b/include/dlfcn.h +@@ -19,7 +19,7 @@ static inline void *dlopen(const char *file, int flag) + return NULL; + } + +-extern void *_dlsym(const char *sym); ++void *_dlsym(const char *sym); + static inline void *dlsym(void *handle, const char *sym) + { + if (handle != _FAKE_DLFCN_HDL) +diff --git a/include/libnetlink.h b/include/libnetlink.h +index 8c90873..40fa6ff 100644 +--- a/include/libnetlink.h ++++ b/include/libnetlink.h +@@ -26,20 +26,20 @@ struct rtnl_handle + + extern int rcvbuf; + +-extern int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions) ++int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions) + __attribute__((warn_unused_result)); + +-extern int rtnl_open_byproto(struct rtnl_handle *rth, unsigned subscriptions, ++int rtnl_open_byproto(struct rtnl_handle *rth, unsigned subscriptions, + int protocol) + __attribute__((warn_unused_result)); + +-extern void rtnl_close(struct rtnl_handle *rth); +-extern int rtnl_wilddump_request(struct rtnl_handle *rth, int fam, int type) ++void rtnl_close(struct rtnl_handle *rth); ++int rtnl_wilddump_request(struct rtnl_handle *rth, int fam, int type) + __attribute__((warn_unused_result)); +-extern int rtnl_wilddump_req_filter(struct rtnl_handle *rth, int fam, int type, ++int rtnl_wilddump_req_filter(struct rtnl_handle *rth, int fam, int type, + __u32 filt_mask) + __attribute__((warn_unused_result)); +-extern int rtnl_dump_request(struct rtnl_handle *rth, int type, void *req, ++int rtnl_dump_request(struct rtnl_handle *rth, int type, void *req, + int len) + __attribute__((warn_unused_result)); + +@@ -61,43 +61,47 @@ struct rtnl_dump_filter_arg + __u16 nc_flags; + }; + +-extern int rtnl_dump_filter_l(struct rtnl_handle *rth, ++int rtnl_dump_filter_l(struct rtnl_handle *rth, + const struct rtnl_dump_filter_arg *arg); + int rtnl_dump_filter_nc(struct rtnl_handle *rth, + rtnl_filter_t filter, + void *arg, __u16 nc_flags); + #define rtnl_dump_filter(rth, filter, arg) \ + rtnl_dump_filter_nc(rth, filter, arg, 0) +-extern int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, +- struct nlmsghdr *answer, size_t len) ++int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, ++ struct nlmsghdr *answer, size_t len) + __attribute__((warn_unused_result)); +-extern int rtnl_send(struct rtnl_handle *rth, const void *buf, int) ++int rtnl_send(struct rtnl_handle *rth, const void *buf, int) + __attribute__((warn_unused_result)); +-extern int rtnl_send_check(struct rtnl_handle *rth, const void *buf, int) ++int rtnl_send_check(struct rtnl_handle *rth, const void *buf, int) + __attribute__((warn_unused_result)); + +-extern int addattr(struct nlmsghdr *n, int maxlen, int type); +-extern int addattr8(struct nlmsghdr *n, int maxlen, int type, __u8 data); +-extern int addattr16(struct nlmsghdr *n, int maxlen, int type, __u16 data); +-extern int addattr32(struct nlmsghdr *n, int maxlen, int type, __u32 data); +-extern int addattr64(struct nlmsghdr *n, int maxlen, int type, __u64 data); +-extern int addattrstrz(struct nlmsghdr *n, int maxlen, int type, const char *data); +- +-extern int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, int alen); +-extern int addraw_l(struct nlmsghdr *n, int maxlen, const void *data, int len); +-extern struct rtattr *addattr_nest(struct nlmsghdr *n, int maxlen, int type); +-extern int addattr_nest_end(struct nlmsghdr *n, struct rtattr *nest); +-extern struct rtattr *addattr_nest_compat(struct nlmsghdr *n, int maxlen, int type, const void *data, int len); +-extern int addattr_nest_compat_end(struct nlmsghdr *n, struct rtattr *nest); +-extern int rta_addattr32(struct rtattr *rta, int maxlen, int type, __u32 data); +-extern int rta_addattr_l(struct rtattr *rta, int maxlen, int type, const void *data, int alen); +- +-extern int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int len); +-extern int parse_rtattr_flags(struct rtattr *tb[], int max, struct rtattr *rta, ++int addattr(struct nlmsghdr *n, int maxlen, int type); ++int addattr8(struct nlmsghdr *n, int maxlen, int type, __u8 data); ++int addattr16(struct nlmsghdr *n, int maxlen, int type, __u16 data); ++int addattr32(struct nlmsghdr *n, int maxlen, int type, __u32 data); ++int addattr64(struct nlmsghdr *n, int maxlen, int type, __u64 data); ++int addattrstrz(struct nlmsghdr *n, int maxlen, int type, const char *data); ++ ++int addattr_l(struct nlmsghdr *n, int maxlen, int type, ++ const void *data, int alen); ++int addraw_l(struct nlmsghdr *n, int maxlen, const void *data, int len); ++struct rtattr *addattr_nest(struct nlmsghdr *n, int maxlen, int type); ++int addattr_nest_end(struct nlmsghdr *n, struct rtattr *nest); ++struct rtattr *addattr_nest_compat(struct nlmsghdr *n, int maxlen, int type, ++ const void *data, int len); ++int addattr_nest_compat_end(struct nlmsghdr *n, struct rtattr *nest); ++int rta_addattr32(struct rtattr *rta, int maxlen, int type, __u32 data); ++int rta_addattr_l(struct rtattr *rta, int maxlen, int type, ++ const void *data, int alen); ++ ++int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int len); ++int parse_rtattr_flags(struct rtattr *tb[], int max, struct rtattr *rta, + int len, unsigned short flags); +-extern int parse_rtattr_byindex(struct rtattr *tb[], int max, struct rtattr *rta, int len); +-extern struct rtattr *parse_rtattr_one(int type, struct rtattr *rta, int len); +-extern int __parse_rtattr_nested_compat(struct rtattr *tb[], int max, struct rtattr *rta, int len); ++int parse_rtattr_byindex(struct rtattr *tb[], int max, ++ struct rtattr *rta, int len); ++struct rtattr *parse_rtattr_one(int type, struct rtattr *rta, int len); ++int __parse_rtattr_nested_compat(struct rtattr *tb[], int max, struct rtattr *rta, int len); + + #define parse_rtattr_nested(tb, max, rta) \ + (parse_rtattr((tb), (max), RTA_DATA(rta), RTA_PAYLOAD(rta))) +@@ -132,11 +136,11 @@ static inline const char *rta_getattr_str(const struct rtattr *rta) + return (const char *)RTA_DATA(rta); + } + +-extern int rtnl_listen_all_nsid(struct rtnl_handle *); +-extern int rtnl_listen(struct rtnl_handle *, rtnl_listen_filter_t handler, +- void *jarg); +-extern int rtnl_from_file(FILE *, rtnl_listen_filter_t handler, +- void *jarg); ++int rtnl_listen_all_nsid(struct rtnl_handle *); ++int rtnl_listen(struct rtnl_handle *, rtnl_listen_filter_t handler, ++ void *jarg); ++int rtnl_from_file(FILE *, rtnl_listen_filter_t handler, ++ void *jarg); + + #define NLMSG_TAIL(nmsg) \ + ((struct rtattr *) (((void *) (nmsg)) + NLMSG_ALIGN((nmsg)->nlmsg_len))) +diff --git a/include/ll_map.h b/include/ll_map.h +index b98a571..949bfc3 100644 +--- a/include/ll_map.h ++++ b/include/ll_map.h +@@ -1,15 +1,15 @@ + #ifndef __LL_MAP_H__ + #define __LL_MAP_H__ 1 + +-extern int ll_remember_index(const struct sockaddr_nl *who, +- struct nlmsghdr *n, void *arg); ++int ll_remember_index(const struct sockaddr_nl *who, ++ struct nlmsghdr *n, void *arg); + +-extern void ll_init_map(struct rtnl_handle *rth); +-extern unsigned ll_name_to_index(const char *name); +-extern const char *ll_index_to_name(unsigned idx); +-extern const char *ll_idx_n2a(unsigned idx, char *buf); +-extern int ll_index_to_type(unsigned idx); +-extern int ll_index_to_flags(unsigned idx); +-extern unsigned namehash(const char *str); ++void ll_init_map(struct rtnl_handle *rth); ++unsigned ll_name_to_index(const char *name); ++const char *ll_index_to_name(unsigned idx); ++const char *ll_idx_n2a(unsigned idx, char *buf); ++int ll_index_to_type(unsigned idx); ++int ll_index_to_flags(unsigned idx); ++unsigned namehash(const char *str); + + #endif /* __LL_MAP_H__ */ +diff --git a/include/namespace.h b/include/namespace.h +index 5add9d2..51324b2 100644 +--- a/include/namespace.h ++++ b/include/namespace.h +@@ -43,9 +43,9 @@ static inline int setns(int fd, int nstype) + } + #endif /* HAVE_SETNS */ + +-extern int netns_switch(char *netns); +-extern int netns_get_fd(const char *netns); +-extern int netns_foreach(int (*func)(char *nsname, void *arg), void *arg); ++int netns_switch(char *netns); ++int netns_get_fd(const char *netns); ++int netns_foreach(int (*func)(char *nsname, void *arg), void *arg); + + struct netns_func { + int (*func)(char *nsname, void *arg); +diff --git a/include/utils.h b/include/utils.h +index 2d1e390..a1f9eb3 100644 +--- a/include/utils.h ++++ b/include/utils.h +@@ -42,7 +42,7 @@ extern bool do_all; + #define SPRINT_BSIZE 64 + #define SPRINT_BUF(x) char x[SPRINT_BSIZE] + +-extern void incomplete_command(void) __attribute__((noreturn)); ++void incomplete_command(void) __attribute__((noreturn)); + + #define NEXT_ARG() do { argv++; if (--argc <= 0) incomplete_command(); } while(0) + #define NEXT_ARG_OK() (argc - 1 > 0) +@@ -77,27 +77,27 @@ struct ipx_addr { + u_int8_t ipx_node[IPX_NODE_LEN]; + }; + +-extern __u32 get_addr32(const char *name); +-extern int get_addr_1(inet_prefix *dst, const char *arg, int family); +-extern int get_prefix_1(inet_prefix *dst, char *arg, int family); +-extern int get_addr(inet_prefix *dst, const char *arg, int family); +-extern int get_prefix(inet_prefix *dst, char *arg, int family); +-extern int mask2bits(__u32 netmask); ++__u32 get_addr32(const char *name); ++int get_addr_1(inet_prefix *dst, const char *arg, int family); ++int get_prefix_1(inet_prefix *dst, char *arg, int family); ++int get_addr(inet_prefix *dst, const char *arg, int family); ++int get_prefix(inet_prefix *dst, char *arg, int family); ++int mask2bits(__u32 netmask); + + int get_hex(char c); +-extern int get_integer(int *val, const char *arg, int base); +-extern int get_unsigned(unsigned *val, const char *arg, int base); +-extern int get_time_rtt(unsigned *val, const char *arg, int *raw); ++int get_integer(int *val, const char *arg, int base); ++int get_unsigned(unsigned *val, const char *arg, int base); ++int get_time_rtt(unsigned *val, const char *arg, int *raw); + #define get_byte get_u8 + #define get_ushort get_u16 + #define get_short get_s16 +-extern int get_u64(__u64 *val, const char *arg, int base); +-extern int get_u32(__u32 *val, const char *arg, int base); +-extern int get_s32(__s32 *val, const char *arg, int base); +-extern int get_u16(__u16 *val, const char *arg, int base); +-extern int get_s16(__s16 *val, const char *arg, int base); +-extern int get_u8(__u8 *val, const char *arg, int base); +-extern int get_s8(__s8 *val, const char *arg, int base); ++int get_u64(__u64 *val, const char *arg, int base); ++int get_u32(__u32 *val, const char *arg, int base); ++int get_s32(__s32 *val, const char *arg, int base); ++int get_u16(__u16 *val, const char *arg, int base); ++int get_s16(__s16 *val, const char *arg, int base); ++int get_u8(__u8 *val, const char *arg, int base); ++int get_s8(__s8 *val, const char *arg, int base); + int get_be64(__be64 *val, const char *arg, int base); + int get_be32(__be32 *val, const char *arg, int base); + int get_be16(__be16 *val, const char *arg, int base); +@@ -105,20 +105,20 @@ int get_be16(__be16 *val, const char *arg, int base); + char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen); + __u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len); + +-extern const char *format_host(int af, int len, const void *addr, ++const char *format_host(int af, int len, const void *addr, + char *buf, int buflen); +-extern const char *rt_addr_n2a(int af, int len, const void *addr, ++const char *rt_addr_n2a(int af, int len, const void *addr, + char *buf, int buflen); + +-extern int read_family(const char *name); +-extern const char *family_name(int family); ++int read_family(const char *name); ++const char *family_name(int family); + + void missarg(const char *) __attribute__((noreturn)); + void invarg(const char *, const char *) __attribute__((noreturn)); + void duparg(const char *, const char *) __attribute__((noreturn)); + void duparg2(const char *, const char *) __attribute__((noreturn)); + int matches(const char *arg, const char *pattern); +-extern int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits); ++int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits); + + const char *dnet_ntop(int af, const void *addr, char *str, size_t len); + int dnet_pton(int af, const char *src, void *addr); +@@ -127,7 +127,7 @@ const char *ipx_ntop(int af, const void *addr, char *str, size_t len); + int ipx_pton(int af, const char *src, void *addr); + + extern int __iproute2_hz_internal; +-extern int __get_hz(void); ++__get_hz(void); + + static __inline__ int get_hz(void) + { +@@ -137,7 +137,7 @@ static __inline__ int get_hz(void) + } + + extern int __iproute2_user_hz_internal; +-extern int __get_user_hz(void); ++int __get_user_hz(void); + + static __inline__ int get_user_hz(void) + { +@@ -164,16 +164,16 @@ int print_timestamp(FILE *fp); + #define ntohll(x) ((1==ntohl(1)) ? (x) : ((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32)) + + extern int cmdlineno; +-extern ssize_t getcmdline(char **line, size_t *len, FILE *in); +-extern int makeargs(char *line, char *argv[], int maxargs); +-extern int inet_get_addr(const char *src, __u32 *dst, struct in6_addr *dst6); ++ssize_t getcmdline(char **line, size_t *len, FILE *in); ++int makeargs(char *line, char *argv[], int maxargs); ++int inet_get_addr(const char *src, __u32 *dst, struct in6_addr *dst6); + + struct iplink_req; + int iplink_parse(int argc, char **argv, struct iplink_req *req, + char **name, char **type, char **link, char **dev, + int *group); + +-extern int do_each_netns(int (*func)(char *nsname, void *arg), void *arg, ++int do_each_netns(int (*func)(char *nsname, void *arg), void *arg, + bool show_label); + + char *int_to_str(int val, char *buf); +-- +1.8.3.1 + diff --git a/SOURCES/0008-bridge-drop-man-page-fragment.patch b/SOURCES/0008-bridge-drop-man-page-fragment.patch deleted file mode 100644 index 8a3952b..0000000 --- a/SOURCES/0008-bridge-drop-man-page-fragment.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 54c907ac41637ccf40c1997b20066129230331d8 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 12:37:52 +0100 -Subject: [PATCH] bridge: drop man page fragment - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1075692 -Upstream Status: iproute2.git commit efb169717e4e6 - -commit efb169717e4e6e4eaebbb65da29b64e076942759 -Author: Stephen Hemminger -Date: Tue Jul 28 16:50:19 2015 -0700 - - bridge: drop man page fragment - - Left over copy/paste from ip monitor man page. ---- - man/man8/bridge.8 | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 -index 519640e..7f67867 100644 ---- a/man/man8/bridge.8 -+++ b/man/man8/bridge.8 -@@ -505,8 +505,7 @@ described in previous sections. - .P - If a file name is given, it does not listen on RTNETLINK, - but opens the file containing RTNETLINK messages saved in binary format --and dumps them. Such a history file can be generated with the -- -+and dumps them. - - .SH NOTES - This command uses facilities added in Linux 3.0. --- -1.8.3.1 - diff --git a/SOURCES/0008-utils-add-missing-return-value.patch b/SOURCES/0008-utils-add-missing-return-value.patch new file mode 100644 index 0000000..42e231a --- /dev/null +++ b/SOURCES/0008-utils-add-missing-return-value.patch @@ -0,0 +1,37 @@ +From d3fb2ca3d65e566e11c6016f7832dd5f251a7715 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 1 Feb 2017 14:20:10 +0100 +Subject: [PATCH] utils: add missing return value + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1329730 +Upstream Status: iproute2.git commit e3c27c2db68d2 + +commit e3c27c2db68d2dc0e9816fd70d80fda7f9aea2ec +Author: Zhang Shengju +Date: Fri Aug 14 01:36:20 2015 +0000 + + utils: add missing return value + + Add missing return value to fix warnings + + Signed-off-by: Zhang Shengju +--- + include/utils.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/utils.h b/include/utils.h +index a1f9eb3..6634f66 100644 +--- a/include/utils.h ++++ b/include/utils.h +@@ -127,7 +127,7 @@ const char *ipx_ntop(int af, const void *addr, char *str, size_t len); + int ipx_pton(int af, const char *src, void *addr); + + extern int __iproute2_hz_internal; +-__get_hz(void); ++int __get_hz(void); + + static __inline__ int get_hz(void) + { +-- +1.8.3.1 + diff --git a/SOURCES/0009-bridge-fdb-add-use-option-to-set-NTF_USE-flag-in-fdb.patch b/SOURCES/0009-bridge-fdb-add-use-option-to-set-NTF_USE-flag-in-fdb.patch deleted file mode 100644 index aab205b..0000000 --- a/SOURCES/0009-bridge-fdb-add-use-option-to-set-NTF_USE-flag-in-fdb.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 56fcd25048b851772694f870b7eeb78ea5e147a7 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 12:38:18 +0100 -Subject: [PATCH] bridge fdb: add 'use' option to set NTF_USE flag in fdb add - requests - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1075692 -Upstream Status: iproute2.git commit cd8df30b7c64d - -commit cd8df30b7c64da0cf0e3653490a9545f77b59e85 -Author: Roopa Prabhu -Date: Thu Jul 30 14:37:02 2015 -0700 - - bridge fdb: add 'use' option to set NTF_USE flag in fdb add requests - - This is similar to command options corresponding to other NTF_* flags - already exposed to the user space (examples self/master). - - Also updates bridge man page (The man page patch also includes - a fix to the 'self' entry and documents 'master' for fdb entries) - - Signed-off-by: Roopa Prabhu - Reviewed-by: Nikolay Aleksandrov ---- - bridge/fdb.c | 7 +++++-- - man/man8/bridge.8 | 15 ++++++++++++--- - 2 files changed, 17 insertions(+), 5 deletions(-) - -diff --git a/bridge/fdb.c b/bridge/fdb.c -index 615541e..513b3f9 100644 ---- a/bridge/fdb.c -+++ b/bridge/fdb.c -@@ -30,8 +30,9 @@ int filter_index; - - static void usage(void) - { -- fprintf(stderr, "Usage: bridge fdb { add | append | del | replace } ADDR dev DEV {self|master} [ temp ]\n" -- " [router] [ dst IPADDR] [ vlan VID ]\n" -+ fprintf(stderr, "Usage: bridge fdb { add | append | del | replace ADDR dev DEV\n" -+ " [ self ] [ master ] [ use ] [ router ]\n" -+ " [ local | temp ] [ dst IPADDR ] [ vlan VID ]\n" - " [ port PORT] [ vni VNI ] [via DEV]\n"); - fprintf(stderr, " bridge fdb {show} [ dev DEV ]\n"); - exit(-1); -@@ -269,6 +270,8 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) - duparg2("vlan", *argv); - NEXT_ARG(); - vid = atoi(*argv); -+ } else if (matches(*argv, "use") == 0) { -+ req.ndm.ndm_flags |= NTF_USE; - } else { - if (strcmp(*argv, "to") == 0) { - NEXT_ARG(); -diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 -index 7f67867..68a86e5 100644 ---- a/man/man8/bridge.8 -+++ b/man/man8/bridge.8 -@@ -49,8 +49,8 @@ bridge \- show / manipulate bridge addresses and devices - .I LLADDR - .B dev - .IR DEV " { " --.BR local " | " temp " } { " --.BR self " } { " router " } [ " -+.BR local " | " temp " } [ " -+.BR self " ] [ " master " ] [ " router " ] [ " use " ] [ " - .B dst - .IR IPADDR " ] [ " - .B vni -@@ -293,7 +293,11 @@ the Ethernet MAC address. - the interface to which this address is associated. - - .B self --- the address is associated with a software fdb (default) -+- the address is associated with the port drivers fdb. Usually hardware. -+.sp -+ -+.B master -+- the address is associated with master devices fdb. Usually software (default). - .sp - - .B router -@@ -302,6 +306,11 @@ Valid if the referenced device is a VXLAN type device and has - route shortcircuit enabled. - .sp - -+.B use -+- the address is in use. User space can use this option to -+indicate to the kernel that the fdb entry is in use. -+.sp -+ - .in -8 - The next command line parameters apply only - when the specified device --- -1.8.3.1 - diff --git a/SOURCES/0009-libnetlink-introduce-rta_nest-and-u8-u16-u64-helpers.patch b/SOURCES/0009-libnetlink-introduce-rta_nest-and-u8-u16-u64-helpers.patch new file mode 100644 index 0000000..2e1fe54 --- /dev/null +++ b/SOURCES/0009-libnetlink-introduce-rta_nest-and-u8-u16-u64-helpers.patch @@ -0,0 +1,102 @@ +From ff021313a4175ec85193c25551698e58e85e86e0 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 1 Feb 2017 14:20:11 +0100 +Subject: [PATCH] libnetlink: introduce rta_nest and u8, u16, u64 helpers for + nesting within rtattr + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1329730 +Upstream Status: iproute2.git commit 303cc9cbeed6c + +commit 303cc9cbeed6cfb9f08a4073f07cb466cc8098e8 +Author: Roopa Prabhu +Date: Thu Oct 15 13:13:38 2015 +0200 + + libnetlink: introduce rta_nest and u8, u16, u64 helpers for nesting within rtattr + + This patch introduces two new api's rta_nest and rta_nest_end to + nest attributes inside a rta attribute represented by 'struct rtattr' + as required to construct a nexthop. Also adds rta_addattr* variants + for u8, u16 and u64 as needed to support encapsulation. + + Signed-off-by: Roopa Prabhu + Signed-off-by: Thomas Graf + Acked-by: Jiri Benc +--- + include/libnetlink.h | 10 ++++++++++ + lib/libnetlink.c | 31 +++++++++++++++++++++++++++++++ + 2 files changed, 41 insertions(+) + +diff --git a/include/libnetlink.h b/include/libnetlink.h +index 40fa6ff..7ea3f4a 100644 +--- a/include/libnetlink.h ++++ b/include/libnetlink.h +@@ -91,7 +91,10 @@ int addattr_nest_end(struct nlmsghdr *n, struct rtattr *nest); + struct rtattr *addattr_nest_compat(struct nlmsghdr *n, int maxlen, int type, + const void *data, int len); + int addattr_nest_compat_end(struct nlmsghdr *n, struct rtattr *nest); ++int rta_addattr8(struct rtattr *rta, int maxlen, int type, __u8 data); ++int rta_addattr16(struct rtattr *rta, int maxlen, int type, __u16 data); + int rta_addattr32(struct rtattr *rta, int maxlen, int type, __u32 data); ++int rta_addattr64(struct rtattr *rta, int maxlen, int type, __u64 data); + int rta_addattr_l(struct rtattr *rta, int maxlen, int type, + const void *data, int alen); + +@@ -103,6 +106,13 @@ int parse_rtattr_byindex(struct rtattr *tb[], int max, + struct rtattr *parse_rtattr_one(int type, struct rtattr *rta, int len); + int __parse_rtattr_nested_compat(struct rtattr *tb[], int max, struct rtattr *rta, int len); + ++struct rtattr *rta_nest(struct rtattr *rta, int maxlen, int type); ++int rta_nest_end(struct rtattr *rta, struct rtattr *nest); ++ ++#define RTA_TAIL(rta) \ ++ ((struct rtattr *) (((void *) (rta)) + \ ++ RTA_ALIGN((rta)->rta_len))) ++ + #define parse_rtattr_nested(tb, max, rta) \ + (parse_rtattr((tb), (max), RTA_DATA(rta), RTA_PAYLOAD(rta))) + +diff --git a/lib/libnetlink.c b/lib/libnetlink.c +index 96bde59..9e653cc 100644 +--- a/lib/libnetlink.c ++++ b/lib/libnetlink.c +@@ -723,6 +723,37 @@ int rta_addattr_l(struct rtattr *rta, int maxlen, int type, + return 0; + } + ++int rta_addattr8(struct rtattr *rta, int maxlen, int type, __u8 data) ++{ ++ return rta_addattr_l(rta, maxlen, type, &data, sizeof(__u8)); ++} ++ ++int rta_addattr16(struct rtattr *rta, int maxlen, int type, __u16 data) ++{ ++ return rta_addattr_l(rta, maxlen, type, &data, sizeof(__u16)); ++} ++ ++int rta_addattr64(struct rtattr *rta, int maxlen, int type, __u64 data) ++{ ++ return rta_addattr_l(rta, maxlen, type, &data, sizeof(__u64)); ++} ++ ++struct rtattr *rta_nest(struct rtattr *rta, int maxlen, int type) ++{ ++ struct rtattr *nest = RTA_TAIL(rta); ++ ++ rta_addattr_l(rta, maxlen, type, NULL, 0); ++ ++ return nest; ++} ++ ++int rta_nest_end(struct rtattr *rta, struct rtattr *nest) ++{ ++ nest->rta_len = (void *)RTA_TAIL(rta) - (void *)nest; ++ ++ return rta->rta_len; ++} ++ + int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int len) + { + return parse_rtattr_flags(tb, max, rta, len, 0); +-- +1.8.3.1 + diff --git a/SOURCES/0010-ip-allow-ip-address-show-to-list-addresses-with-cert.patch b/SOURCES/0010-ip-allow-ip-address-show-to-list-addresses-with-cert.patch deleted file mode 100644 index b399c98..0000000 --- a/SOURCES/0010-ip-allow-ip-address-show-to-list-addresses-with-cert.patch +++ /dev/null @@ -1,70 +0,0 @@ -From beadd143d5adde6e482bb088255f9bba7a8d850a Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:21:45 +0100 -Subject: [PATCH] ip: allow ip address show to list addresses with certain - flags not being set - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1231898 -Upstream Status: iproute2.git commit b5f39b2588a6b - -commit b5f39b2588a6b0312f11ac6d0fab9391b105b83c -Author: Heiner Kallweit -Date: Mon Dec 22 20:18:43 2014 +0100 - - ip: allow ip address show to list addresses with certain flags not being set - - Sometimes it's needed to have "ip address show" list only addresses - with certain flags not being set, e.g. in network scripts. - As an example one might want to exclude addresses in "tentative" - or "deprecated" state. - - Support listing addresses with flags tentative, deprecated, dadfailed - not being set by prefixing the respective flag with a minus. - - Signed-off-by: Heiner Kallweit ---- - ip/ipaddress.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 197f5ae..1e0728c 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -80,7 +80,7 @@ static void usage(void) - fprintf(stderr, "SCOPE-ID := [ host | link | global | NUMBER ]\n"); - fprintf(stderr, "FLAG-LIST := [ FLAG-LIST ] FLAG\n"); - fprintf(stderr, "FLAG := [ permanent | dynamic | secondary | primary |\n"); -- fprintf(stderr, " tentative | deprecated | dadfailed | temporary |\n"); -+ fprintf(stderr, " [-]tentative | [-]deprecated | [-]dadfailed | temporary |\n"); - fprintf(stderr, " CONFFLAG-LIST ]\n"); - fprintf(stderr, "CONFFLAG-LIST := [ CONFFLAG-LIST ] CONFFLAG\n"); - fprintf(stderr, "CONFFLAG := [ home | nodad | mngtmpaddr | noprefixroute ]\n"); -@@ -1233,9 +1233,15 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) - } else if (strcmp(*argv, "tentative") == 0) { - filter.flags |= IFA_F_TENTATIVE; - filter.flagmask |= IFA_F_TENTATIVE; -+ } else if (strcmp(*argv, "-tentative") == 0) { -+ filter.flags &= ~IFA_F_TENTATIVE; -+ filter.flagmask |= IFA_F_TENTATIVE; - } else if (strcmp(*argv, "deprecated") == 0) { - filter.flags |= IFA_F_DEPRECATED; - filter.flagmask |= IFA_F_DEPRECATED; -+ } else if (strcmp(*argv, "-deprecated") == 0) { -+ filter.flags &= ~IFA_F_DEPRECATED; -+ filter.flagmask |= IFA_F_DEPRECATED; - } else if (strcmp(*argv, "home") == 0) { - filter.flags |= IFA_F_HOMEADDRESS; - filter.flagmask |= IFA_F_HOMEADDRESS; -@@ -1251,6 +1257,9 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) - } else if (strcmp(*argv, "dadfailed") == 0) { - filter.flags |= IFA_F_DADFAILED; - filter.flagmask |= IFA_F_DADFAILED; -+ } else if (strcmp(*argv, "-dadfailed") == 0) { -+ filter.flags &= ~IFA_F_DADFAILED; -+ filter.flagmask |= IFA_F_DADFAILED; - } else if (strcmp(*argv, "label") == 0) { - NEXT_ARG(); - filter.label = *argv; --- -1.8.3.1 - diff --git a/SOURCES/0011-ip-extend-ip-address-man-page-to-reflect-the-recent-.patch b/SOURCES/0011-ip-extend-ip-address-man-page-to-reflect-the-recent-.patch deleted file mode 100644 index 0e24507..0000000 --- a/SOURCES/0011-ip-extend-ip-address-man-page-to-reflect-the-recent-.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 93d677d83f7c0b6152746ecd03b7a0619c75fabd Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:21:45 +0100 -Subject: [PATCH] ip: extend "ip-address" man page to reflect the recent flag - extensions - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1231898 -Upstream Status: iproute2.git commit 18c8bbe3dbe11 - -commit 18c8bbe3dbe118ccf4c8da4c9b2e4fc52f7a8aaf -Author: Heiner Kallweit -Date: Wed Dec 24 23:11:50 2014 +0100 - - ip: extend "ip-address" man page to reflect the recent flag extensions - - Extend "ip-address" man page to reflect the recent extension of - allowing to list addresses with flags tentative, deprecated, dadfailed - not being set. - - Signed-off-by: Heiner Kallweit ---- - man/man8/ip-address.8.in | 19 +++++++++++++++++-- - 1 file changed, 17 insertions(+), 2 deletions(-) - -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index c6f25ea..6e46af8 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -50,8 +50,9 @@ ip-address \- protocol address management - - .ti -8 - .IR FLAG " := " --.RB "[ " permanent " | " dynamic " | " secondary " | " primary " | "\ --tentative " | " deprecated " | " dadfailed " | " temporary " ]" -+.RB "[ " permanent " | " dynamic " | " secondary " | " primary " | \ -+[ - ] " tentative " | [ - ] " deprecated " | [ - ] " dadfailed " | "\ -+temporary " ]" - - .SH "DESCRIPTION" - The -@@ -178,15 +179,29 @@ addresses. - address detection. - - .TP -+.B -tentative -+(IPv6 only) only list addresses which are not in the process of -+duplicate address detection currently. -+ -+.TP - .B deprecated - (IPv6 only) only list deprecated addresses. - - .TP -+.B -deprecated -+(IPv6 only) only list addresses not being deprecated. -+ -+.TP - .B dadfailed - (IPv6 only) only list addresses which have failed duplicate - address detection. - - .TP -+.B -dadfailed -+(IPv6 only) only list addresses which have not failed duplicate -+address detection. -+ -+.TP - .B temporary - (IPv6 only) only list temporary addresses. - --- -1.8.3.1 - diff --git a/SOURCES/0012-ip-address-fix-and-extend-documentation.patch b/SOURCES/0012-ip-address-fix-and-extend-documentation.patch deleted file mode 100644 index 5cb63dd..0000000 --- a/SOURCES/0012-ip-address-fix-and-extend-documentation.patch +++ /dev/null @@ -1,296 +0,0 @@ -From de15ee438be780578c0dec2ece6f96cd511b43e5 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:21:45 +0100 -Subject: [PATCH] ip-address: fix and extend documentation -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1231898 -Upstream Status: iproute2.git commit 4e972d5ef41b2 - -commit 4e972d5ef41b28679a8125ed5289496284a9157f -Author: Pavel Šimerda -Date: Wed Aug 12 22:04:08 2015 +0200 - - ip-address: fix and extend documentation - - * Improve manual page synopsis and built-it help - * Use full subcommand names (e.g. 'address' and 'maddress') - * Specify when IPv4, IPv6 or both are affected - * Add lifetimes, home and nodad - * Remove any remaining excess spaces - - Commit 43d29f7 substantially improves generated ip-address.8 instead of - ip-address.8.in and commit e419f2d removes the generated one losing the - improvements entirely. This commit recovers the lost changes, adapts - them to the current manual page and adds more man page and help - improvements. - - Original commit by: Kenyon Ralph ---- - ip/ipaddress.c | 16 +++---- - man/man8/ip-address.8.in | 117 +++++++++++++++++++++++++++++++++++++---------- - 2 files changed, 100 insertions(+), 33 deletions(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 1e0728c..e4da5b1 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -68,15 +68,15 @@ static void usage(void) - if (do_link) { - iplink_usage(); - } -- fprintf(stderr, "Usage: ip addr {add|change|replace} IFADDR dev STRING [ LIFETIME ]\n"); -+ fprintf(stderr, "Usage: ip address {add|change|replace} IFADDR dev IFNAME [ LIFETIME ]\n"); - fprintf(stderr, " [ CONFFLAG-LIST ]\n"); -- fprintf(stderr, " ip addr del IFADDR dev STRING [mngtmpaddr]\n"); -- fprintf(stderr, " ip addr {show|save|flush} [ dev STRING ] [ scope SCOPE-ID ]\n"); -- fprintf(stderr, " [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ] [up]\n"); -- fprintf(stderr, " ip addr {showdump|restore}\n"); -+ fprintf(stderr, " ip address del IFADDR dev IFNAME [mngtmpaddr]\n"); -+ fprintf(stderr, " ip address {show|save|flush} [ dev IFNAME ] [ scope SCOPE-ID ]\n"); -+ fprintf(stderr, " [ to PREFIX ] [ FLAG-LIST ] [ label LABEL ] [up]\n"); -+ fprintf(stderr, " ip address {showdump|restore}\n"); - fprintf(stderr, "IFADDR := PREFIX | ADDR peer PREFIX\n"); - fprintf(stderr, " [ broadcast ADDR ] [ anycast ADDR ]\n"); -- fprintf(stderr, " [ label STRING ] [ scope SCOPE-ID ]\n"); -+ fprintf(stderr, " [ label IFNAME ] [ scope SCOPE-ID ]\n"); - fprintf(stderr, "SCOPE-ID := [ host | link | global | NUMBER ]\n"); - fprintf(stderr, "FLAG-LIST := [ FLAG-LIST ] FLAG\n"); - fprintf(stderr, "FLAG := [ permanent | dynamic | secondary | primary |\n"); -@@ -968,7 +968,7 @@ static int ipadd_dump_check_magic(void) - __u32 magic = 0; - - if (isatty(STDIN_FILENO)) { -- fprintf(stderr, "Can't restore addr dump from a terminal\n"); -+ fprintf(stderr, "Can't restore address dump from a terminal\n"); - return -1; - } - -@@ -1606,6 +1606,6 @@ int do_ipaddr(int argc, char **argv) - return ipaddr_restore(); - if (matches(*argv, "help") == 0) - usage(); -- fprintf(stderr, "Command \"%s\" is unknown, try \"ip addr help\".\n", *argv); -+ fprintf(stderr, "Command \"%s\" is unknown, try \"ip address help\".\n", *argv); - exit(-1); - } -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index 6e46af8..2ea3e67 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -14,18 +14,26 @@ ip-address \- protocol address management - .sp - - .ti -8 --.BR "ip address" " { " add " | " del " } " --.IB IFADDR " dev " STRING -+.BR "ip address" " { " add " | " change " | " replace " } " -+.IB IFADDR " dev " IFNAME -+.RI "[ " LIFETIME " ] [ " CONFFLAG-LIST " ]" - - .ti -8 --.BR "ip address" " { " show " | " flush " } [ " dev --.IR STRING " ] [ " -+.BR "ip address del" -+.IB IFADDR " dev " IFNAME " [ " mngtmpaddr " ]" -+ -+.ti -8 -+.BR "ip address" " { " show " | " save " | " flush " } [ " dev -+.IR IFNAME " ] [ " - .B scope - .IR SCOPE-ID " ] [ " - .B to - .IR PREFIX " ] [ " FLAG-LIST " ] [ " - .B label --.IR PATTERN " ]" -+.IR PATTERN " ] [ " up " ]" -+ -+.ti -8 -+.BR "ip address" " { " showdump " | " restore " }" - - .ti -8 - .IR IFADDR " := " PREFIX " | " ADDR -@@ -36,7 +44,7 @@ ip-address \- protocol address management - .B anycast - .IR ADDR " ] [ " - .B label --.IR STRING " ] [ " -+.IR LABEL " ] [ " - .B scope - .IR SCOPE-ID " ]" - -@@ -52,15 +60,33 @@ ip-address \- protocol address management - .IR FLAG " := " - .RB "[ " permanent " | " dynamic " | " secondary " | " primary " | \ - [ - ] " tentative " | [ - ] " deprecated " | [ - ] " dadfailed " | "\ --temporary " ]" -+temporary " ] " CONFFLAG-LIST " ]" -+ -+.ti -8 -+.IR CONFFLAG-LIST " := [ " CONFFLAG-LIST " ] " CONFFLAG -+ -+.ti -8 -+.IR CONFFLAG " := " -+.RB "[ " home " | " nodad " ]" -+ -+.ti -8 -+.IR LIFETIME " := [ " -+.BI valid_lft " LFT" -+.RB "| " preferred_lft -+.IR LFT " ]" -+ -+.ti -8 -+.IR LFT " := [ " -+.BR forever " |" -+.IR SECONDS " ]" - - .SH "DESCRIPTION" - The - .B address --is a protocol (IP or IPv6) address attached --to a network device. Each device must have at least one address --to use the corresponding protocol. It is possible to have several --different addresses attached to one device. These addresses are not -+is a protocol (IPv4 or IPv6) address attached -+to a network device. Each device must have at least one address -+to use the corresponding protocol. It is possible to have several -+different addresses attached to one device. These addresses are not - discriminated, so that the term - .B alias - is not quite appropriate for them and we do not use it in this document. -@@ -73,7 +99,7 @@ and deletes old ones. - .SS ip address add - add new protocol address. - - .TP --.BI dev " NAME" -+.BI dev " IFNAME " - the name of the device to add the address to. - - .TP -@@ -107,7 +133,7 @@ instead of the broadcast address. In this case, the broadcast address - is derived by setting/resetting the host bits of the interface prefix. - - .TP --.BI label " NAME" -+.BI label " LABEL" - Each address may be tagged with a label string. - In order to preserve compatibility with Linux-2.0 net aliases, - this string must coincide with the name of the device or must be prefixed -@@ -125,7 +151,7 @@ Predefined scope values are: - - the address is globally valid. - .sp - .B site --- (IPv6 only) the address is site local, i.e. it is -+- (IPv6 only, deprecated) the address is site local, i.e. it is - valid inside this site. - .sp - .B link -@@ -135,6 +161,30 @@ valid inside this site. - - the address is valid only inside this host. - .in -8 - -+.TP -+.BI valid_lft " LFT" -+the valid lifetime of this address; see section 5.5.4 of -+RFC 4862. When it expires, the address is removed by the kernel. -+Defaults to -+.BR "forever" . -+ -+.TP -+.BI preferred_lft " LFT" -+the preferred lifetime of this address; see section 5.5.4 -+of RFC 4862. When it expires, the address is no longer used for new -+outgoing connections. Defaults to -+.BR "forever" . -+ -+.TP -+.B home -+(IPv6 only) designates this address the "home address" as defined in -+RFC 6275. -+ -+.TP -+.B nodad -+(IPv6 only) do not perform Duplicate Address Detection (RFC 4862) when -+adding this address. -+ - .SS ip address delete - delete protocol address - .B Arguments: - coincide with the arguments of -@@ -145,7 +195,7 @@ If no arguments are given, the first address is deleted. - .SS ip address show - look at protocol addresses - - .TP --.BI dev " NAME " (default) -+.BI dev " IFNAME " (default) - name of device. - - .TP -@@ -219,36 +269,53 @@ The difference is that it does not run when no arguments are given. - - .PP - .B Warning: --This command (and other -+This command and other - .B flush --commands described below) is pretty dangerous. If you make a mistake, --it will not forgive it, but will cruelly purge all the addresses. -+commands are unforgiving. They will cruelly purge all the addresses. - - .PP - With the - .B -statistics - option, the command becomes verbose. It prints out the number of deleted --addresses and the number of rounds made to flush the address list. If --this option is given twice, -+addresses and the number of rounds made to flush the address list. -+If this option is given twice, - .B ip address flush - also dumps all the deleted addresses in the format described in the - previous subsection. - - .SH "EXAMPLES" - .PP -+ip address show -+.RS 4 -+Shows IPv4 and IPv6 addresses assigned to all network interfaces. The 'show' -+subcommand can be omitted. -+.RE -+.PP -+ip address show up -+.RS 4 -+Same as above except that only addresses assigned to active network interfaces -+are shown. -+.RE -+.PP - ip address show dev eth0 - .RS 4 --Shows the addresses assigned to network interface eth0 -+Shows IPv4 and IPv6 addresses assigned to network interface eth0. -+.RE -+.PP -+ip address add 2001:0db8:85a3::0370:7334/64 dev eth1 -+.RS 4 -+Adds an IPv6 address to network interface eth1. - .RE - .PP --ip addr add 2001:0db8:85a3::0370:7334/64 dev eth1 -+ip address delete 2001:0db8:85a3::0370:7334/64 dev eth1 - .RS 4 --Adds an IPv6 address to network interface eth1 -+Delete the IPv6 address added above. - .RE - .PP --ip addr flush dev eth4 -+ip address flush dev eth4 scope global - .RS 4 --Removes all addresses from device eth4 -+Removes all global IPv4 and IPv6 addresses from device eth4. Without 'scope -+global' it would remove all addresses including IPv6 link-local ones. - .RE - - .SH SEE ALSO --- -1.8.3.1 - diff --git a/SOURCES/0013-ip-address.8.in-fix-BNF-syntax-error.patch b/SOURCES/0013-ip-address.8.in-fix-BNF-syntax-error.patch deleted file mode 100644 index e3ea03b..0000000 --- a/SOURCES/0013-ip-address.8.in-fix-BNF-syntax-error.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 5461dd2bc08dc1036b655c8aa9f8acf306b092fd Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:21:59 +0100 -Subject: [PATCH] ip-address.8.in: fix BNF syntax error - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1231898 -Upstream Status: iproute2.git commit 715296b85a0ec - -commit 715296b85a0ecece7cdc60d42b026d66ac21a55e -Author: Phil Sutter -Date: Tue Aug 18 18:11:12 2015 +0200 - - ip-address.8.in: fix BNF syntax error - - The previous man page fixup introduced a syntax error due to missing - opening bracket, which might crash some humanoid BNF parsers. - - Fixes: 4e972d5 ("ip-address: fix and extend documentation") - Signed-off-by: Phil Sutter ---- - man/man8/ip-address.8.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index 2ea3e67..f1efc43 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -60,7 +60,7 @@ ip-address \- protocol address management - .IR FLAG " := " - .RB "[ " permanent " | " dynamic " | " secondary " | " primary " | \ - [ - ] " tentative " | [ - ] " deprecated " | [ - ] " dadfailed " | "\ --temporary " ] " CONFFLAG-LIST " ]" -+temporary " ] [ " CONFFLAG-LIST " ]" - - .ti -8 - .IR CONFFLAG-LIST " := [ " CONFFLAG-LIST " ] " CONFFLAG --- -1.8.3.1 - diff --git a/SOURCES/0014-man-ip-address-align-synopsis-with-help-output.patch b/SOURCES/0014-man-ip-address-align-synopsis-with-help-output.patch deleted file mode 100644 index 2e95e3f..0000000 --- a/SOURCES/0014-man-ip-address-align-synopsis-with-help-output.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 8447b36e09fd2b4a420892267c91993e77299f4b Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:21:59 +0100 -Subject: [PATCH] man: ip-address: align synopsis with help output - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1231898 -Upstream Status: iproute2.git commit 0b17394087a2c - -commit 0b17394087a2c1b5564353bd21eb59f468130553 -Author: Phil Sutter -Date: Fri Sep 18 20:17:00 2015 +0200 - - man: ip-address: align synopsis with help output - - When fixing the BNF syntax error, I overlooked that 'ip address help' - prints a more correct synopsis. This patch aligns them. - - Fixes: 715296b ("ip-address.8.in: fix BNF syntax error") - Signed-off-by: Phil Sutter ---- - man/man8/ip-address.8.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index f1efc43..43611b9 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -60,7 +60,7 @@ ip-address \- protocol address management - .IR FLAG " := " - .RB "[ " permanent " | " dynamic " | " secondary " | " primary " | \ - [ - ] " tentative " | [ - ] " deprecated " | [ - ] " dadfailed " | "\ --temporary " ] [ " CONFFLAG-LIST " ]" -+temporary " | " CONFFLAG-LIST " ]" - - .ti -8 - .IR CONFFLAG-LIST " := [ " CONFFLAG-LIST " ] " CONFFLAG --- -1.8.3.1 - diff --git a/SOURCES/0015-ip-route-Prevent-some-double-spaces-in-output.patch b/SOURCES/0015-ip-route-Prevent-some-double-spaces-in-output.patch new file mode 100644 index 0000000..456db19 --- /dev/null +++ b/SOURCES/0015-ip-route-Prevent-some-double-spaces-in-output.patch @@ -0,0 +1,77 @@ +From 7913342bac7907f849ee6af7abeba2e30a1c0c46 Mon Sep 17 00:00:00 2001 +From: Timothy Redaelli +Date: Fri, 10 Feb 2017 12:20:19 +0100 +Subject: [PATCH] ip-route: Prevent some double spaces in output + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1374446 +Upstream Status: iproute2.git commit 7cc7cb8 +Conflicts: Context changes due to missing commits + bc23430, 7faf1588 and 56f5daac + +commit 7cc7cb8a888bf50c4e118b6bce4c6926321d0689 +Author: Phil Sutter +Date: Tue Aug 23 11:52:45 2016 +0200 + + ip-route: Prevent some double spaces in output + + The code is a bit messy, as it starts with space after text and at some + point switches to space before text. But either way, printing space + before *and* after text almost certainly leads to printing more + whitespace than necessary. + + Signed-off-by: Phil Sutter + +Signed-off-by: Timothy Redaelli +--- + ip/iproute.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/ip/iproute.c b/ip/iproute.c +index bb18bbe..8a706ea 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -414,24 +414,24 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + if (!(r->rtm_flags&RTM_F_CLONED)) { + if (table != RT_TABLE_MAIN && !filter.tb) +- fprintf(fp, " table %s ", rtnl_rttable_n2a(table, b1, sizeof(b1))); ++ fprintf(fp, "table %s ", rtnl_rttable_n2a(table, b1, sizeof(b1))); + if (r->rtm_protocol != RTPROT_BOOT && filter.protocolmask != -1) +- fprintf(fp, " proto %s ", rtnl_rtprot_n2a(r->rtm_protocol, b1, sizeof(b1))); ++ fprintf(fp, "proto %s ", rtnl_rtprot_n2a(r->rtm_protocol, b1, sizeof(b1))); + if (r->rtm_scope != RT_SCOPE_UNIVERSE && filter.scopemask != -1) +- fprintf(fp, " scope %s ", rtnl_rtscope_n2a(r->rtm_scope, b1, sizeof(b1))); ++ fprintf(fp, "scope %s ", rtnl_rtscope_n2a(r->rtm_scope, b1, sizeof(b1))); + } + if (tb[RTA_PREFSRC] && filter.rprefsrc.bitlen != host_len) { + /* Do not use format_host(). It is our local addr + and symbolic name will not be useful. + */ +- fprintf(fp, " src %s ", ++ fprintf(fp, "src %s ", + rt_addr_n2a(r->rtm_family, + RTA_PAYLOAD(tb[RTA_PREFSRC]), + RTA_DATA(tb[RTA_PREFSRC]), + abuf, sizeof(abuf))); + } + if (tb[RTA_PRIORITY]) +- fprintf(fp, " metric %u ", rta_getattr_u32(tb[RTA_PRIORITY])); ++ fprintf(fp, "metric %u ", rta_getattr_u32(tb[RTA_PRIORITY])); + if (r->rtm_flags & RTNH_F_DEAD) + fprintf(fp, "dead "); + if (r->rtm_flags & RTNH_F_ONLINK) +@@ -444,9 +444,9 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + unsigned int mark = *(unsigned int*)RTA_DATA(tb[RTA_MARK]); + if (mark) { + if (mark >= 16) +- fprintf(fp, " mark 0x%x", mark); ++ fprintf(fp, "mark 0x%x", mark); + else +- fprintf(fp, " mark %u", mark); ++ fprintf(fp, "mark %u", mark); + } + } + +-- +1.8.3.1 + diff --git a/SOURCES/0015-man-ip-address-document-mngtmpaddr-and-noprefixroute.patch b/SOURCES/0015-man-ip-address-document-mngtmpaddr-and-noprefixroute.patch deleted file mode 100644 index 9e84ab8..0000000 --- a/SOURCES/0015-man-ip-address-document-mngtmpaddr-and-noprefixroute.patch +++ /dev/null @@ -1,62 +0,0 @@ -From f54df6d82b9ee4986d3746c8fe767b11d59a53eb Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:21:59 +0100 -Subject: [PATCH] man: ip-address: document mngtmpaddr and noprefixroute flags - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1231898 -Upstream Status: iproute2.git commit f7afa999520d3 - -commit f7afa999520d3f93114c296e37e4ccea84d2c6de -Author: Phil Sutter -Date: Fri Sep 18 20:17:03 2015 +0200 - - man: ip-address: document mngtmpaddr and noprefixroute flags - - Signed-off-by: Phil Sutter ---- - man/man8/ip-address.8.in | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index 43611b9..159d906 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -67,7 +67,7 @@ temporary " | " CONFFLAG-LIST " ]" - - .ti -8 - .IR CONFFLAG " := " --.RB "[ " home " | " nodad " ]" -+.RB "[ " home " | " mngtmpaddr " | " nodad " | " noprefixroute " ]" - - .ti -8 - .IR LIFETIME " := [ " -@@ -181,10 +181,26 @@ outgoing connections. Defaults to - RFC 6275. - - .TP -+.B mngtmpaddr -+(IPv6 only) make the kernel manage temporary addresses created from this one as -+template on behalf of Privacy Extensions (RFC3041). For this to become active, -+the \fBuse_tempaddr\fP sysctl setting has to be set to a value greater than -+zero. The given address needs to have a prefix length of 64. This flag allows -+to use privacy extensions in a manually configured network, just like if -+stateless auto-configuration was active. -+ -+.TP - .B nodad - (IPv6 only) do not perform Duplicate Address Detection (RFC 4862) when - adding this address. - -+.TP -+.B noprefixroute -+Do not automatically create a route for the network prefix of the added -+address, and don't search for one to delete when removing the address. Changing -+an address to add this flag will remove the automatically added prefix route, -+changing it to remove this flag will create the prefix route automatically. -+ - .SS ip address delete - delete protocol address - .B Arguments: - coincide with the arguments of --- -1.8.3.1 - diff --git a/SOURCES/0016-ipaddress-Simplify-vf_info-parsing.patch b/SOURCES/0016-ipaddress-Simplify-vf_info-parsing.patch new file mode 100644 index 0000000..21830d6 --- /dev/null +++ b/SOURCES/0016-ipaddress-Simplify-vf_info-parsing.patch @@ -0,0 +1,113 @@ +From 50d1b124825f1900937b5fc9a9075890bfd3c2c3 Mon Sep 17 00:00:00 2001 +From: Timothy Redaelli +Date: Thu, 9 Feb 2017 18:55:28 +0100 +Subject: [PATCH] ipaddress: Simplify vf_info parsing + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1264149 +Upstream Status: iproute2.git commit ff9463e +Conflicts: Context changes due to missing commit 56e9f0a + +commit ff9463e048a55d1262869ef6f6897c44c11fe094 +Author: Phil Sutter +Date: Tue Nov 8 22:29:11 2016 +0100 + + ipaddress: Simplify vf_info parsing + + Commit 7b8179c780a1a ("iproute2: Add new command to ip link to + enable/disable VF spoof check") tried to add support for + IFLA_VF_SPOOFCHK in a backwards-compatible manner, but aparently overdid + it: parse_rtattr_nested() handles missing attributes perfectly fine in + that it will leave the relevant field unassigned so calling code can + just compare against NULL. There is no need to layback from the previous + (IFLA_VF_TX_RATE) attribute to the next to check if IFLA_VF_SPOOFCHK is + present or not. To the contrary, it establishes a potentially incorrect + assumption of these two attributes directly following each other which + may not be the case (although up to now, kernel aligns them this way). + + This patch cleans up the code to adhere to the common way of checking + for attribute existence. It has been tested to return correct results + regardless of whether the kernel exports IFLA_VF_SPOOFCHK or not. + + Signed-off-by: Phil Sutter + Reviewed-by: Greg Rose + +Signed-off-by: Timothy Redaelli +--- + ip/ipaddress.c | 44 ++++++++++---------------------------------- + 1 file changed, 10 insertions(+), 34 deletions(-) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index 62a25bc..c8ec779 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -291,10 +291,7 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) + struct ifla_vf_mac *vf_mac; + struct ifla_vf_vlan *vf_vlan; + struct ifla_vf_tx_rate *vf_tx_rate; +- struct ifla_vf_spoofchk *vf_spoofchk; +- struct ifla_vf_link_state *vf_linkstate; + struct rtattr *vf[IFLA_VF_MAX + 1] = {}; +- struct rtattr *tmp; + SPRINT_BUF(b1); + + if (vfinfo->rta_type != IFLA_VF_INFO) { +@@ -308,31 +305,6 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) + vf_vlan = RTA_DATA(vf[IFLA_VF_VLAN]); + vf_tx_rate = RTA_DATA(vf[IFLA_VF_TX_RATE]); + +- /* Check if the spoof checking vf info type is supported by +- * this kernel. +- */ +- tmp = (struct rtattr *)((char *)vf[IFLA_VF_TX_RATE] + +- vf[IFLA_VF_TX_RATE]->rta_len); +- +- if (tmp->rta_type != IFLA_VF_SPOOFCHK) +- vf_spoofchk = NULL; +- else +- vf_spoofchk = RTA_DATA(vf[IFLA_VF_SPOOFCHK]); +- +- if (vf_spoofchk) { +- /* Check if the link state vf info type is supported by +- * this kernel. +- */ +- tmp = (struct rtattr *)((char *)vf[IFLA_VF_SPOOFCHK] + +- vf[IFLA_VF_SPOOFCHK]->rta_len); +- +- if (tmp->rta_type != IFLA_VF_LINK_STATE) +- vf_linkstate = NULL; +- else +- vf_linkstate = RTA_DATA(vf[IFLA_VF_LINK_STATE]); +- } else +- vf_linkstate = NULL; +- + fprintf(fp, "%s vf %d MAC %s", _SL_, vf_mac->vf, + ll_addr_n2a((unsigned char *)&vf_mac->mac, + ETH_ALEN, 0, b1, sizeof(b1))); +@@ -351,14 +323,18 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) + if (vf_rate->min_tx_rate) + fprintf(fp, ", min_tx_rate %dMbps", vf_rate->min_tx_rate); + } ++ if (vf[IFLA_VF_SPOOFCHK]) { ++ struct ifla_vf_spoofchk *vf_spoofchk = ++ RTA_DATA(vf[IFLA_VF_SPOOFCHK]); + +- if (vf_spoofchk && vf_spoofchk->setting != -1) { +- if (vf_spoofchk->setting) +- fprintf(fp, ", spoof checking on"); +- else +- fprintf(fp, ", spoof checking off"); ++ if (vf_spoofchk->setting != -1) ++ fprintf(fp, ", spoof checking %s", ++ vf_spoofchk->setting ? "on" : "off"); + } +- if (vf_linkstate) { ++ if (vf[IFLA_VF_LINK_STATE]) { ++ struct ifla_vf_link_state *vf_linkstate = ++ RTA_DATA(vf[IFLA_VF_LINK_STATE]); ++ + if (vf_linkstate->link_state == IFLA_VF_LINK_STATE_AUTO) + fprintf(fp, ", link-state auto"); + else if (vf_linkstate->link_state == IFLA_VF_LINK_STATE_ENABLE) +-- +1.8.3.1 + diff --git a/SOURCES/0016-ss-return-1-if-an-unrecognized-option-was-given.patch b/SOURCES/0016-ss-return-1-if-an-unrecognized-option-was-given.patch deleted file mode 100644 index 5a5436d..0000000 --- a/SOURCES/0016-ss-return-1-if-an-unrecognized-option-was-given.patch +++ /dev/null @@ -1,40 +0,0 @@ -From c74eb4b7e9ca7cade47d0c3b23876cc6527b8774 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:33:36 +0100 -Subject: [PATCH] ss: return -1 if an unrecognized option was given - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1265238 -Upstream Status: iproute2.git commit f73105ab42795 - -commit f73105ab42795422f131fb711712e3c860df982f -Author: Phil Sutter -Date: Thu Oct 15 21:01:16 2015 +0200 - - ss: return -1 if an unrecognized option was given - - When getopt_long encounters an option which has not been registered, it - returns '?'. React upon that and call usage() instead of help() so ss - returns with a non-zero exit status. - - Signed-off-by: Phil Sutter ---- - misc/ss.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/misc/ss.c b/misc/ss.c -index fd9a1f9..b9b2081 100644 ---- a/misc/ss.c -+++ b/misc/ss.c -@@ -3605,8 +3605,8 @@ int main(int argc, char *argv[]) - exit(1); - break; - case 'h': -- case '?': - help(); -+ case '?': - default: - usage(); - } --- -1.8.3.1 - diff --git a/SOURCES/0017-ipaddress-Print-IFLA_VF_QUERY_RSS_EN-setting.patch b/SOURCES/0017-ipaddress-Print-IFLA_VF_QUERY_RSS_EN-setting.patch new file mode 100644 index 0000000..d3da716 --- /dev/null +++ b/SOURCES/0017-ipaddress-Print-IFLA_VF_QUERY_RSS_EN-setting.patch @@ -0,0 +1,51 @@ +From c4814acb2073e56a0feb085b41c441fe9b275cfc Mon Sep 17 00:00:00 2001 +From: Timothy Redaelli +Date: Thu, 9 Feb 2017 18:55:29 +0100 +Subject: [PATCH] ipaddress: Print IFLA_VF_QUERY_RSS_EN setting + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1264149 +Upstream Status: iproute2.git commit 4fb4a10 + +commit 4fb4a10e120b16c292c215791decccc47dc14604 +Author: Phil Sutter +Date: Mon Nov 14 09:29:54 2016 +0100 + + ipaddress: Print IFLA_VF_QUERY_RSS_EN setting + + Signed-off-by: Phil Sutter + +Signed-off-by: Timothy Redaelli +--- + ip/ipaddress.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index c8ec779..a38cef0 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -349,6 +349,22 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) + fprintf(fp, ", trust %s", + vf_trust->setting ? "on" : "off"); + } ++ if (vf[IFLA_VF_RSS_QUERY_EN]) { ++ struct ifla_vf_rss_query_en *rss_query = ++ RTA_DATA(vf[IFLA_VF_RSS_QUERY_EN]); ++ ++ if (rss_query->setting != -1) ++ fprintf(fp, ", query_rss %s", ++ rss_query->setting ? "on" : "off"); ++ } ++ if (vf[IFLA_VF_RSS_QUERY_EN]) { ++ struct ifla_vf_rss_query_en *rss_query = ++ RTA_DATA(vf[IFLA_VF_RSS_QUERY_EN]); ++ ++ if (rss_query->setting != -1) ++ fprintf(fp, ", query_rss %s", ++ rss_query->setting ? "on" : "off"); ++ } + } + + static void print_num(FILE *fp, unsigned width, uint64_t count) +-- +1.8.3.1 + diff --git a/SOURCES/0017-ss-add-support-for-bytes_acked-bytes_received.patch b/SOURCES/0017-ss-add-support-for-bytes_acked-bytes_received.patch deleted file mode 100644 index 0aed83b..0000000 --- a/SOURCES/0017-ss-add-support-for-bytes_acked-bytes_received.patch +++ /dev/null @@ -1,65 +0,0 @@ -From a4f7690739cb14ef83adfccebf32a628c9718ce0 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:36:34 +0100 -Subject: [PATCH] ss: add support for bytes_acked & bytes_received - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269114 -Upstream Status: iproute2.git commit 1a4dda7103bcd - -commit 1a4dda7103bcd5efcca72ffe03eef43318897dae -Author: Eric Dumazet -Date: Mon May 11 10:03:49 2015 -0700 - - ss: add support for bytes_acked & bytes_received - - tcp_info has 2 new fields : bytes_acked & bytes_received - - $ ss -ti src :22 - ... - cubic wscale:7,6 rto:234 rtt:33.199/17.225 ato:17.225 mss:1418 cwnd:9 - ssthresh:9 send 3.1Mbps lastsnd:3 lastrcv:4 lastack:193 - bytes_acked:188396 bytes_received:13639 pacing_rate 6.2Mbps unacked:1 - retrans:0/4 reordering:4 rcv_rtt:47.25 rcv_space:28960 - - Signed-off-by: Eric Dumazet ---- - misc/ss.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/misc/ss.c b/misc/ss.c -index b9b2081..b1e8a8c 100644 ---- a/misc/ss.c -+++ b/misc/ss.c -@@ -761,6 +761,8 @@ struct tcpstat - unsigned int lastack; - double pacing_rate; - double pacing_rate_max; -+ unsigned long long bytes_acked; -+ unsigned long long bytes_received; - unsigned int unacked; - unsigned int retrans; - unsigned int retrans_total; -@@ -1683,6 +1685,11 @@ static void tcp_stats_print(struct tcpstat *s) - if (s->ssthresh) - printf(" ssthresh:%d", s->ssthresh); - -+ if (s->bytes_acked) -+ printf(" bytes_acked:%llu", s->bytes_acked); -+ if (s->bytes_received) -+ printf(" bytes_received:%llu", s->bytes_received); -+ - if (s->dctcp && s->dctcp->enabled) { - struct dctcpstat *dctcp = s->dctcp; - -@@ -1974,6 +1981,8 @@ static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r, - info->tcpi_max_pacing_rate != ~0ULL) - s.pacing_rate_max = info->tcpi_max_pacing_rate * 8.; - } -+ s.bytes_acked = info->tcpi_bytes_acked; -+ s.bytes_received = info->tcpi_bytes_received; - tcp_stats_print(&s); - if (s.dctcp) - free(s.dctcp); --- -1.8.3.1 - diff --git a/SOURCES/0018-ip-vfinfo-remove-code-duplication-for-IFLA_VF_RSS_QU.patch b/SOURCES/0018-ip-vfinfo-remove-code-duplication-for-IFLA_VF_RSS_QU.patch new file mode 100644 index 0000000..32bbb63 --- /dev/null +++ b/SOURCES/0018-ip-vfinfo-remove-code-duplication-for-IFLA_VF_RSS_QU.patch @@ -0,0 +1,49 @@ +From e36e4077efd4d662274c66c248f5051f35967995 Mon Sep 17 00:00:00 2001 +From: Timothy Redaelli +Date: Thu, 9 Feb 2017 18:55:30 +0100 +Subject: [PATCH] ip: vfinfo: remove code duplication for IFLA_VF_RSS_QUERY_EN +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1264149 +Upstream Status: iproute2.git commit fd4ca03 + +commit fd4ca03935b13789a3e5f01eeda1395ed6cb3b2a +Author: Julien Fortin +Date: Fri Dec 16 17:36:05 2016 +0100 + + ip: vfinfo: remove code duplication for IFLA_VF_RSS_QUERY_EN + + Fixes: 4fb4a10e120b1 ("ipaddress: Print IFLA_VF_QUERY_RSS_EN setting”) + + Signed-off-by: Julien Fortin + Acked-by: Phil Sutter + +Signed-off-by: Timothy Redaelli +--- + ip/ipaddress.c | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index a38cef0..e39137f 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -357,14 +357,6 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) + fprintf(fp, ", query_rss %s", + rss_query->setting ? "on" : "off"); + } +- if (vf[IFLA_VF_RSS_QUERY_EN]) { +- struct ifla_vf_rss_query_en *rss_query = +- RTA_DATA(vf[IFLA_VF_RSS_QUERY_EN]); +- +- if (rss_query->setting != -1) +- fprintf(fp, ", query_rss %s", +- rss_query->setting ? "on" : "off"); +- } + } + + static void print_num(FILE *fp, unsigned width, uint64_t count) +-- +1.8.3.1 + diff --git a/SOURCES/0018-ss-add-support-for-segs_in-and-segs_out.patch b/SOURCES/0018-ss-add-support-for-segs_in-and-segs_out.patch deleted file mode 100644 index 20e882c..0000000 --- a/SOURCES/0018-ss-add-support-for-segs_in-and-segs_out.patch +++ /dev/null @@ -1,62 +0,0 @@ -From bf3cb083a64373edcad8ef43fe1fdf7ebdd27cb4 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:36:34 +0100 -Subject: [PATCH] ss: add support for segs_in and segs_out - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269114 -Upstream Status: iproute2.git commit ecb435eacd501 - -commit ecb435eacd50161d2a7cce5731a269ef916c0dd4 -Author: Craig Gallek -Date: Tue May 26 14:54:41 2015 -0400 - - ss: add support for segs_in and segs_out - - Two new tcp_info fields: tcpi_segs_in and tcpi_segs_out. - (2efd055c53c06b7e89c167c98069bab9afce7e59) - - ~: ss -ti src :22 - cubic wscale:7,6 rto:201 rtt:0.244/0.012 ato:40 mss:1418 cwnd:21 bytes_acked:80605 bytes_received:20491 segs_out:414 segs_in:600 send 976.3Mbps lastsnd:23 lastrcv:23 lastack:22 pacing_rate 1952.7Mbps rcv_rtt:98 rcv_space:28960 - - Signed-off-by: Craig Gallek - Reviewed-by: Marcelo Ricardo Leitner ---- - misc/ss.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/misc/ss.c b/misc/ss.c -index b1e8a8c..7750887 100644 ---- a/misc/ss.c -+++ b/misc/ss.c -@@ -763,6 +763,8 @@ struct tcpstat - double pacing_rate_max; - unsigned long long bytes_acked; - unsigned long long bytes_received; -+ unsigned int segs_out; -+ unsigned int segs_in; - unsigned int unacked; - unsigned int retrans; - unsigned int retrans_total; -@@ -1689,6 +1691,10 @@ static void tcp_stats_print(struct tcpstat *s) - printf(" bytes_acked:%llu", s->bytes_acked); - if (s->bytes_received) - printf(" bytes_received:%llu", s->bytes_received); -+ if (s->segs_out) -+ printf(" segs_out:%u", s->segs_out); -+ if (s->segs_in) -+ printf(" segs_in:%u", s->segs_in); - - if (s->dctcp && s->dctcp->enabled) { - struct dctcpstat *dctcp = s->dctcp; -@@ -1983,6 +1989,8 @@ static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r, - } - s.bytes_acked = info->tcpi_bytes_acked; - s.bytes_received = info->tcpi_bytes_received; -+ s.segs_out = info->tcpi_segs_out; -+ s.segs_in = info->tcpi_segs_in; - tcp_stats_print(&s); - if (s.dctcp) - free(s.dctcp); --- -1.8.3.1 - diff --git a/SOURCES/0019-ip-address-fix-oneline-mode-for-interfaces-with-VF.patch b/SOURCES/0019-ip-address-fix-oneline-mode-for-interfaces-with-VF.patch deleted file mode 100644 index dfdc31b..0000000 --- a/SOURCES/0019-ip-address-fix-oneline-mode-for-interfaces-with-VF.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 266d5bfc819457371abd69309fae4c16b776fef1 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:37:23 +0100 -Subject: [PATCH] ip-address: fix oneline mode for interfaces with VF - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1272405 -Upstream Status: iproute2.git commit 6f07f3dc41545 - -commit 6f07f3dc41545657c0364eb17850b946f41861bf -Author: Phil Sutter -Date: Fri Oct 16 12:38:33 2015 +0200 - - ip-address: fix oneline mode for interfaces with VF - - Signed-off-by: Phil Sutter ---- - ip/ipaddress.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index e4da5b1..07242d3 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -294,7 +294,7 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) - } else - vf_linkstate = NULL; - -- fprintf(fp, "\n vf %d MAC %s", vf_mac->vf, -+ fprintf(fp, "%s vf %d MAC %s", _SL_, vf_mac->vf, - ll_addr_n2a((unsigned char *)&vf_mac->mac, - ETH_ALEN, 0, b1, sizeof(b1))); - if (vf_vlan->vlan) --- -1.8.3.1 - diff --git a/SOURCES/0019-macsec-fix-input-range-of-icvlen-parameter.patch b/SOURCES/0019-macsec-fix-input-range-of-icvlen-parameter.patch new file mode 100644 index 0000000..56a716b --- /dev/null +++ b/SOURCES/0019-macsec-fix-input-range-of-icvlen-parameter.patch @@ -0,0 +1,60 @@ +From 2dbe403fcb0dac676d4f57125238630812342b9b Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 21 Feb 2017 22:09:56 +0100 +Subject: [PATCH] macsec: fix input range of 'icvlen' parameter + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1373121 +Upstream Status: iproute2.git commit f20f5f79909fd +Conflicts: +* Added missing MACSEC_STD_ICV_LEN define to linux headers. + +commit f20f5f79909fdc6327fcd015a3850645a236729d +Author: Davide Caratti +Date: Fri Sep 9 16:02:22 2016 +0200 + + macsec: fix input range of 'icvlen' parameter + + the maximum possible ICV length in a MACsec frame is 16 octects, not 32: + fix get_icvlen() accordingly, so that a proper error message is displayed + in case input 'icvlen' is greater than 16. + + Signed-off-by: Davide Caratti + Acked-by: Phil Sutter + Acked-by: Sabrina Dubroca +--- + include/linux/if_macsec.h | 2 ++ + ip/ipmacsec.c | 4 ++-- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/include/linux/if_macsec.h b/include/linux/if_macsec.h +index cbd4faa..22939a3 100644 +--- a/include/linux/if_macsec.h ++++ b/include/linux/if_macsec.h +@@ -26,6 +26,8 @@ + + #define MACSEC_MIN_ICV_LEN 8 + #define MACSEC_MAX_ICV_LEN 32 ++/* upper limit for ICV length as recommended by IEEE802.1AE-2006 */ ++#define MACSEC_STD_ICV_LEN 16 + + enum macsec_attrs { + MACSEC_ATTR_UNSPEC, +diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c +index 596594f..0c51bfc 100644 +--- a/ip/ipmacsec.c ++++ b/ip/ipmacsec.c +@@ -167,9 +167,9 @@ static void get_icvlen(__u8 *icvlen, char *arg) + if (ret) + invarg("expected ICV length", arg); + +- if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_MAX_ICV_LEN) ++ if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_STD_ICV_LEN) + invarg("ICV length must be in the range {" +- STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_MAX_ICV_LEN) ++ STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_STD_ICV_LEN) + "}", arg); + } + +-- +1.8.3.1 + diff --git a/SOURCES/0020-iplink-bridge_slave-add-support-for-IFLA_BRPORT_MULT.patch b/SOURCES/0020-iplink-bridge_slave-add-support-for-IFLA_BRPORT_MULT.patch new file mode 100644 index 0000000..5c8b2bd --- /dev/null +++ b/SOURCES/0020-iplink-bridge_slave-add-support-for-IFLA_BRPORT_MULT.patch @@ -0,0 +1,69 @@ +From 80c5549318cec082da0793526e8e471e946103be Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 21 Feb 2017 22:25:04 +0100 +Subject: [PATCH] iplink: bridge_slave: add support for + IFLA_BRPORT_MULTICAST_ROUTER + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1374360 +Upstream Status: iproute2.git commit 10759a90ab589 +Conflicts: Context changes due to missing commits: +* f6e615dec9ee9 ("iplink: bridge_slave: add support for + IFLA_BRPORT_PROXYARP") +* 38b31a78da859 ("iplink: bridge_slave: add support for + IFLA_BRPORT_PROXYARP_WIFI") + +commit 10759a90ab5896b5b0ca8ddd7b91c5b3a7466062 +Author: Nikolay Aleksandrov +Date: Tue Feb 16 16:08:54 2016 +0100 + + iplink: bridge_slave: add support for IFLA_BRPORT_MULTICAST_ROUTER + + Add support to be able to view and change IFLA_BRPORT_MULTICAST_ROUTER port + attribute. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge_slave.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c +index 4593872..9ed44b1 100644 +--- a/ip/iplink_bridge_slave.c ++++ b/ip/iplink_bridge_slave.c +@@ -29,6 +29,7 @@ static void print_explain(FILE *f) + " [ root_block {on | off} ]\n" + " [ learning {on | off} ]\n" + " [ flood {on | off} ]\n" ++ " [ mcast_router MULTICAST_ROUTER ]\n" + ); + } + +@@ -98,6 +99,10 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f, + if (tb[IFLA_BRPORT_UNICAST_FLOOD]) + print_onoff(f, "flood", + rta_getattr_u8(tb[IFLA_BRPORT_UNICAST_FLOOD])); ++ ++ if (tb[IFLA_BRPORT_MULTICAST_ROUTER]) ++ fprintf(f, "mcast_router %u ", ++ rta_getattr_u8(tb[IFLA_BRPORT_MULTICAST_ROUTER])); + } + + static void bridge_slave_parse_on_off(char *arg_name, char *arg_val, +@@ -162,6 +167,14 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv, + NEXT_ARG(); + bridge_slave_parse_on_off("flood", *argv, n, + IFLA_BRPORT_UNICAST_FLOOD); ++ } else if (matches(*argv, "mcast_router") == 0) { ++ __u8 mcast_router; ++ ++ NEXT_ARG(); ++ if (get_u8(&mcast_router, *argv, 0)) ++ invarg("invalid mcast_router", *argv); ++ addattr8(n, 1024, IFLA_BRPORT_MULTICAST_ROUTER, ++ mcast_router); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +-- +1.8.3.1 + diff --git a/SOURCES/0020-neighbor-check-return-values.patch b/SOURCES/0020-neighbor-check-return-values.patch deleted file mode 100644 index f392994..0000000 --- a/SOURCES/0020-neighbor-check-return-values.patch +++ /dev/null @@ -1,49 +0,0 @@ -From e12035a23d3f12154f4d4034ee88157b86f3b5e3 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 13:38:12 +0100 -Subject: [PATCH] neighbor: check return values - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1277094 -Upstream Status: iproute2.git commit 542b0cc759c6d - -commit 542b0cc759c6d3456d16c05c886b367e1b2f1e73 -Author: Stephen Hemminger -Date: Tue Jan 13 18:06:16 2015 -0800 - - neighbor: check return values - - Need to check for invalid address and buffer overrun in ip neigh - command with invalid paramters. ---- - ip/ipneigh.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/ip/ipneigh.c b/ip/ipneigh.c -index 71a4100..c47f005 100644 ---- a/ip/ipneigh.c -+++ b/ip/ipneigh.c -@@ -157,14 +157,19 @@ static int ipneigh_modify(int cmd, int flags, int argc, char **argv) - exit(-1); - } - req.ndm.ndm_family = dst.family; -- addattr_l(&req.n, sizeof(req), NDA_DST, &dst.data, dst.bytelen); -+ if (addattr_l(&req.n, sizeof(req), NDA_DST, &dst.data, dst.bytelen) < 0) -+ return -1; - - if (lla && strcmp(lla, "null")) { - char llabuf[20]; - int l; - - l = ll_addr_a2n(llabuf, sizeof(llabuf), lla); -- addattr_l(&req.n, sizeof(req), NDA_LLADDR, llabuf, l); -+ if (l < 0) -+ return -1; -+ -+ if (addattr_l(&req.n, sizeof(req), NDA_LLADDR, llabuf, l) < 0) -+ return -1; - } - - ll_init_map(&rth); --- -1.8.3.1 - diff --git a/SOURCES/0021-gre-raising-the-size-of-the-buffer-holding-nl-messag.patch b/SOURCES/0021-gre-raising-the-size-of-the-buffer-holding-nl-messag.patch deleted file mode 100644 index e9095f3..0000000 --- a/SOURCES/0021-gre-raising-the-size-of-the-buffer-holding-nl-messag.patch +++ /dev/null @@ -1,36 +0,0 @@ -From bfc39db4ab381162c4be2d7e3de8d315d0445082 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:03:47 +0100 -Subject: [PATCH] gre: raising the size of the buffer holding nl messages. - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 -Upstream Status: iproute2.git commit bde5baa5476cd - -commit bde5baa5476cd8d7d33afc42170dc984f3717e14 -Author: Jetchko Jekov -Date: Thu May 21 16:32:24 2015 +0200 - - gre: raising the size of the buffer holding nl messages. - - Now it matches the size for the answer defined in rtnl_talk() - and prevents stack corruption with answer > 1024 bytes. ---- - ip/link_gre.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/link_gre.c b/ip/link_gre.c -index 83653d0..ddbd6cc 100644 ---- a/ip/link_gre.c -+++ b/ip/link_gre.c -@@ -50,7 +50,7 @@ static int gre_parse_opt(struct link_util *lu, int argc, char **argv, - struct { - struct nlmsghdr n; - struct ifinfomsg i; -- char buf[1024]; -+ char buf[16384]; - } req; - struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1); - struct rtattr *tb[IFLA_MAX + 1]; --- -1.8.3.1 - diff --git a/SOURCES/0021-iplink-bridge_slave-add-support-for-IFLA_BRPORT_FAST.patch b/SOURCES/0021-iplink-bridge_slave-add-support-for-IFLA_BRPORT_FAST.patch new file mode 100644 index 0000000..49cb66b --- /dev/null +++ b/SOURCES/0021-iplink-bridge_slave-add-support-for-IFLA_BRPORT_FAST.patch @@ -0,0 +1,59 @@ +From c725387502629782970a262a0d78bfb50c7dd0b3 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 21 Feb 2017 22:26:27 +0100 +Subject: [PATCH] iplink: bridge_slave: add support for IFLA_BRPORT_FAST_LEAVE + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1374360 +Upstream Status: iproute2.git commit 478a8e5920684 + +commit 478a8e59206841b2a2d32a29fdd0cbec1965cd5e +Author: Nikolay Aleksandrov +Date: Tue Feb 16 16:08:55 2016 +0100 + + iplink: bridge_slave: add support for IFLA_BRPORT_FAST_LEAVE + + Add support to be able to view and change IFLA_BRPORT_FAST_LEAVE + port attribute. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge_slave.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c +index 9ed44b1..66c3a00 100644 +--- a/ip/iplink_bridge_slave.c ++++ b/ip/iplink_bridge_slave.c +@@ -30,6 +30,7 @@ static void print_explain(FILE *f) + " [ learning {on | off} ]\n" + " [ flood {on | off} ]\n" + " [ mcast_router MULTICAST_ROUTER ]\n" ++ " [ mcast_fast_leave {on | off} ]\n" + ); + } + +@@ -103,6 +104,10 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f, + if (tb[IFLA_BRPORT_MULTICAST_ROUTER]) + fprintf(f, "mcast_router %u ", + rta_getattr_u8(tb[IFLA_BRPORT_MULTICAST_ROUTER])); ++ ++ if (tb[IFLA_BRPORT_FAST_LEAVE]) ++ print_onoff(f, "mcast_fast_leave", ++ rta_getattr_u8(tb[IFLA_BRPORT_FAST_LEAVE])); + } + + static void bridge_slave_parse_on_off(char *arg_name, char *arg_val, +@@ -175,6 +180,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv, + invarg("invalid mcast_router", *argv); + addattr8(n, 1024, IFLA_BRPORT_MULTICAST_ROUTER, + mcast_router); ++ } else if (matches(*argv, "mcast_fast_leave") == 0) { ++ NEXT_ARG(); ++ bridge_slave_parse_on_off("mcast_fast_leave", *argv, n, ++ IFLA_BRPORT_FAST_LEAVE); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +-- +1.8.3.1 + diff --git a/SOURCES/0022-Allow-specifying-bridge-port-STP-state-by-name-rathe.patch b/SOURCES/0022-Allow-specifying-bridge-port-STP-state-by-name-rathe.patch deleted file mode 100644 index 4b48bf5..0000000 --- a/SOURCES/0022-Allow-specifying-bridge-port-STP-state-by-name-rathe.patch +++ /dev/null @@ -1,77 +0,0 @@ -From a5087426d103b65fcfd85dc0f71c5bedc3a23148 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:04:01 +0100 -Subject: [PATCH] Allow specifying bridge port STP state by name rather than - number. - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 -Upstream Status: iproute2.git commit 6b8c871dc1045 -Conflicts: Whitespace change due to already applied commit - a89d5329d414c ("docs: make spacing consistent") - -commit 6b8c871dc104576c9f55d87937d6dd445d77f34f -Author: Alex Pilon -Date: Thu Feb 19 14:27:46 2015 -0500 - - Allow specifying bridge port STP state by name rather than number. - - The existing behaviour forces one to memorize the integer constants for - STP port states. - - # bridge link set dev dummy0 state 3 - - This patch makes it possible to use the lowercased port state name. - - # bridge link set dev dummy0 state forwarding - - Invalid non-integer inputs now cause exit with status -1. - - Signed-off-by: Alex Pilon ---- - bridge/link.c | 14 +++++++++++++- - man/man8/bridge.8 | 4 +++- - 2 files changed, 16 insertions(+), 2 deletions(-) - -diff --git a/bridge/link.c b/bridge/link.c -index 38dfaea..48be938 100644 ---- a/bridge/link.c -+++ b/bridge/link.c -@@ -289,7 +289,19 @@ static int brlink_modify(int argc, char **argv) - priority = atoi(*argv); - } else if (strcmp(*argv, "state") == 0) { - NEXT_ARG(); -- state = atoi(*argv); -+ char *endptr; -+ size_t nstates = sizeof(port_states) / sizeof(*port_states); -+ state = strtol(*argv, &endptr, 10); -+ if (!(**argv != '\0' && *endptr == '\0')) { -+ for (state = 0; state < nstates; state++) -+ if (strcmp(port_states[state], *argv) == 0) -+ break; -+ if (state == nstates) { -+ fprintf(stderr, -+ "Error: invalid STP port state\n"); -+ exit(-1); -+ } -+ } - } else if (strcmp(*argv, "hwmode") == 0) { - NEXT_ARG(); - flags = BRIDGE_FLAGS_SELF; -diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 -index 68a86e5..2c9f90c 100644 ---- a/man/man8/bridge.8 -+++ b/man/man8/bridge.8 -@@ -204,7 +204,9 @@ droot port selectio algorithms. - .TP - .BI state " STATE " - the operation state of the port. This is primarily used by user space STP/RSTP --implementation. The following is a list of valid values: -+implementation. One may enter a lowercased port state name, or one of the -+numbers below. Negative inputs are ignored, and unrecognized names return an -+error. - - .B 0 - - port is DISABLED. Make this port completely inactive. --- -1.8.3.1 - diff --git a/SOURCES/0022-man-ip-link-Remove-bits-about-proxy_arp-and-proxy_ar.patch b/SOURCES/0022-man-ip-link-Remove-bits-about-proxy_arp-and-proxy_ar.patch new file mode 100644 index 0000000..8fa5945 --- /dev/null +++ b/SOURCES/0022-man-ip-link-Remove-bits-about-proxy_arp-and-proxy_ar.patch @@ -0,0 +1,50 @@ +From 75b314be0b22357ef564e451bc8d8dd1b9de74aa Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 21 Feb 2017 22:26:28 +0100 +Subject: [PATCH] man: ip-link: Remove bits about proxy_arp and proxy_arp_wifi + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1374360 +Upstream Status: RHEL only + +These are not supported in RHEL7 (neither kernel nor iproute), so remove +them from the man page also. +--- + man/man8/ip-link.8.in | 15 +-------------- + 1 file changed, 1 insertion(+), 14 deletions(-) + +diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in +index 73cd86d..cfd996a 100644 +--- a/man/man8/ip-link.8.in ++++ b/man/man8/ip-link.8.in +@@ -1130,10 +1130,6 @@ the following additional arguments are supported: + ] [ + .BR flood " { " on " | " off " }" + ] [ +-.BR proxy_arp " { " on " | " off " }" +-] [ +-.BR proxy_arp_wifi " { " on " | " off " }" +-] [ + .BI mcast_router " MULTICAST_ROUTER" + ] [ + .BR mcast_fast_leave " { " on " | " off "} ]" +@@ -1174,16 +1170,7 @@ port to be reflected back. + + .BR flood " { " on " | " off " }" + - open the flood gates on this port, i.e. forward all unicast frames to this +-port also. Requires +-.BR proxy_arp " and " proxy_arp_wifi +-to be turned off. +- +-.BR proxy_arp " { " on " | " off " }" +-- enable proxy ARP on this port. +- +-.BR proxy_arp_wifi " { " on " | " off " }" +-- enable proxy ARP on this port which meets extended requirements by IEEE +-802.11 and Hotspot 2.0 specifications. ++port also. + + .BI mcast_router " MULTICAST_ROUTER" + - configure this port for having multicast routers attached. A port with a +-- +1.8.3.1 + diff --git a/SOURCES/0023-fix-ip-force-batch-to-continue-on-errors.patch b/SOURCES/0023-fix-ip-force-batch-to-continue-on-errors.patch deleted file mode 100644 index cb459f6..0000000 --- a/SOURCES/0023-fix-ip-force-batch-to-continue-on-errors.patch +++ /dev/null @@ -1,220 +0,0 @@ -From 03f8f5811ebc0f8fac1c3ccb76c14007d250bd38 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:05:04 +0100 -Subject: [PATCH] fix ip -force -batch to continue on errors - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 -Upstream Status: iproute2.git commit 42ecedd4bae53 -Conflicts: Context changed due to missing other commits adding policy - flags (e.g. learning_sync). - -commit 42ecedd4bae534fc688194a795eb4548c6530cda -Author: Roopa Prabhu -Date: Tue Mar 17 19:26:32 2015 -0700 - - fix ip -force -batch to continue on errors - - This patch replaces exits with returns in several - iproute2 commands. This fixes `ip -batch -force` - to not exit but continue on errors. - - $cat c.txt - route del 1.2.3.0/24 dev eth0 - route del 1.2.4.0/24 dev eth0 - route del 1.2.5.0/24 dev eth0 - route add 1.2.3.0/24 dev eth0 - - $ip -force -batch c.txt - RTNETLINK answers: No such process - Command failed c.txt:2 - RTNETLINK answers: No such process - Command failed c.txt:3 - - Reported-by: Sven-Haegar Koch - Signed-off-by: Roopa Prabhu ---- - bridge/fdb.c | 6 +++--- - bridge/link.c | 18 +++++++++--------- - bridge/mdb.c | 8 ++++---- - bridge/vlan.c | 4 ++-- - ip/iproute.c | 2 +- - 5 files changed, 19 insertions(+), 19 deletions(-) - -diff --git a/bridge/fdb.c b/bridge/fdb.c -index 513b3f9..b8138cb 100644 ---- a/bridge/fdb.c -+++ b/bridge/fdb.c -@@ -287,7 +287,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) - - if (d == NULL || addr == NULL) { - fprintf(stderr, "Device and address are required arguments.\n"); -- exit(-1); -+ return -1; - } - - /* Assume self */ -@@ -302,7 +302,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) - abuf, abuf+1, abuf+2, - abuf+3, abuf+4, abuf+5) != 6) { - fprintf(stderr, "Invalid mac address %s\n", addr); -- exit(-1); -+ return -1; - } - - addattr_l(&req.n, sizeof(req), NDA_LLADDR, abuf, ETH_ALEN); -@@ -330,7 +330,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) - } - - if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -- exit(2); -+ return -1; - - return 0; - } -diff --git a/bridge/link.c b/bridge/link.c -index 48be938..c5e7ae5 100644 ---- a/bridge/link.c -+++ b/bridge/link.c -@@ -268,19 +268,19 @@ static int brlink_modify(int argc, char **argv) - } else if (strcmp(*argv, "guard") == 0) { - NEXT_ARG(); - if (!on_off("guard", &bpdu_guard, *argv)) -- exit(-1); -+ return -1; - } else if (strcmp(*argv, "hairpin") == 0) { - NEXT_ARG(); - if (!on_off("hairping", &hairpin, *argv)) -- exit(-1); -+ return -1; - } else if (strcmp(*argv, "fastleave") == 0) { - NEXT_ARG(); - if (!on_off("fastleave", &fast_leave, *argv)) -- exit(-1); -+ return -1; - } else if (strcmp(*argv, "root_block") == 0) { - NEXT_ARG(); - if (!on_off("root_block", &root_block, *argv)) -- exit(-1); -+ return -1; - } else if (strcmp(*argv, "cost") == 0) { - NEXT_ARG(); - cost = atoi(*argv); -@@ -299,7 +299,7 @@ static int brlink_modify(int argc, char **argv) - if (state == nstates) { - fprintf(stderr, - "Error: invalid STP port state\n"); -- exit(-1); -+ return -1; - } - } - } else if (strcmp(*argv, "hwmode") == 0) { -@@ -313,7 +313,7 @@ static int brlink_modify(int argc, char **argv) - fprintf(stderr, - "Mode argument must be \"vepa\" or " - "\"veb\".\n"); -- exit(-1); -+ return -1; - } - } else { - usage(); -@@ -322,14 +322,14 @@ static int brlink_modify(int argc, char **argv) - } - if (d == NULL) { - fprintf(stderr, "Device is a required argument.\n"); -- exit(-1); -+ return -1; - } - - - req.ifm.ifi_index = ll_name_to_index(d); - if (req.ifm.ifi_index == 0) { - fprintf(stderr, "Cannot find bridge device \"%s\"\n", d); -- exit(-1); -+ return -1; - } - - /* Nested PROTINFO attribute. Contains: port flags, cost, priority and -@@ -377,7 +377,7 @@ static int brlink_modify(int argc, char **argv) - } - - if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -- exit(2); -+ return -1; - - return 0; - } -diff --git a/bridge/mdb.c b/bridge/mdb.c -index 81d479b..ab3a792 100644 ---- a/bridge/mdb.c -+++ b/bridge/mdb.c -@@ -145,12 +145,12 @@ static int mdb_show(int argc, char **argv) - - if (rtnl_wilddump_request(&rth, PF_BRIDGE, RTM_GETMDB) < 0) { - perror("Cannot send dump request"); -- exit(1); -+ return -1; - } - - if (rtnl_dump_filter(&rth, print_mdb, stdout) < 0) { - fprintf(stderr, "Dump terminated\n"); -- exit(1); -+ return -1; - } - - return 0; -@@ -198,7 +198,7 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) - - if (d == NULL || grp == NULL || p == NULL) { - fprintf(stderr, "Device, group address and port name are required arguments.\n"); -- exit(-1); -+ return -1; - } - - req.bpm.ifindex = ll_name_to_index(d); -@@ -225,7 +225,7 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) - addattr_l(&req.n, sizeof(req), MDBA_SET_ENTRY, &entry, sizeof(entry)); - - if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -- exit(2); -+ return -1; - - return 0; - } -diff --git a/bridge/vlan.c b/bridge/vlan.c -index 83c4088..ba54b0e 100644 ---- a/bridge/vlan.c -+++ b/bridge/vlan.c -@@ -69,7 +69,7 @@ static int vlan_modify(int cmd, int argc, char **argv) - - if (d == NULL || vid == -1) { - fprintf(stderr, "Device and VLAN ID are required arguments.\n"); -- exit(-1); -+ return -1; - } - - req.ifm.ifi_index = ll_name_to_index(d); -@@ -96,7 +96,7 @@ static int vlan_modify(int cmd, int argc, char **argv) - addattr_nest_end(&req.n, afspec); - - if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -- exit(2); -+ return -1; - - return 0; - } -diff --git a/ip/iproute.c b/ip/iproute.c -index 586039d..fbe5268 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -1030,7 +1030,7 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - req.r.rtm_family = AF_INET; - - if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -- exit(2); -+ return -1; - - return 0; - } --- -1.8.3.1 - diff --git a/SOURCES/0023-iplink-add-missing-link-type.patch b/SOURCES/0023-iplink-add-missing-link-type.patch new file mode 100644 index 0000000..1d0f650 --- /dev/null +++ b/SOURCES/0023-iplink-add-missing-link-type.patch @@ -0,0 +1,39 @@ +From 904e3ea057b28f80235222fd8d4a3afd5eb7c908 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 21 Feb 2017 22:33:18 +0100 +Subject: [PATCH] iplink: add missing link type + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1374493 +Upstream Status: iproute2.git commit d8cf93de04d93 +Conflicts: Patch manually applied - RHEL doesn't support ipvlan but + macsec support has already been backported. + +commit d8cf93de04d9372f478fc2e59e2fe8bce1953b7a +Author: Zhang Shengju +Date: Wed Aug 12 06:03:22 2015 +0000 + + iplink: add missing link type + + Add missing link type "bridge_slave". + + Signed-off-by: Zhang Shengju +--- + ip/iplink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ip/iplink.c b/ip/iplink.c +index e0e0fe9..f75193f 100644 +--- a/ip/iplink.c ++++ b/ip/iplink.c +@@ -97,7 +97,7 @@ void iplink_usage(void) + fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"); + fprintf(stderr, " bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |\n"); + fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti | nlmon |\n"); +- fprintf(stderr, " bond_slave | geneve | macsec }\n"); ++ fprintf(stderr, " bond_slave | geneve | bridge_slave | macsec }\n"); + } + exit(-1); + } +-- +1.8.3.1 + diff --git a/SOURCES/0024-Revert-man-ip-link-Remove-bits-about-proxy_arp-and-p.patch b/SOURCES/0024-Revert-man-ip-link-Remove-bits-about-proxy_arp-and-p.patch new file mode 100644 index 0000000..4d812d3 --- /dev/null +++ b/SOURCES/0024-Revert-man-ip-link-Remove-bits-about-proxy_arp-and-p.patch @@ -0,0 +1,50 @@ +From 64afb125ce17483937f3988a7b76ef0e100c2fcc Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 12:21:21 +0100 +Subject: [PATCH] Revert "man: ip-link: Remove bits about proxy_arp and + proxy_arp_wifi" + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1374360 +Upstream Status: RHEL only. + +This reverts commit 75b314be0b22357ef564e451bc8d8dd1b9de74aa. +--- + man/man8/ip-link.8.in | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in +index cfd996a..73cd86d 100644 +--- a/man/man8/ip-link.8.in ++++ b/man/man8/ip-link.8.in +@@ -1130,6 +1130,10 @@ the following additional arguments are supported: + ] [ + .BR flood " { " on " | " off " }" + ] [ ++.BR proxy_arp " { " on " | " off " }" ++] [ ++.BR proxy_arp_wifi " { " on " | " off " }" ++] [ + .BI mcast_router " MULTICAST_ROUTER" + ] [ + .BR mcast_fast_leave " { " on " | " off "} ]" +@@ -1170,7 +1174,16 @@ port to be reflected back. + + .BR flood " { " on " | " off " }" + - open the flood gates on this port, i.e. forward all unicast frames to this +-port also. ++port also. Requires ++.BR proxy_arp " and " proxy_arp_wifi ++to be turned off. ++ ++.BR proxy_arp " { " on " | " off " }" ++- enable proxy ARP on this port. ++ ++.BR proxy_arp_wifi " { " on " | " off " }" ++- enable proxy ARP on this port which meets extended requirements by IEEE ++802.11 and Hotspot 2.0 specifications. + + .BI mcast_router " MULTICAST_ROUTER" + - configure this port for having multicast routers attached. A port with a +-- +1.8.3.1 + diff --git a/SOURCES/0024-ip-fix-exit-code-for-addrlabel.patch b/SOURCES/0024-ip-fix-exit-code-for-addrlabel.patch deleted file mode 100644 index 6839365..0000000 --- a/SOURCES/0024-ip-fix-exit-code-for-addrlabel.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 205034e561dbc0e1fa380970130b28188870c265 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:05:42 +0100 -Subject: [PATCH] ip: fix exit code for addrlabel - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 -Upstream Status: iproute2.git commit 906cafe3ff7a3 - -commit 906cafe3ff7a3e285e59f95e7b58c91610d5d16f -Author: Stephen Hemminger -Date: Wed May 6 09:55:07 2015 -0700 - - ip: fix exit code for addrlabel - - The exit code for ip label was not correct. - The return from the command function is negated and turned into - the exit code on failure. ---- - ip/ipaddrlabel.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c -index 8a4afbc..5b1f6e4 100644 ---- a/ip/ipaddrlabel.c -+++ b/ip/ipaddrlabel.c -@@ -184,7 +184,7 @@ static int ipaddrlabel_modify(int cmd, int argc, char **argv) - req.ifal.ifal_family = AF_INET6; - - if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -- return 2; -+ return -2; - - return 0; - } -@@ -233,12 +233,12 @@ static int ipaddrlabel_flush(int argc, char **argv) - - if (rtnl_wilddump_request(&rth, af, RTM_GETADDRLABEL) < 0) { - perror("Cannot send dump request"); -- return 1; -+ return -1; - } - - if (rtnl_dump_filter(&rth, flush_addrlabel, NULL) < 0) { - fprintf(stderr, "Flush terminated\n"); -- return 1; -+ return -1; - } - - return 0; --- -1.8.3.1 - diff --git a/SOURCES/0025-iplink-bridge_slave-add-support-for-IFLA_BRPORT_PROX.patch b/SOURCES/0025-iplink-bridge_slave-add-support-for-IFLA_BRPORT_PROX.patch new file mode 100644 index 0000000..cd11140 --- /dev/null +++ b/SOURCES/0025-iplink-bridge_slave-add-support-for-IFLA_BRPORT_PROX.patch @@ -0,0 +1,61 @@ +From 61a81751cb25ce21c1daca887b8f0fb5d5a412ab Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 12:22:06 +0100 +Subject: [PATCH] iplink: bridge_slave: add support for IFLA_BRPORT_PROXYARP + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1374360 +Upstream Status: iproute2.git commit f6e615dec9ee9 +Conflicts: Context changes due to previously backported mcast_router and + mcast_fast_leave attributes. + +commit f6e615dec9ee9b688308e85a03a51125a9c9fdb9 +Author: Nikolay Aleksandrov +Date: Tue Feb 16 16:08:52 2016 +0100 + + iplink: bridge_slave: add support for IFLA_BRPORT_PROXYARP + + Add support to be able to view and change IFLA_BRPORT_PROXYARP port + attribute. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge_slave.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c +index 66c3a00..5a84948 100644 +--- a/ip/iplink_bridge_slave.c ++++ b/ip/iplink_bridge_slave.c +@@ -29,6 +29,7 @@ static void print_explain(FILE *f) + " [ root_block {on | off} ]\n" + " [ learning {on | off} ]\n" + " [ flood {on | off} ]\n" ++ " [ proxy_arp {on | off} ]\n" + " [ mcast_router MULTICAST_ROUTER ]\n" + " [ mcast_fast_leave {on | off} ]\n" + ); +@@ -101,6 +102,10 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f, + print_onoff(f, "flood", + rta_getattr_u8(tb[IFLA_BRPORT_UNICAST_FLOOD])); + ++ if (tb[IFLA_BRPORT_PROXYARP]) ++ print_onoff(f, "proxy_arp", ++ rta_getattr_u8(tb[IFLA_BRPORT_PROXYARP])); ++ + if (tb[IFLA_BRPORT_MULTICAST_ROUTER]) + fprintf(f, "mcast_router %u ", + rta_getattr_u8(tb[IFLA_BRPORT_MULTICAST_ROUTER])); +@@ -172,6 +177,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv, + NEXT_ARG(); + bridge_slave_parse_on_off("flood", *argv, n, + IFLA_BRPORT_UNICAST_FLOOD); ++ } else if (matches(*argv, "proxy_arp") == 0) { ++ NEXT_ARG(); ++ bridge_slave_parse_on_off("proxy_arp", *argv, n, ++ IFLA_BRPORT_PROXYARP); + } else if (matches(*argv, "mcast_router") == 0) { + __u8 mcast_router; + +-- +1.8.3.1 + diff --git a/SOURCES/0025-link-dump-filter.patch b/SOURCES/0025-link-dump-filter.patch deleted file mode 100644 index 7175f45..0000000 --- a/SOURCES/0025-link-dump-filter.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 83e4e4b09ca5ca91ab54fe983c1786e04b7ba41b Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:05:51 +0100 -Subject: [PATCH] link dump filter - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 -Upstream Status: iproute2.git commit 50b9950dd9011 - -commit 50b9950dd90114609e10298c0fa32a9371250687 -Author: Roopa Prabhu -Date: Wed Jul 16 07:13:25 2014 -0700 - - link dump filter - - This patch avoids a full link wildump request when the user has specified - a single link. Uses RTM_GETLINK without the NLM_F_DUMP flag. - - This helps on a system with large number of interfaces. - - This patch currently only uses the link ifindex in the filter. - Hoping to provide a subsequent kernel patch to do link dump filtering on - other attributes in the kernel. - - In iplink_get, to be safe, this patch currently sets the answer buffer - size to the max size that libnetlink rtnl_talk can copy. The current api - does not seem to provide a way to indicate the answer buf size. - - changelog from RFC to v1: - - incorporated comments from stephen (fixed comment and fixed if/else block) - - changelog from v1 to v2: - - fix whitespaces error - - Signed-off-by: Roopa Prabhu ---- - ip/ip_common.h | 1 + - ip/ipaddress.c | 13 +++++++++++++ - ip/iplink.c | 32 ++++++++++++++++++++++++++++++++ - 3 files changed, 46 insertions(+) - -diff --git a/ip/ip_common.h b/ip/ip_common.h -index e7aaa7f..274d12a 100644 ---- a/ip/ip_common.h -+++ b/ip/ip_common.h -@@ -54,6 +54,7 @@ extern int do_ipl2tp(int argc, char **argv); - extern int do_tcp_metrics(int argc, char **argv); - extern int do_ipnetconf(int argc, char **argv); - extern int do_iptoken(int argc, char **argv); -+extern int iplink_get(unsigned int flags, char *name, __u32 filt_mask); - - static inline int rtm_get_table(struct rtmsg *r, struct rtattr **tb) - { -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 07242d3..f5a47db 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -1308,6 +1308,19 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) - exit(0); - } - -+ /* -+ * If only filter_dev present and none of the other -+ * link filters are present, use RTM_GETLINK to get -+ * the link device -+ */ -+ if (filter_dev && filter.group == -1 && do_link == 1) { -+ if (iplink_get(0, filter_dev, RTEXT_FILTER_VF) < 0) { -+ perror("Cannot send link get request"); -+ exit(1); -+ } -+ exit(0); -+ } -+ - if (rtnl_wilddump_request(&rth, preferred_family, RTM_GETLINK) < 0) { - perror("Cannot send dump request"); - exit(1); -diff --git a/ip/iplink.c b/ip/iplink.c -index cacb589..9362e83 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -673,6 +673,38 @@ static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv) - return 0; - } - -+int iplink_get(unsigned int flags, char *name, __u32 filt_mask) -+{ -+ int len; -+ struct iplink_req req; -+ char answer[16384]; -+ -+ memset(&req, 0, sizeof(req)); -+ -+ req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); -+ req.n.nlmsg_flags = NLM_F_REQUEST|flags; -+ req.n.nlmsg_type = RTM_GETLINK; -+ req.i.ifi_family = preferred_family; -+ -+ if (name) { -+ len = strlen(name) + 1; -+ if (len == 1) -+ invarg("\"\" is not a valid device identifier\n", -+ "name"); -+ if (len > IFNAMSIZ) -+ invarg("\"name\" too long\n", name); -+ addattr_l(&req.n, sizeof(req), IFLA_IFNAME, name, len); -+ } -+ addattr32(&req.n, sizeof(req), IFLA_EXT_MASK, filt_mask); -+ -+ if (rtnl_talk(&rth, &req.n, 0, 0, (struct nlmsghdr *)answer) < 0) -+ return -2; -+ -+ print_linkinfo(NULL, (struct nlmsghdr *)answer, stdout); -+ -+ return 0; -+} -+ - #if IPLINK_IOCTL_COMPAT - static int get_ctl_fd(void) - { --- -1.8.3.1 - diff --git a/SOURCES/0026-ip-return-correct-exit-code-on-route-failure.patch b/SOURCES/0026-ip-return-correct-exit-code-on-route-failure.patch deleted file mode 100644 index b1b14a8..0000000 --- a/SOURCES/0026-ip-return-correct-exit-code-on-route-failure.patch +++ /dev/null @@ -1,43 +0,0 @@ -From daba15cd1437d136cfd3f09bd42d7c79ffa3d517 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:05:52 +0100 -Subject: [PATCH] ip: return correct exit code on route failure - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 -Upstream Status: iproute2.git commit d58ba4ba2a532 - -commit d58ba4ba2a532f3ebfa640c42ec2622b54740cdf -Author: Stephen Hemminger -Date: Wed May 6 09:48:06 2015 -0700 - - ip: return correct exit code on route failure - - If kernel complains about ip route request, exit status should be - 2 not 1. - - This fixes regression introduced by: - commit 42ecedd4bae534fc688194a795eb4548c6530cda - Author: Roopa Prabhu - Date: Tue Mar 17 19:26:32 2015 -0700 - - fix ip -force -batch to continue on errors ---- - ip/iproute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index fbe5268..4f7cd9b 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -1030,7 +1030,7 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - req.r.rtm_family = AF_INET; - - if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -- return -1; -+ return -2; - - return 0; - } --- -1.8.3.1 - diff --git a/SOURCES/0026-iplink-bridge_slave-add-support-for-IFLA_BRPORT_PROX.patch b/SOURCES/0026-iplink-bridge_slave-add-support-for-IFLA_BRPORT_PROX.patch new file mode 100644 index 0000000..0edfa2e --- /dev/null +++ b/SOURCES/0026-iplink-bridge_slave-add-support-for-IFLA_BRPORT_PROX.patch @@ -0,0 +1,62 @@ +From 8cbb3468d69696ba38fb5e1015afb8d7f2e499d9 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 12:22:59 +0100 +Subject: [PATCH] iplink: bridge_slave: add support for + IFLA_BRPORT_PROXYARP_WIFI + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1374360 +Upstream Status: iproute2.git commit 38b31a78da859 +Conflicts: Context changes due to previously backported mcast_router and + mcast_fast_leave attributes. + +commit 38b31a78da859e4b72037b66477871ba8fc7bd1e +Author: Nikolay Aleksandrov +Date: Tue Feb 16 16:08:53 2016 +0100 + + iplink: bridge_slave: add support for IFLA_BRPORT_PROXYARP_WIFI + + Add support to be able to view and change IFLA_BRPORT_PROXYARP_WIFI port + attribute. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge_slave.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c +index 5a84948..3538176 100644 +--- a/ip/iplink_bridge_slave.c ++++ b/ip/iplink_bridge_slave.c +@@ -30,6 +30,7 @@ static void print_explain(FILE *f) + " [ learning {on | off} ]\n" + " [ flood {on | off} ]\n" + " [ proxy_arp {on | off} ]\n" ++ " [ proxy_arp_wifi {on | off} ]\n" + " [ mcast_router MULTICAST_ROUTER ]\n" + " [ mcast_fast_leave {on | off} ]\n" + ); +@@ -106,6 +107,10 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f, + print_onoff(f, "proxy_arp", + rta_getattr_u8(tb[IFLA_BRPORT_PROXYARP])); + ++ if (tb[IFLA_BRPORT_PROXYARP_WIFI]) ++ print_onoff(f, "proxy_arp_wifi", ++ rta_getattr_u8(tb[IFLA_BRPORT_PROXYARP_WIFI])); ++ + if (tb[IFLA_BRPORT_MULTICAST_ROUTER]) + fprintf(f, "mcast_router %u ", + rta_getattr_u8(tb[IFLA_BRPORT_MULTICAST_ROUTER])); +@@ -181,6 +186,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv, + NEXT_ARG(); + bridge_slave_parse_on_off("proxy_arp", *argv, n, + IFLA_BRPORT_PROXYARP); ++ } else if (matches(*argv, "proxy_arp_wifi") == 0) { ++ NEXT_ARG(); ++ bridge_slave_parse_on_off("proxy_arp_wifi", *argv, n, ++ IFLA_BRPORT_PROXYARP_WIFI); + } else if (matches(*argv, "mcast_router") == 0) { + __u8 mcast_router; + +-- +1.8.3.1 + diff --git a/SOURCES/0027-bridge-fix-reporting-of-IPv6-addresses.patch b/SOURCES/0027-bridge-fix-reporting-of-IPv6-addresses.patch new file mode 100644 index 0000000..dd38d4c --- /dev/null +++ b/SOURCES/0027-bridge-fix-reporting-of-IPv6-addresses.patch @@ -0,0 +1,41 @@ +From fe16587affe3050d0c3b9438aa6470a7951270fa Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:09:08 +0100 +Subject: [PATCH] bridge: fix reporting of IPv6 addresses + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 9e763fa5d332f + +commit 9e763fa5d332f5839673aaf4a7cae10e97932564 +Author: Mike Rapoport +Date: Thu Mar 20 13:06:10 2014 +0200 + + bridge: fix reporting of IPv6 addresses + + Signed-off-by: Mike Rapoport +--- + bridge/fdb.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 0191c76..092945b 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -104,8 +104,13 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + if (tb[NDA_DST]) { + SPRINT_BUF(abuf); ++ int family = AF_INET; ++ ++ if (RTA_PAYLOAD(tb[NDA_DST]) == sizeof(struct in6_addr)) ++ family = AF_INET6; ++ + fprintf(fp, "dst %s ", +- format_host(AF_INET, ++ format_host(family, + RTA_PAYLOAD(tb[NDA_DST]), + RTA_DATA(tb[NDA_DST]), + abuf, sizeof(abuf))); +-- +1.8.3.1 + diff --git a/SOURCES/0027-ip-fix-exit-code-for-rule-failures.patch b/SOURCES/0027-ip-fix-exit-code-for-rule-failures.patch deleted file mode 100644 index 8edcdfa..0000000 --- a/SOURCES/0027-ip-fix-exit-code-for-rule-failures.patch +++ /dev/null @@ -1,37 +0,0 @@ -From edc209d4479b6b89aed9cb5b661002cf27031bea Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:05:58 +0100 -Subject: [PATCH] ip: fix exit code for rule failures - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 -Upstream Status: iproute2.git commit 076ae7089a4b4 - -commit 076ae7089a4b4874a1aedd4c5f84bb889dcda34e -Author: Stephen Hemminger -Date: Wed May 6 09:53:41 2015 -0700 - - ip: fix exit code for rule failures - - If ip rule command fails talking to kernel, exit code should be 2. - The sub-command is called by cmd loop and the exit code is negative - of return value from the command callback. ---- - ip/iprule.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iprule.c b/ip/iprule.c -index d80b125..eebcda2 100644 ---- a/ip/iprule.c -+++ b/ip/iprule.c -@@ -355,7 +355,7 @@ static int iprule_modify(int cmd, int argc, char **argv) - req.r.rtm_table = RT_TABLE_MAIN; - - if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -- return 2; -+ return -2; - - return 0; - } --- -1.8.3.1 - diff --git a/SOURCES/0028-iproute2-ipa-show-port-id.patch b/SOURCES/0028-iproute2-ipa-show-port-id.patch new file mode 100644 index 0000000..f91d5d8 --- /dev/null +++ b/SOURCES/0028-iproute2-ipa-show-port-id.patch @@ -0,0 +1,41 @@ +From 3d68599ce6e1a6dca3f1781ab3589d6a78fd5c8e Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:09:08 +0100 +Subject: [PATCH] iproute2: ipa: show port id + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit c897067480a0e + +commit c897067480a0e0fbf6231edf1ded8fc12ca6ad9d +Author: Jiri Pirko +Date: Thu May 15 15:10:22 2014 +0200 + + iproute2: ipa: show port id + + Signed-off-by: Jiri Pirko +--- + ip/ipaddress.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index e39137f..0c741ff 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -635,6 +635,14 @@ int print_linkinfo(const struct sockaddr_nl *who, + fprintf(fp, "master %s ", ll_idx_n2a(*(int*)RTA_DATA(tb[IFLA_MASTER]), b1)); + } + ++ if (tb[IFLA_PHYS_PORT_ID]) { ++ SPRINT_BUF(b1); ++ fprintf(fp, "portid %s ", ++ hexstring_n2a(RTA_DATA(tb[IFLA_PHYS_PORT_ID]), ++ RTA_PAYLOAD(tb[IFLA_PHYS_PORT_ID]), ++ b1, sizeof(b1))); ++ } ++ + if (tb[IFLA_OPERSTATE]) + print_operstate(fp, rta_getattr_u8(tb[IFLA_OPERSTATE])); + +-- +1.8.3.1 + diff --git a/SOURCES/0028-libnetlink-add-size-argument-to-rtnl_talk.patch b/SOURCES/0028-libnetlink-add-size-argument-to-rtnl_talk.patch deleted file mode 100644 index e4849de..0000000 --- a/SOURCES/0028-libnetlink-add-size-argument-to-rtnl_talk.patch +++ /dev/null @@ -1,819 +0,0 @@ -From fc6ef05c8579a313461139e1c31130e0893c56f0 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:06:06 +0100 -Subject: [PATCH] libnetlink: add size argument to rtnl_talk - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 -Upstream Status: iproute2.git commit c079e121a73af -Conflicts: -- Already applied commit d25ec03e1dce4 - ("ipaddress: fix ipaddr_flush for Linux >= 3.1"). -- Missing commit 025fa9dc7a4fe - ("xfrm: add command for configuring SPD hash table"). -- Upstream conflict merge at 03371c7d98d16. - -commit c079e121a73af5eb49e003b13607e8a690331df6 -Author: Stephen Hemminger -Date: Wed May 27 12:26:14 2015 -0700 - - libnetlink: add size argument to rtnl_talk - - There have been several instances where response from kernel - has overrun the stack buffer from the caller. Avoid future problems - by passing a size argument. - - Also drop the unused peer and group arguments to rtnl_talk. ---- - bridge/fdb.c | 2 +- - bridge/link.c | 2 +- - bridge/mdb.c | 2 +- - bridge/vlan.c | 2 +- - genl/ctrl.c | 4 ++-- - include/libnetlink.h | 4 ++-- - ip/ipaddress.c | 4 ++-- - ip/ipaddrlabel.c | 4 ++-- - ip/ipl2tp.c | 8 ++++---- - ip/iplink.c | 13 ++++++++----- - ip/ipneigh.c | 2 +- - ip/ipnetns.c | 4 ++-- - ip/ipntable.c | 2 +- - ip/iproute.c | 8 ++++---- - ip/iprule.c | 4 ++-- - ip/iptoken.c | 2 +- - ip/link_gre.c | 2 +- - ip/link_gre6.c | 2 +- - ip/link_ip6tnl.c | 2 +- - ip/link_iptnl.c | 2 +- - ip/link_vti.c | 2 +- - ip/link_vti6.c | 2 +- - ip/tcp_metrics.c | 4 ++-- - ip/xfrm_policy.c | 14 +++++++------- - ip/xfrm_state.c | 12 ++++++------ - lib/libgenl.c | 2 +- - lib/libnetlink.c | 40 ++++++++++++++++++++++------------------ - tc/m_action.c | 6 +++--- - tc/tc_class.c | 2 +- - tc/tc_filter.c | 2 +- - tc/tc_qdisc.c | 2 +- - 31 files changed, 85 insertions(+), 78 deletions(-) - -diff --git a/bridge/fdb.c b/bridge/fdb.c -index b8138cb..6dc3153 100644 ---- a/bridge/fdb.c -+++ b/bridge/fdb.c -@@ -329,7 +329,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) - return -1; - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return -1; - - return 0; -diff --git a/bridge/link.c b/bridge/link.c -index c5e7ae5..02777d6 100644 ---- a/bridge/link.c -+++ b/bridge/link.c -@@ -376,7 +376,7 @@ static int brlink_modify(int argc, char **argv) - addattr_nest_end(&req.n, nest); - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return -1; - - return 0; -diff --git a/bridge/mdb.c b/bridge/mdb.c -index ab3a792..821f575 100644 ---- a/bridge/mdb.c -+++ b/bridge/mdb.c -@@ -224,7 +224,7 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) - - addattr_l(&req.n, sizeof(req), MDBA_SET_ENTRY, &entry, sizeof(entry)); - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return -1; - - return 0; -diff --git a/bridge/vlan.c b/bridge/vlan.c -index ba54b0e..b471bf7 100644 ---- a/bridge/vlan.c -+++ b/bridge/vlan.c -@@ -95,7 +95,7 @@ static int vlan_modify(int cmd, int argc, char **argv) - - addattr_nest_end(&req.n, afspec); - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return -1; - - return 0; -diff --git a/genl/ctrl.c b/genl/ctrl.c -index 48cbc35..2596883 100644 ---- a/genl/ctrl.c -+++ b/genl/ctrl.c -@@ -67,7 +67,7 @@ int genl_ctrl_resolve_family(const char *family) - - addattr_l(nlh, 128, CTRL_ATTR_FAMILY_NAME, family, strlen(family) + 1); - -- if (rtnl_talk(&rth, nlh, 0, 0, nlh) < 0) { -+ if (rtnl_talk(&rth, nlh, nlh, sizeof(req)) < 0) { - fprintf(stderr, "Error talking to the kernel\n"); - goto errout; - } -@@ -341,7 +341,7 @@ static int ctrl_list(int cmd, int argc, char **argv) - goto ctrl_done; - } - -- if (rtnl_talk(&rth, nlh, 0, 0, nlh) < 0) { -+ if (rtnl_talk(&rth, nlh, nlh, sizeof(req)) < 0) { - fprintf(stderr, "Error talking to the kernel\n"); - goto ctrl_done; - } -diff --git a/include/libnetlink.h b/include/libnetlink.h -index 058dc64..8c90873 100644 ---- a/include/libnetlink.h -+++ b/include/libnetlink.h -@@ -68,8 +68,8 @@ int rtnl_dump_filter_nc(struct rtnl_handle *rth, - void *arg, __u16 nc_flags); - #define rtnl_dump_filter(rth, filter, arg) \ - rtnl_dump_filter_nc(rth, filter, arg, 0) --extern int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, -- unsigned groups, struct nlmsghdr *answer) -+extern int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, -+ struct nlmsghdr *answer, size_t len) - __attribute__((warn_unused_result)); - extern int rtnl_send(struct rtnl_handle *rth, const void *buf, int) - __attribute__((warn_unused_result)); -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index f5a47db..700c40f 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -1024,7 +1024,7 @@ static int restore_handler(const struct sockaddr_nl *nl, - - ll_init_map(&rth); - -- ret = rtnl_talk(&rth, n, 0, 0, n); -+ ret = rtnl_talk(&rth, n, n, sizeof(*n)); - if ((ret < 0) && (errno == EEXIST)) - ret = 0; - -@@ -1587,7 +1587,7 @@ static int ipaddr_modify(int cmd, int flags, int argc, char **argv) - sizeof(cinfo)); - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return -2; - - return 0; -diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c -index 5b1f6e4..c5d69f4 100644 ---- a/ip/ipaddrlabel.c -+++ b/ip/ipaddrlabel.c -@@ -183,7 +183,7 @@ static int ipaddrlabel_modify(int cmd, int argc, char **argv) - if (req.ifal.ifal_family == AF_UNSPEC) - req.ifal.ifal_family = AF_INET6; - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return -2; - - return 0; -@@ -210,7 +210,7 @@ static int flush_addrlabel(const struct sockaddr_nl *who, struct nlmsghdr *n, vo - if (rtnl_open(&rth2, 0) < 0) - return -1; - -- if (rtnl_talk(&rth2, n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth2, n, NULL, 0) < 0) - return -2; - - rtnl_close(&rth2); -diff --git a/ip/ipl2tp.c b/ip/ipl2tp.c -index 5cd8632..2f7c9bf 100644 ---- a/ip/ipl2tp.c -+++ b/ip/ipl2tp.c -@@ -119,7 +119,7 @@ static int create_tunnel(struct l2tp_parm *p) - addattr16(&req.n, 1024, L2TP_ATTR_UDP_DPORT, p->peer_udp_port); - } - -- if (rtnl_talk(&genl_rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&genl_rth, &req.n, NULL, 0) < 0) - return -2; - - return 0; -@@ -132,7 +132,7 @@ static int delete_tunnel(struct l2tp_parm *p) - - addattr32(&req.n, 128, L2TP_ATTR_CONN_ID, p->tunnel_id); - -- if (rtnl_talk(&genl_rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&genl_rth, &req.n, NULL, 0) < 0) - return -2; - - return 0; -@@ -166,7 +166,7 @@ static int create_session(struct l2tp_parm *p) - if (p->ifname && p->ifname[0]) - addattrstrz(&req.n, 1024, L2TP_ATTR_IFNAME, p->ifname); - -- if (rtnl_talk(&genl_rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&genl_rth, &req.n, NULL, 0) < 0) - return -2; - - return 0; -@@ -179,7 +179,7 @@ static int delete_session(struct l2tp_parm *p) - - addattr32(&req.n, 1024, L2TP_ATTR_CONN_ID, p->tunnel_id); - addattr32(&req.n, 1024, L2TP_ATTR_SESSION_ID, p->session_id); -- if (rtnl_talk(&genl_rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&genl_rth, &req.n, NULL, 0) < 0) - return -2; - - return 0; -diff --git a/ip/iplink.c b/ip/iplink.c -index 9362e83..048d4f3 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -592,7 +592,7 @@ static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv) - - req.i.ifi_index = 0; - addattr32(&req.n, sizeof(req), IFLA_GROUP, group); -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - exit(2); - return 0; - } -@@ -667,7 +667,7 @@ static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv) - return -1; - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - exit(2); - - return 0; -@@ -677,7 +677,10 @@ int iplink_get(unsigned int flags, char *name, __u32 filt_mask) - { - int len; - struct iplink_req req; -- char answer[16384]; -+ struct { -+ struct nlmsghdr n; -+ char buf[16384]; -+ } answer; - - memset(&req, 0, sizeof(req)); - -@@ -697,10 +700,10 @@ int iplink_get(unsigned int flags, char *name, __u32 filt_mask) - } - addattr32(&req.n, sizeof(req), IFLA_EXT_MASK, filt_mask); - -- if (rtnl_talk(&rth, &req.n, 0, 0, (struct nlmsghdr *)answer) < 0) -+ if (rtnl_talk(&rth, &req.n, &answer.n, sizeof(answer)) < 0) - return -2; - -- print_linkinfo(NULL, (struct nlmsghdr *)answer, stdout); -+ print_linkinfo(NULL, &answer.n, stdout); - - return 0; - } -diff --git a/ip/ipneigh.c b/ip/ipneigh.c -index c47f005..19fd8e2 100644 ---- a/ip/ipneigh.c -+++ b/ip/ipneigh.c -@@ -179,7 +179,7 @@ static int ipneigh_modify(int cmd, int flags, int argc, char **argv) - return -1; - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - exit(2); - - return 0; -diff --git a/ip/ipnetns.c b/ip/ipnetns.c -index 00b6cc4..2c848bc 100644 ---- a/ip/ipnetns.c -+++ b/ip/ipnetns.c -@@ -113,7 +113,7 @@ static int get_netnsid_from_name(const char *name) - return fd; - - addattr32(&req.n, 1024, NETNSA_FD, fd); -- if (rtnl_talk(&rtnsh, &req.n, 0, 0, &answer.n) < 0) { -+ if (rtnl_talk(&rtnsh, &req.n, &answer.n, sizeof(answer)) < 0) { - close(fd); - return -2; - } -@@ -698,7 +698,7 @@ static int set_netnsid_from_name(const char *name, int nsid) - - addattr32(&req.n, 1024, NETNSA_FD, fd); - addattr32(&req.n, 1024, NETNSA_NSID, nsid); -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - err = -2; - - close(fd); -diff --git a/ip/ipntable.c b/ip/ipntable.c -index 4d4eece..ca5d935 100644 ---- a/ip/ipntable.c -+++ b/ip/ipntable.c -@@ -314,7 +314,7 @@ static int ipntable_modify(int cmd, int flags, int argc, char **argv) - RTA_PAYLOAD(parms_rta)); - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - exit(2); - - return 0; -diff --git a/ip/iproute.c b/ip/iproute.c -index 4f7cd9b..367b922 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -1029,7 +1029,7 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - if (req.r.rtm_family == AF_UNSPEC) - req.r.rtm_family = AF_INET; - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return -2; - - return 0; -@@ -1486,7 +1486,7 @@ static int iproute_get(int argc, char **argv) - if (req.r.rtm_family == AF_UNSPEC) - req.r.rtm_family = AF_INET; - -- if (rtnl_talk(&rth, &req.n, 0, 0, &req.n) < 0) -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) - exit(2); - - if (connected && !from_ok) { -@@ -1527,7 +1527,7 @@ static int iproute_get(int argc, char **argv) - req.n.nlmsg_flags = NLM_F_REQUEST; - req.n.nlmsg_type = RTM_GETROUTE; - -- if (rtnl_talk(&rth, &req.n, 0, 0, &req.n) < 0) -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) - exit(2); - } - -@@ -1549,7 +1549,7 @@ static int restore_handler(const struct sockaddr_nl *nl, - - ll_init_map(&rth); - -- ret = rtnl_talk(&rth, n, 0, 0, n); -+ ret = rtnl_talk(&rth, n, n, sizeof(*n)); - if ((ret < 0) && (errno == EEXIST)) - ret = 0; - -diff --git a/ip/iprule.c b/ip/iprule.c -index eebcda2..89fa7ef 100644 ---- a/ip/iprule.c -+++ b/ip/iprule.c -@@ -354,7 +354,7 @@ static int iprule_modify(int cmd, int argc, char **argv) - if (!table_ok && cmd == RTM_NEWRULE) - req.r.rtm_table = RT_TABLE_MAIN; - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return -2; - - return 0; -@@ -381,7 +381,7 @@ static int flush_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *a - if (rtnl_open(&rth2, 0) < 0) - return -1; - -- if (rtnl_talk(&rth2, n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth2, n, NULL, 0) < 0) - return -2; - - rtnl_close(&rth2); -diff --git a/ip/iptoken.c b/ip/iptoken.c -index 5689c2e..0d265e6 100644 ---- a/ip/iptoken.c -+++ b/ip/iptoken.c -@@ -182,7 +182,7 @@ static int iptoken_set(int argc, char **argv) - return -1; - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return -2; - - return 0; -diff --git a/ip/link_gre.c b/ip/link_gre.c -index ddbd6cc..62acf46 100644 ---- a/ip/link_gre.c -+++ b/ip/link_gre.c -@@ -77,7 +77,7 @@ static int gre_parse_opt(struct link_util *lu, int argc, char **argv, - req.i.ifi_family = preferred_family; - req.i.ifi_index = ifi->ifi_index; - -- if (rtnl_talk(&rth, &req.n, 0, 0, &req.n) < 0) { -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) { - get_failed: - fprintf(stderr, - "Failed to get existing tunnel info.\n"); -diff --git a/ip/link_gre6.c b/ip/link_gre6.c -index f18919c..e00ea09 100644 ---- a/ip/link_gre6.c -+++ b/ip/link_gre6.c -@@ -91,7 +91,7 @@ static int gre_parse_opt(struct link_util *lu, int argc, char **argv, - req.i.ifi_family = preferred_family; - req.i.ifi_index = ifi->ifi_index; - -- if (rtnl_talk(&rth, &req.n, 0, 0, &req.n) < 0) { -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) { - get_failed: - fprintf(stderr, - "Failed to get existing tunnel info.\n"); -diff --git a/ip/link_ip6tnl.c b/ip/link_ip6tnl.c -index cf59a93..f771c75 100644 ---- a/ip/link_ip6tnl.c -+++ b/ip/link_ip6tnl.c -@@ -89,7 +89,7 @@ static int ip6tunnel_parse_opt(struct link_util *lu, int argc, char **argv, - req.i.ifi_family = preferred_family; - req.i.ifi_index = ifi->ifi_index; - -- if (rtnl_talk(&rth, &req.n, 0, 0, &req.n) < 0) { -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) { - get_failed: - fprintf(stderr, - "Failed to get existing tunnel info.\n"); -diff --git a/ip/link_iptnl.c b/ip/link_iptnl.c -index 2ac2604..4d5422b 100644 ---- a/ip/link_iptnl.c -+++ b/ip/link_iptnl.c -@@ -81,7 +81,7 @@ static int iptunnel_parse_opt(struct link_util *lu, int argc, char **argv, - req.i.ifi_family = preferred_family; - req.i.ifi_index = ifi->ifi_index; - -- if (rtnl_talk(&rth, &req.n, 0, 0, &req.n) < 0) { -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) { - get_failed: - fprintf(stderr, - "Failed to get existing tunnel info.\n"); -diff --git a/ip/link_vti.c b/ip/link_vti.c -index 59ac4c4..f3fea33 100644 ---- a/ip/link_vti.c -+++ b/ip/link_vti.c -@@ -71,7 +71,7 @@ static int vti_parse_opt(struct link_util *lu, int argc, char **argv, - req.i.ifi_family = preferred_family; - req.i.ifi_index = ifi->ifi_index; - -- if (rtnl_talk(&rth, &req.n, 0, 0, &req.n) < 0) { -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) { - get_failed: - fprintf(stderr, - "Failed to get existing tunnel info.\n"); -diff --git a/ip/link_vti6.c b/ip/link_vti6.c -index 282896d..c146f79 100644 ---- a/ip/link_vti6.c -+++ b/ip/link_vti6.c -@@ -67,7 +67,7 @@ static int vti6_parse_opt(struct link_util *lu, int argc, char **argv, - req.i.ifi_family = preferred_family; - req.i.ifi_index = ifi->ifi_index; - -- if (rtnl_talk(&rth, &req.n, 0, 0, &req.n) < 0) { -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) { - get_failed: - fprintf(stderr, - "Failed to get existing tunnel info.\n"); -diff --git a/ip/tcp_metrics.c b/ip/tcp_metrics.c -index c6be3c9..8fa4b26 100644 ---- a/ip/tcp_metrics.c -+++ b/ip/tcp_metrics.c -@@ -386,10 +386,10 @@ static int tcpm_do_cmd(int cmd, int argc, char **argv) - } - - if (ack) { -- if (rtnl_talk(&grth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&grth, &req.n, NULL, 0) < 0) - return -2; - } else if (atype >= 0) { -- if (rtnl_talk(&grth, &req.n, 0, 0, &req.n) < 0) -+ if (rtnl_talk(&grth, &req.n, &req.n, sizeof(req)) < 0) - return -2; - if (process_msg(NULL, &req.n, stdout) < 0) { - fprintf(stderr, "Dump terminated\n"); -diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c -index f7f2c5c..3ff734e 100644 ---- a/ip/xfrm_policy.c -+++ b/ip/xfrm_policy.c -@@ -393,7 +393,7 @@ static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv) - if (req.xpinfo.sel.family == AF_UNSPEC) - req.xpinfo.sel.family = AF_INET; - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - exit(2); - - rtnl_close(&rth); -@@ -555,7 +555,7 @@ int xfrm_policy_print(const struct sockaddr_nl *who, struct nlmsghdr *n, - } - - static int xfrm_policy_get_or_delete(int argc, char **argv, int delete, -- void *res_nlbuf) -+ void *res_nlbuf, size_t res_size) - { - struct rtnl_handle rth; - struct { -@@ -670,7 +670,7 @@ static int xfrm_policy_get_or_delete(int argc, char **argv, int delete, - (void *)&ctx, ctx.sctx.len); - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, res_nlbuf) < 0) -+ if (rtnl_talk(&rth, &req.n, res_nlbuf, res_size) < 0) - exit(2); - - rtnl_close(&rth); -@@ -680,7 +680,7 @@ static int xfrm_policy_get_or_delete(int argc, char **argv, int delete, - - static int xfrm_policy_delete(int argc, char **argv) - { -- return xfrm_policy_get_or_delete(argc, argv, 1, NULL); -+ return xfrm_policy_get_or_delete(argc, argv, 1, NULL, 0); - } - - static int xfrm_policy_get(int argc, char **argv) -@@ -690,7 +690,7 @@ static int xfrm_policy_get(int argc, char **argv) - - memset(buf, 0, sizeof(buf)); - -- xfrm_policy_get_or_delete(argc, argv, 0, n); -+ xfrm_policy_get_or_delete(argc, argv, 0, n, sizeof(buf)); - - if (xfrm_policy_print(NULL, n, (void*)stdout) < 0) { - fprintf(stderr, "An error :-)\n"); -@@ -975,7 +975,7 @@ static int xfrm_spd_getinfo(int argc, char **argv) - if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) - exit(1); - -- if (rtnl_talk(&rth, &req.n, 0, 0, &req.n) < 0) -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) - exit(2); - - print_spdinfo(&req.n, (void*)stdout); -@@ -1027,7 +1027,7 @@ static int xfrm_policy_flush(int argc, char **argv) - if (show_stats > 1) - fprintf(stderr, "Flush policy\n"); - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - exit(2); - - rtnl_close(&rth); -diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c -index 0f6b10d..20d7a7e 100644 ---- a/ip/xfrm_state.c -+++ b/ip/xfrm_state.c -@@ -644,7 +644,7 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv) - if (req.xsinfo.family == AF_UNSPEC) - req.xsinfo.family = AF_INET; - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - exit(2); - - rtnl_close(&rth); -@@ -781,7 +781,7 @@ static int xfrm_state_allocspi(int argc, char **argv) - req.xspi.info.family = AF_INET; - - -- if (rtnl_talk(&rth, &req.n, 0, 0, res_n) < 0) -+ if (rtnl_talk(&rth, &req.n, res_n, sizeof(res_buf)) < 0) - exit(2); - - if (xfrm_state_print(NULL, res_n, (void*)stdout) < 0) { -@@ -971,7 +971,7 @@ static int xfrm_state_get_or_delete(int argc, char **argv, int delete) - req.xsid.family = AF_INET; - - if (delete) { -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - exit(2); - } else { - char buf[NLMSG_BUF_SIZE]; -@@ -979,7 +979,7 @@ static int xfrm_state_get_or_delete(int argc, char **argv, int delete) - - memset(buf, 0, sizeof(buf)); - -- if (rtnl_talk(&rth, &req.n, 0, 0, res_n) < 0) -+ if (rtnl_talk(&rth, &req.n, res_n, sizeof(req)) < 0) - exit(2); - - if (xfrm_state_print(NULL, res_n, (void*)stdout) < 0) { -@@ -1220,7 +1220,7 @@ static int xfrm_sad_getinfo(int argc, char **argv) - if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) - exit(1); - -- if (rtnl_talk(&rth, &req.n, 0, 0, &req.n) < 0) -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) - exit(2); - - print_sadinfo(&req.n, (void*)stdout); -@@ -1274,7 +1274,7 @@ static int xfrm_state_flush(int argc, char **argv) - fprintf(stderr, "Flush state with XFRM-PROTO value \"%s\"\n", - strxf_xfrmproto(req.xsf.proto)); - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - exit(2); - - rtnl_close(&rth); -diff --git a/lib/libgenl.c b/lib/libgenl.c -index ef3e5db..acb1478 100644 ---- a/lib/libgenl.c -+++ b/lib/libgenl.c -@@ -53,7 +53,7 @@ int genl_resolve_family(struct rtnl_handle *grth, const char *family) - addattr_l(&req.n, sizeof(req), CTRL_ATTR_FAMILY_NAME, - family, strlen(family) + 1); - -- if (rtnl_talk(grth, &req.n, 0, 0, &req.n) < 0) { -+ if (rtnl_talk(grth, &req.n, &req.n, sizeof(req)) < 0) { - fprintf(stderr, "Error talking to the kernel\n"); - return -2; - } -diff --git a/lib/libnetlink.c b/lib/libnetlink.c -index 95675be..97b79fd 100644 ---- a/lib/libnetlink.c -+++ b/lib/libnetlink.c -@@ -29,6 +29,10 @@ - #define SOL_NETLINK 270 - #endif - -+#ifndef MIN -+#define MIN(a, b) ((a) < (b) ? (a) : (b)) -+#endif -+ - int rcvbuf = 1024 * 1024; - - void rtnl_close(struct rtnl_handle *rth) -@@ -306,8 +310,8 @@ int rtnl_dump_filter_nc(struct rtnl_handle *rth, - return rtnl_dump_filter_l(rth, a); - } - --int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, -- unsigned groups, struct nlmsghdr *answer) -+int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, -+ struct nlmsghdr *answer, size_t len) - { - int status; - unsigned seq; -@@ -323,12 +327,10 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, - .msg_iov = &iov, - .msg_iovlen = 1, - }; -- char buf[16384]; -+ char buf[32768]; - - memset(&nladdr, 0, sizeof(nladdr)); - nladdr.nl_family = AF_NETLINK; -- nladdr.nl_pid = peer; -- nladdr.nl_groups = groups; - - n->nlmsg_seq = seq = ++rtnl->seq; - -@@ -336,7 +338,6 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, - n->nlmsg_flags |= NLM_F_ACK; - - status = sendmsg(rtnl->fd, &msg, 0); -- - if (status < 0) { - perror("Cannot talk to rtnetlink"); - return -1; -@@ -345,7 +346,6 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, - memset(buf,0,sizeof(buf)); - - iov.iov_base = buf; -- - while (1) { - iov.iov_len = sizeof(buf); - status = recvmsg(rtnl->fd, &msg, 0); -@@ -378,7 +378,7 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, - exit(1); - } - -- if (nladdr.nl_pid != peer || -+ if (nladdr.nl_pid != 0 || - h->nlmsg_pid != rtnl->local.nl_pid || - h->nlmsg_seq != seq) { - /* Don't forget to skip that message. */ -@@ -391,20 +391,22 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, - struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); - if (l < sizeof(struct nlmsgerr)) { - fprintf(stderr, "ERROR truncated\n"); -- } else { -- if (!err->error) { -- if (answer) -- memcpy(answer, h, h->nlmsg_len); -- return 0; -- } -- -- fprintf(stderr, "RTNETLINK answers: %s\n", strerror(-err->error)); -- errno = -err->error; -+ } else if (!err->error) { -+ if (answer) -+ memcpy(answer, h, -+ MIN(len, h->nlmsg_len)); -+ return 0; - } -+ -+ fprintf(stderr, "RTNETLINK answers: %s\n", -+ strerror(-err->error)); -+ errno = -err->error; - return -1; - } -+ - if (answer) { -- memcpy(answer, h, h->nlmsg_len); -+ memcpy(answer, h, -+ MIN(len, h->nlmsg_len)); - return 0; - } - -@@ -413,10 +415,12 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, - status -= NLMSG_ALIGN(len); - h = (struct nlmsghdr*)((char*)h + NLMSG_ALIGN(len)); - } -+ - if (msg.msg_flags & MSG_TRUNC) { - fprintf(stderr, "Message truncated\n"); - continue; - } -+ - if (status) { - fprintf(stderr, "!!!Remnant of size %d\n", status); - exit(1); -diff --git a/tc/m_action.c b/tc/m_action.c -index 4acabef..7cbf377 100644 ---- a/tc/m_action.c -+++ b/tc/m_action.c -@@ -451,7 +451,7 @@ static int tc_action_gd(int cmd, unsigned flags, int *argc_p, char ***argv_p) - if (cmd == RTM_GETACTION) - ans = &req.n; - -- if (rtnl_talk(&rth, &req.n, 0, 0, ans) < 0) { -+ if (rtnl_talk(&rth, &req.n, ans, MAX_MSG) < 0) { - fprintf(stderr, "We have an error talking to the kernel\n"); - return 1; - } -@@ -496,7 +496,7 @@ static int tc_action_modify(int cmd, unsigned flags, int *argc_p, char ***argv_p - } - tail->rta_len = (void *) NLMSG_TAIL(&req.n) - (void *) tail; - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) { -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) { - fprintf(stderr, "We have an error talking to the kernel\n"); - ret = -1; - } -@@ -566,7 +566,7 @@ static int tc_act_list_or_flush(int argc, char **argv, int event) - req.n.nlmsg_type = RTM_DELACTION; - req.n.nlmsg_flags |= NLM_F_ROOT; - req.n.nlmsg_flags |= NLM_F_REQUEST; -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) { -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) { - fprintf(stderr, "We have an error flushing\n"); - return 1; - } -diff --git a/tc/tc_class.c b/tc/tc_class.c -index b8767bc..4f35346 100644 ---- a/tc/tc_class.c -+++ b/tc/tc_class.c -@@ -138,7 +138,7 @@ static int tc_class_modify(int cmd, unsigned flags, int argc, char **argv) - } - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return 2; - - return 0; -diff --git a/tc/tc_filter.c b/tc/tc_filter.c -index 609fbe9..e76d616 100644 ---- a/tc/tc_filter.c -+++ b/tc/tc_filter.c -@@ -167,7 +167,7 @@ static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) - } - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) { -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) { - fprintf(stderr, "We have an error talking to the kernel\n"); - return 2; - } -diff --git a/tc/tc_qdisc.c b/tc/tc_qdisc.c -index c71937d..c31ae8d 100644 ---- a/tc/tc_qdisc.c -+++ b/tc/tc_qdisc.c -@@ -187,7 +187,7 @@ static int tc_qdisc_modify(int cmd, unsigned flags, int argc, char **argv) - req.t.tcm_ifindex = idx; - } - -- if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return 2; - - return 0; --- -1.8.3.1 - diff --git a/SOURCES/0029-bridge-Add-learning-and-flood-support.patch b/SOURCES/0029-bridge-Add-learning-and-flood-support.patch new file mode 100644 index 0000000..7bb0a03 --- /dev/null +++ b/SOURCES/0029-bridge-Add-learning-and-flood-support.patch @@ -0,0 +1,117 @@ +From 8e5969521d5df7a63d9a20597cb9d52b776c3e6e Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:09:08 +0100 +Subject: [PATCH] bridge: Add learning and flood support + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit f0f4ab600b5a9 + +commit f0f4ab600b5a9d1f718c8812e20dffe61ca95989 +Author: Vlad Yasevich +Date: Wed May 21 09:53:43 2014 -0400 + + bridge: Add learning and flood support + + Add ability to control learning and flood flags on bridge + ports. + + Signed-off-by: Vlad Yasevich +--- + bridge/link.c | 22 ++++++++++++++++++++++ + man/man8/bridge.8 | 12 ++++++++++++ + 2 files changed, 34 insertions(+) + +diff --git a/bridge/link.c b/bridge/link.c +index 19d0642..176c906 100644 +--- a/bridge/link.c ++++ b/bridge/link.c +@@ -185,6 +185,12 @@ int print_linkinfo(const struct sockaddr_nl *who, + if (prtb[IFLA_BRPORT_FAST_LEAVE]) + print_onoff(fp, "fastleave", + rta_getattr_u8(prtb[IFLA_BRPORT_FAST_LEAVE])); ++ if (prtb[IFLA_BRPORT_LEARNING]) ++ print_onoff(fp, "learning", ++ rta_getattr_u8(prtb[IFLA_BRPORT_LEARNING])); ++ if (prtb[IFLA_BRPORT_UNICAST_FLOOD]) ++ print_onoff(fp, "flood", ++ rta_getattr_u8(prtb[IFLA_BRPORT_UNICAST_FLOOD])); + } + } else + print_portstate(fp, rta_getattr_u8(tb[IFLA_PROTINFO])); +@@ -214,6 +220,8 @@ static void usage(void) + fprintf(stderr, " [ hairpin {on | off} ] \n"); + fprintf(stderr, " [ fastleave {on | off} ]\n"); + fprintf(stderr, " [ root_block {on | off} ]\n"); ++ fprintf(stderr, " [ learning {on | off} ]\n"); ++ fprintf(stderr, " [ flood {on | off} ]\n"); + fprintf(stderr, " [ hwmode {vepa | veb} ]\n"); + fprintf(stderr, " bridge link show [dev DEV]\n"); + exit(-1); +@@ -243,6 +251,8 @@ static int brlink_modify(int argc, char **argv) + char buf[512]; + } req; + char *d = NULL; ++ __s8 learning = -1; ++ __s8 flood = -1; + __s8 hairpin = -1; + __s8 bpdu_guard = -1; + __s8 fast_leave = -1; +@@ -281,6 +291,14 @@ static int brlink_modify(int argc, char **argv) + NEXT_ARG(); + if (!on_off("root_block", &root_block, *argv)) + exit(-1); ++ } else if (strcmp(*argv, "learning") == 0) { ++ NEXT_ARG(); ++ if (!on_off("learning", &learning, *argv)) ++ exit(-1); ++ } else if (strcmp(*argv, "flood") == 0) { ++ NEXT_ARG(); ++ if (!on_off("flood", &flood, *argv)) ++ exit(-1); + } else if (strcmp(*argv, "cost") == 0) { + NEXT_ARG(); + cost = atoi(*argv); +@@ -335,6 +353,10 @@ static int brlink_modify(int argc, char **argv) + fast_leave); + if (root_block >= 0) + addattr8(&req.n, sizeof(req), IFLA_BRPORT_PROTECT, root_block); ++ if (flood >= 0) ++ addattr8(&req.n, sizeof(req), IFLA_BRPORT_UNICAST_FLOOD, flood); ++ if (learning >= 0) ++ addattr8(&req.n, sizeof(req), IFLA_BRPORT_LEARNING, learning); + + if (cost > 0) + addattr32(&req.n, sizeof(req), IFLA_BRPORT_COST, cost); +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 4f48546..5e51d54 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -37,6 +37,8 @@ bridge \- show / manipulate bridge addresses and devices + .BR hairpin " { " on " | " off " } ] [ " + .BR fastleave " { " on " | " off " } ] [ " + .BR root_block " { " on " | " off " } ] [ " ++.BR learning " { " on " | " off " } ] [ " ++.BR flood " { " on " | " off " } ] [ " + .BR hwmode " { " vepa " | " veb " } ] " + + .ti -8 +@@ -255,6 +257,16 @@ Controls whether a given port is allowed to become root port or not. Only used + when STP is enabled on the bridge. By default the flag is off. + + .TP ++.BR "learning on " or " learning off " ++Controls whether a given port will learn MAC addresses from received traffic or ++not. If learning if off, the bridge will end up flooding any traffic for which ++it has no FDB entry. By default this flag is on. ++ ++.TP ++.BR "flooding on " or " flooding off " ++Controls whether a given port will flood unicast traffic for which there is no FDB entry. By default this flag is on. ++ ++.TP + .BI hwmode + Some network interface cards support HW bridge functionality and they may be + configured in different modes. Currently support modes are: +-- +1.8.3.1 + diff --git a/SOURCES/0029-libnetlink-don-t-confuse-variables-in-rtnl_talk.patch b/SOURCES/0029-libnetlink-don-t-confuse-variables-in-rtnl_talk.patch deleted file mode 100644 index 3f0c2c5..0000000 --- a/SOURCES/0029-libnetlink-don-t-confuse-variables-in-rtnl_talk.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 5b5cbaf1e54a9c0fb169465913c1250c560b487a Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:07:42 +0100 -Subject: [PATCH] libnetlink: don't confuse variables in rtnl_talk() - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 -Upstream Status: iproute2.git commit ed108cfc0260b - -commit ed108cfc0260b6b751647982b77d6363b1defb15 -Author: Nicolas Dichtel -Date: Thu Dec 3 17:13:48 2015 +0100 - - libnetlink: don't confuse variables in rtnl_talk() - - There is two variables named 'len' in rtnl_talk. In fact, commit - c079e121a73a didn't work. For example, it was possible to trigger - a seg fault with this command: - $ ip link set gre2 type ip6gre hoplimit 32 - - Let's rename the argument len to maxlen. - - Fixes: c079e121a73a ("libnetlink: add size argument to rtnl_talk") - Reported-by: Thomas Faivre - Signed-off-by: Nicolas Dichtel ---- - lib/libnetlink.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/libnetlink.c b/lib/libnetlink.c -index 97b79fd..b2a300e 100644 ---- a/lib/libnetlink.c -+++ b/lib/libnetlink.c -@@ -311,7 +311,7 @@ int rtnl_dump_filter_nc(struct rtnl_handle *rth, - } - - int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, -- struct nlmsghdr *answer, size_t len) -+ struct nlmsghdr *answer, size_t maxlen) - { - int status; - unsigned seq; -@@ -394,7 +394,7 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, - } else if (!err->error) { - if (answer) - memcpy(answer, h, -- MIN(len, h->nlmsg_len)); -+ MIN(maxlen, h->nlmsg_len)); - return 0; - } - -@@ -406,7 +406,7 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, - - if (answer) { - memcpy(answer, h, -- MIN(len, h->nlmsg_len)); -+ MIN(maxlen, h->nlmsg_len)); - return 0; - } - --- -1.8.3.1 - diff --git a/SOURCES/0030-bridge-Make-filter_index-match-in-signedness.patch b/SOURCES/0030-bridge-Make-filter_index-match-in-signedness.patch new file mode 100644 index 0000000..f7c8f8d --- /dev/null +++ b/SOURCES/0030-bridge-Make-filter_index-match-in-signedness.patch @@ -0,0 +1,115 @@ +From e063ae1315f846a27351ace6968ff7dccb2e368c Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:09:08 +0100 +Subject: [PATCH] bridge: Make filter_index match in signedness + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 9dca899b2d971 + +commit 9dca899b2d97163f18b66c21b5e7acec893b0fa4 +Author: Andreas Henriksson +Date: Wed Jun 4 19:40:37 2014 +0200 + + bridge: Make filter_index match in signedness + + Michael Tautschnig wrote: + + During a rebuild [...]. Please note that we use our research + compiler tool-chain (using tools from the cbmc package), which permits extended + reporting on type inconsistencies at link time. + + [...] + gcc bridge.o fdb.o monitor.o link.o mdb.o vlan.o ../lib/libnetlink.a ../lib/libutil.a ../lib/libnetlink.a ../lib/libutil.a -o bridge + file link.c line 18: error: conflicting types for variable "filter_index" + old definition in module fdb file fdb.c line 29 + signed int + new definition in module link file link.c line 18 + unsigned int + : recipe for target 'bridge' failed + make[3]: *** [bridge] Error 64 + make[3]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-iproute2/iproute2-3.14.0/bridge' + Makefile:45: recipe for target 'all' failed + + While practical constraints may limit the value of filter_index to remain within + the bounds of a positive signed int, there is certainly no such guarantee here. + Also, a plain majority vote suggests that this really just a wrong declaration + in link.c as several declarations of filter_index as signed int exist. + + [...] + + My followup on this was: + + I think the majority is wrong. + + filter_index is assigned exclusively from if_nametoindex or ll_name_to_index + which both return unsigned int. + + Changing it to unsigned everywhere seems better. + + This has been minimally tested by using the bridge tool + to add vids and showing available vids on different devices. + + Reported-by: Michael Tautschnig + Signed-off-by: Andreas Henriksson +--- + bridge/fdb.c | 2 +- + bridge/link.c | 2 +- + bridge/mdb.c | 2 +- + bridge/vlan.c | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 092945b..b29c776 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -26,7 +26,7 @@ + #include "rt_names.h" + #include "utils.h" + +-int filter_index; ++static unsigned int filter_index; + + static void usage(void) + { +diff --git a/bridge/link.c b/bridge/link.c +index 176c906..14e4e5a 100644 +--- a/bridge/link.c ++++ b/bridge/link.c +@@ -15,7 +15,7 @@ + #include "utils.h" + #include "br_common.h" + +-unsigned int filter_index; ++static unsigned int filter_index; + + static const char *port_states[] = { + [BR_STATE_DISABLED] = "disabled", +diff --git a/bridge/mdb.c b/bridge/mdb.c +index 1cd03e0..837fa5d 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -24,7 +24,7 @@ + ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct br_port_msg)))) + #endif + +-int filter_index; ++static unsigned int filter_index; + + static void usage(void) + { +diff --git a/bridge/vlan.c b/bridge/vlan.c +index 54e10d0..2ceecc9 100644 +--- a/bridge/vlan.c ++++ b/bridge/vlan.c +@@ -13,7 +13,7 @@ + #include "br_common.h" + #include "utils.h" + +-int filter_index; ++static unsigned int filter_index; + + static void usage(void) + { +-- +1.8.3.1 + diff --git a/SOURCES/0030-man-ss-Fix-explanation-when-no-options-specified.patch b/SOURCES/0030-man-ss-Fix-explanation-when-no-options-specified.patch deleted file mode 100644 index 35aa6d4..0000000 --- a/SOURCES/0030-man-ss-Fix-explanation-when-no-options-specified.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 04ec23bf2b69254b9a92bf9ac2d720e1d6480ebc Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:08:34 +0100 -Subject: [PATCH] man ss: Fix explanation when no options specified - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291818 -Upstream Status: iproute2.git commit 814f9b9919b5f - -commit 814f9b9919b5f0eab6b9746b15e2cf91b087bc9a -Author: Vadim Kochan -Date: Tue Jul 21 16:46:28 2015 +0300 - - man ss: Fix explanation when no options specified - - Really by default ss dumps not only TCP sockets but any kind of socket - which is in ESTABLISHED state (TCP/UDP/UNIX). - - Signed-off-by: Vadim Kochan - Reported-by: Miha Marolt ---- - man/man8/ss.8 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/man8/ss.8 b/man/man8/ss.8 -index bd1f2a9..62c6ad8 100644 ---- a/man/man8/ss.8 -+++ b/man/man8/ss.8 -@@ -13,7 +13,7 @@ It can display more TCP and state informations than other tools. - - .SH OPTIONS - When no option is used ss displays a list of --open non-listening TCP sockets that have established connection. -+open non-listening sockets (e.g. TCP/UNIX/UDP) that have established connection. - .TP - .B \-h, \-\-help - Show summary of options. --- -1.8.3.1 - diff --git a/SOURCES/0031-iproute-restrict-hoplimit-values-to-be-in-range-0-25.patch b/SOURCES/0031-iproute-restrict-hoplimit-values-to-be-in-range-0-25.patch deleted file mode 100644 index f737d90..0000000 --- a/SOURCES/0031-iproute-restrict-hoplimit-values-to-be-in-range-0-25.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 5498e4f0b6d4fe1955c1719c54932fb9812f1dab Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:19:36 +0100 -Subject: [PATCH] iproute: restrict hoplimit values to be in range [0; 255] - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291832 -Upstream Status: iproute2.git commit ea6cbab792f7b - -commit ea6cbab792f7bb8813f1b24cc1f4bd4caad8ccbe -Author: Phil Sutter -Date: Tue Nov 24 15:45:31 2015 +0100 - - iproute: restrict hoplimit values to be in range [0; 255] - - Technically, the range of possible hoplimit values are defined by IPv4 - and IPv6 header formats. Both define the field to be eight bits in size, - which leads to a value range of [0;255]. Setting a packet's hoplimit - field to 0 though makes not much sense, as the next hop would - immediately drop the packet. Therefore Linux uses 0 as a special value - indicating to use the system's default hoplimit (configurable via - sysctl). In iproute, setting the hoplimit of a route to 0 is equivalent - to omitting the hoplimit parameter alltogether, so it is actually not - necessary to allow that value to be specified, but keep it anyway for - backwards compatibility. - - Signed-off-by: Phil Sutter ---- - ip/iproute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index 367b922..78b288a 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -805,7 +805,7 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - mxlock |= (1< 255) - invarg("\"hoplimit\" value is invalid\n", *argv); - rta_addattr32(mxrta, sizeof(mxbuf), RTAX_HOPLIMIT, hoplimit); - } else if (strcmp(*argv, "advmss") == 0) { --- -1.8.3.1 - diff --git a/SOURCES/0031-link-dump-filter.patch b/SOURCES/0031-link-dump-filter.patch new file mode 100644 index 0000000..4a85e89 --- /dev/null +++ b/SOURCES/0031-link-dump-filter.patch @@ -0,0 +1,128 @@ +From a8851ce90a891abe9c45dd9d79e8d673b7258646 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:09:08 +0100 +Subject: [PATCH] link dump filter + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 50b9950dd9011 +Conflicts: Manually applied changes to added code from previously + backported commit c079e121a73af ("libnetlink: add size + argument to rtnl_talk"). + +commit 50b9950dd90114609e10298c0fa32a9371250687 +Author: Roopa Prabhu +Date: Wed Jul 16 07:13:25 2014 -0700 + + link dump filter + + This patch avoids a full link wildump request when the user has specified + a single link. Uses RTM_GETLINK without the NLM_F_DUMP flag. + + This helps on a system with large number of interfaces. + + This patch currently only uses the link ifindex in the filter. + Hoping to provide a subsequent kernel patch to do link dump filtering on + other attributes in the kernel. + + In iplink_get, to be safe, this patch currently sets the answer buffer + size to the max size that libnetlink rtnl_talk can copy. The current api + does not seem to provide a way to indicate the answer buf size. + + changelog from RFC to v1: + - incorporated comments from stephen (fixed comment and fixed if/else block) + + changelog from v1 to v2: + - fix whitespaces error + + Signed-off-by: Roopa Prabhu +--- + ip/ip_common.h | 1 + + ip/ipaddress.c | 13 +++++++++++++ + ip/iplink.c | 35 +++++++++++++++++++++++++++++++++++ + 3 files changed, 49 insertions(+) + +diff --git a/ip/ip_common.h b/ip/ip_common.h +index 42eda66..286f61f 100644 +--- a/ip/ip_common.h ++++ b/ip/ip_common.h +@@ -56,6 +56,7 @@ extern int do_ipl2tp(int argc, char **argv); + extern int do_tcp_metrics(int argc, char **argv); + extern int do_ipnetconf(int argc, char **argv); + extern int do_iptoken(int argc, char **argv); ++extern int iplink_get(unsigned int flags, char *name, __u32 filt_mask); + + static inline int rtm_get_table(struct rtmsg *r, struct rtattr **tb) + { +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index 0c741ff..b24b103 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -1392,6 +1392,19 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) + exit(0); + } + ++ /* ++ * If only filter_dev present and none of the other ++ * link filters are present, use RTM_GETLINK to get ++ * the link device ++ */ ++ if (filter_dev && filter.group == -1 && do_link == 1) { ++ if (iplink_get(0, filter_dev, RTEXT_FILTER_VF) < 0) { ++ perror("Cannot send link get request"); ++ exit(1); ++ } ++ exit(0); ++ } ++ + if (rtnl_wilddump_request(&rth, preferred_family, RTM_GETLINK) < 0) { + perror("Cannot send dump request"); + exit(1); +diff --git a/ip/iplink.c b/ip/iplink.c +index f75193f..10f97af 100644 +--- a/ip/iplink.c ++++ b/ip/iplink.c +@@ -829,6 +829,41 @@ static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv) + return 0; + } + ++int iplink_get(unsigned int flags, char *name, __u32 filt_mask) ++{ ++ int len; ++ struct iplink_req req; ++ struct { ++ struct nlmsghdr n; ++ char buf[16384]; ++ } answer; ++ ++ memset(&req, 0, sizeof(req)); ++ ++ req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); ++ req.n.nlmsg_flags = NLM_F_REQUEST|flags; ++ req.n.nlmsg_type = RTM_GETLINK; ++ req.i.ifi_family = preferred_family; ++ ++ if (name) { ++ len = strlen(name) + 1; ++ if (len == 1) ++ invarg("\"\" is not a valid device identifier\n", ++ "name"); ++ if (len > IFNAMSIZ) ++ invarg("\"name\" too long\n", name); ++ addattr_l(&req.n, sizeof(req), IFLA_IFNAME, name, len); ++ } ++ addattr32(&req.n, sizeof(req), IFLA_EXT_MASK, filt_mask); ++ ++ if (rtnl_talk(&rth, &req.n, &answer.n, sizeof(answer)) < 0) ++ return -2; ++ ++ print_linkinfo(NULL, &answer.n, stdout); ++ ++ return 0; ++} ++ + #if IPLINK_IOCTL_COMPAT + static int get_ctl_fd(void) + { +-- +1.8.3.1 + diff --git a/SOURCES/0032-iproute2-bridge-bring-to-above-par-with-brctl-show-m.patch b/SOURCES/0032-iproute2-bridge-bring-to-above-par-with-brctl-show-m.patch new file mode 100644 index 0000000..bae8b69 --- /dev/null +++ b/SOURCES/0032-iproute2-bridge-bring-to-above-par-with-brctl-show-m.patch @@ -0,0 +1,180 @@ +From 93a55d061ebebecdbb4af950771ebc371675b6cf Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:09:45 +0100 +Subject: [PATCH] iproute2 bridge: bring to above par with brctl show macs + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit aeb14eb0b2649 + +commit aeb14eb0b2649ae6048b9cc0a10152079035ee92 +Author: Jamal Hadi Salim +Date: Fri Jul 4 08:37:10 2014 -0400 + + iproute2 bridge: bring to above par with brctl show macs + + root@moja-mojo:bridge# ./bridge fdb help + Usage: bridge fdb { add | append | del | replace } ADDR dev DEV {self|master} [ temp ] + [router] [ dst IPADDR] [ vlan VID ] + [ port PORT] [ vni VNI ] [via DEV] + bridge fdb {show} [ br BRDEV ] [ brport DEV ] + + Lets start with two bridges each with a port... + + root@moja-mojo:bridge# ./bridge link + 10: sw1-p1 state DOWN : mtu 1500 master sw1 state disabled priority 32 cost 100 + 11: eth1 state DOWN : mtu 1500 master br0 state disabled priority 32 cost 100 + + show all... + root@moja-mojo:bridge# ./bridge fdb show + 33:33:00:00:00:01 dev ifb0 self permanent + 33:33:00:00:00:01 dev ifb1 self permanent + 33:33:00:00:00:01 dev eth0 self permanent + 01:00:5e:00:00:01 dev eth0 self permanent + 33:33:ff:92:c0:60 dev eth0 self permanent + 33:33:00:00:00:fb dev eth0 self permanent + 01:00:5e:00:00:fb dev eth0 self permanent + 01:00:5e:7f:ff:fd dev eth0 self permanent + 01:00:5e:00:00:01 dev wlan0 self permanent + 33:33:00:00:00:01 dev wlan0 self permanent + 33:33:ff:c2:84:3b dev wlan0 self permanent + 33:33:00:00:00:fb dev wlan0 self permanent + 01:00:5e:00:00:01 dev virbr0 self permanent + 01:00:5e:00:00:fb dev virbr0 self permanent + 33:33:00:00:00:01 dev br0 self permanent + 33:33:00:00:00:01 dev sw1 self permanent + 33:33:00:00:00:01 dev dummy0 self permanent + 5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master sw1 permanent + 33:33:00:00:00:01 dev sw1-p1 self permanent + b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent + 33:33:00:00:00:01 dev eth1 self permanent + + Lets see a netdev that is *not* attached to a bridge + + root@moja-mojo:bridge# ./bridge fdb show brport eth0 + 33:33:00:00:00:01 self permanent + 01:00:5e:00:00:01 self permanent + 33:33:ff:92:c0:60 self permanent + 33:33:00:00:00:fb self permanent + 01:00:5e:00:00:fb self permanent + 01:00:5e:7f:ff:fd self permanent + + Lets see a netdev that is bridge port + root@moja-mojo:bridge# ./bridge fdb show brport eth1 + hadi@jhs-1:/media/MT1/other-gits/iproute-jul04/bridge$ ./bridge fdb show brport eth1 + b6:5e:dd:ce:d7:5e vlan 0 master br0 permanent + 33:33:00:00:00:01 self permanent + + Specify the correct bridge and you get good stuff + root@moja-mojo:bridge# ./bridge fdb show brport eth1 br br0 + 6:5e:dd:ce:d7:5e vlan 0 master br0 permanent + 33:33:00:00:00:01 self permanent + + Specify the wrong bridge and you get good nada + root@moja-mojo:bridge# ./bridge fdb show brport eth1 br sw1 + + dump br0 + root@moja-mojo:bridge# ./bridge fdb show br br0 + 33:33:00:00:00:01 dev br0 self permanent + b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent + 33:33:00:00:00:01 dev eth1 self permanent + + dump sw1 + root@moja-mojo:bridge# ./bridge fdb show br sw1 + 33:33:00:00:00:01 dev sw1 self permanent + 5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master sw1 permanent + 33:33:00:00:00:01 dev sw1-p1 self permanent + + Lets move a port from one bridge to another for shits-and-giggles + (as the New Brunswickians like to say) + root@moja-mojo:bridge# ip link set sw1-p1 master br0 + + Now dump again br0 + root@moja-mojo:bridge# ./bridge fdb show br br0 + 33:33:00:00:00:01 dev br0 self permanent + 5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master br0 permanent + 33:33:00:00:00:01 dev sw1-p1 self permanent + b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent + 33:33:00:00:00:01 dev eth1 self permanent + + Signed-off-by: Jamal Hadi Salim +--- + bridge/fdb.c | 38 +++++++++++++++++++++++++++++++++----- + 1 file changed, 33 insertions(+), 5 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index b29c776..97385d0 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -34,7 +34,7 @@ static void usage(void) + " [ self ] [ master ] [ use ] [ router ]\n" + " [ local | temp ] [ dst IPADDR ] [ vlan VID ]\n" + " [ port PORT] [ vni VNI ] [via DEV]\n"); +- fprintf(stderr, " bridge fdb {show} [ dev DEV ]\n"); ++ fprintf(stderr, " bridge fdb {show} [ br BRDEV ] [ brport DEV ]\n"); + exit(-1); + } + +@@ -165,18 +165,45 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + static int fdb_show(int argc, char **argv) + { ++ struct { ++ struct nlmsghdr n; ++ struct ifinfomsg ifm; ++ char buf[256]; ++ } req; ++ + char *filter_dev = NULL; ++ char *br = NULL; ++ int msg_size = sizeof(struct ifinfomsg); ++ ++ memset(&req, 0, sizeof(req)); ++ req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); ++ req.ifm.ifi_family = PF_BRIDGE; + + while (argc > 0) { +- if (strcmp(*argv, "dev") == 0) { ++ if ((strcmp(*argv, "brport") == 0) || strcmp(*argv, "dev") == 0) { + NEXT_ARG(); +- if (filter_dev) +- duparg("dev", *argv); + filter_dev = *argv; ++ } else if (strcmp(*argv, "br") == 0) { ++ NEXT_ARG(); ++ br = *argv; ++ } else { ++ if (matches(*argv, "help") == 0) ++ usage(); + } + argc--; argv++; + } + ++ if (br) { ++ int br_ifindex = ll_name_to_index(br); ++ if (br_ifindex == 0) { ++ fprintf(stderr, "Cannot find bridge device \"%s\"\n", br); ++ return -1; ++ } ++ addattr32(&req.n, sizeof(req), IFLA_MASTER, br_ifindex); ++ msg_size += RTA_LENGTH(4); ++ } ++ ++ /*we'll keep around filter_dev for older kernels */ + if (filter_dev) { + filter_index = if_nametoindex(filter_dev); + if (filter_index == 0) { +@@ -184,9 +211,10 @@ static int fdb_show(int argc, char **argv) + filter_dev); + return -1; + } ++ req.ifm.ifi_index = filter_index; + } + +- if (rtnl_wilddump_request(&rth, PF_BRIDGE, RTM_GETNEIGH) < 0) { ++ if (rtnl_dump_request(&rth, RTM_GETNEIGH, &req.ifm, msg_size) < 0) { + perror("Cannot send dump request"); + exit(1); + } +-- +1.8.3.1 + diff --git a/SOURCES/0032-iproute2-ip-route.8.in-minor-fixes.patch b/SOURCES/0032-iproute2-ip-route.8.in-minor-fixes.patch deleted file mode 100644 index d588ddc..0000000 --- a/SOURCES/0032-iproute2-ip-route.8.in-minor-fixes.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 09a56dfad65188e4055cde50c0c15e10746205c7 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:19:36 +0100 -Subject: [PATCH] iproute2: ip-route.8.in: minor fixes - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291832 -Upstream Status: iproute2.git commit 4b8000f37ad5e - -commit 4b8000f37ad5efe65c5dec0a1ea37192a9e05ae2 -Author: Richard Godbee -Date: Sun Aug 25 22:40:19 2013 -0400 - - iproute2: ip-route.8.in: minor fixes - - In SYNOPSIS section: - - - Add 'reordering' - - Add missing '[' before 'quickack' - - Signed-off-by: Richard Godbee ---- - man/man8/ip-route.8.in | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/man/man8/ip-route.8.in b/man/man8/ip-route.8.in -index 24306bc..1275306 100644 ---- a/man/man8/ip-route.8.in -+++ b/man/man8/ip-route.8.in -@@ -97,6 +97,8 @@ replace " } " - .IR TIME " ] [ " - .B rttvar - .IR TIME " ] [ " -+.B reordering -+.IR NUMBER " ] [ " - .B window - .IR NUMBER " ] [ " - .B cwnd -@@ -110,7 +112,7 @@ replace " } " - .B initcwnd - .IR NUMBER " ] [ " - .B initrwnd --.IR NUMBER " ]" -+.IR NUMBER " ] [ " - .B quickack - .IR BOOL " ]" - --- -1.8.3.1 - diff --git a/SOURCES/0033-bridge-fdb-fix-statistics-output-spacing.patch b/SOURCES/0033-bridge-fdb-fix-statistics-output-spacing.patch new file mode 100644 index 0000000..5588bbb --- /dev/null +++ b/SOURCES/0033-bridge-fdb-fix-statistics-output-spacing.patch @@ -0,0 +1,36 @@ +From 823813e882655ad9e92fde4e2f2c71313aa6d261 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:09:45 +0100 +Subject: [PATCH] bridge/fdb: fix statistics output spacing + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 85c1807f16774 + +commit 85c1807f16774286c7fa67090b2fad4d1dae4f18 +Author: Scott Feldman +Date: Thu Dec 4 09:57:14 2014 +0100 + + bridge/fdb: fix statistics output spacing + + Signed-off-by: Scott Feldman + Signed-off-by: Jiri Pirko +--- + bridge/fdb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 97385d0..77f0c77 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -146,7 +146,7 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + struct nda_cacheinfo *ci = RTA_DATA(tb[NDA_CACHEINFO]); + int hz = get_user_hz(); + +- fprintf(fp, " used %d/%d", ci->ndm_used/hz, ++ fprintf(fp, "used %d/%d ", ci->ndm_used/hz, + ci->ndm_updated/hz); + } + if (r->ndm_flags & NTF_SELF) +-- +1.8.3.1 + diff --git a/SOURCES/0033-ip-route-enable-per-route-ecn-settings-via-features-.patch b/SOURCES/0033-ip-route-enable-per-route-ecn-settings-via-features-.patch deleted file mode 100644 index fa402b4..0000000 --- a/SOURCES/0033-ip-route-enable-per-route-ecn-settings-via-features-.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 5ce779716791bd07324bc6141e31336aa2f9c31e Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:19:36 +0100 -Subject: [PATCH] ip route: enable per-route ecn settings via 'features' option - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291832 -Upstream Status: iproute2.git commit 29d1f730b8757 - -commit 29d1f730b87572a4e8165859dc04b0c89533ea4e -Author: Florian Westphal -Date: Thu Nov 6 22:15:32 2014 +0100 - - ip route: enable per-route ecn settings via 'features' option - - This permits to selectively enable explicit congestion notification via - the routing table. - - If this ecn feature is not set, the kernel will use the tcp_ecn sysctl - to decide wheter to use ECN when establising a TCP connection. - - At the time of this writing, the kernel supports ecn and allfrags, but - allfrags is of dubious value and not implemented here. - - Example: - - ip route change 192.168.2.0/24 dev eth0 features ecn - - Signed-off-by: Florian Westphal ---- - ip/iproute.c | 32 ++++++++++++++++++++++++++++++++ - man/man8/ip-route.8.in | 18 ++++++++++++++++++ - 2 files changed, 50 insertions(+) - -diff --git a/ip/iproute.c b/ip/iproute.c -index 78b288a..ea69aa3 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -80,6 +80,7 @@ static void usage(void) - fprintf(stderr, " [ window NUMBER] [ cwnd NUMBER ] [ initcwnd NUMBER ]\n"); - fprintf(stderr, " [ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]\n"); - fprintf(stderr, " [ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]\n"); -+ fprintf(stderr, " [ features FEATURES ]\n"); - fprintf(stderr, " [ quickack BOOL ]\n"); - fprintf(stderr, "TYPE := [ unicast | local | broadcast | multicast | throw |\n"); - fprintf(stderr, " unreachable | prohibit | blackhole | nat ]\n"); -@@ -89,6 +90,7 @@ static void usage(void) - fprintf(stderr, "RTPROTO := [ kernel | boot | static | NUMBER ]\n"); - fprintf(stderr, "TIME := NUMBER[s|ms]\n"); - fprintf(stderr, "BOOL := [1|0]\n"); -+ fprintf(stderr, "FEATURES := ecn\n"); - exit(-1); - } - -@@ -280,6 +282,19 @@ static int calc_host_len(const struct rtmsg *r) - return -1; - } - -+static void print_rtax_features(FILE *fp, unsigned int features) -+{ -+ unsigned int of = features; -+ -+ if (features & RTAX_FEATURE_ECN) { -+ fprintf(fp, " ecn"); -+ features &= ~RTAX_FEATURE_ECN; -+ } -+ -+ if (features) -+ fprintf(fp, " 0x%x", of); -+} -+ - int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) - { - FILE *fp = (FILE*)arg; -@@ -538,6 +553,9 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) - - val = *(unsigned*)RTA_DATA(mxrta[i]); - switch (i) { -+ case RTAX_FEATURES: -+ print_rtax_features(fp, val); -+ break; - case RTAX_HOPLIMIT: - if ((int)val == -1) - val = 0; -@@ -888,6 +906,20 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - if (get_unsigned(&win, *argv, 0)) - invarg("\"initrwnd\" value is invalid\n", *argv); - rta_addattr32(mxrta, sizeof(mxbuf), RTAX_INITRWND, win); -+ } else if (matches(*argv, "features") == 0) { -+ unsigned int features = 0; -+ -+ while (argc > 0) { -+ NEXT_ARG(); -+ -+ if (strcmp(*argv, "ecn") == 0) -+ features |= RTAX_FEATURE_ECN; -+ else -+ invarg("\"features\" value not valid\n", *argv); -+ break; -+ } -+ -+ rta_addattr32(mxrta, sizeof(mxbuf), RTAX_FEATURES, features); - } else if (matches(*argv, "quickack") == 0) { - unsigned quickack; - NEXT_ARG(); -diff --git a/man/man8/ip-route.8.in b/man/man8/ip-route.8.in -index 1275306..05fd879 100644 ---- a/man/man8/ip-route.8.in -+++ b/man/man8/ip-route.8.in -@@ -113,6 +113,8 @@ replace " } " - .IR NUMBER " ] [ " - .B initrwnd - .IR NUMBER " ] [ " -+.B features -+.IR FEATURES " ] [ " - .B quickack - .IR BOOL " ]" - -@@ -140,6 +142,10 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" - .BR kernel " | " boot " | " static " |" - .IR NUMBER " ]" - -+.ti -8 -+.IR FEATURES " := [ " -+.BR ecn " | ]" -+ - - .SH DESCRIPTION - .B ip route -@@ -411,6 +417,18 @@ Actual window size is this value multiplied by the MSS of the connection. - The default value is zero, meaning to use Slow Start value. - - .TP -+.BI features " FEATURES " (3.18+ only) -+Enable or disable per-route features. Only available feature at this -+time is -+.B ecn -+to enable explicit congestion notification when initiating connections to the -+given destination network. -+When responding to a connection request from the given network, ecn will -+also be used even if the -+.B net.ipv4.tcp_ecn -+sysctl is set to 0. -+ -+.TP - .BI quickack " BOOL " "(3.11+ only)" - Enable or disable quick ack for connections to this destination. - --- -1.8.3.1 - diff --git a/SOURCES/0034-bridge-fdb-add-flag-indication-for-FDB-entry-synced-.patch b/SOURCES/0034-bridge-fdb-add-flag-indication-for-FDB-entry-synced-.patch new file mode 100644 index 0000000..343970e --- /dev/null +++ b/SOURCES/0034-bridge-fdb-add-flag-indication-for-FDB-entry-synced-.patch @@ -0,0 +1,50 @@ +From 542da2c545d5c309524620a6fe3683cbfb205936 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:09:45 +0100 +Subject: [PATCH] bridge/fdb: add flag/indication for FDB entry synced from + offload device + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 28467b7f3facd + +commit 28467b7f3facd6114b2fbe0c9fecf57adbd52e12 +Author: Scott Feldman +Date: Thu Dec 4 09:57:15 2014 +0100 + + bridge/fdb: add flag/indication for FDB entry synced from offload device + + Add NTF_EXT_LEARNED flag to neigh flags to indicate FDB entry learned by + device has been learned externally to bridge FDB. For these entries, + add "external" annotation in bridge fdb show output: + + 00:02:00:00:03:00 dev swp2 used 2/2 master br0 external + 00:02:00:00:03:00 dev swp2 self permanent + + In the example above, 00:02:00:00:03:00 is shown twice on dev swp2. The + first entry if from the bridge (master) and is marked as "external" by + the offload device. The second entry is from the brport offload device (self), + and was learned by the device. + + Signed-off-by: Scott Feldman + Signed-off-by: Jiri Pirko + Acked-by: Jamal Hadi Salim +--- + bridge/fdb.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 77f0c77..e411932 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -158,6 +158,8 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "master "); + if (r->ndm_flags & NTF_ROUTER) + fprintf(fp, "router "); ++ if (r->ndm_flags & NTF_EXT_LEARNED) ++ fprintf(fp, "external "); + + fprintf(fp, "%s\n", state_n2a(r->ndm_state)); + return 0; +-- +1.8.3.1 + diff --git a/SOURCES/0034-ip-route-add-congestion-control-metric.patch b/SOURCES/0034-ip-route-add-congestion-control-metric.patch deleted file mode 100644 index 310bf81..0000000 --- a/SOURCES/0034-ip-route-add-congestion-control-metric.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 863f0cafefd9293451fe4682b02c8186a68ad30a Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:19:36 +0100 -Subject: [PATCH] ip: route: add congestion control metric - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291832 -Upstream Status: iproute2.git commit 6ef87f9cce213 - -commit 6ef87f9cce213cae66098d08e0abc36d67b95244 -Author: Daniel Borkmann -Date: Fri Jan 9 00:13:06 2015 +0100 - - ip: route: add congestion control metric - - This patch adds configuration and dumping of congestion control metric - for ip route, for example: - - ip route add dev foo congctl [lock] dctcp - - Reference: http://thread.gmane.org/gmane.linux.network/344733 - Signed-off-by: Daniel Borkmann ---- - ip/iproute.c | 22 ++++++++++++++++++---- - man/man8/ip-route.8.in | 19 ++++++++++++++++++- - 2 files changed, 36 insertions(+), 5 deletions(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index ea69aa3..d3a5e1c 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -53,6 +53,7 @@ static const char *mx_names[RTAX_MAX+1] = { - [RTAX_RTO_MIN] = "rto_min", - [RTAX_INITRWND] = "initrwnd", - [RTAX_QUICKACK] = "quickack", -+ [RTAX_CC_ALGO] = "congctl", - }; - static void usage(void) __attribute__((noreturn)); - -@@ -80,8 +81,7 @@ static void usage(void) - fprintf(stderr, " [ window NUMBER] [ cwnd NUMBER ] [ initcwnd NUMBER ]\n"); - fprintf(stderr, " [ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]\n"); - fprintf(stderr, " [ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]\n"); -- fprintf(stderr, " [ features FEATURES ]\n"); -- fprintf(stderr, " [ quickack BOOL ]\n"); -+ fprintf(stderr, " [ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]\n"); - fprintf(stderr, "TYPE := [ unicast | local | broadcast | multicast | throw |\n"); - fprintf(stderr, " unreachable | prohibit | blackhole | nat ]\n"); - fprintf(stderr, "TABLE_ID := [ local | main | default | all | NUMBER ]\n"); -@@ -539,7 +539,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) - mxlock = *(unsigned*)RTA_DATA(mxrta[RTAX_LOCK]); - - for (i=2; i<= RTAX_MAX; i++) { -- unsigned val; -+ __u32 val; - - if (mxrta[i] == NULL) - continue; -@@ -548,10 +548,12 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) - fprintf(fp, " %s", mx_names[i]); - else - fprintf(fp, " metric %d", i); -+ - if (mxlock & (1< +Date: Tue, 28 Feb 2017 16:09:45 +0100 +Subject: [PATCH] bridge link: add option 'self' + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 6fdb465869ccd + +commit 6fdb465869ccda91d9cc2e6f8ee3aca448df5d33 +Author: Roopa Prabhu +Date: Sat Dec 6 00:21:01 2014 -0800 + + bridge link: add option 'self' + + Currently self is set internally only if hwmode is set. + This makes it necessary for the hw to have a mode. + There is no hwmode really required to go to hardware. So, introduce + self for anybody who wants to target hardware. + + v1 -> v2 + - fix a few bugs. Initialize flags to zero: this was required to + keep the current behaviour unchanged. + + v2 -> v3 + - fix comment + + Signed-off-by: Roopa Prabhu + Reviewed-by: Jiri Pirko +--- + bridge/link.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/bridge/link.c b/bridge/link.c +index 14e4e5a..4e0fd96 100644 +--- a/bridge/link.c ++++ b/bridge/link.c +@@ -261,7 +261,7 @@ static int brlink_modify(int argc, char **argv) + __s16 priority = -1; + __s8 state = -1; + __s16 mode = -1; +- __u16 flags = BRIDGE_FLAGS_MASTER; ++ __u16 flags = 0; + struct rtattr *nest; + + memset(&req, 0, sizeof(req)); +@@ -321,6 +321,8 @@ static int brlink_modify(int argc, char **argv) + "\"veb\".\n"); + exit(-1); + } ++ } else if (strcmp(*argv, "self") == 0) { ++ flags = BRIDGE_FLAGS_SELF; + } else { + usage(); + } +@@ -369,16 +371,16 @@ static int brlink_modify(int argc, char **argv) + + addattr_nest_end(&req.n, nest); + +- /* IFLA_AF_SPEC nested attribute. Contains IFLA_BRIDGE_FLAGS that +- * designates master or self operation as well as 'vepa' or 'veb' +- * operation modes. These are only valid in 'self' mode on some +- * devices so far. Thus we only need to include the flags attribute +- * if we are setting the hw mode. ++ /* IFLA_AF_SPEC nested attribute. Contains IFLA_BRIDGE_FLAGS that ++ * designates master or self operation and IFLA_BRIDGE_MODE ++ * for hw 'vepa' or 'veb' operation modes. The hwmodes are ++ * only valid in 'self' mode on some devices so far. + */ +- if (mode >= 0) { ++ if (mode >= 0 || flags > 0) { + nest = addattr_nest(&req.n, sizeof(req), IFLA_AF_SPEC); + +- addattr16(&req.n, sizeof(req), IFLA_BRIDGE_FLAGS, flags); ++ if (flags > 0) ++ addattr16(&req.n, sizeof(req), IFLA_BRIDGE_FLAGS, flags); + + if (mode >= 0) + addattr16(&req.n, sizeof(req), IFLA_BRIDGE_MODE, mode); +-- +1.8.3.1 + diff --git a/SOURCES/0035-ip-link-remove-warning-message.patch b/SOURCES/0035-ip-link-remove-warning-message.patch deleted file mode 100644 index 131727d..0000000 --- a/SOURCES/0035-ip-link-remove-warning-message.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9319358ca9b9c3a324ea00a061786632ea127278 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:34:13 +0100 -Subject: [PATCH] ip-link: remove warning message - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291832 -Upstream Status: iproute2.git commit eb85526923d1d - -This fixes a warning generated by the previous backport. - -commit eb85526923d1de1857c2b1e6860a471f2a0ae1b9 -Author: Zhang Shengju -Date: Thu Jan 21 02:23:49 2016 +0000 - - ip-link: remove warning message - - the warning was: - iproute.c:301:12: warning: 'val' may be used uninitialized in this - function [-Wmaybe-uninitialized] - features &= ~RTAX_FEATURE_ECN; - ^ - iproute.c:575:10: note: 'val' was declared here - __u32 val; - ^ - - Signed-off-by: Zhang Shengju ---- - ip/iproute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index d3a5e1c..99d93c8 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -539,7 +539,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) - mxlock = *(unsigned*)RTA_DATA(mxrta[RTAX_LOCK]); - - for (i=2; i<= RTAX_MAX; i++) { -- __u32 val; -+ __u32 val = 0U; - - if (mxrta[i] == NULL) - continue; --- -1.8.3.1 - diff --git a/SOURCES/0036-bridge-link-add-learning_sync-policy-flag.patch b/SOURCES/0036-bridge-link-add-learning_sync-policy-flag.patch new file mode 100644 index 0000000..c2b8cff --- /dev/null +++ b/SOURCES/0036-bridge-link-add-learning_sync-policy-flag.patch @@ -0,0 +1,121 @@ +From 1fbff3fcfe0dc2ba063726d703a39bbfc2182b56 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:09:46 +0100 +Subject: [PATCH] bridge/link: add learning_sync policy flag + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 674bb438bc5cc + +commit 674bb438bc5cc61a9e16f97a236203ea2f50523f +Author: Scott Feldman +Date: Mon Dec 29 12:20:07 2014 -0800 + + bridge/link: add learning_sync policy flag + + v2: + + Resending now that the dust has cleared in 3.18 on "self" vs. hwmode debate for + brport settings. learning_sync is now set/cleared using "self" qualifier on + brport. + + v1: + + Add 'learned_sync' flag to turn on/off syncing of learned MAC addresses from + offload device to bridge's FDB. Flag is be set/cleared on offload device port + using "self" qualifier: + + $ sudo bridge link set dev swp1 learning_sync on self + + $ bridge -d link show dev swp1 + 2: swp1 state UNKNOWN : mtu 1500 master br0 state forwarding priority 32 cost 2 + hairpin off guard off root_block off fastleave off learning off flood off + 2: swp1 state UNKNOWN : mtu 1500 master br0 + learning on learning_sync on + + Adds new IFLA_BRPORT_LEARNED_SYNCED attribute for IFLA_PROTINFO on the SELF + brport. + + Signed-off-by: Scott Feldman +--- + bridge/link.c | 12 ++++++++++++ + man/man8/bridge.8 | 6 ++++++ + 2 files changed, 18 insertions(+) + +diff --git a/bridge/link.c b/bridge/link.c +index 4e0fd96..8b18931 100644 +--- a/bridge/link.c ++++ b/bridge/link.c +@@ -188,6 +188,9 @@ int print_linkinfo(const struct sockaddr_nl *who, + if (prtb[IFLA_BRPORT_LEARNING]) + print_onoff(fp, "learning", + rta_getattr_u8(prtb[IFLA_BRPORT_LEARNING])); ++ if (prtb[IFLA_BRPORT_LEARNING_SYNC]) ++ print_onoff(fp, "learning_sync", ++ rta_getattr_u8(prtb[IFLA_BRPORT_LEARNING_SYNC])); + if (prtb[IFLA_BRPORT_UNICAST_FLOOD]) + print_onoff(fp, "flood", + rta_getattr_u8(prtb[IFLA_BRPORT_UNICAST_FLOOD])); +@@ -221,6 +224,7 @@ static void usage(void) + fprintf(stderr, " [ fastleave {on | off} ]\n"); + fprintf(stderr, " [ root_block {on | off} ]\n"); + fprintf(stderr, " [ learning {on | off} ]\n"); ++ fprintf(stderr, " [ learning_sync {on | off} ]\n"); + fprintf(stderr, " [ flood {on | off} ]\n"); + fprintf(stderr, " [ hwmode {vepa | veb} ]\n"); + fprintf(stderr, " bridge link show [dev DEV]\n"); +@@ -252,6 +256,7 @@ static int brlink_modify(int argc, char **argv) + } req; + char *d = NULL; + __s8 learning = -1; ++ __s8 learning_sync = -1; + __s8 flood = -1; + __s8 hairpin = -1; + __s8 bpdu_guard = -1; +@@ -295,6 +300,10 @@ static int brlink_modify(int argc, char **argv) + NEXT_ARG(); + if (!on_off("learning", &learning, *argv)) + exit(-1); ++ } else if (strcmp(*argv, "learning_sync") == 0) { ++ NEXT_ARG(); ++ if (!on_off("learning_sync", &learning_sync, *argv)) ++ exit(-1); + } else if (strcmp(*argv, "flood") == 0) { + NEXT_ARG(); + if (!on_off("flood", &flood, *argv)) +@@ -359,6 +368,9 @@ static int brlink_modify(int argc, char **argv) + addattr8(&req.n, sizeof(req), IFLA_BRPORT_UNICAST_FLOOD, flood); + if (learning >= 0) + addattr8(&req.n, sizeof(req), IFLA_BRPORT_LEARNING, learning); ++ if (learning_sync >= 0) ++ addattr8(&req.n, sizeof(req), IFLA_BRPORT_LEARNING_SYNC, ++ learning_sync); + + if (cost > 0) + addattr32(&req.n, sizeof(req), IFLA_BRPORT_COST, cost); +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 5e51d54..42fe922 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -38,6 +38,7 @@ bridge \- show / manipulate bridge addresses and devices + .BR fastleave " { " on " | " off " } ] [ " + .BR root_block " { " on " | " off " } ] [ " + .BR learning " { " on " | " off " } ] [ " ++.BR learning_sync " { " on " | " off " } ] [ " + .BR flood " { " on " | " off " } ] [ " + .BR hwmode " { " vepa " | " veb " } ] " + +@@ -263,6 +264,11 @@ not. If learning if off, the bridge will end up flooding any traffic for which + it has no FDB entry. By default this flag is on. + + .TP ++.BR "learning_sync on " or " learning_sync off " ++Controls whether a given port will sync MAC addresses learned on device port to ++bridge FDB. ++ ++.TP + .BR "flooding on " or " flooding off " + Controls whether a given port will flood unicast traffic for which there is no FDB entry. By default this flag is on. + +-- +1.8.3.1 + diff --git a/SOURCES/0036-route-ignore-RTAX_HOPLIMIT-of-value-1.patch b/SOURCES/0036-route-ignore-RTAX_HOPLIMIT-of-value-1.patch deleted file mode 100644 index 907e94f..0000000 --- a/SOURCES/0036-route-ignore-RTAX_HOPLIMIT-of-value-1.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 49ec02d14079797fe7290190d13f89ce5c3b57f3 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:19:36 +0100 -Subject: [PATCH] route: ignore RTAX_HOPLIMIT of value -1 - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291832 -Upstream Status: iproute2.git commit 0f7543322c5fd - -commit 0f7543322c5fd64d70672578979cf74226f54b64 -Author: Phil Sutter -Date: Wed Dec 2 13:50:22 2015 +0100 - - route: ignore RTAX_HOPLIMIT of value -1 - - Older kernels use -1 internally as indicator to use the sysctl default, - but they still export the setting. Newer kernels use 0 to indicate that - (which is why the conversion from -1 to 0 was done here), but they also - stopped exporting the value. Since the meaning of -1 is clear, treat it - equally like default on newer kernels (which is to not print anything). - - Signed-off-by: Phil Sutter ---- - ip/iproute.c | 17 ++++++++--------- - 1 file changed, 8 insertions(+), 9 deletions(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index 99d93c8..d87a099 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -544,24 +544,23 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) - if (mxrta[i] == NULL) - continue; - -- if (i < sizeof(mx_names)/sizeof(char*) && mx_names[i]) -- fprintf(fp, " %s", mx_names[i]); -- else -- fprintf(fp, " metric %d", i); -- - if (mxlock & (1< +Date: Tue, 28 Feb 2017 16:09:46 +0100 +Subject: [PATCH] iproute2: bridge: support vlan range adds + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 3ac0d36ddde97 + +commit 3ac0d36ddde9715a8d027a919eb564f7b42c6c40 +Author: Roopa Prabhu +Date: Sun Jan 25 18:26:24 2015 -0800 + + iproute2: bridge: support vlan range adds + + This patch adds vlan range support to bridge add command + using the newly added vinfo flags BRIDGE_VLAN_INFO_RANGE_BEGIN and + BRIDGE_VLAN_INFO_RANGE_END. + + $bridge vlan show + port vlan ids + br0 1 PVID Egress Untagged + + dummy0 1 PVID Egress Untagged + + $bridge vlan add vid 10-15 dev dummy0 + port vlan ids + br0 1 PVID Egress Untagged + + dummy0 1 PVID Egress Untagged + 10 + 11 + 12 + 13 + 14 + 15 + + $bridge vlan del vid 14 dev dummy0 + + $bridge vlan show + port vlan ids + br0 1 PVID Egress Untagged + + dummy0 1 PVID Egress Untagged + 10 + 11 + 12 + 13 + 15 + + $bridge vlan del vid 10-15 dev dummy0 + + $bridge vlan show + port vlan ids + br0 1 PVID Egress Untagged + + dummy0 1 PVID Egress Untagged + + Signed-off-by: Roopa Prabhu + Signed-off-by: Wilson Kok +--- + bridge/vlan.c | 44 ++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 40 insertions(+), 4 deletions(-) + +diff --git a/bridge/vlan.c b/bridge/vlan.c +index 2ceecc9..da53b4d 100644 +--- a/bridge/vlan.c ++++ b/bridge/vlan.c +@@ -32,6 +32,7 @@ static int vlan_modify(int cmd, int argc, char **argv) + } req; + char *d = NULL; + short vid = -1; ++ short vid_end = -1; + struct rtattr *afspec; + struct bridge_vlan_info vinfo; + unsigned short flags = 0; +@@ -49,8 +50,18 @@ static int vlan_modify(int cmd, int argc, char **argv) + NEXT_ARG(); + d = *argv; + } else if (strcmp(*argv, "vid") == 0) { ++ char *p; + NEXT_ARG(); +- vid = atoi(*argv); ++ p = strchr(*argv, '-'); ++ if (p) { ++ *p = '\0'; ++ p++; ++ vid = atoi(*argv); ++ vid_end = atoi(p); ++ vinfo.flags |= BRIDGE_VLAN_INFO_RANGE_BEGIN; ++ } else { ++ vid = atoi(*argv); ++ } + } else if (strcmp(*argv, "self") == 0) { + flags |= BRIDGE_FLAGS_SELF; + } else if (strcmp(*argv, "master") == 0) { +@@ -83,15 +94,40 @@ static int vlan_modify(int cmd, int argc, char **argv) + return -1; + } + +- vinfo.vid = vid; ++ if (vinfo.flags & BRIDGE_VLAN_INFO_RANGE_BEGIN) { ++ if (vid_end == -1 || vid_end >= 4096 || vid >= vid_end) { ++ fprintf(stderr, "Invalid VLAN range \"%hu-%hu\"\n", ++ vid, vid_end); ++ return -1; ++ } ++ if (vinfo.flags & BRIDGE_VLAN_INFO_PVID) { ++ fprintf(stderr, ++ "pvid cannot be configured for a vlan range\n"); ++ return -1; ++ } ++ } + + afspec = addattr_nest(&req.n, sizeof(req), IFLA_AF_SPEC); + + if (flags) + addattr16(&req.n, sizeof(req), IFLA_BRIDGE_FLAGS, flags); + +- addattr_l(&req.n, sizeof(req), IFLA_BRIDGE_VLAN_INFO, &vinfo, +- sizeof(vinfo)); ++ vinfo.vid = vid; ++ if (vid_end != -1) { ++ /* send vlan range start */ ++ addattr_l(&req.n, sizeof(req), IFLA_BRIDGE_VLAN_INFO, &vinfo, ++ sizeof(vinfo)); ++ vinfo.flags &= ~BRIDGE_VLAN_INFO_RANGE_BEGIN; ++ ++ /* Now send the vlan range end */ ++ vinfo.flags |= BRIDGE_VLAN_INFO_RANGE_END; ++ vinfo.vid = vid_end; ++ addattr_l(&req.n, sizeof(req), IFLA_BRIDGE_VLAN_INFO, &vinfo, ++ sizeof(vinfo)); ++ } else { ++ addattr_l(&req.n, sizeof(req), IFLA_BRIDGE_VLAN_INFO, &vinfo, ++ sizeof(vinfo)); ++ } + + addattr_nest_end(&req.n, afspec); + +-- +1.8.3.1 + diff --git a/SOURCES/0037-route-Fix-printing-of-locked-entries.patch b/SOURCES/0037-route-Fix-printing-of-locked-entries.patch deleted file mode 100644 index fffe0f9..0000000 --- a/SOURCES/0037-route-Fix-printing-of-locked-entries.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 0ece33cb828aceea8a6451e3d070def591ea8ab3 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 14:19:36 +0100 -Subject: [PATCH] route: Fix printing of locked entries - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1291832 -Upstream Status: iproute2.git commit ed6b8652f7d54 - -commit ed6b8652f7d5470cac7fd763b4a47d07a3a0bfb6 -Author: Phil Sutter -Date: Sat Dec 12 14:09:48 2015 +0100 - - route: Fix printing of locked entries - - Commit 0f7543322c5fd ("route: ignore RTAX_HOPLIMIT of value -1") - accidentally reordered fprintf statements. This patch restores the - original ordering. - - Fixes: 0f7543322c5fd ("route: ignore RTAX_HOPLIMIT of value -1") - Signed-off-by: Phil Sutter ---- - ip/iproute.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index d87a099..27e04a8 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -544,8 +544,6 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) - if (mxrta[i] == NULL) - continue; - -- if (mxlock & (1< +Date: Tue, 28 Feb 2017 16:09:46 +0100 +Subject: [PATCH] iproute2: bridge vlan show new option to print ranges + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit a2f7934dd04f8 + +commit a2f7934dd04f8e762cc7a3f5f2e7a1edd4a93643 +Author: Roopa Prabhu +Date: Sun Jan 25 18:26:25 2015 -0800 + + iproute2: bridge vlan show new option to print ranges + + Introduce new option -c[ompressvlans] to request + vlan ranges from kernel + + (pls suggest better option names if this does not look ok) + + $bridge vlan show + port vlan ids + dummy0 1 PVID Egress Untagged + + dummy1 1 PVID Egress Untagged + 2 + 3 + 4 + 5 + 6 + 7 + 9 + 10 + 12 + + br0 1 PVID Egress Untagged + + $bridge help + Usage: bridge [ OPTIONS ] OBJECT { COMMAND | help } + where OBJECT := { link | fdb | mdb | vlan | monitor } + OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | + -o[neline] | -t[imestamp] | -n[etns] name | + -c[ompressvlans] } + $bridge -c vlan show + port vlan ids + dummy0 1 PVID Egress Untagged + + dummy1 1 PVID Egress Untagged + 2-7 + 9-10 + 12 + + br0 1 PVID Egress Untagged + + Signed-off-by: Roopa Prabhu +--- + bridge/br_common.h | 1 + + bridge/bridge.c | 6 +++++- + bridge/vlan.c | 11 +++++++++-- + 3 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/bridge/br_common.h b/bridge/br_common.h +index 12fce3e..169a162 100644 +--- a/bridge/br_common.h ++++ b/bridge/br_common.h +@@ -16,4 +16,5 @@ extern int preferred_family; + extern int show_stats; + extern int show_details; + extern int timestamp; ++extern int compress_vlans; + extern struct rtnl_handle rth; +diff --git a/bridge/bridge.c b/bridge/bridge.c +index 5fcc552..88469ca 100644 +--- a/bridge/bridge.c ++++ b/bridge/bridge.c +@@ -21,6 +21,7 @@ int resolve_hosts; + int oneline = 0; + int show_stats; + int show_details; ++int compress_vlans; + int timestamp; + char * _SL_ = NULL; + +@@ -32,7 +33,8 @@ static void usage(void) + "Usage: bridge [ OPTIONS ] OBJECT { COMMAND | help }\n" + "where OBJECT := { link | fdb | mdb | vlan | monitor }\n" + " OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] |\n" +-" -o[neline] | -t[imestamp] | -n[etns] name }\n"); ++" -o[neline] | -t[imestamp] | -n[etns] name |\n" ++" -c[ompressvlans] }\n"); + exit(-1); + } + +@@ -117,6 +119,8 @@ main(int argc, char **argv) + NEXT_ARG(); + if (netns_switch(argv[1])) + exit(-1); ++ } else if (matches(opt, "-compressvlans") == 0) { ++ ++compress_vlans; + } else { + fprintf(stderr, "Option \"%s\" is unknown, try \"bridge help\".\n", opt); + exit(-1); +diff --git a/bridge/vlan.c b/bridge/vlan.c +index da53b4d..0fb479c 100644 +--- a/bridge/vlan.c ++++ b/bridge/vlan.c +@@ -182,7 +182,12 @@ static int print_vlan(const struct sockaddr_nl *who, + continue; + + vinfo = RTA_DATA(i); +- fprintf(fp, "\t %hu", vinfo->vid); ++ if (vinfo->flags & BRIDGE_VLAN_INFO_RANGE_END) ++ fprintf(fp, "-%hu", vinfo->vid); ++ else ++ fprintf(fp, "\t %hu", vinfo->vid); ++ if (vinfo->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN) ++ continue; + if (vinfo->flags & BRIDGE_VLAN_INFO_PVID) + fprintf(fp, " PVID"); + if (vinfo->flags & BRIDGE_VLAN_INFO_UNTAGGED) +@@ -218,7 +223,9 @@ static int vlan_show(int argc, char **argv) + } + + if (rtnl_wilddump_req_filter(&rth, PF_BRIDGE, RTM_GETLINK, +- RTEXT_FILTER_BRVLAN) < 0) { ++ (compress_vlans ? ++ RTEXT_FILTER_BRVLAN_COMPRESSED : ++ RTEXT_FILTER_BRVLAN)) < 0) { + perror("Cannont send dump request"); + exit(1); + } +-- +1.8.3.1 + diff --git a/SOURCES/0038-man-tc-add-man-page-for-fq-pacer.patch b/SOURCES/0038-man-tc-add-man-page-for-fq-pacer.patch deleted file mode 100644 index 1ddff45..0000000 --- a/SOURCES/0038-man-tc-add-man-page-for-fq-pacer.patch +++ /dev/null @@ -1,154 +0,0 @@ -From 00e18dfdb109027f8f0380a38939892ae9940242 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:29:02 +0100 -Subject: [PATCH] man: tc: add man page for fq pacer - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1261520 -Upstream Status: iproute2.git commit 484b3f922cfd5 -Conflicts: Changed context due to other missing man pages in RHEL7. - -commit 484b3f922cfd5a38a73de5981e471f99ecfe3e8b -Author: Florian Westphal -Date: Thu Sep 24 02:10:28 2015 +0200 - - man: tc: add man page for fq pacer - - Partially based on kernel Kconfig help text, code comments and - git commit messages from Eric Dumazet. - - Joint work with Phil Sutter. - - Signed-off-by: Phil Sutter - Signed-off-by: Florian Westphal ---- - man/man8/Makefile | 1 + - man/man8/tc-fq.8 | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - man/man8/tc.8 | 1 + - 3 files changed, 94 insertions(+) - create mode 100644 man/man8/tc-fq.8 - -diff --git a/man/man8/Makefile b/man/man8/Makefile -index ff80c98..23ac83e 100644 ---- a/man/man8/Makefile -+++ b/man/man8/Makefile -@@ -2,6 +2,7 @@ TARGETS = ip-address.8 ip-link.8 ip-route.8 - - MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 ss.8 \ - tc.8 tc-bfifo.8 tc-cbq.8 tc-cbq-details.8 tc-choke.8 tc-codel.8 \ -+ tc-fq.8 \ - tc-drr.8 tc-ematch.8 tc-fq_codel.8 tc-hfsc.8 tc-htb.8 \ - tc-netem.8 tc-pfifo.8 tc-pfifo_fast.8 tc-prio.8 tc-red.8 \ - tc-sfb.8 tc-sfq.8 tc-stab.8 tc-tbf.8 \ -diff --git a/man/man8/tc-fq.8 b/man/man8/tc-fq.8 -new file mode 100644 -index 0000000..993beb6 ---- /dev/null -+++ b/man/man8/tc-fq.8 -@@ -0,0 +1,92 @@ -+.TH FQ 8 "10 Sept 2015" "iproute2" "Linux" -+.SH NAME -+Fair Queuing (FQ) \- Traffic Pacing -+.SH SYNOPSIS -+.B tc qdisc ... fq -+[ -+.B limit -+PACKETS ] [ -+.B flow_limit -+PACKETS ] [ -+.B quantum -+BYTES ] [ -+.B initial_quantum -+BYTES ] [ -+.B maxrate -+RATE ] [ -+.B buckets -+NUMBER ] [ -+.B pacing -+| -+.B nopacing -+] -+ -+.SH DESCRIPTION -+FQ (Fair Queue) is a classless packet scheduler meant to be mostly -+used for locally generated traffic. It is designed to achieve per flow pacing. -+FQ does flow separation, and is able to respect pacing requirements set by TCP stack. -+All packets belonging to a socket are considered as a 'flow'. -+For non local packets (router workload), packet rxhash is used as fallback. -+ -+An application can specify a maximum pacing rate using the -+.B SO_MAX_PACING_RATE -+setsockopt call. This packet scheduler adds delay between packets to -+respect rate limitation set by TCP stack. -+ -+Dequeueing happens in a round-robin fashion. -+A special FIFO queue is reserved for high priority packets ( -+.B TC_PRIO_CONTROL -+priority), such packets are always dequeued first. -+ -+FQ is non-work-conserving. -+ -+TCP pacing is good for flows having idle times, as the congestion -+window permits TCP stack to queue a possibly large number of packets. -+This removes the 'slow start after idle' choice, badly hitting -+large BDP flows and applications delivering chunks of data such as video streams. -+ -+.SH PARAMETERS -+.SS limit -+Hard limit on the real queue size. When this limit is reached, new packets -+are dropped. If the value is lowered, packets are dropped so that the new limit is -+met. Default is 10000 packets. -+.SS flow_limit -+Hard limit on the maximum number of packets queued per flow. -+Default value is 100. -+.SS quantum -+The credit per dequeue RR round, i.e. the amount of bytes a flow is allowed to -+dequeue at once. A larger value means a longer time period before the next flow -+will be served. -+Default is 2 * interface MTU bytes. -+.SS initial_quantum -+The initial sending rate credit, i.e. the amount of bytes a new flow is allowed -+to dequeue initially. -+This is specifically meant to allow using IW10 without added delay. -+Default is 10 * interface MTU, i.e. 15140 for 'standard' ethernet. -+.SS maxrate -+Maximum sending rate of a flow. Default is unlimited. -+Application specific setting via -+.B SO_MAX_PACING_RATE -+is ignored only if it is larger than this value. -+.SS buckets -+The size of the hash table used for flow lookups. Each bucket is assigned a -+red-black tree for efficient collision sorting. -+Default: 1024. -+.SS [no]pacing -+Enable or disable flow pacing. Default is enabled. -+.SH EXAMPLES -+#tc qdisc add dev eth0 root fq -+.br -+#tc -s -d qdisc -+.br -+qdisc fq 8003: dev eth0 root refcnt 2 limit 10000p flow_limit 100p buckets 1024 quantum 3028 initial_quantum 15140 -+ Sent 503727981 bytes 1146972 pkt (dropped 0, overlimits 0 requeues 54452) -+ backlog 0b 0p requeues 54452 -+ 1289 flows (1289 inactive, 0 throttled) -+ 0 gc, 31 highprio, 27411 throttled -+.br -+.SH SEE ALSO -+.BR tc (8), -+.BR socket (7) -+.SH AUTHORS -+FQ was written by Eric Dumazet. -diff --git a/man/man8/tc.8 b/man/man8/tc.8 -index dfb6e20..80eaa3b 100644 ---- a/man/man8/tc.8 -+++ b/man/man8/tc.8 -@@ -589,6 +589,7 @@ was written by Alexey N. Kuznetsov and added in Linux 2.2. - .BR tc-codel (8), - .BR tc-drr (8), - .BR tc-ematch (8), -+.BR tc-fq (8), - .BR tc-fq_codel (8), - .BR tc-hfsc (7), - .BR tc-hfsc (8), --- -1.8.3.1 - diff --git a/SOURCES/0039-Allow-specifying-bridge-port-STP-state-by-name-rathe.patch b/SOURCES/0039-Allow-specifying-bridge-port-STP-state-by-name-rathe.patch new file mode 100644 index 0000000..c1dda50 --- /dev/null +++ b/SOURCES/0039-Allow-specifying-bridge-port-STP-state-by-name-rathe.patch @@ -0,0 +1,78 @@ +From 9abd0130706603ffc408ecb8a09c7586eca14826 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:09:46 +0100 +Subject: [PATCH] Allow specifying bridge port STP state by name rather than + number. + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 6b8c871dc1045 +Conflicts: Changes in removed code due to previously backported double + whitespace cleanup - removed double whitespaces from added + text manually. + +commit 6b8c871dc104576c9f55d87937d6dd445d77f34f +Author: Alex Pilon +Date: Thu Feb 19 14:27:46 2015 -0500 + + Allow specifying bridge port STP state by name rather than number. + + The existing behaviour forces one to memorize the integer constants for + STP port states. + + # bridge link set dev dummy0 state 3 + + This patch makes it possible to use the lowercased port state name. + + # bridge link set dev dummy0 state forwarding + + Invalid non-integer inputs now cause exit with status -1. + + Signed-off-by: Alex Pilon +--- + bridge/link.c | 14 +++++++++++++- + man/man8/bridge.8 | 4 +++- + 2 files changed, 16 insertions(+), 2 deletions(-) + +diff --git a/bridge/link.c b/bridge/link.c +index 8b18931..06a2c0f 100644 +--- a/bridge/link.c ++++ b/bridge/link.c +@@ -316,7 +316,19 @@ static int brlink_modify(int argc, char **argv) + priority = atoi(*argv); + } else if (strcmp(*argv, "state") == 0) { + NEXT_ARG(); +- state = atoi(*argv); ++ char *endptr; ++ size_t nstates = sizeof(port_states) / sizeof(*port_states); ++ state = strtol(*argv, &endptr, 10); ++ if (!(**argv != '\0' && *endptr == '\0')) { ++ for (state = 0; state < nstates; state++) ++ if (strcmp(port_states[state], *argv) == 0) ++ break; ++ if (state == nstates) { ++ fprintf(stderr, ++ "Error: invalid STP port state\n"); ++ exit(-1); ++ } ++ } + } else if (strcmp(*argv, "hwmode") == 0) { + NEXT_ARG(); + flags = BRIDGE_FLAGS_SELF; +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 42fe922..c742c83 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -207,7 +207,9 @@ droot port selectio algorithms. + .TP + .BI state " STATE " + the operation state of the port. This is primarily used by user space STP/RSTP +-implementation. The following is a list of valid values: ++implementation. One may enter a lowercased port state name, or one of the ++numbers below. Negative inputs are ignored, and unrecognized names return an ++error. + + .B 0 + - port is DISABLED. Make this port completely inactive. +-- +1.8.3.1 + diff --git a/SOURCES/0039-man-fix-whatis-for-fq.patch b/SOURCES/0039-man-fix-whatis-for-fq.patch deleted file mode 100644 index 3c0f8a9..0000000 --- a/SOURCES/0039-man-fix-whatis-for-fq.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 15d41b84bca17d554053c4726ff57b1a16ead28b Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:29:58 +0100 -Subject: [PATCH] man: fix whatis for fq - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1261520 -Upstream Status: iproute2.git commit e947d8947d341 - -commit e947d8947d34114e2ea7c5508dfbb9b10b4611c2 -Author: Stephen Hemminger -Date: Wed Jan 6 10:29:06 2016 -0800 - - man: fix whatis for fq - - The FQ man page was not following whatis formatting rules. ---- - man/man8/tc-fq.8 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/man8/tc-fq.8 b/man/man8/tc-fq.8 -index 993beb6..f058a05 100644 ---- a/man/man8/tc-fq.8 -+++ b/man/man8/tc-fq.8 -@@ -1,6 +1,6 @@ - .TH FQ 8 "10 Sept 2015" "iproute2" "Linux" - .SH NAME --Fair Queuing (FQ) \- Traffic Pacing -+FQ \- Fair Queue traffic policing - .SH SYNOPSIS - .B tc qdisc ... fq - [ --- -1.8.3.1 - diff --git a/SOURCES/0040-batch-support-quoted-strings.patch b/SOURCES/0040-batch-support-quoted-strings.patch deleted file mode 100644 index 1d0a578..0000000 --- a/SOURCES/0040-batch-support-quoted-strings.patch +++ /dev/null @@ -1,70 +0,0 @@ -From a8e630258cafd1e93e85fd8ee7227583a28fb7cd Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:31:08 +0100 -Subject: [PATCH] batch: support quoted strings - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1272593 -Upstream Status: iproute2.git commit 39e3d3836c138 - -commit 39e3d3836c1384506d0a76a496133c5361940770 -Author: Christophe Gouault -Date: Fri Oct 2 11:59:37 2015 +0200 - - batch: support quoted strings - - Support quoting strings with " or ' in an iproute2 batch file. - - Enables to configure empty crypto keys (for ESP-null) or keys with - spaces: - - xfrm state add src 1.1.1.1 dst 2.2.2.2 proto ah spi 0x1 \ - mode tunnel auth hmac(sha1) "r4ezR/@kd6'749f2 6zf$" - - xfrm state add src 5.5.5.5 dst 2.2.2.2 proto esp spi 0x2 \ - mode tunnel enc cipher_null "" - - Signed-off-by: Christophe Gouault ---- - lib/utils.c | 21 ++++++++++++++++++++- - 1 file changed, 20 insertions(+), 1 deletion(-) - -diff --git a/lib/utils.c b/lib/utils.c -index 8c5cd46..1cd4fdd 100644 ---- a/lib/utils.c -+++ b/lib/utils.c -@@ -907,12 +907,31 @@ int makeargs(char *line, char *argv[], int maxargs) - char *cp; - int argc = 0; - -- for (cp = strtok(line, ws); cp; cp = strtok(NULL, ws)) { -+ for (cp = line + strspn(line, ws); *cp; cp += strspn(cp, ws)) { - if (argc >= (maxargs - 1)) { - fprintf(stderr, "Too many arguments to command\n"); - exit(1); - } -+ -+ /* word begins with quote */ -+ if (*cp == '\'' || *cp == '"') { -+ char quote = *cp++; -+ -+ argv[argc++] = cp; -+ /* find ending quote */ -+ cp = strchr(cp, quote); -+ if (cp == NULL) { -+ fprintf(stderr, "Unterminated quoted string\n"); -+ exit(1); -+ } -+ *cp++ = 0; -+ continue; -+ } -+ - argv[argc++] = cp; -+ /* find end of word */ -+ cp += strcspn(cp, ws); -+ *cp++ = 0; - } - argv[argc] = NULL; - --- -1.8.3.1 - diff --git a/SOURCES/0040-bridge-link-add-support-to-specify-master.patch b/SOURCES/0040-bridge-link-add-support-to-specify-master.patch new file mode 100644 index 0000000..4e7f183 --- /dev/null +++ b/SOURCES/0040-bridge-link-add-support-to-specify-master.patch @@ -0,0 +1,85 @@ +From 9bcdaa1cecfa37d2213f9dd443d0c4c21a8e4b21 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:10:15 +0100 +Subject: [PATCH] bridge link: add support to specify master + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 22a98f5140373 + +commit 22a98f5140373198ea2a5ca721fea937c6f7b509 +Author: Roopa Prabhu +Date: Thu Feb 26 00:12:59 2015 -0800 + + bridge link: add support to specify master + + This patch adds support to specify 'master' keyword, + to target a bridge link command explicitly to the software + bridge driver. + + Adds self/master keywords to usage and man page + + v2: + fix usage to say (self and master) and not (self or master) + + Signed-off-by: Roopa Prabhu +--- + bridge/link.c | 5 ++++- + man/man8/bridge.8 | 12 +++++++++++- + 2 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/bridge/link.c b/bridge/link.c +index 06a2c0f..69c0bfb 100644 +--- a/bridge/link.c ++++ b/bridge/link.c +@@ -227,6 +227,7 @@ static void usage(void) + fprintf(stderr, " [ learning_sync {on | off} ]\n"); + fprintf(stderr, " [ flood {on | off} ]\n"); + fprintf(stderr, " [ hwmode {vepa | veb} ]\n"); ++ fprintf(stderr, " [ self ] [ master ]\n"); + fprintf(stderr, " bridge link show [dev DEV]\n"); + exit(-1); + } +@@ -343,7 +344,9 @@ static int brlink_modify(int argc, char **argv) + exit(-1); + } + } else if (strcmp(*argv, "self") == 0) { +- flags = BRIDGE_FLAGS_SELF; ++ flags |= BRIDGE_FLAGS_SELF; ++ } else if (strcmp(*argv, "master") == 0) { ++ flags |= BRIDGE_FLAGS_MASTER; + } else { + usage(); + } +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index c742c83..8fae74b 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -40,7 +40,8 @@ bridge \- show / manipulate bridge addresses and devices + .BR learning " { " on " | " off " } ] [ " + .BR learning_sync " { " on " | " off " } ] [ " + .BR flood " { " on " | " off " } ] [ " +-.BR hwmode " { " vepa " | " veb " } ] " ++.BR hwmode " { " vepa " | " veb " } ] [ " ++.BR self " ] [ " master " ] " + + .ti -8 + .BR "bridge link" " [ " show " ] [ " +@@ -286,6 +287,15 @@ switch. + .B veb + - bridging happens in hardware. + ++.TP ++.BI self ++link setting is configured on specified physical device ++ ++.TP ++.BI master ++link setting is configured on the software bridge (default) ++ ++ + .SS bridge link show - list bridge port configuration. + + This command displays the current bridge port configuration and flags. +-- +1.8.3.1 + diff --git a/SOURCES/0041-fix-ip-force-batch-to-continue-on-errors.patch b/SOURCES/0041-fix-ip-force-batch-to-continue-on-errors.patch new file mode 100644 index 0000000..8153abe --- /dev/null +++ b/SOURCES/0041-fix-ip-force-batch-to-continue-on-errors.patch @@ -0,0 +1,234 @@ +From 88997b4cd8480bcbcb3b0470020968a944495233 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:10:15 +0100 +Subject: [PATCH] fix ip -force -batch to continue on errors + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 42ecedd4bae53 +Conflicts: Previously backported changes to rtnl_talk() signature. + +commit 42ecedd4bae534fc688194a795eb4548c6530cda +Author: Roopa Prabhu +Date: Tue Mar 17 19:26:32 2015 -0700 + + fix ip -force -batch to continue on errors + + This patch replaces exits with returns in several + iproute2 commands. This fixes `ip -batch -force` + to not exit but continue on errors. + + $cat c.txt + route del 1.2.3.0/24 dev eth0 + route del 1.2.4.0/24 dev eth0 + route del 1.2.5.0/24 dev eth0 + route add 1.2.3.0/24 dev eth0 + + $ip -force -batch c.txt + RTNETLINK answers: No such process + Command failed c.txt:2 + RTNETLINK answers: No such process + Command failed c.txt:3 + + Reported-by: Sven-Haegar Koch + Signed-off-by: Roopa Prabhu +--- + bridge/fdb.c | 6 +++--- + bridge/link.c | 24 ++++++++++++------------ + bridge/mdb.c | 8 ++++---- + bridge/vlan.c | 4 ++-- + ip/iproute.c | 2 +- + 5 files changed, 22 insertions(+), 22 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index e411932..3020633 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -322,7 +322,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) + + if (d == NULL || addr == NULL) { + fprintf(stderr, "Device and address are required arguments.\n"); +- exit(-1); ++ return -1; + } + + /* Assume self */ +@@ -337,7 +337,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) + abuf, abuf+1, abuf+2, + abuf+3, abuf+4, abuf+5) != 6) { + fprintf(stderr, "Invalid mac address %s\n", addr); +- exit(-1); ++ return -1; + } + + addattr_l(&req.n, sizeof(req), NDA_LLADDR, abuf, ETH_ALEN); +@@ -365,7 +365,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) + } + + if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) +- exit(2); ++ return -1; + + return 0; + } +diff --git a/bridge/link.c b/bridge/link.c +index 69c0bfb..a9b1262 100644 +--- a/bridge/link.c ++++ b/bridge/link.c +@@ -284,31 +284,31 @@ static int brlink_modify(int argc, char **argv) + } else if (strcmp(*argv, "guard") == 0) { + NEXT_ARG(); + if (!on_off("guard", &bpdu_guard, *argv)) +- exit(-1); ++ return -1; + } else if (strcmp(*argv, "hairpin") == 0) { + NEXT_ARG(); + if (!on_off("hairping", &hairpin, *argv)) +- exit(-1); ++ return -1; + } else if (strcmp(*argv, "fastleave") == 0) { + NEXT_ARG(); + if (!on_off("fastleave", &fast_leave, *argv)) +- exit(-1); ++ return -1; + } else if (strcmp(*argv, "root_block") == 0) { + NEXT_ARG(); + if (!on_off("root_block", &root_block, *argv)) +- exit(-1); ++ return -1; + } else if (strcmp(*argv, "learning") == 0) { + NEXT_ARG(); + if (!on_off("learning", &learning, *argv)) +- exit(-1); ++ return -1; + } else if (strcmp(*argv, "learning_sync") == 0) { + NEXT_ARG(); + if (!on_off("learning_sync", &learning_sync, *argv)) +- exit(-1); ++ return -1; + } else if (strcmp(*argv, "flood") == 0) { + NEXT_ARG(); + if (!on_off("flood", &flood, *argv)) +- exit(-1); ++ return -1; + } else if (strcmp(*argv, "cost") == 0) { + NEXT_ARG(); + cost = atoi(*argv); +@@ -327,7 +327,7 @@ static int brlink_modify(int argc, char **argv) + if (state == nstates) { + fprintf(stderr, + "Error: invalid STP port state\n"); +- exit(-1); ++ return -1; + } + } + } else if (strcmp(*argv, "hwmode") == 0) { +@@ -341,7 +341,7 @@ static int brlink_modify(int argc, char **argv) + fprintf(stderr, + "Mode argument must be \"vepa\" or " + "\"veb\".\n"); +- exit(-1); ++ return -1; + } + } else if (strcmp(*argv, "self") == 0) { + flags |= BRIDGE_FLAGS_SELF; +@@ -354,14 +354,14 @@ static int brlink_modify(int argc, char **argv) + } + if (d == NULL) { + fprintf(stderr, "Device is a required argument.\n"); +- exit(-1); ++ return -1; + } + + + req.ifm.ifi_index = ll_name_to_index(d); + if (req.ifm.ifi_index == 0) { + fprintf(stderr, "Cannot find bridge device \"%s\"\n", d); +- exit(-1); ++ return -1; + } + + /* Nested PROTINFO attribute. Contains: port flags, cost, priority and +@@ -416,7 +416,7 @@ static int brlink_modify(int argc, char **argv) + } + + if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) +- exit(2); ++ return -1; + + return 0; + } +diff --git a/bridge/mdb.c b/bridge/mdb.c +index 837fa5d..9a8ed54 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -145,12 +145,12 @@ static int mdb_show(int argc, char **argv) + + if (rtnl_wilddump_request(&rth, PF_BRIDGE, RTM_GETMDB) < 0) { + perror("Cannot send dump request"); +- exit(1); ++ return -1; + } + + if (rtnl_dump_filter(&rth, print_mdb, stdout) < 0) { + fprintf(stderr, "Dump terminated\n"); +- exit(1); ++ return -1; + } + + return 0; +@@ -198,7 +198,7 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) + + if (d == NULL || grp == NULL || p == NULL) { + fprintf(stderr, "Device, group address and port name are required arguments.\n"); +- exit(-1); ++ return -1; + } + + req.bpm.ifindex = ll_name_to_index(d); +@@ -225,7 +225,7 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) + addattr_l(&req.n, sizeof(req), MDBA_SET_ENTRY, &entry, sizeof(entry)); + + if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) +- exit(2); ++ return -1; + + return 0; + } +diff --git a/bridge/vlan.c b/bridge/vlan.c +index 0fb479c..ac2f523 100644 +--- a/bridge/vlan.c ++++ b/bridge/vlan.c +@@ -80,7 +80,7 @@ static int vlan_modify(int cmd, int argc, char **argv) + + if (d == NULL || vid == -1) { + fprintf(stderr, "Device and VLAN ID are required arguments.\n"); +- exit(-1); ++ return -1; + } + + req.ifm.ifi_index = ll_name_to_index(d); +@@ -132,7 +132,7 @@ static int vlan_modify(int cmd, int argc, char **argv) + addattr_nest_end(&req.n, afspec); + + if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) +- exit(2); ++ return -1; + + return 0; + } +diff --git a/ip/iproute.c b/ip/iproute.c +index 8a706ea..9dcfd19 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -1112,7 +1112,7 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) + req.r.rtm_family = AF_INET; + + if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) +- exit(2); ++ return -1; + + return 0; + } +-- +1.8.3.1 + diff --git a/SOURCES/0041-tc-add-a-man-page-for-basic-filter.patch b/SOURCES/0041-tc-add-a-man-page-for-basic-filter.patch deleted file mode 100644 index 4d65fb3..0000000 --- a/SOURCES/0041-tc-add-a-man-page-for-basic-filter.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 952fd52029d937cf5ea2b9b79c3afdb810d6f88b Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:45:21 +0100 -Subject: [PATCH] tc: add a man page for basic filter - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1286711 -Upstream Status: iproute2.git commit 55b35567ad05d - -commit 55b35567ad05d926c1a73828cef2d4370d928b54 -Author: Phil Sutter -Date: Fri Oct 23 19:47:08 2015 +0200 - - tc: add a man page for basic filter - - Cc: Thomas Graf - Signed-off-by: Phil Sutter ---- - man/man8/tc-basic.8 | 34 ++++++++++++++++++++++++++++++++++ - 1 file changed, 34 insertions(+) - create mode 100644 man/man8/tc-basic.8 - -diff --git a/man/man8/tc-basic.8 b/man/man8/tc-basic.8 -new file mode 100644 -index 0000000..fb39eaa ---- /dev/null -+++ b/man/man8/tc-basic.8 -@@ -0,0 +1,34 @@ -+.TH "Basic classifier in tc" 8 "21 Oct 2015" "iproute2" "Linux" -+ -+.SH NAME -+basic \- basic traffic control filter -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " " filter " ... " basic " [ " match -+.IR EMATCH_TREE " ] [ " -+.B action -+.IR ACTION_SPEC " ] [ " -+.B classid -+.IR CLASSID " ]" -+.SH DESCRIPTION -+The -+.B basic -+filter allows to classify packets using the extended match infrastructure. -+.SH OPTIONS -+.TP -+.BI action " ACTION_SPEC" -+Apply an action from the generic actions framework on matching packets. -+.TP -+.BI classid " CLASSID" -+Push matching packets into the class identified by -+.IR CLASSID . -+.TP -+.BI match " EMATCH_TREE" -+Match packets using the extended match infrastructure. See -+.BR tc-ematch (8) -+for a detailed description of the allowed syntax in -+.IR EMATCH_TREE . -+.SH SEE ALSO -+.BR tc (8), -+.BR tc-ematch (8) --- -1.8.3.1 - diff --git a/SOURCES/0042-route-label-externally-offloaded-routes.patch b/SOURCES/0042-route-label-externally-offloaded-routes.patch new file mode 100644 index 0000000..2250b98 --- /dev/null +++ b/SOURCES/0042-route-label-externally-offloaded-routes.patch @@ -0,0 +1,53 @@ +From 002cfe8913c88232569f316c7446834f985d52ff Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:10:39 +0100 +Subject: [PATCH] route: label externally offloaded routes + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 655444bdadfcf + +commit 655444bdadfcf348d4e668476f493e542587446b +Author: Scott Feldman +Date: Sat Mar 7 22:15:35 2015 -0800 + + route: label externally offloaded routes + + On ip route print dump, label externally offloaded routes with "external". + Offloaded routes are flagged with RTNH_F_EXTERNAL, a recent additon to + net-next. For example: + + $ ip route + default via 192.168.0.2 dev eth0 + 11.0.0.0/30 dev swp1 proto kernel scope link src 11.0.0.2 external + 11.0.0.4/30 via 11.0.0.1 dev swp1 proto zebra metric 20 external + 11.0.0.8/30 dev swp2 proto kernel scope link src 11.0.0.10 external + 11.0.0.12/30 via 11.0.0.9 dev swp2 proto zebra metric 20 external + 12.0.0.2 proto zebra metric 30 external + nexthop via 11.0.0.1 dev swp1 weight 1 + nexthop via 11.0.0.9 dev swp2 weight 1 + 12.0.0.3 via 11.0.0.1 dev swp1 proto zebra metric 20 external + 12.0.0.4 via 11.0.0.9 dev swp2 proto zebra metric 20 external + 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.15 + + Signed-off-by: Scott Feldman + Reviewed-by: Jiri Pirko +--- + ip/iproute.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ip/iproute.c b/ip/iproute.c +index 9dcfd19..6d64469 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -438,6 +438,8 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "onlink "); + if (r->rtm_flags & RTNH_F_PERVASIVE) + fprintf(fp, "pervasive "); ++ if (r->rtm_flags & RTNH_F_EXTERNAL) ++ fprintf(fp, "external "); + if (r->rtm_flags & RTM_F_NOTIFY) + fprintf(fp, "notify "); + if (tb[RTA_MARK]) { +-- +1.8.3.1 + diff --git a/SOURCES/0042-tc-add-a-man-page-for-cgroup-filter.patch b/SOURCES/0042-tc-add-a-man-page-for-cgroup-filter.patch deleted file mode 100644 index 931f727..0000000 --- a/SOURCES/0042-tc-add-a-man-page-for-cgroup-filter.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 5479cdfe6cede09f61a3bf890d55dab651669a13 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:45:21 +0100 -Subject: [PATCH] tc: add a man page for cgroup filter - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1286711 -Upstream Status: iproute2.git commit 5774f09ee8c6d - -commit 5774f09ee8c6d36c34986bacea423b5b4dd1cb48 -Author: Phil Sutter -Date: Fri Oct 23 19:47:09 2015 +0200 - - tc: add a man page for cgroup filter - - Cc: Thomas Graf - Signed-off-by: Phil Sutter ---- - man/man8/tc-cgroup.8 | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 80 insertions(+) - create mode 100644 man/man8/tc-cgroup.8 - -diff --git a/man/man8/tc-cgroup.8 b/man/man8/tc-cgroup.8 -new file mode 100644 -index 0000000..2bea7d4 ---- /dev/null -+++ b/man/man8/tc-cgroup.8 -@@ -0,0 +1,80 @@ -+.TH "Cgroup classifier in tc" 8 " 21 Oct 2015" "iproute2" "Linux" -+ -+.SH NAME -+cgroup \- control group based traffic control filter -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " " filter " ... " cgroup " [ " match -+.IR EMATCH_TREE " ] [ " -+.B action -+.IR ACTION_SPEC " ]" -+.SH DESCRIPTION -+This filter serves as a hint to -+.B tc -+that the assigned class ID of the net_cls control group the process the packet -+originates from belongs to should be used for classification. Obviously, it is -+useful for locally generated packets only. -+.SH OPTIONS -+.TP -+.BI action " ACTION_SPEC" -+Apply an action from the generic actions framework on matching packets. -+.TP -+.BI match " EMATCH_TREE" -+Match packets using the extended match infrastructure. See -+.BR tc-ematch (8) -+for a detailed description of the allowed syntax in -+.IR EMATCH_TREE . -+.SH EXAMPLES -+In order to use this filter, a net_cls control group has to be created first and -+class as well as process ID(s) assigned to it. The following creates a net_cls -+cgroup named "foobar": -+ -+.RS -+.EX -+modprobe cls_cgroup -+mkdir /sys/fs/cgroup/net_cls -+mount -t cgroup -onet_cls net_cls /sys/fs/cgroup/net_cls -+mkdir /sys/fs/cgroup/net_cls/foobar -+.EE -+.RE -+ -+To assign a class ID to the created cgroup, a file named -+.I net_cls.classid -+has to be created which contains the class ID to be assigned as a hexadecimal, -+64bit wide number. The upper 32bits are reserved for the major handle, the -+remaining hold the minor. So a class ID of e.g. -+.B ff:be -+has to be written like so: -+.B 0xff00be -+(leading zeroes may be omitted). To continue the above example, the following -+assigns class ID 1:2 to foobar cgroup: -+ -+.RS -+.EX -+echo 0x10002 > /sys/fs/cgroup/net_cls/foobar/net_cls.classid -+.EE -+.RE -+ -+Finally some PIDs can be assigned to the given cgroup: -+ -+.RS -+.EX -+echo 1234 > /sys/fs/cgroup/net_cls/foobar/tasks -+echo 5678 > /sys/fs/cgroup/net_cls/foobar/tasks -+.EE -+.RE -+ -+Now by simply attaching a -+.B cgroup -+filter to a -+.B qdisc -+makes packets from PIDs 1234 and 5678 be pushed into class 1:2. -+ -+.SH SEE ALSO -+.BR tc (8), -+.BR tc-ematch (8), -+.br -+the file -+.I Documentation/cgroups/net_cls.txt -+of the Linux kernel tree --- -1.8.3.1 - diff --git a/SOURCES/0043-iproute2-unify-naming-for-entries-offloaded-to-hardw.patch b/SOURCES/0043-iproute2-unify-naming-for-entries-offloaded-to-hardw.patch new file mode 100644 index 0000000..1072976 --- /dev/null +++ b/SOURCES/0043-iproute2-unify-naming-for-entries-offloaded-to-hardw.patch @@ -0,0 +1,91 @@ +From 61ce940e17bcc13378c59fed8247a1afa7ae918d Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:10:39 +0100 +Subject: [PATCH] iproute2: unify naming for entries offloaded to hardware + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit aa05b988f53b5 + +commit aa05b988f53b5ce68f25c5b4e52c6bd3e32a6347 +Author: Andy Gospodarek +Date: Fri Apr 10 16:50:40 2015 -0400 + + iproute2: unify naming for entries offloaded to hardware + + The kernel now has the capability to offload FDB and FIB entries to hardware. + It is important to let users know if table entries are also offloaded to + hardware. Currently offloaded FDB entries are indicated by the existence of + the flag 'external' on the entry as of the following commit: + + commit 28467b7f3facd6114b2fbe0c9fecf57adbd52e12 + Author: Scott Feldman + Date: Thu Dec 4 09:57:15 2014 +0100 + + bridge/fdb: add flag/indication for FDB entry synced from offload device + + When the patch to add support for indicating that FIB entries were also + offloaded as posted to netdev by Scott Feldman it became clear that 'external' + would not be an ideal name for routes. There could definitely be confusion + about what this might mean since many routes are to external networks -- a + collision/confusion that did not happen with FDB. + + Scott Feldman asked me to check with others and build concensus around a name. + After speaking with several people about this I am proposing we refer to both + FDB and FIB entries that are currently backed by hardware (based on the work + done in rocker) with the flag 'offload' appended to the end ofthe entry. + + Some people liked the string 'external,' others liked 'hardware,' but the point + is to communicate that these routes are available to something that will will + offload the forwarding normally done by the kernel. Since the term 'offload' + is used so frequently it seems appropriate to use the same language in + ip/bridge output. + + The term 'offload' also seems to resonate with many of the people who have + responded on Scott's original thread or to those who I reached out to directly + and did respond to my query, so it seems we have reached consensus that it + should be the term used going forward. + + v2: rebased against net-next branch + + Signed-off-by: Andy Gospodarek + CC: Jamal Hadi Salim + CC: Jeff Kirsher + CC: Jiri Pirko + CC: John W. Linville + CC: Roopa Prabhu + CC: Scott Feldman + CC: Stephen Hemminger +--- + bridge/fdb.c | 2 +- + ip/iproute.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 3020633..edf621c 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -159,7 +159,7 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + if (r->ndm_flags & NTF_ROUTER) + fprintf(fp, "router "); + if (r->ndm_flags & NTF_EXT_LEARNED) +- fprintf(fp, "external "); ++ fprintf(fp, "offload "); + + fprintf(fp, "%s\n", state_n2a(r->ndm_state)); + return 0; +diff --git a/ip/iproute.c b/ip/iproute.c +index 6d64469..3f4b91a 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -439,7 +439,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + if (r->rtm_flags & RTNH_F_PERVASIVE) + fprintf(fp, "pervasive "); + if (r->rtm_flags & RTNH_F_EXTERNAL) +- fprintf(fp, "external "); ++ fprintf(fp, "offload "); + if (r->rtm_flags & RTM_F_NOTIFY) + fprintf(fp, "notify "); + if (tb[RTA_MARK]) { +-- +1.8.3.1 + diff --git a/SOURCES/0043-tc-add-a-man-page-for-flow-filter.patch b/SOURCES/0043-tc-add-a-man-page-for-flow-filter.patch deleted file mode 100644 index ed1e2bd..0000000 --- a/SOURCES/0043-tc-add-a-man-page-for-flow-filter.patch +++ /dev/null @@ -1,295 +0,0 @@ -From 5703331fbb7957ff959aeda921b7aa28a78d2eb8 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:45:21 +0100 -Subject: [PATCH] tc: add a man page for flow filter - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1286711 -Upstream Status: iproute2.git commit 334ddc9b4d526 - -commit 334ddc9b4d526d0fe4487464c1c4e0c0fcb35a30 -Author: Phil Sutter -Date: Fri Oct 23 19:47:10 2015 +0200 - - tc: add a man page for flow filter - - Cc: Patrick McHardy - Signed-off-by: Phil Sutter ---- - man/man8/tc-flow.8 | 265 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 265 insertions(+) - create mode 100644 man/man8/tc-flow.8 - -diff --git a/man/man8/tc-flow.8 b/man/man8/tc-flow.8 -new file mode 100644 -index 0000000..f1b7e2a ---- /dev/null -+++ b/man/man8/tc-flow.8 -@@ -0,0 +1,265 @@ -+.TH "Flow filter in tc" 8 "20 Oct 2015" "iproute2" "Linux" -+ -+.SH NAME -+flow \- flow based traffic control filter -+.SH SYNOPSIS -+.TP -+Mapping mode: -+ -+.RS -+.in +8 -+.ti -8 -+.BR tc " " filter " ... " "flow map key " -+.IR KEY " [ " OPS " ] [ " OPTIONS " ] " -+.RE -+.TP -+Hashing mode: -+ -+.RS -+.in +8 -+.ti -8 -+.BR tc " " filter " ... " "flow hash keys " -+.IR KEY_LIST " [ " -+.B perturb -+.IR secs " ] [ " OPTIONS " ] " -+.RE -+ -+.in +8 -+.ti -8 -+.IR OPS " := [ " OPS " ] " OP -+ -+.ti -8 -+.IR OPTIONS " := [ " -+.B divisor -+.IR NUM " ] [ " -+.B baseclass -+.IR ID " ] [ " -+.B match -+.IR EMATCH_TREE " ] [ " -+.B action -+.IR ACTION_SPEC " ]" -+ -+.ti -8 -+.IR KEY_LIST " := [ " KEY_LIST " ] " KEY -+ -+.ti -8 -+.IR OP " := { " -+.BR or " | " and " | " xor " | " rshift " | " addend " } " -+.I NUM -+ -+.ti -8 -+.IR ID " := " X : Y -+ -+.ti -8 -+.IR KEY " := { " -+.BR src " | " dst " | " proto " | " proto-src " | " proto-dst " | " iif " | " -+.BR priority " | " mark " | " nfct " | " nfct-src " | " nfct-dst " | " -+.BR nfct-proto-src " | " nfct-proto-dst " | " rt-classid " | " sk-uid " | " -+.BR sk-gid " | " vlan-tag " | " rxhash " }" -+.SH DESCRIPTION -+The -+.B flow -+classifier is meant to extend the -+.B SFQ -+hashing capabilities without hard-coding new hash functions. It also allows -+deterministic mappings of keys to classes. -+.SH OPTIONS -+.TP -+.BI action " ACTION_SPEC" -+Apply an action from the generic actions framework on matching packets. -+.TP -+.BI baseclass " ID" -+An offset for the resulting class ID. -+.I ID -+may be -+.BR root ", " none -+or a hexadecimal class ID in the form [\fIX\fB:\fR]\fIY\fR. If \fIX\fR is -+omitted, it is assumed to be zero. -+.TP -+.BI divisor " NUM" -+Number of buckets to use for sorting into. Keys are calculated modulo -+.IR NUM . -+.TP -+.BI "hash keys " KEY-LIST -+Perform a -+.B jhash2 -+operation over the keys in -+.IR KEY-LIST , -+the result (modulo the -+.B divisor -+if given) is taken as class ID, optionally offset by the value of -+.BR baseclass . -+It is possible to specify an interval (in seconds) after which -+.BR jhash2 's -+entropy source is recreated using the -+.B perturb -+parameter. -+.TP -+.BI "map key " KEY -+Packet data identified by -+.I KEY -+is translated into class IDs to push the packet into. The value may be mangled by -+.I OPS -+before using it for the mapping. They are applied in the order listed here: -+.RS -+.TP 4 -+.BI and " NUM" -+Perform bitwise -+.B AND -+operation with numeric value -+.IR NUM . -+.TP -+.BI or " NUM" -+Perform bitwise -+.B OR -+operation with numeric value -+.IR NUM . -+.TP -+.BI xor " NUM" -+Perform bitwise -+.B XOR -+operation with numeric value -+.IR NUM . -+.TP -+.BI rshift " NUM" -+Shift the value of -+.I KEY -+to the right by -+.I NUM -+bits. -+.TP -+.BI addend " NUM" -+Add -+.I NUM -+to the value of -+.IR KEY . -+ -+.RE -+.RS -+For the -+.BR or ", " and ", " xor " and " rshift -+operations, -+.I NUM -+is assumed to be an unsigned, 32bit integer value. For the -+.B addend -+operation, -+.I NUM -+may be much more complex: It may be prefixed by a minus ('-') sign to cause -+subtraction instead of addition and for keys of -+.BR src ", " dst ", " nfct-src " and " nfct-dst -+it may be given in IP address notation. See below for an illustrating example. -+.RE -+.TP -+.BI match " EMATCH_TREE" -+Match packets using the extended match infrastructure. See -+.BR tc-ematch (8) -+for a detailed description of the allowed syntax in -+.IR EMATCH_TREE . -+.SH KEYS -+In mapping mode, a single key is used (after optional permutation) to build a -+class ID. The resulting ID is deducible in most cases. In hashing more, a number -+of keys may be specified which are then hashed and the output used as class ID. -+This ID is not deducible in beforehand, and may even change over time for a -+given flow if a -+.B perturb -+interval has been given. -+ -+The range of class IDs can be limited by the -+.B divisor -+option, which is used for a modulus. -+.TP -+.BR src ", " dst -+Use source or destination address as key. In case of IPv4 and TIPC, this is the -+actual address value. For IPv6, the 128bit address is folded into a 32bit value -+by XOR'ing the four 32bit words. In all other cases, the kernel-internal socket -+address is used (after folding into 32bits on 64bit systems). -+.TP -+.B proto -+Use the layer four protocol number as key. -+.TP -+.B proto-src -+Use the layer four source port as key. If not available, the kernel-internal -+socket address is used instead. -+.TP -+.B proto-dst -+Use the layer four destination port as key. If not available, the associated -+kernel-internal dst_entry address is used after XOR'ing with the packet's -+layer three protocol number. -+.TP -+.B iif -+Use the incoming interface index as key. -+.TP -+.B priority -+Use the packet's priority as key. Usually this is the IP header's DSCP/ECN -+value. -+.TP -+.B mark -+Use the netfilter -+.B fwmark -+as key. -+.TP -+.B nfct -+Use the associated conntrack entry address as key. -+.TP -+.BR nfct-src ", " nfct-dst ", " nfct-proto-src ", " nfct-proto-dst -+These are conntrack-aware variants of -+.BR src ", " dst ", " proto-src " and " proto-dst . -+In case of NAT, these are basically the packet header's values before NAT was -+applied. -+.TP -+.B rt-classid -+Use the packet's destination routing table entry's realm as key. -+.TP -+.B sk-uid -+.TQ -+.B sk-gid -+For locally generated packets, use the user or group ID the originating socket -+belongs to as key. -+.TP -+.B vlan-tag -+Use the packet's vlan ID as key. -+.TP -+.B rxhash -+Use the flow hash as key. -+ -+.SH EXAMPLES -+.TP -+Classic SFQ hash: -+ -+.EX -+tc filter add ... flow hash \\ -+ keys src,dst,proto,proto-src,proto-dst divisor 1024 -+.EE -+.TP -+Classic SFQ hash, but using information from conntrack to work properly in combination with NAT: -+ -+.EX -+tc filter add ... flow hash \\ -+ keys nfct-src,nfct-dst,proto,nfct-proto-src,nfct-proto-dst \\ -+ divisor 1024 -+.EE -+.TP -+Map destination IPs of 192.168.0.0/24 to classids 1-257: -+ -+.EX -+tc filter add ... flow map \\ -+ key dst addend -192.168.0.0 divisor 256 -+.EE -+.TP -+Alternative to the above: -+ -+.EX -+tc filter add ... flow map \\ -+ key dst and 0xff -+.EE -+.TP -+The same, but in reverse order: -+ -+.EX -+tc filter add ... flow map \\ -+ key dst and 0xff xor 0xff -+.EE -+.SH SEE ALSO -+.BR tc (8), -+.BR tc-ematch (8), -+.BR tc-sfq (8) --- -1.8.3.1 - diff --git a/SOURCES/0044-ip-return-correct-exit-code-on-route-failure.patch b/SOURCES/0044-ip-return-correct-exit-code-on-route-failure.patch new file mode 100644 index 0000000..1e0d25e --- /dev/null +++ b/SOURCES/0044-ip-return-correct-exit-code-on-route-failure.patch @@ -0,0 +1,44 @@ +From 24feca1579b6bdcff4d9b495ce5ce0da6b4b6dc0 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:10:39 +0100 +Subject: [PATCH] ip: return correct exit code on route failure + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit d58ba4ba2a532 +Conflicts: Previously backported changes to rtnl_talk() signature. + +commit d58ba4ba2a532f3ebfa640c42ec2622b54740cdf +Author: Stephen Hemminger +Date: Wed May 6 09:48:06 2015 -0700 + + ip: return correct exit code on route failure + + If kernel complains about ip route request, exit status should be + 2 not 1. + + This fixes regression introduced by: + commit 42ecedd4bae534fc688194a795eb4548c6530cda + Author: Roopa Prabhu + Date: Tue Mar 17 19:26:32 2015 -0700 + + fix ip -force -batch to continue on errors +--- + ip/iproute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ip/iproute.c b/ip/iproute.c +index 3f4b91a..73c6db9 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -1114,7 +1114,7 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) + req.r.rtm_family = AF_INET; + + if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) +- return -1; ++ return -2; + + return 0; + } +-- +1.8.3.1 + diff --git a/SOURCES/0044-tc-add-a-man-page-for-fw-filter.patch b/SOURCES/0044-tc-add-a-man-page-for-fw-filter.patch deleted file mode 100644 index faa8c22..0000000 --- a/SOURCES/0044-tc-add-a-man-page-for-fw-filter.patch +++ /dev/null @@ -1,96 +0,0 @@ -From c2d169ccc97a4eca2755b9e54977634654277798 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:45:21 +0100 -Subject: [PATCH] tc: add a man page for fw filter - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1286711 -Upstream Status: iproute2.git commit 49891ba177283 - -commit 49891ba177283d3bece364c50e7c9909e2b733b5 -Author: Phil Sutter -Date: Fri Oct 23 19:47:12 2015 +0200 - - tc: add a man page for fw filter - - Cc: Alexey Kuznetsov - Signed-off-by: Phil Sutter ---- - man/man8/tc-fw.8 | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 66 insertions(+) - create mode 100644 man/man8/tc-fw.8 - -diff --git a/man/man8/tc-fw.8 b/man/man8/tc-fw.8 -new file mode 100644 -index 0000000..d742b47 ---- /dev/null -+++ b/man/man8/tc-fw.8 -@@ -0,0 +1,66 @@ -+.TH "Firewall mark classifier in tc" 8 "21 Oct 2015" "iproute2" "Linux" -+ -+.SH NAME -+fw \- fwmark traffic control filter -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " " filter " ... " fw " [ " classid -+.IR CLASSID " ] [ " -+.B action -+.IR ACTION_SPEC " ]" -+.SH DESCRIPTION -+the -+.B fw -+filter allows to classify packets based on a previously set -+.BR fwmark " by " iptables . -+If it is identical to the filter's -+.BR handle , -+the filter matches. -+.B iptables -+allows to mark single packets with the -+.B MARK -+target, or whole connections using -+.BR CONNMARK . -+The benefit of using this filter instead of doing the -+heavy-lifting with -+.B tc -+itself is that on one hand it might be convenient to keep packet filtering and -+classification in one place, possibly having to match a packet just once, and on -+the other users familiar with -+.BR iptables " but not " tc -+will have a less hard time adding QoS to their setups. -+.SH OPTIONS -+.TP -+.BI classid " CLASSID" -+Push matching packets to the class identified by -+.IR CLASSID . -+.TP -+.BI action " ACTION_SPEC" -+Apply an action from the generic actions framework on matching packets. -+.SH EXAMPLES -+Take e.g. the following tc filter statement: -+ -+.RS -+.EX -+tc filter add ... handle 6 fw classid 1:1 -+.EE -+.RE -+ -+will match if the packet's -+.B fwmark -+value is -+.BR 6 . -+This is a sample -+.B iptables -+statement marking packets coming in on eth0: -+ -+.RS -+.EX -+iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6 -+.EE -+.RE -+.SH SEE ALSO -+.BR tc (8), -+.BR iptables (8), -+.BR iptables-extensions (8) --- -1.8.3.1 - diff --git a/SOURCES/0045-iproute2-ipa-show-switch-id.patch b/SOURCES/0045-iproute2-ipa-show-switch-id.patch new file mode 100644 index 0000000..05e9c55 --- /dev/null +++ b/SOURCES/0045-iproute2-ipa-show-switch-id.patch @@ -0,0 +1,44 @@ +From 84a13f487d76e62d1ff3be6ed94d7305f72205e8 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:10:58 +0100 +Subject: [PATCH] iproute2: ipa: show switch id + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 122f2fc5739c1 + +commit 122f2fc5739c1ba9967775581201eefece855602 +Author: Jiri Pirko +Date: Wed Jul 8 17:08:18 2015 +0200 + + iproute2: ipa: show switch id + + We forgot to include this patch somehow. So do it now. + + Signed-off-by: Jiri Pirko + Acked-by: Andy Gospodarek +--- + ip/ipaddress.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index b24b103..45b47f9 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -643,6 +643,14 @@ int print_linkinfo(const struct sockaddr_nl *who, + b1, sizeof(b1))); + } + ++ if (tb[IFLA_PHYS_SWITCH_ID]) { ++ SPRINT_BUF(b1); ++ fprintf(fp, "switchid %s ", ++ hexstring_n2a(RTA_DATA(tb[IFLA_PHYS_SWITCH_ID]), ++ RTA_PAYLOAD(tb[IFLA_PHYS_SWITCH_ID]), ++ b1, sizeof(b1))); ++ } ++ + if (tb[IFLA_OPERSTATE]) + print_operstate(fp, rta_getattr_u8(tb[IFLA_OPERSTATE])); + +-- +1.8.3.1 + diff --git a/SOURCES/0045-tc-add-a-man-page-for-route-filter.patch b/SOURCES/0045-tc-add-a-man-page-for-route-filter.patch deleted file mode 100644 index 63a4318..0000000 --- a/SOURCES/0045-tc-add-a-man-page-for-route-filter.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 0ea28e2d5095b69850f1ac2ebe49880f8b0f81f8 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:45:21 +0100 -Subject: [PATCH] tc: add a man page for route filter - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1286711 -Upstream Status: iproute2.git commit 02dddd6110309 - -commit 02dddd6110309ac37e72c418cfd96684dc763f3e -Author: Phil Sutter -Date: Fri Oct 23 19:47:13 2015 +0200 - - tc: add a man page for route filter - - Cc: Alexey Kuznetsov - Signed-off-by: Phil Sutter ---- - man/man8/tc-route.8 | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 74 insertions(+) - create mode 100644 man/man8/tc-route.8 - -diff --git a/man/man8/tc-route.8 b/man/man8/tc-route.8 -new file mode 100644 -index 0000000..b865cd1 ---- /dev/null -+++ b/man/man8/tc-route.8 -@@ -0,0 +1,74 @@ -+.TH "Route classifier in tc" 8 "21 Oct 2015" "iproute2" "Linux" -+ -+.SH NAME -+route \- route traffic control filter -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " " filter " ... " route " [ " from -+.IR REALM " | " -+.B fromif -+.IR TAG " ] [ " -+.B to -+.IR REALM " ] [ " -+.B classid -+.IR CLASSID " ] [ " -+.B action -+.IR ACTION_SPEC " ]" -+.SH DESCRIPTION -+Match packets based on routing table entries. This filter centers around the -+possibility to assign a -+.B realm -+to routing table entries. For any packet to be classified by this filter, a -+routing table lookup is performed and the returned -+.B realm -+is used to decide on whether the packet is a match or not. -+.SH OPTIONS -+.TP -+.BI action " ACTION_SPEC" -+Apply an action from the generic actions framework on matching packets. -+.TP -+.BI classid " CLASSID" -+Push matching packets into the class identified by -+.IR CLASSID . -+.TP -+.BI from " REALM" -+.TQ -+.BI fromif " TAG" -+Perform source route lookups. -+.I TAG -+is the name of an interface which must be present on the system at the time of -+.B tc -+invocation. -+.TP -+.BI to " REALM" -+Match if normal (i.e., destination) routing returns the given -+.IR REALM . -+.SH EXAMPLES -+Consider the subnet 192.168.2.0/24 being attached to eth0: -+ -+.RS -+.EX -+ip route add 192.168.2.0/24 dev eth0 realm 2 -+.EE -+.RE -+ -+The following -+.B route -+filter will then match packets from that subnet: -+ -+.RS -+.EX -+tc filter add ... route from 2 classid 1:2 -+.EE -+.RE -+ -+and pass packets on to class 1:2. -+.SH NOTES -+Due to implementation details, -+.B realm -+values must be in a range from 0 to 255, inclusive. Alternatively, a verbose -+name defined in /etc/iproute2/rt_realms may be given instead. -+.SH SEE ALSO -+.BR tc (8), -+.BR ip-route (8) --- -1.8.3.1 - diff --git a/SOURCES/0046-ip-fix-all-the-checkpatch-warnings.patch b/SOURCES/0046-ip-fix-all-the-checkpatch-warnings.patch new file mode 100644 index 0000000..2da15b7 --- /dev/null +++ b/SOURCES/0046-ip-fix-all-the-checkpatch-warnings.patch @@ -0,0 +1,257 @@ +From dca16c0ab9a250b332e46deca0c9770988c5bc42 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:10:58 +0100 +Subject: [PATCH] ip: fix all the checkpatch warnings + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit ec7aff5c4f15f + +commit ec7aff5c4f15fbf7fe4886e826dffa02e1f7673b +Author: Stephen Hemminger +Date: Sun Jul 26 21:46:44 2015 -0700 + + ip: fix all the checkpatch warnings + + Zhang Shengju some places where tabs were not being used. + Go ahead and fix all the trival checkpatch warnings in ip/ip.c + Also fix bridge.c +--- + bridge/bridge.c | 34 +++++++++++++++++++--------------- + include/utils.h | 2 +- + ip/ip.c | 48 ++++++++++++++++++++++++++---------------------- + 3 files changed, 46 insertions(+), 38 deletions(-) + +diff --git a/bridge/bridge.c b/bridge/bridge.c +index 88469ca..eaf09c8 100644 +--- a/bridge/bridge.c ++++ b/bridge/bridge.c +@@ -18,12 +18,12 @@ + struct rtnl_handle rth = { .fd = -1 }; + int preferred_family = AF_UNSPEC; + int resolve_hosts; +-int oneline = 0; ++int oneline; + int show_stats; + int show_details; + int compress_vlans; + int timestamp; +-char * _SL_ = NULL; ++const char *_SL_; + + static void usage(void) __attribute__((noreturn)); + +@@ -31,10 +31,10 @@ static void usage(void) + { + fprintf(stderr, + "Usage: bridge [ OPTIONS ] OBJECT { COMMAND | help }\n" +-"where OBJECT := { link | fdb | mdb | vlan | monitor }\n" +-" OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] |\n" +-" -o[neline] | -t[imestamp] | -n[etns] name |\n" +-" -c[ompressvlans] }\n"); ++"where OBJECT := { link | fdb | mdb | vlan | monitor }\n" ++" OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] |\n" ++" -o[neline] | -t[imestamp] | -n[etns] name |\n" ++" -c[ompressvlans] }\n"); + exit(-1); + } + +@@ -48,9 +48,9 @@ static const struct cmd { + const char *cmd; + int (*func)(int argc, char **argv); + } cmds[] = { +- { "link", do_link }, +- { "fdb", do_fdb }, +- { "mdb", do_mdb }, ++ { "link", do_link }, ++ { "fdb", do_fdb }, ++ { "mdb", do_mdb }, + { "vlan", do_vlan }, + { "monitor", do_monitor }, + { "help", do_help }, +@@ -66,7 +66,8 @@ static int do_cmd(const char *argv0, int argc, char **argv) + return c->func(argc-1, argv+1); + } + +- fprintf(stderr, "Object \"%s\" is unknown, try \"bridge help\".\n", argv0); ++ fprintf(stderr, ++ "Object \"%s\" is unknown, try \"bridge help\".\n", argv0); + return -1; + } + +@@ -74,8 +75,9 @@ int + main(int argc, char **argv) + { + while (argc > 1) { +- char *opt = argv[1]; +- if (strcmp(opt,"--") == 0) { ++ const char *opt = argv[1]; ++ ++ if (strcmp(opt, "--") == 0) { + argc--; argv++; + break; + } +@@ -98,7 +100,7 @@ main(int argc, char **argv) + ++oneline; + } else if (matches(opt, "-timestamp") == 0) { + ++timestamp; +- } else if (matches(opt, "-family") == 0) { ++ } else if (matches(opt, "-family") == 0) { + argc--; + argv++; + if (argc <= 1) +@@ -122,13 +124,15 @@ main(int argc, char **argv) + } else if (matches(opt, "-compressvlans") == 0) { + ++compress_vlans; + } else { +- fprintf(stderr, "Option \"%s\" is unknown, try \"bridge help\".\n", opt); ++ fprintf(stderr, ++ "Option \"%s\" is unknown, try \"bridge help\".\n", ++ opt); + exit(-1); + } + argc--; argv++; + } + +- _SL_ = oneline ? "\\" : "\n" ; ++ _SL_ = oneline ? "\\" : "\n"; + + if (rtnl_open(&rth, 0) < 0) + exit(1); +diff --git a/include/utils.h b/include/utils.h +index 1ee9343..22198cb 100644 +--- a/include/utils.h ++++ b/include/utils.h +@@ -21,7 +21,7 @@ extern int resolve_hosts; + extern int oneline; + extern int timestamp; + extern int timestamp_short; +-extern char * _SL_; ++extern const char * _SL_; + extern int max_flush_loops; + extern int batch_mode; + extern bool do_all; +diff --git a/ip/ip.c b/ip/ip.c +index d6f1391..644e712 100644 +--- a/ip/ip.c ++++ b/ip/ip.c +@@ -25,18 +25,18 @@ + #include "namespace.h" + + int preferred_family = AF_UNSPEC; +-int human_readable = 0; +-int use_iec = 0; +-int show_stats = 0; +-int show_details = 0; +-int resolve_hosts = 0; +-int oneline = 0; +-int timestamp = 0; +-char * _SL_ = NULL; +-int force = 0; ++int human_readable; ++int use_iec; ++int show_stats; ++int show_details; ++int resolve_hosts; ++int oneline; ++int timestamp; ++const char *_SL_; ++int force; + int max_flush_loops = 10; +-int batch_mode = 0; +-bool do_all = false; ++int batch_mode; ++bool do_all; + + struct rtnl_handle rth = { .fd = -1 }; + +@@ -63,7 +63,7 @@ static void usage(void) + static int do_help(int argc, char **argv) + { + usage(); +- return 0; ++ return 0; + } + + static const struct cmd { +@@ -88,7 +88,7 @@ static const struct cmd { + { "tap", do_iptuntap }, + { "token", do_iptoken }, + { "tcpmetrics", do_tcp_metrics }, +- { "tcp_metrics",do_tcp_metrics }, ++ { "tcp_metrics", do_tcp_metrics }, + { "monitor", do_ipmonitor }, + { "xfrm", do_xfrm }, + { "mroute", do_multiroute }, +@@ -104,9 +104,8 @@ static int do_cmd(const char *argv0, int argc, char **argv) + const struct cmd *c; + + for (c = cmds; c->cmd; ++c) { +- if (matches(argv0, c->cmd) == 0) { ++ if (matches(argv0, c->cmd) == 0) + return -(c->func(argc-1, argv+1)); +- } + } + + fprintf(stderr, "Object \"%s\" is unknown, try \"ip help\".\n", argv0); +@@ -123,7 +122,8 @@ static int batch(const char *name) + + if (name && strcmp(name, "-") != 0) { + if (freopen(name, "r", stdin) == NULL) { +- fprintf(stderr, "Cannot open file \"%s\" for reading: %s\n", ++ fprintf(stderr, ++ "Cannot open file \"%s\" for reading: %s\n", + name, strerror(errno)); + return EXIT_FAILURE; + } +@@ -144,7 +144,8 @@ static int batch(const char *name) + continue; /* blank line */ + + if (do_cmd(largv[0], largc, largv)) { +- fprintf(stderr, "Command failed %s:%d\n", name, cmdlineno); ++ fprintf(stderr, "Command failed %s:%d\n", ++ name, cmdlineno); + ret = EXIT_FAILURE; + if (!force) + break; +@@ -171,7 +172,8 @@ int main(int argc, char **argv) + + while (argc > 1) { + char *opt = argv[1]; +- if (strcmp(opt,"--") == 0) { ++ ++ if (strcmp(opt, "--") == 0) { + argc--; argv++; + break; + } +@@ -184,8 +186,8 @@ int main(int argc, char **argv) + argv++; + if (argc <= 1) + usage(); +- max_flush_loops = atoi(argv[1]); +- } else if (matches(opt, "-family") == 0) { ++ max_flush_loops = atoi(argv[1]); ++ } else if (matches(opt, "-family") == 0) { + argc--; + argv++; + if (argc <= 1) +@@ -264,13 +266,15 @@ int main(int argc, char **argv) + } else if (matches(opt, "-all") == 0) { + do_all = true; + } else { +- fprintf(stderr, "Option \"%s\" is unknown, try \"ip -help\".\n", opt); ++ fprintf(stderr, ++ "Option \"%s\" is unknown, try \"ip -help\".\n", ++ opt); + exit(-1); + } + argc--; argv++; + } + +- _SL_ = oneline ? "\\" : "\n" ; ++ _SL_ = oneline ? "\\" : "\n"; + + if (batch_file) + return batch(batch_file); +-- +1.8.3.1 + diff --git a/SOURCES/0046-tc-add-a-man-page-for-tcindex-filter.patch b/SOURCES/0046-tc-add-a-man-page-for-tcindex-filter.patch deleted file mode 100644 index 4b41f21..0000000 --- a/SOURCES/0046-tc-add-a-man-page-for-tcindex-filter.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 86454e53f668896356e7ab1eaa8a687fdc266e2b Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:45:21 +0100 -Subject: [PATCH] tc: add a man page for tcindex filter - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1286711 -Upstream Status: iproute2.git commit fc7a72f1ebcd8 - -commit fc7a72f1ebcd8eeba8788a68f83b0454a1bc7730 -Author: Phil Sutter -Date: Fri Oct 23 19:47:14 2015 +0200 - - tc: add a man page for tcindex filter - - Cc: Werner Almesberger - Signed-off-by: Phil Sutter ---- - man/man8/tc-tcindex.8 | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 58 insertions(+) - create mode 100644 man/man8/tc-tcindex.8 - -diff --git a/man/man8/tc-tcindex.8 b/man/man8/tc-tcindex.8 -new file mode 100644 -index 0000000..7fcf825 ---- /dev/null -+++ b/man/man8/tc-tcindex.8 -@@ -0,0 +1,58 @@ -+.TH "Traffic control index filter" 8 "21 Oct 2015" "iproute2" "Linux" -+ -+.SH NAME -+tcindex \- traffic control index filter -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " " filter " ... " tcindex " [ " hash -+.IR SIZE " ] [ " -+.B mask -+.IR MASK " ] [ " -+.B shift -+.IR SHIFT " ] [ " -+.BR pas_on " | " fall_through " ] [ " classid -+.IR CLASSID " ] [ " -+.B action -+.BR ACTION_SPEC " ]" -+.SH DESCRIPTION -+This filter allows to match packets based on their -+.B tcindex -+field value, i.e. the combination of the DSCP and ECN fields as present in IPv4 -+and IPv6 headers. -+.SH OPTIONS -+.TP -+.BI action " ACTION_SPEC" -+Apply an action from the generic actions framework on matching packets. -+.TP -+.BI classid " CLASSID" -+Push matching packets into the class identified by -+.IR CLASSID . -+.TP -+.BI hash " SIZE" -+Hash table size in entries to use. Defaults to 64. -+.TP -+.BI mask " MASK" -+An optional bitmask to binary -+.BR AND " to the packet's " tcindex -+field before use. -+.TP -+.BI shift " SHIFT" -+The number of bits to right-shift a packet's -+.B tcindex -+value before use. If a -+.B mask -+has been set, masking is done before shifting. -+.TP -+.B pass_on -+If this flag is set, failure to find a class for the resulting ID will make the -+filter fail and lead to the next filter being consulted. -+.TP -+.B fall_through -+This is the opposite of -+.B pass_on -+and the default. The filter will classify the packet even if there is no class -+present for the resulting class ID. -+ -+.SH SEE ALSO -+.BR tc (8) --- -1.8.3.1 - diff --git a/SOURCES/0047-bridge-mdb-add-support-for-router-add-del-notificati.patch b/SOURCES/0047-bridge-mdb-add-support-for-router-add-del-notificati.patch new file mode 100644 index 0000000..c15758c --- /dev/null +++ b/SOURCES/0047-bridge-mdb-add-support-for-router-add-del-notificati.patch @@ -0,0 +1,78 @@ +From caf1f1dfd523c10dd8c9d3694ba485b6edb5dd5d Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:06 +0100 +Subject: [PATCH] bridge: mdb: add support for router add/del notifications + monitoring + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 6b4867e62175c + +commit 6b4867e62175ca0635f8cf6b22f882272d5a2219 +Author: Nikolay Aleksandrov +Date: Mon Jul 27 13:44:05 2015 +0200 + + bridge: mdb: add support for router add/del notifications monitoring + + This patch adds support for ADDMDB/DELMDB notifications about router ports + which have been added or deleted/expired respectively. + + Example output: + $ bridge -s monitor mdb + Deleted router port dev eth3 master br0 + router port dev eth3 master br0 + + Signed-off-by: Nikolay Aleksandrov +--- + bridge/mdb.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/bridge/mdb.c b/bridge/mdb.c +index 9a8ed54..680ec30 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -82,7 +82,7 @@ int print_mdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + FILE *fp = arg; + struct br_port_msg *r = NLMSG_DATA(n); + int len = n->nlmsg_len; +- struct rtattr * tb[MDBA_MAX+1]; ++ struct rtattr *tb[MDBA_MAX+1], *i; + + if (n->nlmsg_type != RTM_GETMDB && n->nlmsg_type != RTM_NEWMDB && n->nlmsg_type != RTM_DELMDB) { + fprintf(stderr, "Not RTM_GETMDB, RTM_NEWMDB or RTM_DELMDB: %08x %08x %08x\n", +@@ -103,7 +103,6 @@ int print_mdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + parse_rtattr(tb, MDBA_MAX, MDBA_RTA(r), n->nlmsg_len - NLMSG_LENGTH(sizeof(*r))); + + if (tb[MDBA_MDB]) { +- struct rtattr *i; + int rem = RTA_PAYLOAD(tb[MDBA_MDB]); + + for (i = RTA_DATA(tb[MDBA_MDB]); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) +@@ -111,9 +110,22 @@ int print_mdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + } + + if (tb[MDBA_ROUTER]) { +- if (show_details) { +- fprintf(fp, "router ports on %s: ", ll_index_to_name(r->ifindex)); +- br_print_router_ports(fp, tb[MDBA_ROUTER]); ++ if (n->nlmsg_type == RTM_GETMDB) { ++ if (show_details) { ++ fprintf(fp, "router ports on %s: ", ++ ll_index_to_name(r->ifindex)); ++ br_print_router_ports(fp, tb[MDBA_ROUTER]); ++ } ++ } else { ++ uint32_t *port_ifindex; ++ ++ i = RTA_DATA(tb[MDBA_ROUTER]); ++ port_ifindex = RTA_DATA(i); ++ if (n->nlmsg_type == RTM_DELMDB) ++ fprintf(fp, "Deleted "); ++ fprintf(fp, "router port dev %s master %s\n", ++ ll_index_to_name(*port_ifindex), ++ ll_index_to_name(r->ifindex)); + } + } + +-- +1.8.3.1 + diff --git a/SOURCES/0047-tc-add-a-man-page-for-u32-filter.patch b/SOURCES/0047-tc-add-a-man-page-for-u32-filter.patch deleted file mode 100644 index 32d3aea..0000000 --- a/SOURCES/0047-tc-add-a-man-page-for-u32-filter.patch +++ /dev/null @@ -1,693 +0,0 @@ -From ccf0d2713af94b388d8220d30d8ca82be3c913fc Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:45:21 +0100 -Subject: [PATCH] tc: add a man page for u32 filter - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1286711 -Upstream Status: iproute2.git commit f15a23966fff3 - -commit f15a23966fff35e484812ec1d733d9438f658644 -Author: Phil Sutter -Date: Fri Oct 23 19:47:15 2015 +0200 - - tc: add a man page for u32 filter - - Cc: Alexey Kuznetsov - Signed-off-by: Phil Sutter ---- - man/man8/tc-u32.8 | 663 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 663 insertions(+) - create mode 100644 man/man8/tc-u32.8 - -diff --git a/man/man8/tc-u32.8 b/man/man8/tc-u32.8 -new file mode 100644 -index 0000000..47c8f2d ---- /dev/null -+++ b/man/man8/tc-u32.8 -@@ -0,0 +1,663 @@ -+.TH "Universal 32bit classifier in tc" 8 "25 Sep 2015" "iproute2" "Linux" -+ -+.SH NAME -+u32 \- universal 32bit traffic control filter -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " " filter " ... [ " handle -+.IR HANDLE " ] " -+.B u32 -+.IR OPTION_LIST " [ " -+.B offset -+.IR OFFSET " ] [ " -+.B hashkey -+.IR HASHKEY " ] [ " -+.B classid -+.IR CLASSID " ] [ " -+.B divisor -+.IR uint_value " ] [ " -+.B order -+.IR u32_value " ] [ " -+.B ht -+.IR HANDLE " ] [ " -+.B sample -+.IR SELECTOR " [ " -+.B divisor -+.IR uint_value " ] ] [ " -+.B link -+.IR HANDLE " ] [ " -+.B indev -+.IR ifname " ] [ " -+.BR help " ]" -+ -+.ti -8 -+.IR HANDLE " := { " -+\fIu12_hex_htid\fB:\fR[\fIu8_hex_hash\fB:\fR[\fIu12_hex_nodeid\fR] | \fB0x\fIu32_hex_value\fR } -+ -+.ti -8 -+.IR OPTION_LIST " := [ " OPTION_LIST " ] " OPTION -+ -+.ti -8 -+.IR HASHKEY " := [ " -+.B mask -+.IR u32_hex_value " ] [ " -+.B at -+.IR 4*int_value " ]" -+ -+.ti -8 -+.IR CLASSID " := { " -+.BR root " | " -+.BR none " | " -+[\fIu16_major\fR]\fB:\fIu16_minor\fR | \fIu32_hex_value\fR } -+ -+.ti -8 -+.IR OFFSET " := [ " -+.B plus -+.IR int_value " ] [ " -+.B at -+.IR 2*int_value " ] [ " -+.B mask -+.IR u16_hex_value " ] [ " -+.B shift -+.IR int_value " ] [ " -+.BR eat " ]" -+ -+.ti -8 -+.IR OPTION " := { " -+.B match -+.IR SELECTOR " | " -+.B action -+.IR ACTION " } " -+ -+.ti -8 -+.IR SELECTOR " := { " -+.B u32 -+.IR VAL_MASK_32 " | " -+.B u16 -+.IR VAL_MASK_16 " | " -+.B u8 -+.IR VAL_MASK_8 " | " -+.B ip -+.IR IP " | " -+.B ip6 -+.IR IP6 " | { " -+.BR tcp " | " udp " } " -+.IR TCPUDP " | " -+.B icmp -+.IR ICMP " | " -+.B mark -+.IR VAL_MASK_32 " | " -+.B ether -+.IR ETHER " }" -+ -+.ti -8 -+.IR IP " := { { " -+.BR src " | " dst " } { " default " | " any " | " all " | " -+.IR ip_address " [ " -+.BR / " { " -+.IR prefixlen " | " netmask " } ] } " AT " | { " -+.BR dsfield " | " ihl " | " protocol " | " precedence " | " -+.BR icmp_type " | " icmp_code " } " -+.IR VAL_MASK_8 " | { " -+.BR sport " | " dport " } " -+.IR VAL_MASK_16 " | " -+.BR nofrag " | " firstfrag " | " df " | " mf " }" -+ -+.ti -8 -+.IR IP6 " := { { " -+.BR src " | " dst " } { " default " | " any " | " all " | " -+.IR ip6_address " [/" prefixlen " ] } " AT " | " -+.B priority -+.IR VAL_MASK_8 " | { " -+.BR protocol " | " icmp_type " | " icmp_code " } " -+.IR VAL_MASK_8 " | " -+.B flowlabel -+.IR VAL_MASK_32 " | { " -+.BR sport " | " dport " } " -+.IR VAL_MASK_16 " }" -+ -+.ti -8 -+.IR TCPUDP " := { " -+.BR src " | " dst " } " -+.I VAL_MASK_16 -+ -+.ti -8 -+.IR ICMP " := { " -+.B type -+.IR VAL_MASK_8 " | " -+.B code -+.IR VAL_MASK_8 " }" -+ -+.ti -8 -+.IR ETHER " := { " -+.BR src " | " dst " } " -+.IR ether_address " " AT -+ -+.ti -8 -+.IR VAL_MASK_32 " := " u32_value " " u32_hex_mask " [ " AT " ]" -+ -+.ti -8 -+.IR VAL_MASK_16 " := " u16_value " " u16_hex_mask " [ " AT " ]" -+ -+.ti -8 -+.IR VAL_MASK_8 " := " u8_value " " u8_hex_mask " [ " AT " ]" -+ -+.ti -8 -+.IR AT " := [ " -+.BR at " [ " nexthdr+ " ] " -+.IR int_value " ]" -+.SH DESCRIPTION -+The Universal/Ugly 32bit filter allows to match arbitrary bitfields in the -+packet. Due to breaking everything down to values, masks and offsets, It is -+equally powerful and hard to use. Luckily many abstracting directives are -+present which allow defining rules on a higher level and therefore free the -+user from having to fiddle with bits and masks in many cases. -+ -+There are two general modes of invocation: The first mode creates a new filter -+to delegate packets to different destinations. Apart from the obvious ones, -+namely classifying the packet by specifying a -+.I CLASSID -+or calling an -+.BR action , -+one may -+.B link -+one filter to another one (or even a list of them), effectively organizing -+filters into a tree-like hierarchy. -+ -+Typically filter delegation is done by means of a hash table, which leads to the -+second mode of invocation: it merely serves to set up these hash tables. Filters -+can select a hash table and provide a key selector from which a hash is to be -+computed and used as key to lookup the table's bucket which contains filters for -+further processing. This is useful if a high number of filters is in use, as the -+overhead of performing the hash operation and table lookup becomes negligible in -+that case. Using hashtables with -+.B u32 -+basically involves the following pattern: -+.IP (1) 4 -+Creating a new hash table, specifying it's size using the -+.B divisor -+parameter and ideally a handle by which the table can be identified. If the -+latter is not given, the kernel chooses one on it's own, which has to be -+guessed later. -+.IP (2) 4 -+Creating filters which link to the created table in -+.I (1) -+using the -+.B link -+parameter and defining the packet data which the kernel will use to calculate -+the -+.BR hashkey . -+.IP (3) 4 -+Adding filters to buckets in the hash table from -+.IR (1) . -+In order to avoid having to know how exactly the kernel creates the hash key, -+there is the -+.B sample -+parameter, which gives sample data to hash and thereby define the table bucket -+the filter should be added to. -+ -+.RE -+In fact, even if not explicitly requested -+.B u32 -+creates a hash table for every -+.B priority -+a filter is being added with. The table's size is 1 though, so it is in fact -+merely a linked list. -+.SH VALUES -+Options and selectors require values to be specified in a specific format, which -+is often non-intuitive. Therefore the terminals in -+.I SYNOPSIS -+have been given descriptive names to indicate the required format and/or maximum -+allowed numeric value: Prefixes -+.IR u32 ", " u16 " and " u8 -+indicate four, two and single byte unsigned values. E.g. -+.I u16 -+indicates a two byte-sized value in range between 0 and 65535 (0xFFFF) -+inclusive. A prefix of -+.I int -+indicates a four byte signed value. A middle part of -+.I _hex_ -+indicates that the value is parsed in hexadecimal format. Otherwise, the -+value's base is automatically detected, i.e. values prefixed with -+.I 0x -+are considered hexadecimal, a leading -+.I 0 -+indicates octal format and decimal format otherwise. There are some values with -+special formatting as well: -+.IR ip_address " and " netmask -+are in dotted-quad formatting as usual for IPv4 addresses. An -+.I ip6_address -+is specified in common, colon-separated hexadecimal format. Finally, -+.I prefixlen -+is an unsigned, decimal integer value in range from 0 to the address width in -+bits (32 for IPv4 and 128 for IPv6). -+ -+Sometimes values need to be dividable by a certain number. In that case a name -+of the form -+.I N*val -+was chosen, indicating that -+.I val -+must be dividable by -+.IR N . -+Or the other way around: the resulting value must be a multiple of -+.IR N . -+.SH OPTIONS -+.B U32 -+recognizes the following options: -+.TP -+.BI handle " HANDLE" -+The handle is used to reference a filter and therefore must be unique. It -+consists of a hash table identifier -+.B htid -+and optional -+.B hash -+(which identifies the hash table's bucket) and -+.BR nodeid . -+All these values are parsed as unsigned, hexadecimal numbers with length 12bits -+( -+.BR htid " and " nodeid ) -+or 8bits ( -+.BR hash ). -+Alternatively one may specify a single, 32bit long hex number which contains -+the three fields bits in concatenated form. Other than the fields themselves, it -+has to be prefixed by -+.BR 0x . -+.TP -+.BI offset " OFFSET" -+Set an offset which defines where matches of subsequent filters are applied to. -+Therefore this option is useful only when combined with -+.BR link " or a combination of " ht " and " sample . -+The offset may be given explicitly by using the -+.B plus -+keyword, or extracted from the packet data with -+.BR at . -+It is possible to mangle the latter using -+.BR mask " and/or " shift -+keywords. By default, this offset is recorded but not implicitly applied. It is -+used only to substitute the -+.B nexthdr+ -+statement. Using the keyword -+.B eat -+though inverses this behaviour: the offset is applied always, and -+.B nexthdr+ -+will fall back to zero. -+.TP -+.BI hashkey " HASHKEY" -+Spefify what packet data to use to calculate a hash key for bucket lookup. The -+kernel adjusts the value according to the hash table's size. For this to work, -+the option -+.B link -+must be given. -+.TP -+.BI classid " CLASSID" -+Classify matching packets into the given -+.IR CLASSID , -+which consists of either 16bit -+.BR major " and " minor -+numbers or a single 32bit value combining both. -+.TP -+.BI divisor " u32_value" -+Specify a modulo value. Used when creating hash tables to define their size or -+for declaring a -+.B sample -+to calculate hash table keys from. Must be a power of two with exponent not -+exceeding eight. -+.TP -+.BI order " u32_value" -+A value to order filters by, ascending. Conflicts with -+.B handle -+which serves the same purpose. -+.TP -+.BI sample " SELECTOR" -+Used together with -+.B ht -+to specify which bucket to add this filter to. This allows one to avoid having -+to know how exactly the kernel calculates hashes. The additional -+.B divisor -+defaults to 256, so must be given for hash tables of different size. -+.TP -+.BI link " HANDLE" -+Delegate matching packets to filters in a hash table. -+.I HANDLE -+is used to only specify the hash table, so only -+.BR htid " may be given, " hash " and " nodeid -+have to be omitted. By default, bucket number 0 will be used and can be -+overridden by the -+.B hashkey -+option. -+.TP -+.BI indev " ifname" -+Filter on the incoming interface of the packet. Obviously works only for -+forwarded traffic. -+.TP -+.BI help -+Print a brief help text about possible options. -+.SH SELECTORS -+Basically the only real selector is -+.B u32 . -+All others merely provide a higher level syntax and are internally translated -+into -+.B u32 . -+.TP -+.BI u32 " VAL_MASK_32" -+.TQ -+.BI u16 " VAL_MASK_16" -+.TQ -+.BI u8 " VAL_MASK_8" -+Match packet data to a given value. The selector name defines the sample length -+to extract (32bits for -+.BR u32 , -+16bits for -+.B u16 -+and 8bits for -+.BR u8 ). -+Before comparing, the sample is binary AND'ed with the given mask. This way -+uninteresting bits can be cleared before comparison. The position of the sample -+is defined by the offset specified in -+.IR AT . -+.TP -+.BI ip " IP" -+.TQ -+.BI ip6 " IP6" -+Assume packet starts with an IPv4 ( -+.BR ip ) -+or IPv6 ( -+.BR ip6 ) -+header. -+.IR IP / IP6 -+then allows to match various header fields: -+.RS -+.TP -+.BI src " ADDR" -+.BI dst " ADDR" -+Compare Source or Destination Address fields against the value of -+.IR ADDR . -+The reserved words -+.BR default ", " any " and " all -+effectively match any address. Otherwise an IP address of the particular -+protocol is expected, optionally suffixed by a prefix length to match whole -+subnets. In case of IPv4 a netmask may also be given. -+.TP -+.BI dsfield " VAL_MASK_8" -+IPv4 only. Match the packet header's DSCP/ECN field. Synonyms to this are -+.BR tos " and " precedence . -+.TP -+.BI ihl " VAL_MASK_8" -+IPv4 only. Match the Internet Header Length field. Note that the value's unit is -+32bits, so to match a packet with 24byte header length -+.I u8_value -+has to be 6. -+.TP -+.BI protocol " VAL_MASK_8" -+Match the Protocol (IPv4) or Next Header (IPv6) field value, e.g. 6 for TCP. -+.TP -+.BI icmp_type " VAL_MASK_8" -+.TQ -+.BI icmp_code " VAL_MASK_8" -+Assume a next-header protocol of icmp or ipv6-icmp and match Type or Code -+field values. This is dangerous, as the code assumes minimal header size for -+IPv4 and lack of extension headers for IPv6. -+.TP -+.BI sport " VAL_MASK_16" -+.TQ -+.BI dport " VAL_MASK_16" -+Match layer four source or destination ports. This is dangerous as well, as it -+assumes a suitable layer four protocol is present (which has Source and -+Destination Port fields right at the start of the header and 16bit in size). -+Also minimal header size for IPv4 and lack of IPv6 extension headers is assumed. -+.TP -+.B nofrag -+.TQ -+.B firstfrag -+.TQ -+.B df -+.TQ -+.B mf -+IPv4 only, check certain flags and fragment offset values. Match if the packet -+is not a fragment -+.RB ( nofrag ), -+the first fragment -+.RB ( firstfrag ), -+if Don't Fragment -+.RB ( df ) -+or More Fragments -+.RB ( mf ) -+bits are set. -+.TP -+.BI priority " VAL_MASK_8" -+IPv6 only. Match the header's Traffic Class field, which has the same purpose -+and semantics of IPv4's ToS field since RFC 3168: upper six bits are DSCP, the -+lower two ECN. -+.TP -+.BI flowlabel " VAL_MASK_32" -+IPv6 only. Match the Flow Label field's value. Note that Flow Label itself is -+only 20bytes long, which are the least significant ones here. The remaining -+upper 12bytes match Version and Traffic Class fields. -+.RE -+.TP -+.BI tcp " TCPUDP" -+.TQ -+.BI udp " TCPUDP" -+Match fields of next header of protocol TCP or UDP. The possible values for -+.I TCPDUP -+are: -+.RS -+.TP -+.BI src " VAL_MASK_16" -+Match on Source Port field value. -+.TP -+.BI dst " VALMASK_16" -+Match on Destination Port field value. -+.RE -+.TP -+.BI icmp " ICMP" -+Match fields of next header of protocol ICMP. The possible values for -+.I ICMP -+are: -+.RS -+.TP -+.BI type " VAL_MASK_8" -+Match on ICMP Type field. -+.TP -+.BI code " VAL_MASK_8" -+Match on ICMP Code field. -+.RE -+.TP -+.BI mark " VAL_MASK_32" -+Match on netfilter fwmark value. -+.TP -+.BI ether " ETHER" -+Match on ethernet header fields. Possible values for -+.I ETHER -+are: -+.RS -+.TP -+.BI src " ether_address" " " AT -+.TQ -+.BI dst " ether_address" " " AT -+Match on source or destination ethernet address. This is dangerous: It assumes -+an ethernet header is present at the start of the packet. This will probably -+lead to unexpected things if used with layer three interfaces like e.g. tun or -+ppp. -+.SH EXAMPLES -+.RS -+.EX -+tc filter add dev eth0 parent 999:0 prio 99 protocol ip u32 \\ -+ match ip src 192.168.8.0/24 classid 1:1 -+.EE -+.RE -+ -+This attaches a filter to the qdisc identified by -+.BR 999:0. -+It's priority is -+.BR 99 , -+which affects in which order multiple filters attached to the same -+.B parent -+are consulted (the lower the earlier). The filter handles packets of -+.B protocol -+type -+.BR ip , -+and -+.BR match es -+if the IP header's source address is within the -+.B 192.168.8.0/24 -+subnet. Matching packets are classified into class -+.BR 1.1 . -+The effect of this command might be surprising at first glance: -+ -+.RS -+.EX -+filter parent 1: protocol ip pref 99 u32 -+filter parent 1: protocol ip pref 99 u32 \\ -+ fh 800: ht divisor 1 -+filter parent 1: protocol ip pref 99 u32 \\ -+ fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 \\ -+ match c0a80800/ffffff00 at 12 -+.EE -+.RE -+ -+So parent -+.B 1: -+is assigned a new -+.B u32 -+filter, which contains a hash table of size 1 (as the -+.B divisor -+indicates). The table ID is -+.BR 800 . -+The third line then shows the actual filter which was added above: it sits in -+table -+.B 800 -+and bucket -+.BR 0 , -+classifies packets into class ID -+.B 1:1 -+and matches the upper three bytes of the four byte value at offset -+.B 12 -+to be -+.BR 0xc0a808 , -+which is 192, 168 and 8. -+ -+Now for something more complicated, namely creating a custom hash table: -+ -+.RS -+.EX -+tc filter add dev eth0 prio 99 handle 1: u32 divisor 256 -+.EE -+.RE -+ -+This creates a table of size 256 with handle -+.B 1: -+in priority -+.BR 99 . -+The effect is as follows: -+ -+.RS -+.EX -+filter parent 1: protocol all pref 99 u32 -+filter parent 1: protocol all pref 99 u32 fh 1: ht divisor 256 -+filter parent 1: protocol all pref 99 u32 fh 800: ht divisor 1 -+.EE -+.RE -+ -+So along with the requested hash table (handle -+.BR 1: ), -+the kernel has created his own table of size 1 to hold other filters of the same -+priority. -+ -+The next step is to create a filter which links to the created hash table: -+ -+.RS -+.EX -+tc filter add dev eth0 parent 1: prio 1 u32 \\ -+ link 1: hashkey mask 0x0000ff00 at 12 \\ -+ match ip src 192.168.0.0/16 -+.EE -+.RE -+ -+The filter is given a lower priority than the hash table itself so -+.B u32 -+consults it before manually traversing the hash table. The options -+.BR link " and " hashkey -+determine which table and bucket to redirect to. In this case the hash key -+should be constructed out of the second byte at offset 12, which corresponds to -+an IP packet's third byte of the source address field. Along with the -+.B match -+statement, this effectively maps all class C networks below 192.168.0.0/16 to -+different buckets of the hash table. -+ -+Filters for certain subnets can be created like so: -+ -+.RS -+.EX -+tc filter add dev eth0 parent 1: prio 99 u32 \\ -+ ht 1: sample u32 0x00000800 0x0000ff00 at 12 \\ -+ match ip src 192.168.8.0/24 classid 1:1 -+.EE -+.RE -+ -+The bucket is defined using the -+.B sample -+option: In this case, the second byte at offset 12 must be 0x08, exactly. In -+this case, the resulting bucket ID is obviously 8, but as soon as -+.B sample -+selects an amount of data which could exceed the -+.BR divisor , -+one would have to know the kernel-internal algorithm to deduce the destination -+bucket. This filter's -+.B match -+statement is redundant in this case, as the entropy for the hash key does not -+exceed the table size and therefore no collisions can occur. Otherwise it's -+necessary to prevent matching unwanted packets. -+ -+Matching upper layer fields is problematic since IPv4 header length is variable -+and IPv6 supports extension headers which affect upper layer header offset. To -+overcome this, there is the possibility to specify -+.B nexthdr+ -+when giving an offset, and to make things easier there are the -+.BR tcp " and " udp -+matches which use -+.B nexthdr+ -+implicitly. This offset has to be calculated in beforehand though, and the only -+way to achieve that is by doing it in a separate filter which then links to the -+filter which wants to use it. Here is an example of doing so: -+ -+.RS -+.EX -+tc filter add dev eth0 parent 1:0 protocol ip handle 1: \\ -+ u32 divisor 1 -+tc filter add dev eth0 parent 1:0 protocol ip \\ -+ u32 ht 1: \\ -+ match tcp src 22 FFFF \\ -+ classid 1:2 -+tc filter add dev eth0 parent 1:0 protocol ip \\ -+ u32 ht 800: \\ -+ match ip protocol 6 FF \\ -+ match ip firstfrag \\ -+ offset at 0 mask 0f00 shift 6 \\ -+ link 1: -+.EE -+.RE -+ -+This is what is being done: In the first call, a single element sized hash table -+is created so there is a place to hold the linked to filter and a known handle -+.RB ( 1: ) -+to reference to it. The second call then adds the actual filter, which pushes -+packets with TCP source port 22 into class -+.BR 1:2 . -+Using -+.BR ht , -+it is moved into the hash table created by the first call. The third call then -+does the actual magic: It matches IPv4 packets with next layer protocol 6 (TCP), -+only if it's the first fragment (usually TCP sets DF bit, but if it doesn't and -+the packet is fragmented, only the first one contains the TCP header), and then -+sets the offset based on the IP header's IHL field (right-shifting by 6 -+eliminates the offset of the field and at the same time converts the value into -+byte unit). Finally, using -+.BR link , -+the hash table from first call is referenced which holds the filter from second -+call. -+.SH SEE ALSO -+.BR tc (8), -+.br -+.BR cls_u32.txt " at " http://linux-tc-notes.sourceforge.net/ --- -1.8.3.1 - diff --git a/SOURCES/0048-ip-link-proto_down-config-and-display.patch b/SOURCES/0048-ip-link-proto_down-config-and-display.patch new file mode 100644 index 0000000..32ebea5 --- /dev/null +++ b/SOURCES/0048-ip-link-proto_down-config-and-display.patch @@ -0,0 +1,119 @@ +From 88507d6ca29f372ad4e8ac17933876205b8d4bab Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:06 +0100 +Subject: [PATCH] ip link: proto_down config and display. + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 188648270ae9d +Conflicts: Man page change applied manually due to previously backported + synopsis syntax fixup. + +commit 188648270ae9d5d967fddf496cd2f2a5ac04e2bf +Author: Anuradha Karuppiah +Date: Tue Jul 14 13:43:22 2015 -0700 + + ip link: proto_down config and display. + + This patch adds support to set and display protodown on a switch port. The + switch driver can handle this error state by doing a phys down on the port. + + One example user space application setting this flag is a multi-chassis + LAG application to handle split-brain situation on peer-link failure. + + Example: + root@net-next:~# ip link set eth1 protodown on + root@net-next:~/iproute2# ip link show eth1 + 4: eth1: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 + link/ether 52:54:00:12:35:01 brd ff:ff:ff:ff:ff:ff protodown on + root@net-next:~/iproute2# ip link set eth1 protodown off + root@net-next:~/iproute2# ip link show eth1 + 4: eth1: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 + link/ether 52:54:00:12:35:01 brd ff:ff:ff:ff:ff:ff + root@net-next:~/iproute2# + + Signed-off-by: Anuradha Karuppiah + Signed-off-by: Andy Gospodarek + Signed-off-by: Roopa Prabhu + Signed-off-by: Wilson Kok +--- + ip/ipaddress.c | 5 +++++ + ip/iplink.c | 13 +++++++++++++ + man/man8/ip-link.8.in | 8 ++++++++ + 3 files changed, 26 insertions(+) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index 45b47f9..d5bc2dc 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -692,6 +692,11 @@ int print_linkinfo(const struct sockaddr_nl *who, + fprintf(fp, " link-netnsid unknown"); + } + ++ if (tb[IFLA_PROTO_DOWN]) { ++ if (rta_getattr_u8(tb[IFLA_PROTO_DOWN])) ++ fprintf(fp, " protodown on "); ++ } ++ + if (tb[IFLA_PROMISCUITY] && show_details) + fprintf(fp, " promiscuity %u ", + *(int*)RTA_DATA(tb[IFLA_PROMISCUITY])); +diff --git a/ip/iplink.c b/ip/iplink.c +index 10f97af..06b0a6d 100644 +--- a/ip/iplink.c ++++ b/ip/iplink.c +@@ -89,6 +89,7 @@ void iplink_usage(void) + fprintf(stderr, " [ master DEVICE ]\n"); + fprintf(stderr, " [ nomaster ]\n"); + fprintf(stderr, " [ addrgenmode { eui64 | none } ]\n"); ++ fprintf(stderr, " [ protodown { on | off } ]\n"); + fprintf(stderr, " ip link show [ DEVICE | group GROUP ] [up] [master DEV] [type TYPE]\n"); + + if (iplink_have_newlink()) { +@@ -661,6 +662,18 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, + invarg("Invalid \"link-netnsid\" value\n", *argv); + addattr32(&req->n, sizeof(*req), IFLA_LINK_NETNSID, + link_netnsid); ++ } else if (strcmp(*argv, "protodown") == 0) { ++ unsigned int proto_down; ++ ++ NEXT_ARG(); ++ if (strcmp(*argv, "on") == 0) ++ proto_down = 1; ++ else if (strcmp(*argv, "off") == 0) ++ proto_down = 0; ++ else ++ return on_off("protodown", *argv); ++ addattr8(&req->n, sizeof(*req), IFLA_PROTO_DOWN, ++ proto_down); + } else { + if (strcmp(*argv, "dev") == 0) { + NEXT_ARG(); +diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in +index 73cd86d..38e5416 100644 +--- a/man/man8/ip-link.8.in ++++ b/man/man8/ip-link.8.in +@@ -66,6 +66,8 @@ ip-link \- network device configuration + .br + .RB "[ " promisc " { " on " | " off " } ]" + .br ++.BR "[ " protodown " { " on " | " off " } ]" ++.br + .RB "[ " trailers " { " on " | " off " } ]" + .br + .RB "[ " txqueuelen +@@ -936,6 +938,12 @@ change the + flag on the device. + + .TP ++.BR "protodown on " or " protodown off" ++change the ++.B PROTODOWN ++state on the device. Indicates that a protocol error has been detected on the port. Switch drivers can react to this error by doing a phys down on the switch port. ++ ++.TP + .BR "dynamic on " or " dynamic off" + change the + .B DYNAMIC +-- +1.8.3.1 + diff --git a/SOURCES/0048-tc-ship-filter-man-pages-and-refer-to-them-in-tc.8.patch b/SOURCES/0048-tc-ship-filter-man-pages-and-refer-to-them-in-tc.8.patch deleted file mode 100644 index bd5b68b..0000000 --- a/SOURCES/0048-tc-ship-filter-man-pages-and-refer-to-them-in-tc.8.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 984233b59ae6025b6aef029b85a8ced53741f6a3 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Thu, 18 Feb 2016 15:45:21 +0100 -Subject: [PATCH] tc: ship filter man pages and refer to them in tc.8 - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1286711 -Upstream Status: iproute2.git commit a257bc7b4c481 -Conflicts: -- Context change due to other missing man pages in RHEL7. -- Dropped all references to flower filter as that does not exist in - RHEL7. - -commit a257bc7b4c481d4b2871508edfccc198d1e56c8a -Author: Phil Sutter -Date: Fri Oct 23 19:47:16 2015 +0200 - - tc: ship filter man pages and refer to them in tc.8 - - Cc: Thomas Graf - Cc: Alexey Kuznetsov - Cc: Jiri Pirko - Cc: Patrick McHardy - Cc: Werner Almesberger - Signed-off-by: Phil Sutter ---- - man/man8/Makefile | 4 +++- - man/man8/tc.8 | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 53 insertions(+), 1 deletion(-) - -diff --git a/man/man8/Makefile b/man/man8/Makefile -index 23ac83e..248ecfd 100644 ---- a/man/man8/Makefile -+++ b/man/man8/Makefile -@@ -10,7 +10,9 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 ss.8 \ - ip-addrlabel.8 ip-l2tp.8 \ - ip-maddress.8 ip-monitor.8 ip-mroute.8 ip-neighbour.8 \ - ip-netns.8 ip-ntable.8 ip-rule.8 ip-tunnel.8 ip-xfrm.8 \ -- ip-tcp_metrics.8 ip-netconf.8 ip-token.8 -+ ip-tcp_metrics.8 ip-netconf.8 ip-token.8 \ -+ tc-basic.8 tc-cgroup.8 tc-flow.8 tc-fw.8 tc-route.8 \ -+ tc-tcindex.8 tc-u32.8 - - all: $(TARGETS) - -diff --git a/man/man8/tc.8 b/man/man8/tc.8 -index 80eaa3b..fb4efd9 100644 ---- a/man/man8/tc.8 -+++ b/man/man8/tc.8 -@@ -141,6 +141,49 @@ It is important to notice that filters reside - .B within - qdiscs - they are not masters of what happens. - -+The available filters are: -+.TP -+basic -+Filter packets based on an ematch expression. See -+.BR tc-ematch (8) -+for details. -+.TP -+bpf -+Filter packets using (e)BPF, see -+.BR tc-bpf (8) -+for details. -+.TP -+cgroup -+Filter packets based on the control group of their process. See -+. BR tc-cgroup (8) -+for details. -+.TP -+flow -+Flow-based classifier, filtering packets based on their flow (identified by selectable keys). See -+.BR tc-flow (8) -+for details. -+.TP -+fw -+Filter based on fwmark. Directly maps fwmark value to traffic class. See -+.BR tc-fw (8). -+.TP -+route -+Filter packets based on routing table. See -+.BR tc-route (8) -+for details. -+.TP -+rsvp -+Match Resource Reservation Protocol (RSVP) packets. -+.TP -+tcindex -+Filter packets based on traffic control index. See -+.BR tc-index (8). -+.TP -+u32 -+Generic filtering on arbitrary packet data, assisted by syntax to abstract common operations. See -+.BR tc-u32 (8) -+for details. -+ - .SH CLASSLESS QDISCS - The classless qdiscs are: - .TP -@@ -583,24 +626,31 @@ print rates in IEC units (ie. 1K = 1024). - .B tc - was written by Alexey N. Kuznetsov and added in Linux 2.2. - .SH SEE ALSO -+.BR tc-basic (8), - .BR tc-bfifo (8), - .BR tc-cbq (8), -+.BR tc-cgroup (8), - .BR tc-choke (8), - .BR tc-codel (8), - .BR tc-drr (8), - .BR tc-ematch (8), -+.BR tc-flow (8), - .BR tc-fq (8), - .BR tc-fq_codel (8), -+.BR tc-fw (8), - .BR tc-hfsc (7), - .BR tc-hfsc (8), - .BR tc-htb (8), - .BR tc-pfifo (8), - .BR tc-pfifo_fast (8), - .BR tc-red (8), -+.BR tc-route (8), - .BR tc-sfb (8), - .BR tc-sfq (8), - .BR tc-stab (8), - .BR tc-tbf (8), -+.BR tc-tcindex (8), -+.BR tc-u32 (8), - .br - .RB "User documentation at " http://lartc.org/ ", but please direct bugreports and patches to: " - --- -1.8.3.1 - diff --git a/SOURCES/0049-bridge-mdb-add-support-for-vlans.patch b/SOURCES/0049-bridge-mdb-add-support-for-vlans.patch new file mode 100644 index 0000000..cbcaa33 --- /dev/null +++ b/SOURCES/0049-bridge-mdb-add-support-for-vlans.patch @@ -0,0 +1,124 @@ +From 8dab50579927df9b7dacd82480bbefc1cc231547 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:51 +0100 +Subject: [PATCH] bridge: mdb: add support for vlans + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 6aac8617139a9 + +commit 6aac8617139a96a124d63aeae843b73c38f88fc5 +Author: Nikolay Aleksandrov +Date: Wed Jul 15 08:45:20 2015 -0700 + + bridge: mdb: add support for vlans + + This patch allows the user to specify the vlan of the mdb group being + added or deleted and adds support for displaying the vlan when + dumping mdb information or monitoring it. It also updates the man page + to reflect the new "vid" argument for mdb. + + Signed-off-by: Nikolay Aleksandrov +--- + bridge/mdb.c | 31 +++++++++++++++++++------------ + man/man8/bridge.8 | 8 +++++++- + 2 files changed, 26 insertions(+), 13 deletions(-) + +diff --git a/bridge/mdb.c b/bridge/mdb.c +index 680ec30..1b34f69 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -28,7 +28,7 @@ static unsigned int filter_index; + + static void usage(void) + { +- fprintf(stderr, "Usage: bridge mdb { add | del } dev DEV port PORT grp GROUP [permanent | temp]\n"); ++ fprintf(stderr, "Usage: bridge mdb { add | del } dev DEV port PORT grp GROUP [permanent | temp] [vid VID]\n"); + fprintf(stderr, " bridge mdb {show} [ dev DEV ]\n"); + exit(-1); + } +@@ -51,17 +51,19 @@ static void br_print_router_ports(FILE *f, struct rtattr *attr) + static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e) + { + SPRINT_BUF(abuf); +- +- if (e->addr.proto == htons(ETH_P_IP)) +- fprintf(f, "dev %s port %s grp %s %s\n", ll_index_to_name(ifindex), +- ll_index_to_name(e->ifindex), +- inet_ntop(AF_INET, &e->addr.u.ip4, abuf, sizeof(abuf)), +- (e->state & MDB_PERMANENT) ? "permanent" : "temp"); +- else +- fprintf(f, "dev %s port %s grp %s %s\n", ll_index_to_name(ifindex), +- ll_index_to_name(e->ifindex), +- inet_ntop(AF_INET6, &e->addr.u.ip6, abuf, sizeof(abuf)), +- (e->state & MDB_PERMANENT) ? "permanent" : "temp"); ++ const void *src; ++ int af; ++ ++ af = e->addr.proto == htons(ETH_P_IP) ? AF_INET : AF_INET6; ++ src = af == AF_INET ? (const void *)&e->addr.u.ip4 : ++ (const void *)&e->addr.u.ip6; ++ fprintf(f, "dev %s port %s grp %s %s", ll_index_to_name(ifindex), ++ ll_index_to_name(e->ifindex), ++ inet_ntop(af, src, abuf, sizeof(abuf)), ++ (e->state & MDB_PERMANENT) ? "permanent" : "temp"); ++ if (e->vid) ++ fprintf(f, " vid %hu", e->vid); ++ fprintf(f, "\n"); + } + + static void br_print_mdb_entry(FILE *f, int ifindex, struct rtattr *attr) +@@ -177,6 +179,7 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) + } req; + struct br_mdb_entry entry; + char *d = NULL, *p = NULL, *grp = NULL; ++ short vid = 0; + + memset(&req, 0, sizeof(req)); + memset(&entry, 0, sizeof(entry)); +@@ -201,6 +204,9 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) + entry.state |= MDB_PERMANENT; + } else if (strcmp(*argv, "temp") == 0) { + ;/* nothing */ ++ } else if (strcmp(*argv, "vid") == 0) { ++ NEXT_ARG(); ++ vid = atoi(*argv); + } else { + if (matches(*argv, "help") == 0) + usage(); +@@ -234,6 +240,7 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) + } else + entry.addr.proto = htons(ETH_P_IP); + ++ entry.vid = vid; + addattr_l(&req.n, sizeof(req), MDBA_SET_ENTRY, &entry, sizeof(entry)); + + if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 8fae74b..210a3ee 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -77,7 +77,9 @@ bridge \- show / manipulate bridge addresses and devices + .IR PORT + .B grp + .IR GROUP " [ " +-.BR permanent " | " temp " ]" ++.BR permanent " | " temp " ] [ " ++.B vid ++.IR VID " ] " + + .ti -8 + .BR "bridge mdb show " [ " +@@ -435,6 +437,10 @@ the port. + - the mdb entry is temporary (default) + .sp + ++.TP ++.BI vid " VID" ++the VLAN ID which is known to have members of this multicast group. ++ + .in -8 + .SS bridge mdb delete - delete a multicast group database entry + This command removes an existing mdb entry. +-- +1.8.3.1 + diff --git a/SOURCES/0049-xfrm-add-command-for-configuring-SPD-hash-table.patch b/SOURCES/0049-xfrm-add-command-for-configuring-SPD-hash-table.patch deleted file mode 100644 index 5d1050d..0000000 --- a/SOURCES/0049-xfrm-add-command-for-configuring-SPD-hash-table.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 03fe9d9ea9d8bf2635d12669d6cc7a80c2c8db1e Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 16 Feb 2016 22:14:05 +0100 -Subject: [PATCH] xfrm: add command for configuring SPD hash table - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1212026 -Upstream Status: commit 025fa9dc7a4fe -Conflicts: Adjusted call to rtnl_talk due to previously backported - c079e121a73af ("libnetlink: add size argument to rtnl_talk") - -commit 025fa9dc7a4fee971c7040aeb84b4dac2ae08b3b -Author: Christophe Gouault -Date: Thu Apr 9 17:39:32 2015 +0200 - - xfrm: add command for configuring SPD hash table - - add a new command to configure the SPD hash table: - ip xfrm policy set [ hthresh4 LBITS RBITS ] [ hthresh6 LBITS RBITS ] - - and code to display the SPD hash configuration: - ip -s -s xfrm policy count - - hthresh4: defines minimum local and remote IPv4 prefix lengths of - selectors to hash a policy. If prefix lengths are greater or equal - to the thresholds, then the policy is hashed, otherwise it falls back - in the policy_inexact chained list. - - hthresh6: defines minimum local and remote IPv6 prefix lengths of - selectors to hash a policy, otherwise it falls back - in the policy_inexact chained list. - - Example: - - % ip -s -s xfrm policy count - SPD IN 0 OUT 0 FWD 0 (Sock: IN 0 OUT 0 FWD 0) - SPD buckets: count 7 Max 1048576 - SPD IPv4 thresholds: local 32 remote 32 - SPD IPv6 thresholds: local 128 remote 128 - - % ip xfrm pol set hthresh4 24 16 hthresh6 64 56 - - % ip -s -s xfrm policy count - SPD IN 0 OUT 0 FWD 0 (Sock: IN 0 OUT 0 FWD 0) - SPD buckets: count 7 Max 1048576 - SPD IPv4 thresholds: local 24 remote 16 - SPD IPv6 thresholds: local 64 remote 56 - - Signed-off-by: Christophe Gouault ---- - ip/xfrm_policy.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 102 insertions(+), 3 deletions(-) - -diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c -index 3ff734e..e66a4fa 100644 ---- a/ip/xfrm_policy.c -+++ b/ip/xfrm_policy.c -@@ -64,7 +64,8 @@ static void usage(void) - fprintf(stderr, " [ index INDEX ] [ ptype PTYPE ] [ action ACTION ] [ priority PRIORITY ]\n"); - fprintf(stderr, " [ flag FLAG-LIST ]\n"); - fprintf(stderr, "Usage: ip xfrm policy flush [ ptype PTYPE ]\n"); -- fprintf(stderr, "Usage: ip xfrm count\n"); -+ fprintf(stderr, "Usage: ip xfrm policy count\n"); -+ fprintf(stderr, "Usage: ip xfrm policy set [ hthresh4 LBITS RBITS ] [ hthresh6 LBITS RBITS ]\n"); - fprintf(stderr, "SELECTOR := [ src ADDR[/PLEN] ] [ dst ADDR[/PLEN] ] [ dev DEV ] [ UPSPEC ]\n"); - fprintf(stderr, "UPSPEC := proto { { "); - fprintf(stderr, "%s | ", strxf_proto(IPPROTO_TCP)); -@@ -935,7 +936,7 @@ static int print_spdinfo( struct nlmsghdr *n, void *arg) - fprintf(fp,")"); - } - -- fprintf(fp,"\n"); -+ fprintf(fp, "%s", _SL_); - } - if (show_stats > 1) { - struct xfrmu_spdhinfo *sh; -@@ -949,13 +950,109 @@ static int print_spdinfo( struct nlmsghdr *n, void *arg) - fprintf(fp,"\t SPD buckets:"); - fprintf(fp," count %d", sh->spdhcnt); - fprintf(fp," Max %d", sh->spdhmcnt); -+ fprintf(fp, "%s", _SL_); -+ } -+ if (tb[XFRMA_SPD_IPV4_HTHRESH]) { -+ struct xfrmu_spdhthresh *th; -+ if (RTA_PAYLOAD(tb[XFRMA_SPD_IPV4_HTHRESH]) < sizeof(*th)) { -+ fprintf(stderr, "SPDinfo: Wrong len %d\n", len); -+ return -1; -+ } -+ th = RTA_DATA(tb[XFRMA_SPD_IPV4_HTHRESH]); -+ fprintf(fp,"\t SPD IPv4 thresholds:"); -+ fprintf(fp," local %d", th->lbits); -+ fprintf(fp," remote %d", th->rbits); -+ fprintf(fp, "%s", _SL_); -+ -+ } -+ if (tb[XFRMA_SPD_IPV6_HTHRESH]) { -+ struct xfrmu_spdhthresh *th; -+ if (RTA_PAYLOAD(tb[XFRMA_SPD_IPV6_HTHRESH]) < sizeof(*th)) { -+ fprintf(stderr, "SPDinfo: Wrong len %d\n", len); -+ return -1; -+ } -+ th = RTA_DATA(tb[XFRMA_SPD_IPV6_HTHRESH]); -+ fprintf(fp,"\t SPD IPv6 thresholds:"); -+ fprintf(fp," local %d", th->lbits); -+ fprintf(fp," remote %d", th->rbits); -+ fprintf(fp, "%s", _SL_); - } - } -- fprintf(fp,"\n"); -+ -+ if (oneline) -+ fprintf(fp, "\n"); - - return 0; - } - -+static int xfrm_spd_setinfo(int argc, char **argv) -+{ -+ struct rtnl_handle rth; -+ struct { -+ struct nlmsghdr n; -+ __u32 flags; -+ char buf[RTA_BUF_SIZE]; -+ } req; -+ -+ char *thr4 = NULL; -+ char *thr6 = NULL; -+ -+ memset(&req, 0, sizeof(req)); -+ -+ req.n.nlmsg_len = NLMSG_LENGTH(sizeof(__u32)); -+ req.n.nlmsg_flags = NLM_F_REQUEST; -+ req.n.nlmsg_type = XFRM_MSG_NEWSPDINFO; -+ req.flags = 0XFFFFFFFF; -+ -+ while (argc > 0) { -+ if (strcmp(*argv, "hthresh4") == 0) { -+ struct xfrmu_spdhthresh thr; -+ -+ if (thr4) -+ duparg("hthresh4", *argv); -+ thr4 = *argv; -+ NEXT_ARG(); -+ if (get_u8(&thr.lbits, *argv, 0) || thr.lbits > 32) -+ invarg("hthresh4 LBITS value is invalid", *argv); -+ NEXT_ARG(); -+ if (get_u8(&thr.rbits, *argv, 0) || thr.rbits > 32) -+ invarg("hthresh4 RBITS value is invalid", *argv); -+ -+ addattr_l(&req.n, sizeof(req), XFRMA_SPD_IPV4_HTHRESH, -+ (void *)&thr, sizeof(thr)); -+ } else if (strcmp(*argv, "hthresh6") == 0) { -+ struct xfrmu_spdhthresh thr; -+ -+ if (thr6) -+ duparg("hthresh6", *argv); -+ thr6 = *argv; -+ NEXT_ARG(); -+ if (get_u8(&thr.lbits, *argv, 0) || thr.lbits > 128) -+ invarg("hthresh6 LBITS value is invalid", *argv); -+ NEXT_ARG(); -+ if (get_u8(&thr.rbits, *argv, 0) || thr.rbits > 128) -+ invarg("hthresh6 RBITS value is invalid", *argv); -+ -+ addattr_l(&req.n, sizeof(req), XFRMA_SPD_IPV6_HTHRESH, -+ (void *)&thr, sizeof(thr)); -+ } else { -+ invarg("unknown", *argv); -+ } -+ -+ argc--; argv++; -+ } -+ -+ if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) -+ exit(1); -+ -+ if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) -+ exit(2); -+ -+ rtnl_close(&rth); -+ -+ return 0; -+} -+ - static int xfrm_spd_getinfo(int argc, char **argv) - { - struct rtnl_handle rth; -@@ -1059,6 +1156,8 @@ int do_xfrm_policy(int argc, char **argv) - return xfrm_policy_flush(argc-1, argv+1); - if (matches(*argv, "count") == 0) - return xfrm_spd_getinfo(argc, argv); -+ if (matches(*argv, "set") == 0) -+ return xfrm_spd_setinfo(argc-1, argv+1); - if (matches(*argv, "help") == 0) - usage(); - fprintf(stderr, "Command \"%s\" is unknown, try \"ip xfrm policy help\".\n", *argv); --- -1.8.3.1 - diff --git a/SOURCES/0050-bridge-mdb-add-deleted-when-monitoring-delmdb-event.patch b/SOURCES/0050-bridge-mdb-add-deleted-when-monitoring-delmdb-event.patch new file mode 100644 index 0000000..239da14 --- /dev/null +++ b/SOURCES/0050-bridge-mdb-add-deleted-when-monitoring-delmdb-event.patch @@ -0,0 +1,88 @@ +From ade2d09ef2a32d65a7a389b4b76b470c782addf2 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:51 +0100 +Subject: [PATCH] bridge: mdb: add deleted when monitoring delmdb event + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 90d73159d9a32 + +commit 90d73159d9a326fa59c5e340ae3489f63ec49b3e +Author: Nikolay Aleksandrov +Date: Thu Jul 30 11:30:32 2015 +0200 + + bridge: mdb: add deleted when monitoring delmdb event + + Before this patch both addmdb and delmdb events were printed the same, + now we'll get a "Deleted" string in front when delmdb is received. + Before: + $ bridge mdb add dev br0 port eth3 grp 239.0.0.1 + (monitor) dev br0 port eth3 grp 239.0.0.1 temp + $ bridge mdb del dev br0 port eth3 grp 239.0.0.1 + (monitor) dev br0 port eth3 grp 239.0.0.1 temp + ^^ No way to differentiate between both events. + + After: + $ bridge mdb add dev br0 port eth3 grp 239.0.0.1 + (monitor) dev br0 port eth3 grp 239.0.0.1 temp + $ bridge mdb del dev br0 port eth3 grp 239.0.0.1 + (monitor) Deleted dev br0 port eth3 grp 239.0.0.1 temp + + Signed-off-by: Nikolay Aleksandrov +--- + bridge/mdb.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/bridge/mdb.c b/bridge/mdb.c +index 1b34f69..b14bd01 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -48,7 +48,8 @@ static void br_print_router_ports(FILE *f, struct rtattr *attr) + fprintf(f, "\n"); + } + +-static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e) ++static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e, ++ struct nlmsghdr *n) + { + SPRINT_BUF(abuf); + const void *src; +@@ -57,6 +58,8 @@ static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e) + af = e->addr.proto == htons(ETH_P_IP) ? AF_INET : AF_INET6; + src = af == AF_INET ? (const void *)&e->addr.u.ip4 : + (const void *)&e->addr.u.ip6; ++ if (n->nlmsg_type == RTM_DELMDB) ++ fprintf(f, "Deleted "); + fprintf(f, "dev %s port %s grp %s %s", ll_index_to_name(ifindex), + ll_index_to_name(e->ifindex), + inet_ntop(af, src, abuf, sizeof(abuf)), +@@ -66,7 +69,8 @@ static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e) + fprintf(f, "\n"); + } + +-static void br_print_mdb_entry(FILE *f, int ifindex, struct rtattr *attr) ++static void br_print_mdb_entry(FILE *f, int ifindex, struct rtattr *attr, ++ struct nlmsghdr *n) + { + struct rtattr *i; + int rem; +@@ -75,7 +79,7 @@ static void br_print_mdb_entry(FILE *f, int ifindex, struct rtattr *attr) + rem = RTA_PAYLOAD(attr); + for (i = RTA_DATA(attr); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) { + e = RTA_DATA(i); +- print_mdb_entry(f, ifindex, e); ++ print_mdb_entry(f, ifindex, e, n); + } + } + +@@ -108,7 +112,7 @@ int print_mdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + int rem = RTA_PAYLOAD(tb[MDBA_MDB]); + + for (i = RTA_DATA(tb[MDBA_MDB]); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) +- br_print_mdb_entry(fp, r->ifindex, i); ++ br_print_mdb_entry(fp, r->ifindex, i, n); + } + + if (tb[MDBA_ROUTER]) { +-- +1.8.3.1 + diff --git a/SOURCES/0050-xfrm-revise-man-page-and-document-ip-xfrm-policy-set.patch b/SOURCES/0050-xfrm-revise-man-page-and-document-ip-xfrm-policy-set.patch deleted file mode 100644 index 551f224..0000000 --- a/SOURCES/0050-xfrm-revise-man-page-and-document-ip-xfrm-policy-set.patch +++ /dev/null @@ -1,141 +0,0 @@ -From b213961bb74c8de4d713504a7b4c9b20900f8f99 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:24:36 +0100 -Subject: [PATCH] xfrm: revise man page and document ip xfrm policy set - - Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1212026 - Upstream Status: commit 811aca044859a - Conflicts: Context changed due to already applied commit b6ec53e3008aa - ("xfrmmonitor: allows to monitor in several netns") - - commit 811aca044859aed2802f4449023fcb4d30275625 - Author: Christophe Gouault - Date: Thu Apr 9 17:39:33 2015 +0200 - - xfrm: revise man page and document ip xfrm policy set - - - document ip xfrm policy set - - update ip xfrm monitor documentation - - in DESCRIPTION section, reorganize grouping of commands - - Signed-off-by: Christophe Gouault ---- - man/man8/ip-xfrm.8 | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 59 insertions(+), 2 deletions(-) - -diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 -index 3752c7e..aea4fda 100644 ---- a/man/man8/ip-xfrm.8 -+++ b/man/man8/ip-xfrm.8 -@@ -252,6 +252,13 @@ ip-xfrm \- transform configuration - .B "ip xfrm policy count" - - .ti -8 -+.B "ip xfrm policy set" -+.RB "[ " hthresh4 -+.IR LBITS " " RBITS " ]" -+.RB "[ " hthresh6 -+.IR LBITS " " RBITS " ]" -+ -+.ti -8 - .IR SELECTOR " :=" - .RB "[ " src - .IR ADDR "[/" PLEN "] ]" -@@ -359,6 +366,13 @@ ip-xfrm \- transform configuration - | - .IR LISTofXFRM-OBJECTS " ]" - -+.ti -8 -+.IR LISTofXFRM-OBJECTS " := [ " LISTofXFRM-OBJECTS " ] " XFRM-OBJECT -+ -+.ti -8 -+.IR XFRM-OBJECT " := " -+.BR acquire " | " expire " | " SA " | " policy " | " aevent " | " report -+ - .in -8 - .ad b - -@@ -384,7 +398,6 @@ ip xfrm state deleteall delete all existing state in xfrm - ip xfrm state list print out the list of existing state in xfrm - ip xfrm state flush flush all state in xfrm - ip xfrm state count count all existing state in xfrm --ip xfrm monitor state monitoring for xfrm objects - .TE - - .TP -@@ -506,7 +519,9 @@ encapsulates packets with protocol - .BR espinudp " or " espinudp-nonike "," - .RI "using source port " SPORT ", destination port " DPORT - .RI ", and original address " OADDR "." -+ - .sp -+.PP - .TS - l l. - ip xfrm policy add add a new policy -@@ -516,7 +531,6 @@ ip xfrm policy get get an existing policy - ip xfrm policy deleteall delete all existing xfrm policies - ip xfrm policy list print out the list of xfrm policies - ip xfrm policy flush flush policies --ip xfrm policy count count existing policies - .TE - - .TP -@@ -611,6 +625,47 @@ and inbound trigger - can be - .BR required " (default) or " use "." - -+.sp -+.PP -+.TS -+l l. -+ip xfrm policy count count existing policies -+.TE -+ -+.PP -+Use one or more -s options to display more details, including policy hash table -+information. -+ -+.sp -+.PP -+.TS -+l l. -+ip xfrm policy set configure the policy hash table -+.TE -+ -+.PP -+Security policies whose address prefix lengths are greater than or equal -+policy hash table thresholds are hashed. Others are stored in the -+policy_inexact chained list. -+ -+.TP -+.I LBITS -+specifies the minimum local address prefix length of policies that are -+stored in the Security Policy Database hash table. -+ -+.TP -+.I RBITS -+specifies the minimum remote address prefix length of policies that are -+stored in the Security Policy Database hash table. -+ -+.sp -+.PP -+.TS -+l l. -+ip xfrm monitor state monitoring for xfrm objects -+.TE -+ -+.PP - The xfrm objects to monitor can be optionally specified. - - .P -@@ -629,4 +684,6 @@ originates. Example: - .SH AUTHOR - Manpage revised by David Ward - .br -+Manpage revised by Christophe Gouault -+.br - Manpage revised by Nicolas Dichtel --- -1.8.3.1 - diff --git a/SOURCES/0051-iplink-add-support-for-IFLA_BR_VLAN_FILTERING-attrib.patch b/SOURCES/0051-iplink-add-support-for-IFLA_BR_VLAN_FILTERING-attrib.patch new file mode 100644 index 0000000..81afe82 --- /dev/null +++ b/SOURCES/0051-iplink-add-support-for-IFLA_BR_VLAN_FILTERING-attrib.patch @@ -0,0 +1,73 @@ +From da328c76f8d7942a1cd6a20976b2d6a7bbcf049c Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:51 +0100 +Subject: [PATCH] iplink: add support for IFLA_BR_VLAN_FILTERING attribute + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit e4d456f0bb83b + +commit e4d456f0bb83ba926c380da8b865f145ece3944f +Author: Nikolay Aleksandrov +Date: Wed Aug 12 09:19:06 2015 -0700 + + iplink: add support for IFLA_BR_VLAN_FILTERING attribute + + This patch implements support for the IFLA_BR_VLAN_FILTERING attribute + in iproute2 so it can enable/disable vlan_filtering. + + Example: + $ ip link set br0 type bridge vlan_filtering 1 + $ ip -d link show br0 + 6: br0: mtu 1500 qdisc noqueue state + UP mode DEFAULT group default + link/ether 08:00:27:ea:07:38 brd ff:ff:ff:ff:ff:ff promiscuity 0 + bridge forward_delay 1500 hello_time 200 max_age 2000 vlan_filtering 1 + addrgenmode eui64 + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index e704e29..a8bc840 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -26,6 +26,7 @@ static void print_explain(FILE *f) + " [ ageing_time AGEING_TIME ]\n" + " [ stp_state STP_STATE ]\n" + " [ priority PRIORITY ]\n" ++ " [ vlan_filtering VLAN_FILTERING ]\n" + ); + } + +@@ -84,6 +85,15 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + return -1; + } + addattr16(n, 1024, IFLA_BR_PRIORITY, prio); ++ } else if (matches(*argv, "vlan_filtering") == 0) { ++ __u8 vlan_filter; ++ ++ NEXT_ARG(); ++ if (get_u8(&vlan_filter, *argv, 0)) { ++ invarg("invalid vlan_filtering", *argv); ++ return -1; ++ } ++ addattr8(n, 1024, IFLA_BR_VLAN_FILTERING, vlan_filter); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -126,6 +136,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_PRIORITY]) + fprintf(f, "priority %u ", + rta_getattr_u16(tb[IFLA_BR_PRIORITY])); ++ ++ if (tb[IFLA_BR_VLAN_FILTERING]) ++ fprintf(f, "vlan_filtering %u ", ++ rta_getattr_u8(tb[IFLA_BR_VLAN_FILTERING])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0051-iplink-update-available-type-list.patch b/SOURCES/0051-iplink-update-available-type-list.patch deleted file mode 100644 index bd0f219..0000000 --- a/SOURCES/0051-iplink-update-available-type-list.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 36af5dff831900abaa38c6c906a2c9ac8ca4d201 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:24:50 +0100 -Subject: [PATCH] iplink: update available type list - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 1253a10a63e41 - -commit 1253a10a63e417c5a7774c127aea1a3b0dd09e88 -Author: Nicolas Dichtel -Date: Tue Oct 8 07:59:45 2013 -0700 - - iplink: update available type list - - macvtap and vti were missing. - - Signed-off-by: Nicolas Dichtel ---- - ip/iplink.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index 048d4f3..5a9ed57 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -89,9 +89,9 @@ void iplink_usage(void) - if (iplink_have_newlink()) { - fprintf(stderr, " ip link help [ TYPE ]\n"); - fprintf(stderr, "\n"); -- fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | can |\n"); -- fprintf(stderr, " bridge | ipoib | ip6tnl | ipip | sit | vxlan |\n"); -- fprintf(stderr, " gre | gretap | ip6gre | ip6gretap }\n"); -+ fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"); -+ fprintf(stderr, " can | bridge | ipoib | ip6tnl | ipip | sit | vxlan |\n"); -+ fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti }\n"); - } - exit(-1); - } --- -1.8.3.1 - diff --git a/SOURCES/0052-iplink-Add-support-for-IFLA_BR_VLAN_PROTOCOL-attribu.patch b/SOURCES/0052-iplink-Add-support-for-IFLA_BR_VLAN_PROTOCOL-attribu.patch new file mode 100644 index 0000000..76c8aa9 --- /dev/null +++ b/SOURCES/0052-iplink-Add-support-for-IFLA_BR_VLAN_PROTOCOL-attribu.patch @@ -0,0 +1,87 @@ +From 3072b81b5f71121d587679f5644ccab0ed71da09 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:51 +0100 +Subject: [PATCH] iplink: Add support for IFLA_BR_VLAN_PROTOCOL attribute + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 1eea5c46ec59d + +commit 1eea5c46ec59d732d47df7f2be1e84fa534f9ce5 +Author: Toshiaki Makita +Date: Mon Aug 31 18:48:46 2015 +0900 + + iplink: Add support for IFLA_BR_VLAN_PROTOCOL attribute + + This patch adds support for bridge vlan_protocol. + + Example: + $ ip link set br0 type bridge vlan_protocol 802.1ad + $ ip -d link show br0 + 4: br0: mtu 1500 qdisc noqueue state + UP mode DEFAULT group default qlen 1000 + link/ether 44:37:e6:ab:cd:ef brd ff:ff:ff:ff:ff:ff promiscuity 0 + bridge forward_delay 0 hello_time 200 max_age 2000 ageing_time 30000 + stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1ad + addrgenmode eui64 + + Signed-off-by: Toshiaki Makita +--- + ip/iplink_bridge.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index a8bc840..1c71f2e 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -14,6 +14,7 @@ + #include + #include + ++#include "rt_names.h" + #include "utils.h" + #include "ip_common.h" + +@@ -27,6 +28,9 @@ static void print_explain(FILE *f) + " [ stp_state STP_STATE ]\n" + " [ priority PRIORITY ]\n" + " [ vlan_filtering VLAN_FILTERING ]\n" ++ " [ vlan_protocol VLAN_PROTOCOL ]\n" ++ "\n" ++ "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); + } + +@@ -94,6 +98,15 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + return -1; + } + addattr8(n, 1024, IFLA_BR_VLAN_FILTERING, vlan_filter); ++ } else if (matches(*argv, "vlan_protocol") == 0) { ++ __u16 vlan_proto; ++ ++ NEXT_ARG(); ++ if (ll_proto_a2n(&vlan_proto, *argv)) { ++ invarg("invalid vlan_protocol", *argv); ++ return -1; ++ } ++ addattr16(n, 1024, IFLA_BR_VLAN_PROTOCOL, vlan_proto); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -140,6 +153,14 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_VLAN_FILTERING]) + fprintf(f, "vlan_filtering %u ", + rta_getattr_u8(tb[IFLA_BR_VLAN_FILTERING])); ++ ++ if (tb[IFLA_BR_VLAN_PROTOCOL]) { ++ SPRINT_BUF(b1); ++ ++ fprintf(f, "vlan_protocol %s ", ++ ll_proto_n2a(rta_getattr_u16(tb[IFLA_BR_VLAN_PROTOCOL]), ++ b1, sizeof(b1))); ++ } + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0052-iplink-add-support-for-bonding-netlink.patch b/SOURCES/0052-iplink-add-support-for-bonding-netlink.patch deleted file mode 100644 index 2273ab0..0000000 --- a/SOURCES/0052-iplink-add-support-for-bonding-netlink.patch +++ /dev/null @@ -1,174 +0,0 @@ -From c8b98b78222a1eef506d3e3e9e7dc7da9db0984c Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:24:51 +0100 -Subject: [PATCH] iplink: add support for bonding netlink - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit cc26a8909ff31 - -commit cc26a8909ff31388ca0b3703b08605e116e490bb -Author: Jiri Pirko -Date: Fri Oct 18 17:50:01 2013 +0200 - - iplink: add support for bonding netlink - - Signed-off-by: Jiri Pirko ---- - ip/Makefile | 2 +- - ip/iplink.c | 4 +-- - ip/iplink_bond.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++ - man/man8/ip-link.8.in | 4 +++ - 4 files changed, 99 insertions(+), 3 deletions(-) - create mode 100644 ip/iplink_bond.c - -diff --git a/ip/Makefile b/ip/Makefile -index f377c37..76878fb 100644 ---- a/ip/Makefile -+++ b/ip/Makefile -@@ -5,7 +5,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ - iplink_vlan.o link_veth.o link_gre.o iplink_can.o \ - iplink_macvlan.o iplink_macvtap.o ipl2tp.o link_vti.o link_vti6.o \ - iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ -- link_iptnl.o link_gre6.o -+ link_iptnl.o link_gre6.o iplink_bond.o - - RTMONOBJ=rtmon.o - -diff --git a/ip/iplink.c b/ip/iplink.c -index 5a9ed57..3024e99 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -90,8 +90,8 @@ void iplink_usage(void) - fprintf(stderr, " ip link help [ TYPE ]\n"); - fprintf(stderr, "\n"); - fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"); -- fprintf(stderr, " can | bridge | ipoib | ip6tnl | ipip | sit | vxlan |\n"); -- fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti }\n"); -+ fprintf(stderr, " can | bridge | bond | ipoib | ip6tnl | ipip | sit |\n"); -+ fprintf(stderr, " vxlan | gre | gretap | ip6gre | ip6gretap | vti }\n"); - } - exit(-1); - } -diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c -new file mode 100644 -index 0000000..3fb7f4f ---- /dev/null -+++ b/ip/iplink_bond.c -@@ -0,0 +1,92 @@ -+/* -+ * iplink_bond.c Bonding device support -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Jiri Pirko -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+#include "rt_names.h" -+#include "utils.h" -+#include "ip_common.h" -+ -+static void explain(void) -+{ -+ fprintf(stderr, -+ "Usage: ... bond [ mode BONDMODE ] [ active_slave SLAVE_DEV ]\n" -+ " [ clear_active_slave ]\n" -+ "\n" -+ "BONDMODE := 0-6\n" -+ ); -+} -+ -+static int bond_parse_opt(struct link_util *lu, int argc, char **argv, -+ struct nlmsghdr *n) -+{ -+ __u8 mode; -+ unsigned ifindex; -+ -+ while (argc > 0) { -+ if (matches(*argv, "mode") == 0) { -+ NEXT_ARG(); -+ if (get_u8(&mode, *argv, 0)) { -+ invarg("mode %s is invalid", *argv); -+ return -1; -+ } -+ addattr8(n, 1024, IFLA_BOND_MODE, mode); -+ } else if (matches(*argv, "active_slave") == 0) { -+ NEXT_ARG(); -+ ifindex = if_nametoindex(*argv); -+ if (!ifindex) -+ return -1; -+ addattr32(n, 1024, IFLA_BOND_ACTIVE_SLAVE, ifindex); -+ } else if (matches(*argv, "clear_active_slave") == 0) { -+ addattr32(n, 1024, IFLA_BOND_ACTIVE_SLAVE, 0); -+ } else { -+ fprintf(stderr, "bond: unknown command \"%s\"?\n", *argv); -+ explain(); -+ return -1; -+ } -+ argc--, argv++; -+ } -+ -+ return 0; -+} -+ -+static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) -+{ -+ unsigned ifindex; -+ -+ if (!tb) -+ return; -+ -+ if (tb[IFLA_BOND_MODE]) -+ fprintf(f, "mode %u ", rta_getattr_u8(tb[IFLA_BOND_MODE])); -+ -+ if (tb[IFLA_BOND_ACTIVE_SLAVE] && -+ (ifindex = rta_getattr_u32(tb[IFLA_BOND_ACTIVE_SLAVE]))) { -+ char buf[IFNAMSIZ]; -+ const char *n = if_indextoname(ifindex, buf); -+ -+ if (n) -+ fprintf(f, "active_slave %s ", n); -+ else -+ fprintf(f, "active_slave %u ", ifindex); -+ } -+} -+ -+struct link_util bond_link_util = { -+ .id = "bond", -+ .maxattr = IFLA_BOND_MAX, -+ .parse_opt = bond_parse_opt, -+ .print_opt = bond_print_opt, -+}; -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index ef90738..d69c930 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -52,6 +52,7 @@ ip-link \- network device configuration - .ti -8 - .IR TYPE " := [ " - .BR bridge " | " -+.BR bond " ]" - .BR can " | " - .BR dummy " | " - .BR ifb " | " -@@ -160,6 +161,9 @@ Link types: - .B bridge - - Ethernet Bridge device - .sp -+.B bond -+- Bonding device -+.sp - .B can - - Controller Area Network interface - .sp --- -1.8.3.1 - diff --git a/SOURCES/0053-bridge-add-batch-command-support.patch b/SOURCES/0053-bridge-add-batch-command-support.patch new file mode 100644 index 0000000..2611093 --- /dev/null +++ b/SOURCES/0053-bridge-add-batch-command-support.patch @@ -0,0 +1,162 @@ +From 7f257cb3dd2966aee6fdfc128ab2cb001cc123da Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:51 +0100 +Subject: [PATCH] bridge: add batch command support + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 9de8c6d9765f2 + +commit 9de8c6d9765f284f8f15ccbe4af791259afe707e +Author: Wilson Kok +Date: Sun Oct 11 14:03:03 2015 -0700 + + bridge: add batch command support + + This patch adds support to batch bridge commands. + Follows ip batch code. + + Signed-off-by: Wilson Kok + Signed-off-by: Roopa Prabhu + Acked-by: Christophe Gouault +--- + bridge/bridge.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + man/man8/bridge.8 | 11 +++++++++++ + 2 files changed, 70 insertions(+) + +diff --git a/bridge/bridge.c b/bridge/bridge.c +index eaf09c8..72f153f 100644 +--- a/bridge/bridge.c ++++ b/bridge/bridge.c +@@ -9,6 +9,7 @@ + #include + #include + #include ++#include + + #include "SNAPSHOT.h" + #include "utils.h" +@@ -23,6 +24,8 @@ int show_stats; + int show_details; + int compress_vlans; + int timestamp; ++char *batch_file; ++int force; + const char *_SL_; + + static void usage(void) __attribute__((noreturn)); +@@ -31,6 +34,7 @@ static void usage(void) + { + fprintf(stderr, + "Usage: bridge [ OPTIONS ] OBJECT { COMMAND | help }\n" ++" bridge [ -force ] -batch filename\n" + "where OBJECT := { link | fdb | mdb | vlan | monitor }\n" + " OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] |\n" + " -o[neline] | -t[imestamp] | -n[etns] name |\n" +@@ -71,6 +75,50 @@ static int do_cmd(const char *argv0, int argc, char **argv) + return -1; + } + ++static int batch(const char *name) ++{ ++ char *line = NULL; ++ size_t len = 0; ++ int ret = EXIT_SUCCESS; ++ ++ if (name && strcmp(name, "-") != 0) { ++ if (freopen(name, "r", stdin) == NULL) { ++ fprintf(stderr, ++ "Cannot open file \"%s\" for reading: %s\n", ++ name, strerror(errno)); ++ return EXIT_FAILURE; ++ } ++ } ++ ++ if (rtnl_open(&rth, 0) < 0) { ++ fprintf(stderr, "Cannot open rtnetlink\n"); ++ return EXIT_FAILURE; ++ } ++ ++ cmdlineno = 0; ++ while (getcmdline(&line, &len, stdin) != -1) { ++ char *largv[100]; ++ int largc; ++ ++ largc = makeargs(line, largv, 100); ++ if (largc == 0) ++ continue; /* blank line */ ++ ++ if (do_cmd(largv[0], largc, largv)) { ++ fprintf(stderr, "Command failed %s:%d\n", ++ name, cmdlineno); ++ ret = EXIT_FAILURE; ++ if (!force) ++ break; ++ } ++ } ++ if (line) ++ free(line); ++ ++ rtnl_close(&rth); ++ return ret; ++} ++ + int + main(int argc, char **argv) + { +@@ -123,6 +171,14 @@ main(int argc, char **argv) + exit(-1); + } else if (matches(opt, "-compressvlans") == 0) { + ++compress_vlans; ++ } else if (matches(opt, "-force") == 0) { ++ ++force; ++ } else if (matches(opt, "-batch") == 0) { ++ argc--; ++ argv++; ++ if (argc <= 1) ++ usage(); ++ batch_file = argv[1]; + } else { + fprintf(stderr, + "Option \"%s\" is unknown, try \"bridge help\".\n", +@@ -134,6 +190,9 @@ main(int argc, char **argv) + + _SL_ = oneline ? "\\" : "\n"; + ++ if (batch_file) ++ return batch(batch_file); ++ + if (rtnl_open(&rth, 0) < 0) + exit(1); + +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 210a3ee..2f72710 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -21,6 +21,7 @@ bridge \- show / manipulate bridge addresses and devices + \fB\-V\fR[\fIersion\fR] | + \fB\-s\fR[\fItatistics\fR] | + \fB\-n\fR[\fIetns\fR] name } ++\fB\-b\fR[\fIatch\fR] filename } + + .ti -8 + .BR "bridge link set" +@@ -137,6 +138,16 @@ to + .RI "-n[etns] " NETNS " [ " OPTIONS " ] " OBJECT " { " COMMAND " | " + .BR help " }" + ++.TP ++.BR "\-b", " \-batch " ++Read commands from provided file or standard input and invoke them. ++First failure will cause termination of bridge command. ++ ++.TP ++.BR "\-force" ++Don't terminate bridge command on errors in batch mode. ++If there were any errors during execution of the commands, the application ++return code will be non zero. + + .SH BRIDGE - COMMAND SYNTAX + +-- +1.8.3.1 + diff --git a/SOURCES/0053-iproute2-finish-support-for-bonding-attributes.patch b/SOURCES/0053-iproute2-finish-support-for-bonding-attributes.patch deleted file mode 100644 index 632aa74..0000000 --- a/SOURCES/0053-iproute2-finish-support-for-bonding-attributes.patch +++ /dev/null @@ -1,546 +0,0 @@ -From 94fcad34a1305c2851b759b6acb3903c7227580f Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:24:51 +0100 -Subject: [PATCH] iproute2: finish support for bonding attributes - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 63d127b05dff4 - -commit 63d127b05dff4d21e8748b2ba9e0e6372897c383 -Author: sfeldma@cumulusnetworks.com -Date: Fri Jan 3 18:45:38 2014 -0800 - - iproute2: finish support for bonding attributes - - Add support for bonding attributes just added to net-next. - On set, allow string or number value for enumerated attributes. - On show, use always use string value for attribute. - - Signed-off-by: Scott Feldman ---- - ip/iplink_bond.c | 458 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 451 insertions(+), 7 deletions(-) - -diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c -index 3fb7f4f..f0e5ab1 100644 ---- a/ip/iplink_bond.c -+++ b/ip/iplink_bond.c -@@ -7,41 +7,165 @@ - * 2 of the License, or (at your option) any later version. - * - * Authors: Jiri Pirko -+ * Scott Feldman - */ - - #include - #include - #include - #include -+#include - #include - - #include "rt_names.h" - #include "utils.h" - #include "ip_common.h" - -+#define BOND_MAX_ARP_TARGETS 16 -+ -+static const char *mode_tbl[] = { -+ "balance-rr", -+ "active-backup", -+ "balance-xor", -+ "broadcast", -+ "802.3ad", -+ "balance-tlb", -+ "balance-alb", -+ NULL, -+}; -+ -+static const char *arp_validate_tbl[] = { -+ "none", -+ "active", -+ "backup", -+ "all", -+ NULL, -+}; -+ -+static const char *arp_all_targets_tbl[] = { -+ "any", -+ "all", -+ NULL, -+}; -+ -+static const char *primary_reselect_tbl[] = { -+ "always", -+ "better", -+ "failure", -+ NULL, -+}; -+ -+static const char *fail_over_mac_tbl[] = { -+ "none", -+ "active", -+ "follow", -+ NULL, -+}; -+ -+static const char *xmit_hash_policy_tbl[] = { -+ "layer2", -+ "layer3+4", -+ "layer2+3", -+ "encap2+3", -+ "encap3+4", -+ NULL, -+}; -+ -+static const char *lacp_rate_tbl[] = { -+ "slow", -+ "fast", -+ NULL, -+}; -+ -+static const char *ad_select_tbl[] = { -+ "stable", -+ "bandwidth", -+ "count", -+ NULL, -+}; -+ -+static const char *get_name(const char **tbl, int index) -+{ -+ int i; -+ -+ for (i = 0; tbl[i]; i++) -+ if (i == index) -+ return tbl[i]; -+ -+ return "UNKNOWN"; -+} -+ -+static int get_index(const char **tbl, char *name) -+{ -+ int i, index; -+ -+ /* check for integer index passed in instead of name */ -+ if (get_integer(&index, name, 10) == 0) -+ for (i = 0; tbl[i]; i++) -+ if (i == index) -+ return i; -+ -+ for (i = 0; tbl[i]; i++) -+ if (strncmp(tbl[i], name, strlen(tbl[i])) == 0) -+ return i; -+ -+ return -1; -+} -+ - static void explain(void) - { - fprintf(stderr, - "Usage: ... bond [ mode BONDMODE ] [ active_slave SLAVE_DEV ]\n" -- " [ clear_active_slave ]\n" -+ " [ clear_active_slave ] [ miimon MIIMON ]\n" -+ " [ updelay UPDELAY ] [ downdelay DOWNDELAY ]\n" -+ " [ use_carrier USE_CARRIER ]\n" -+ " [ arp_interval ARP_INTERVAL ]\n" -+ " [ arp_validate ARP_VALIDATE ]\n" -+ " [ arp_all_targets ARP_ALL_TARGETS ]\n" -+ " [ arp_ip_target [ ARP_IP_TARGET, ... ] ]\n" -+ " [ primary SLAVE_DEV ]\n" -+ " [ primary_reselect PRIMARY_RESELECT ]\n" -+ " [ fail_over_mac FAIL_OVER_MAC ]\n" -+ " [ xmit_hash_policy XMIT_HASH_POLICY ]\n" -+ " [ resend_igmp RESEND_IGMP ]\n" -+ " [ num_grat_arp|num_unsol_na NUM_GRAT_ARP|NUM_UNSOL_NA ]\n" -+ " [ all_slaves_active ALL_SLAVES_ACTIVE ]\n" -+ " [ min_links MIN_LINKS ]\n" -+ " [ lp_interval LP_INTERVAL ]\n" -+ " [ packets_per_slave PACKETS_PER_SLAVE ]\n" -+ " [ lacp_rate LACP_RATE ]\n" -+ " [ ad_select AD_SELECT ]\n" - "\n" -- "BONDMODE := 0-6\n" -+ "BONDMODE := balance-rr|active-backup|balance-xor|broadcast|802.3ad|balance-tlb|balance-alb\n" -+ "ARP_VALIDATE := none|active|backup|all\n" -+ "ARP_ALL_TARGETS := any|all\n" -+ "PRIMARY_RESELECT := always|better|failure\n" -+ "FAIL_OVER_MAC := none|active|follow\n" -+ "XMIT_HASH_POLICY := layer2|layer2+3|layer3+4\n" -+ "LACP_RATE := slow|fast\n" -+ "AD_SELECT := stable|bandwidth|count\n" - ); - } - - static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - struct nlmsghdr *n) - { -- __u8 mode; -+ __u8 mode, use_carrier, primary_reselect, fail_over_mac; -+ __u8 xmit_hash_policy, num_peer_notif, all_slaves_active; -+ __u8 lacp_rate, ad_select; -+ __u32 miimon, updelay, downdelay, arp_interval, arp_validate; -+ __u32 arp_all_targets, resend_igmp, min_links, lp_interval; -+ __u32 packets_per_slave; - unsigned ifindex; - - while (argc > 0) { - if (matches(*argv, "mode") == 0) { - NEXT_ARG(); -- if (get_u8(&mode, *argv, 0)) { -- invarg("mode %s is invalid", *argv); -+ if (get_index(mode_tbl, *argv) < 0) { -+ invarg("invalid mode", *argv); - return -1; - } -+ mode = get_index(mode_tbl, *argv); - addattr8(n, 1024, IFLA_BOND_MODE, mode); - } else if (matches(*argv, "active_slave") == 0) { - NEXT_ARG(); -@@ -51,6 +175,170 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - addattr32(n, 1024, IFLA_BOND_ACTIVE_SLAVE, ifindex); - } else if (matches(*argv, "clear_active_slave") == 0) { - addattr32(n, 1024, IFLA_BOND_ACTIVE_SLAVE, 0); -+ } else if (matches(*argv, "miimon") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&miimon, *argv, 0)) { -+ invarg("invalid miimon", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BOND_MIIMON, miimon); -+ } else if (matches(*argv, "updelay") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&updelay, *argv, 0)) { -+ invarg("invalid updelay", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BOND_UPDELAY, updelay); -+ } else if (matches(*argv, "downdelay") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&downdelay, *argv, 0)) { -+ invarg("invalid downdelay", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BOND_DOWNDELAY, downdelay); -+ } else if (matches(*argv, "use_carrier") == 0) { -+ NEXT_ARG(); -+ if (get_u8(&use_carrier, *argv, 0)) { -+ invarg("invalid use_carrier", *argv); -+ return -1; -+ } -+ addattr8(n, 1024, IFLA_BOND_USE_CARRIER, use_carrier); -+ } else if (matches(*argv, "arp_interval") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&arp_interval, *argv, 0)) { -+ invarg("invalid arp_interval", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BOND_ARP_INTERVAL, arp_interval); -+ } else if (matches(*argv, "arp_ip_target") == 0) { -+ struct rtattr * nest = addattr_nest(n, 1024, -+ IFLA_BOND_ARP_IP_TARGET); -+ if (NEXT_ARG_OK()) { -+ NEXT_ARG(); -+ char *targets = strdupa(*argv); -+ char *target = strtok(targets, ","); -+ int i; -+ -+ for(i = 0; target && i < BOND_MAX_ARP_TARGETS; i++) { -+ __u32 addr = get_addr32(target); -+ addattr32(n, 1024, i, addr); -+ target = strtok(NULL, ","); -+ } -+ addattr_nest_end(n, nest); -+ } -+ addattr_nest_end(n, nest); -+ } else if (matches(*argv, "arp_validate") == 0) { -+ NEXT_ARG(); -+ if (get_index(arp_validate_tbl, *argv) < 0) { -+ invarg("invalid arp_validate", *argv); -+ return -1; -+ } -+ arp_validate = get_index(arp_validate_tbl, *argv); -+ addattr32(n, 1024, IFLA_BOND_ARP_VALIDATE, arp_validate); -+ } else if (matches(*argv, "arp_all_targets") == 0) { -+ NEXT_ARG(); -+ if (get_index(arp_all_targets_tbl, *argv) < 0) { -+ invarg("invalid arp_all_targets", *argv); -+ return -1; -+ } -+ arp_all_targets = get_index(arp_all_targets_tbl, *argv); -+ addattr32(n, 1024, IFLA_BOND_ARP_ALL_TARGETS, arp_all_targets); -+ } else if (matches(*argv, "primary") == 0) { -+ NEXT_ARG(); -+ ifindex = if_nametoindex(*argv); -+ if (!ifindex) -+ return -1; -+ addattr32(n, 1024, IFLA_BOND_PRIMARY, ifindex); -+ } else if (matches(*argv, "primary_reselect") == 0) { -+ NEXT_ARG(); -+ if (get_index(primary_reselect_tbl, *argv) < 0) { -+ invarg("invalid primary_reselect", *argv); -+ return -1; -+ } -+ primary_reselect = get_index(primary_reselect_tbl, *argv); -+ addattr8(n, 1024, IFLA_BOND_PRIMARY_RESELECT, -+ primary_reselect); -+ } else if (matches(*argv, "fail_over_mac") == 0) { -+ NEXT_ARG(); -+ if (get_index(fail_over_mac_tbl, *argv) < 0) { -+ invarg("invalid fail_over_mac", *argv); -+ return -1; -+ } -+ fail_over_mac = get_index(fail_over_mac_tbl, *argv); -+ addattr8(n, 1024, IFLA_BOND_FAIL_OVER_MAC, -+ fail_over_mac); -+ } else if (matches(*argv, "xmit_hash_policy") == 0) { -+ NEXT_ARG(); -+ if (get_index(xmit_hash_policy_tbl, *argv) < 0) { -+ invarg("invalid xmit_hash_policy", *argv); -+ return -1; -+ } -+ xmit_hash_policy = get_index(xmit_hash_policy_tbl, *argv); -+ addattr8(n, 1024, IFLA_BOND_XMIT_HASH_POLICY, -+ xmit_hash_policy); -+ } else if (matches(*argv, "resend_igmp") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&resend_igmp, *argv, 0)) { -+ invarg("invalid resend_igmp", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BOND_RESEND_IGMP, resend_igmp); -+ } else if (matches(*argv, "num_grat_arp") == 0 || -+ matches(*argv, "num_unsol_na") == 0) { -+ NEXT_ARG(); -+ if (get_u8(&num_peer_notif, *argv, 0)) { -+ invarg("invalid num_grat_arp|num_unsol_na", -+ *argv); -+ return -1; -+ } -+ addattr8(n, 1024, IFLA_BOND_NUM_PEER_NOTIF, -+ num_peer_notif); -+ } else if (matches(*argv, "all_slaves_active") == 0) { -+ NEXT_ARG(); -+ if (get_u8(&all_slaves_active, *argv, 0)) { -+ invarg("invalid all_slaves_active", *argv); -+ return -1; -+ } -+ addattr8(n, 1024, IFLA_BOND_ALL_SLAVES_ACTIVE, -+ all_slaves_active); -+ } else if (matches(*argv, "min_links") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&min_links, *argv, 0)) { -+ invarg("invalid min_links", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BOND_MIN_LINKS, min_links); -+ } else if (matches(*argv, "lp_interval") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&lp_interval, *argv, 0)) { -+ invarg("invalid lp_interval", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BOND_LP_INTERVAL, lp_interval); -+ } else if (matches(*argv, "packets_per_slave") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&packets_per_slave, *argv, 0)) { -+ invarg("invalid packets_per_slave", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BOND_PACKETS_PER_SLAVE, -+ packets_per_slave); -+ } else if (matches(*argv, "lacp_rate") == 0) { -+ NEXT_ARG(); -+ if (get_index(lacp_rate_tbl, *argv) < 0) { -+ invarg("invalid lacp_rate", *argv); -+ return -1; -+ } -+ lacp_rate = get_index(lacp_rate_tbl, *argv); -+ addattr8(n, 1024, IFLA_BOND_AD_LACP_RATE, lacp_rate); -+ } else if (matches(*argv, "ad_select") == 0) { -+ NEXT_ARG(); -+ if (get_index(ad_select_tbl, *argv) < 0) { -+ invarg("invalid ad_select", *argv); -+ return -1; -+ } -+ ad_select = get_index(ad_select_tbl, *argv); -+ addattr8(n, 1024, IFLA_BOND_AD_SELECT, ad_select); - } else { - fprintf(stderr, "bond: unknown command \"%s\"?\n", *argv); - explain(); -@@ -69,8 +357,11 @@ static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - if (!tb) - return; - -- if (tb[IFLA_BOND_MODE]) -- fprintf(f, "mode %u ", rta_getattr_u8(tb[IFLA_BOND_MODE])); -+ if (tb[IFLA_BOND_MODE]) { -+ const char *mode = get_name(mode_tbl, -+ rta_getattr_u8(tb[IFLA_BOND_MODE])); -+ fprintf(f, "mode %s ", mode); -+ } - - if (tb[IFLA_BOND_ACTIVE_SLAVE] && - (ifindex = rta_getattr_u32(tb[IFLA_BOND_ACTIVE_SLAVE]))) { -@@ -82,6 +373,159 @@ static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - else - fprintf(f, "active_slave %u ", ifindex); - } -+ -+ if (tb[IFLA_BOND_MIIMON]) -+ fprintf(f, "miimon %u ", rta_getattr_u32(tb[IFLA_BOND_MIIMON])); -+ -+ if (tb[IFLA_BOND_UPDELAY]) -+ fprintf(f, "updelay %u ", rta_getattr_u32(tb[IFLA_BOND_UPDELAY])); -+ -+ if (tb[IFLA_BOND_DOWNDELAY]) -+ fprintf(f, "downdelay %u ", -+ rta_getattr_u32(tb[IFLA_BOND_DOWNDELAY])); -+ -+ if (tb[IFLA_BOND_USE_CARRIER]) -+ fprintf(f, "use_carrier %u ", -+ rta_getattr_u8(tb[IFLA_BOND_USE_CARRIER])); -+ -+ if (tb[IFLA_BOND_ARP_INTERVAL]) -+ fprintf(f, "arp_interval %u ", -+ rta_getattr_u32(tb[IFLA_BOND_ARP_INTERVAL])); -+ -+ if (tb[IFLA_BOND_ARP_IP_TARGET]) { -+ struct rtattr *iptb[BOND_MAX_ARP_TARGETS + 1]; -+ char buf[INET_ADDRSTRLEN]; -+ int i; -+ -+ parse_rtattr_nested(iptb, BOND_MAX_ARP_TARGETS, -+ tb[IFLA_BOND_ARP_IP_TARGET]); -+ -+ if (iptb[0]) -+ fprintf(f, "arp_ip_target "); -+ -+ for (i = 0; i < BOND_MAX_ARP_TARGETS; i++) { -+ if (iptb[i]) -+ fprintf(f, "%s", -+ rt_addr_n2a(AF_INET, -+ RTA_PAYLOAD(iptb[i]), -+ RTA_DATA(iptb[i]), -+ buf, -+ INET_ADDRSTRLEN)); -+ if (i < BOND_MAX_ARP_TARGETS-1 && iptb[i+1]) -+ fprintf(f, ","); -+ } -+ -+ if (iptb[0]) -+ fprintf(f, " "); -+ } -+ -+ if (tb[IFLA_BOND_ARP_VALIDATE]) { -+ const char *arp_validate = get_name(arp_validate_tbl, -+ rta_getattr_u32(tb[IFLA_BOND_ARP_VALIDATE])); -+ fprintf(f, "arp_validate %s ", arp_validate); -+ } -+ -+ if (tb[IFLA_BOND_ARP_ALL_TARGETS]) { -+ const char *arp_all_targets = get_name(arp_all_targets_tbl, -+ rta_getattr_u32(tb[IFLA_BOND_ARP_ALL_TARGETS])); -+ fprintf(f, "arp_all_target %s ", arp_all_targets); -+ } -+ -+ if (tb[IFLA_BOND_PRIMARY] && -+ (ifindex = rta_getattr_u32(tb[IFLA_BOND_PRIMARY]))) { -+ char buf[IFNAMSIZ]; -+ const char *n = if_indextoname(ifindex, buf); -+ -+ if (n) -+ fprintf(f, "primary %s ", n); -+ else -+ fprintf(f, "primary %u ", ifindex); -+ } -+ -+ if (tb[IFLA_BOND_PRIMARY_RESELECT]) { -+ const char *primary_reselect = get_name(primary_reselect_tbl, -+ rta_getattr_u8(tb[IFLA_BOND_PRIMARY_RESELECT])); -+ fprintf(f, "primary_reselect %s ", primary_reselect); -+ } -+ -+ if (tb[IFLA_BOND_FAIL_OVER_MAC]) { -+ const char *fail_over_mac = get_name(fail_over_mac_tbl, -+ rta_getattr_u8(tb[IFLA_BOND_FAIL_OVER_MAC])); -+ fprintf(f, "fail_over_mac %s ", fail_over_mac); -+ } -+ -+ if (tb[IFLA_BOND_XMIT_HASH_POLICY]) { -+ const char *xmit_hash_policy = get_name(xmit_hash_policy_tbl, -+ rta_getattr_u8(tb[IFLA_BOND_XMIT_HASH_POLICY])); -+ fprintf(f, "xmit_hash_policy %s ", xmit_hash_policy); -+ } -+ -+ if (tb[IFLA_BOND_RESEND_IGMP]) -+ fprintf(f, "resend_igmp %u ", -+ rta_getattr_u32(tb[IFLA_BOND_RESEND_IGMP])); -+ -+ if (tb[IFLA_BOND_NUM_PEER_NOTIF]) -+ fprintf(f, "num_grat_arp %u ", -+ rta_getattr_u8(tb[IFLA_BOND_NUM_PEER_NOTIF])); -+ -+ if (tb[IFLA_BOND_ALL_SLAVES_ACTIVE]) -+ fprintf(f, "all_slaves_active %u ", -+ rta_getattr_u8(tb[IFLA_BOND_ALL_SLAVES_ACTIVE])); -+ -+ if (tb[IFLA_BOND_MIN_LINKS]) -+ fprintf(f, "min_links %u ", -+ rta_getattr_u32(tb[IFLA_BOND_MIN_LINKS])); -+ -+ if (tb[IFLA_BOND_LP_INTERVAL]) -+ fprintf(f, "lp_interval %u ", -+ rta_getattr_u32(tb[IFLA_BOND_LP_INTERVAL])); -+ -+ if (tb[IFLA_BOND_PACKETS_PER_SLAVE]) -+ fprintf(f, "packets_per_slave %u ", -+ rta_getattr_u32(tb[IFLA_BOND_PACKETS_PER_SLAVE])); -+ -+ if (tb[IFLA_BOND_AD_LACP_RATE]) { -+ const char *lacp_rate = get_name(lacp_rate_tbl, -+ rta_getattr_u8(tb[IFLA_BOND_AD_LACP_RATE])); -+ fprintf(f, "lacp_rate %s ", lacp_rate); -+ } -+ -+ if (tb[IFLA_BOND_AD_SELECT]) { -+ const char *ad_select = get_name(ad_select_tbl, -+ rta_getattr_u8(tb[IFLA_BOND_AD_SELECT])); -+ fprintf(f, "ad_select %s ", ad_select); -+ } -+ -+ if (tb[IFLA_BOND_AD_INFO]) { -+ struct rtattr *adtb[IFLA_BOND_AD_INFO_MAX + 1]; -+ -+ parse_rtattr_nested(adtb, IFLA_BOND_AD_INFO_MAX, -+ tb[IFLA_BOND_AD_INFO]); -+ -+ if (adtb[IFLA_BOND_AD_INFO_AGGREGATOR]) -+ fprintf(f, "ad_aggregator %d ", -+ rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_AGGREGATOR])); -+ -+ if (adtb[IFLA_BOND_AD_INFO_NUM_PORTS]) -+ fprintf(f, "ad_num_ports %d ", -+ rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_NUM_PORTS])); -+ -+ if (adtb[IFLA_BOND_AD_INFO_ACTOR_KEY]) -+ fprintf(f, "ad_actor_key %d ", -+ rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_ACTOR_KEY])); -+ -+ if (adtb[IFLA_BOND_AD_INFO_PARTNER_KEY]) -+ fprintf(f, "ad_partner_key %d ", -+ rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_PARTNER_KEY])); -+ -+ if (adtb[IFLA_BOND_AD_INFO_PARTNER_MAC]) { -+ unsigned char *p = -+ RTA_DATA(adtb[IFLA_BOND_AD_INFO_PARTNER_MAC]); -+ SPRINT_BUF(b); -+ fprintf(f, "ad_partner_mac %s ", -+ ll_addr_n2a(p, ETH_ALEN, 0, b, sizeof(b))); -+ } -+ } - } - - struct link_util bond_link_util = { --- -1.8.3.1 - diff --git a/SOURCES/0054-introduce-support-for-slave-info-data.patch b/SOURCES/0054-introduce-support-for-slave-info-data.patch deleted file mode 100644 index 38edc74..0000000 --- a/SOURCES/0054-introduce-support-for-slave-info-data.patch +++ /dev/null @@ -1,185 +0,0 @@ -From 4e0ecde498d450b10a3bb44ca95816dd2a479f40 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:24:51 +0100 -Subject: [PATCH] introduce support for slave info data - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit fbea6115645a1 -Conflicts: Changed context due to already applied commit 561e650eff679 - ("ip link: Shortify printing the usage of link type") - -commit fbea6115645a126de87bbcf51371050dde1a5b39 -Author: Jiri Pirko -Date: Thu Jan 23 17:52:53 2014 +0100 - - introduce support for slave info data - - Signed-off-by: Jiri Pirko ---- - ip/ip_common.h | 4 ++++ - ip/ipaddress.c | 54 ++++++++++++++++++++++++++++++++++++------------------ - ip/iplink.c | 21 ++++++++++++++++++--- - 3 files changed, 58 insertions(+), 21 deletions(-) - -diff --git a/ip/ip_common.h b/ip/ip_common.h -index 274d12a..917fcf8 100644 ---- a/ip/ip_common.h -+++ b/ip/ip_common.h -@@ -66,6 +66,8 @@ static inline int rtm_get_table(struct rtmsg *r, struct rtattr **tb) - - extern struct rtnl_handle rth; - -+#include -+ - struct link_util - { - struct link_util *next; -@@ -79,9 +81,11 @@ struct link_util - struct rtattr *); - void (*print_help)(struct link_util *, int, char **, - FILE *); -+ bool slave; - }; - - struct link_util *get_link_kind(const char *kind); -+struct link_util *get_link_slave_kind(const char *slave_kind); - - #ifndef INFINITY_LIFE_TIME - #define INFINITY_LIFE_TIME 0xFFFFFFFFU -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 700c40f..8681bf9 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -193,34 +193,52 @@ static void print_linktype(FILE *fp, struct rtattr *tb) - { - struct rtattr *linkinfo[IFLA_INFO_MAX+1]; - struct link_util *lu; -+ struct link_util *slave_lu; - char *kind; -+ char *slave_kind; - - parse_rtattr_nested(linkinfo, IFLA_INFO_MAX, tb); - -- if (!linkinfo[IFLA_INFO_KIND]) -- return; -- kind = RTA_DATA(linkinfo[IFLA_INFO_KIND]); -+ if (linkinfo[IFLA_INFO_KIND]) { -+ kind = RTA_DATA(linkinfo[IFLA_INFO_KIND]); - -- fprintf(fp, "%s", _SL_); -- fprintf(fp, " %s ", kind); -+ fprintf(fp, "%s", _SL_); -+ fprintf(fp, " %s ", kind); - -- lu = get_link_kind(kind); -- if (!lu || !lu->print_opt) -- return; -+ lu = get_link_kind(kind); -+ if (lu && lu->print_opt) { -+ struct rtattr *attr[lu->maxattr+1], **data = NULL; - -- if (1) { -- struct rtattr *attr[lu->maxattr+1], **data = NULL; -+ if (linkinfo[IFLA_INFO_DATA]) { -+ parse_rtattr_nested(attr, lu->maxattr, -+ linkinfo[IFLA_INFO_DATA]); -+ data = attr; -+ } -+ lu->print_opt(lu, fp, data); - -- if (linkinfo[IFLA_INFO_DATA]) { -- parse_rtattr_nested(attr, lu->maxattr, -- linkinfo[IFLA_INFO_DATA]); -- data = attr; -+ if (linkinfo[IFLA_INFO_XSTATS] && show_stats && -+ lu->print_xstats) -+ lu->print_xstats(lu, fp, linkinfo[IFLA_INFO_XSTATS]); - } -- lu->print_opt(lu, fp, data); -+ } - -- if (linkinfo[IFLA_INFO_XSTATS] && show_stats && -- lu->print_xstats) -- lu->print_xstats(lu, fp, linkinfo[IFLA_INFO_XSTATS]); -+ if (linkinfo[IFLA_INFO_SLAVE_KIND]) { -+ slave_kind = RTA_DATA(linkinfo[IFLA_INFO_SLAVE_KIND]); -+ -+ fprintf(fp, "%s", _SL_); -+ fprintf(fp, " %s_slave ", slave_kind); -+ -+ slave_lu = get_link_slave_kind(slave_kind); -+ if (slave_lu && slave_lu->print_opt) { -+ struct rtattr *attr[slave_lu->maxattr+1], **data = NULL; -+ -+ if (linkinfo[IFLA_INFO_SLAVE_DATA]) { -+ parse_rtattr_nested(attr, slave_lu->maxattr, -+ linkinfo[IFLA_INFO_SLAVE_DATA]); -+ data = attr; -+ } -+ slave_lu->print_opt(slave_lu, fp, data); -+ } - } - } - -diff --git a/ip/iplink.c b/ip/iplink.c -index 3024e99..8d6a2b3 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - - #include "rt_names.h" - #include "utils.h" -@@ -110,14 +111,15 @@ static int on_off(const char *msg, const char *realval) - static void *BODY; /* cached dlopen(NULL) handle */ - static struct link_util *linkutil_list; - --struct link_util *get_link_kind(const char *id) -+static struct link_util *__get_link_kind(const char *id, bool slave) - { - void *dlh; - char buf[256]; - struct link_util *l; - - for (l = linkutil_list; l; l = l->next) -- if (strcmp(l->id, id) == 0) -+ if (strcmp(l->id, id) == 0 && -+ l->slave == slave) - return l; - - snprintf(buf, sizeof(buf), LIBDIR "/ip/link_%s.so", id); -@@ -132,7 +134,10 @@ struct link_util *get_link_kind(const char *id) - } - } - -- snprintf(buf, sizeof(buf), "%s_link_util", id); -+ if (slave) -+ snprintf(buf, sizeof(buf), "%s_slave_link_util", id); -+ else -+ snprintf(buf, sizeof(buf), "%s_link_util", id); - l = dlsym(dlh, buf); - if (l == NULL) - return NULL; -@@ -142,6 +147,16 @@ struct link_util *get_link_kind(const char *id) - return l; - } - -+struct link_util *get_link_kind(const char *id) -+{ -+ return __get_link_kind(id, false); -+} -+ -+struct link_util *get_link_slave_kind(const char *id) -+{ -+ return __get_link_kind(id, true); -+} -+ - static int get_link_mode(const char *mode) - { - if (strcasecmp(mode, "default") == 0) --- -1.8.3.1 - diff --git a/SOURCES/0054-ip-bridge-document-timestamp-option.patch b/SOURCES/0054-ip-bridge-document-timestamp-option.patch new file mode 100644 index 0000000..3262e93 --- /dev/null +++ b/SOURCES/0054-ip-bridge-document-timestamp-option.patch @@ -0,0 +1,54 @@ +From dea6707510769d0fba936c1be868b123df9bb159 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:52 +0100 +Subject: [PATCH] ip, bridge: document -timestamp option + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 25bc3d3d4aac6 + +commit 25bc3d3d4aac6d0ab20a01d922b8e8ad6eb2232e +Author: Satish Ashok +Date: Mon Oct 12 09:28:55 2015 -0700 + + ip, bridge: document -timestamp option + + This patch documents bridge and ip -timestamp option + + Signed-off-by: Satish Ashok +--- + man/man8/bridge.8 | 3 +++ + man/man8/ip.8 | 4 ++++ + 2 files changed, 7 insertions(+) + +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 2f72710..6cbf72b 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -308,6 +308,9 @@ link setting is configured on specified physical device + .BI master + link setting is configured on the software bridge (default) + ++.TP ++.BR "\-t" , " \-timestamp" ++display current time when using monitor option. + + .SS bridge link show - list bridge port configuration. + +diff --git a/man/man8/ip.8 b/man/man8/ip.8 +index b1c0bc0..caaa1c1 100644 +--- a/man/man8/ip.8 ++++ b/man/man8/ip.8 +@@ -195,6 +195,10 @@ Set the netlink socket receive buffer size, defaults to 1MB. + .BR "\-iec" + print human readable rates in IEC units (e.g. 1Ki = 1024). + ++.TP ++.BR "\-t" , " \-timestamp" ++display current time when using monitor option. ++ + .SH IP - COMMAND SYNTAX + + .SS +-- +1.8.3.1 + diff --git a/SOURCES/0055-bridge-add-calls-to-fflush-in-fdb-and-mdb-print-func.patch b/SOURCES/0055-bridge-add-calls-to-fflush-in-fdb-and-mdb-print-func.patch new file mode 100644 index 0000000..9c2bd42 --- /dev/null +++ b/SOURCES/0055-bridge-add-calls-to-fflush-in-fdb-and-mdb-print-func.patch @@ -0,0 +1,52 @@ +From 284eed75d40124e365c49b3412441d31b9d70784 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:52 +0100 +Subject: [PATCH] bridge: add calls to fflush in fdb and mdb print functions + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 4d45bf3bafa69 + +commit 4d45bf3bafa6960720193dbf57042a3b43b73868 +Author: Wilson Kok +Date: Thu Oct 15 14:53:17 2015 -0700 + + bridge: add calls to fflush in fdb and mdb print functions + + This patch adds fflush in fdb and mdb print functions + + Signed-off-by: Wilson Kok + Signed-off-by: Roopa Prabhu +--- + bridge/fdb.c | 2 ++ + bridge/mdb.c | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index edf621c..8a706d8 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -162,6 +162,8 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "offload "); + + fprintf(fp, "%s\n", state_n2a(r->ndm_state)); ++ fflush(fp); ++ + return 0; + } + +diff --git a/bridge/mdb.c b/bridge/mdb.c +index b14bd01..24c4903 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -135,6 +135,8 @@ int print_mdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + } + } + ++ fflush(fp); ++ + return 0; + } + +-- +1.8.3.1 + diff --git a/SOURCES/0055-iplink-add-support-for-bonding-slave.patch b/SOURCES/0055-iplink-add-support-for-bonding-slave.patch deleted file mode 100644 index becc4c3..0000000 --- a/SOURCES/0055-iplink-add-support-for-bonding-slave.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 95014c8dbd2a76b735fed48bd2985d9b51f5f48a Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:25:58 +0100 -Subject: [PATCH] iplink: add support for bonding slave - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 730d3f61d91ff -Conflicts: Patch adjusted for missing HSR device support in RHEL7 - -commit 730d3f61d91ffefd58adcae6d2765e94a14fa3af -Author: Jiri Pirko -Date: Thu Jan 23 17:52:54 2014 +0100 - - iplink: add support for bonding slave - - Signed-off-by: Jiri Pirko ---- - ip/Makefile | 2 +- - ip/iplink_bond_slave.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 91 insertions(+), 1 deletion(-) - create mode 100644 ip/iplink_bond_slave.c - -diff --git a/ip/Makefile b/ip/Makefile -index 76878fb..080b079 100644 ---- a/ip/Makefile -+++ b/ip/Makefile -@@ -5,7 +5,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ - iplink_vlan.o link_veth.o link_gre.o iplink_can.o \ - iplink_macvlan.o iplink_macvtap.o ipl2tp.o link_vti.o link_vti6.o \ - iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ -- link_iptnl.o link_gre6.o iplink_bond.o -+ link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o - - RTMONOBJ=rtmon.o - -diff --git a/ip/iplink_bond_slave.c b/ip/iplink_bond_slave.c -new file mode 100644 -index 0000000..bb4e1d6 ---- /dev/null -+++ b/ip/iplink_bond_slave.c -@@ -0,0 +1,90 @@ -+/* -+ * iplink_bond_slave.c Bonding slave device support -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Jiri Pirko -+ */ -+ -+#include -+#include -+#include -+ -+#include "rt_names.h" -+#include "utils.h" -+#include "ip_common.h" -+ -+static const char *slave_states[] = { -+ [BOND_STATE_ACTIVE] = "ACTIVE", -+ [BOND_STATE_BACKUP] = "BACKUP", -+}; -+ -+static void print_slave_state(FILE *f, struct rtattr *tb) -+{ -+ unsigned int state = rta_getattr_u8(tb); -+ -+ if (state >= sizeof(slave_states) / sizeof(slave_states[0])) -+ fprintf(f, "state %d ", state); -+ else -+ fprintf(f, "state %s ", slave_states[state]); -+} -+ -+static const char *slave_mii_status[] = { -+ [BOND_LINK_UP] = "UP", -+ [BOND_LINK_FAIL] = "GOING_DOWN", -+ [BOND_LINK_DOWN] = "DOWN", -+ [BOND_LINK_BACK] = "GOING_BACK", -+}; -+ -+static void print_slave_mii_status(FILE *f, struct rtattr *tb) -+{ -+ unsigned int status = rta_getattr_u8(tb); -+ -+ fprintf(f, "mii_status %d ", status); -+ if (status >= sizeof(slave_mii_status) / sizeof(slave_mii_status[0])) -+ fprintf(f, "mii_status %d ", status); -+ else -+ fprintf(f, "mii_status %s ", slave_mii_status[status]); -+} -+ -+static void bond_slave_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) -+{ -+ SPRINT_BUF(b1); -+ if (!tb) -+ return; -+ -+ if (tb[IFLA_BOND_SLAVE_STATE]) -+ print_slave_state(f, tb[IFLA_BOND_SLAVE_STATE]); -+ -+ if (tb[IFLA_BOND_SLAVE_MII_STATUS]) -+ print_slave_mii_status(f, tb[IFLA_BOND_SLAVE_MII_STATUS]); -+ -+ if (tb[IFLA_BOND_SLAVE_LINK_FAILURE_COUNT]) -+ fprintf(f, "link_failure_count %d ", -+ rta_getattr_u32(tb[IFLA_BOND_SLAVE_LINK_FAILURE_COUNT])); -+ -+ if (tb[IFLA_BOND_SLAVE_PERM_HWADDR]) -+ fprintf(f, "perm_hwaddr %s ", -+ ll_addr_n2a(RTA_DATA(tb[IFLA_BOND_SLAVE_PERM_HWADDR]), -+ RTA_PAYLOAD(tb[IFLA_BOND_SLAVE_PERM_HWADDR]), -+ 0, b1, sizeof(b1))); -+ -+ if (tb[IFLA_BOND_SLAVE_QUEUE_ID]) -+ fprintf(f, "queue_id %d ", -+ rta_getattr_u16(tb[IFLA_BOND_SLAVE_QUEUE_ID])); -+ -+ if (tb[IFLA_BOND_SLAVE_AD_AGGREGATOR_ID]) -+ fprintf(f, "ad_aggregator_id %d ", -+ rta_getattr_u16(tb[IFLA_BOND_SLAVE_AD_AGGREGATOR_ID])); -+} -+ -+struct link_util bond_slave_link_util = { -+ .id = "bond", -+ .maxattr = IFLA_BOND_SLAVE_MAX, -+ .print_opt = bond_slave_print_opt, -+ .slave = true, -+}; -+ --- -1.8.3.1 - diff --git a/SOURCES/0056-bridge-fdb-minor-syntax-fix-in-help-text.patch b/SOURCES/0056-bridge-fdb-minor-syntax-fix-in-help-text.patch new file mode 100644 index 0000000..680b755 --- /dev/null +++ b/SOURCES/0056-bridge-fdb-minor-syntax-fix-in-help-text.patch @@ -0,0 +1,39 @@ +From d9e8a0597c658e7b33856b3f4621b253de72d923 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:52 +0100 +Subject: [PATCH] bridge: fdb: minor syntax fix in help text + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit bd5bbad450079 + +commit bd5bbad45007937758ec1339f2612049ce7187d7 +Author: Phil Sutter +Date: Thu Oct 29 10:55:24 2015 +0100 + + bridge: fdb: minor syntax fix in help text +--- + bridge/fdb.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 8a706d8..8767c96 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -30,11 +30,11 @@ static unsigned int filter_index; + + static void usage(void) + { +- fprintf(stderr, "Usage: bridge fdb { add | append | del | replace ADDR dev DEV\n" ++ fprintf(stderr, "Usage: bridge fdb { add | append | del | replace } ADDR dev DEV\n" + " [ self ] [ master ] [ use ] [ router ]\n" + " [ local | temp ] [ dst IPADDR ] [ vlan VID ]\n" +- " [ port PORT] [ vni VNI ] [via DEV]\n"); +- fprintf(stderr, " bridge fdb {show} [ br BRDEV ] [ brport DEV ]\n"); ++ " [ port PORT] [ vni VNI ] [ via DEV ]\n"); ++ fprintf(stderr, " bridge fdb [ show [ br BRDEV ] [ brport DEV ] ]\n"); + exit(-1); + } + +-- +1.8.3.1 + diff --git a/SOURCES/0056-iplink_bond-fix-arp_all_targets-parameter-name-in-ou.patch b/SOURCES/0056-iplink_bond-fix-arp_all_targets-parameter-name-in-ou.patch deleted file mode 100644 index ff49e68..0000000 --- a/SOURCES/0056-iplink_bond-fix-arp_all_targets-parameter-name-in-ou.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 2335458a36b8e8450f3d97720d78edffb540c91f Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:26:25 +0100 -Subject: [PATCH] iplink_bond: fix arp_all_targets parameter name in output -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 32ad31fba1a88 - -commit 32ad31fba1a88df278b6f268e1849782a90bd702 -Author: Michal Kubeček -Date: Thu Feb 6 12:47:33 2014 +0100 - - iplink_bond: fix arp_all_targets parameter name in output - - Name of arp_all_targets parameter in output of "ip -d link show" - is missing trailing "s". - - Fixes: 63d127b0 ("iproute2: finish support for bonding attributes") - Signed-off-by: Michal Kubecek ---- - ip/iplink_bond.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c -index f0e5ab1..f22151e 100644 ---- a/ip/iplink_bond.c -+++ b/ip/iplink_bond.c -@@ -428,7 +428,7 @@ static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - if (tb[IFLA_BOND_ARP_ALL_TARGETS]) { - const char *arp_all_targets = get_name(arp_all_targets_tbl, - rta_getattr_u32(tb[IFLA_BOND_ARP_ALL_TARGETS])); -- fprintf(f, "arp_all_target %s ", arp_all_targets); -+ fprintf(f, "arp_all_targets %s ", arp_all_targets); - } - - if (tb[IFLA_BOND_PRIMARY] && --- -1.8.3.1 - diff --git a/SOURCES/0057-bridge.8-document-fdb-replace-command.patch b/SOURCES/0057-bridge.8-document-fdb-replace-command.patch new file mode 100644 index 0000000..962de57 --- /dev/null +++ b/SOURCES/0057-bridge.8-document-fdb-replace-command.patch @@ -0,0 +1,52 @@ +From e8d0fdaf5f409584b9ff6110d294ddd783aeb3d2 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:59 +0100 +Subject: [PATCH] bridge.8: document fdb replace command + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 6e2e2cf03a2fe + +commit 6e2e2cf03a2fe5777ee75e943444a343756042c0 +Author: Phil Sutter +Date: Wed Nov 18 12:46:42 2015 +0100 + + bridge.8: document fdb replace command + + Despite commit 45a82e5 ("iproute vxlan add support for fdb replace + command"), the 'fdb replace' command was not mentioned in bridge.8. + + Signed-off-by: Phil Sutter +--- + man/man8/bridge.8 | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 6cbf72b..38f7b8b 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -50,7 +50,7 @@ bridge \- show / manipulate bridge addresses and devices + .IR DEV " ]" + + .ti -8 +-.BR "bridge fdb" " { " add " | " append " | " del " } " ++.BR "bridge fdb" " { " add " | " append " | " del " | " replace " } " + .I LLADDR + .B dev + .IR DEV " { " +@@ -407,6 +407,13 @@ This command removes an existing fdb entry. + The arguments are the same as with + .BR "bridge fdb add" , + ++.SS bridge fdb replace - replace a forwarding database entry ++If no matching entry is found, a new one will be created instead. ++ ++.PP ++The arguments are the same as with ++.BR "bridge fdb add" , ++ + .SS bridge fdb show - list forwarding entries. + + This command displays the current forwarding table. +-- +1.8.3.1 + diff --git a/SOURCES/0057-iplink_bond-fix-parameter-value-matching.patch b/SOURCES/0057-iplink_bond-fix-parameter-value-matching.patch deleted file mode 100644 index 96147fe..0000000 --- a/SOURCES/0057-iplink_bond-fix-parameter-value-matching.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 16c4a3d6c4892e6b24ccb0f63cec449823b82ef2 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:26:25 +0100 -Subject: [PATCH] iplink_bond: fix parameter value matching -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit f7a45e0955514 - -commit f7a45e09555145378bdcdb5d074472ae716803ca -Author: Michal Kubeček -Date: Thu Feb 13 17:31:59 2014 +0100 - - iplink_bond: fix parameter value matching - - Lookup function get_index() compares argument with table entries - only up to the length of the table entry so that if an entry - with lower index is a substring of a later one, earlier entry is - used even if the argument is equal to the other. For example, - - ip link set bond0 type bond xmit_hash_policy layer2+3 - - sets xmit_hash_policy to 0 (layer2) as this is found before - "layer2+3" can be checked. - - Use strcmp() to compare whole strings instead. - - v2: look for an exact match only - - Signed-off-by: Michal Kubecek ---- - ip/iplink_bond.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c -index f22151e..7a950df 100644 ---- a/ip/iplink_bond.c -+++ b/ip/iplink_bond.c -@@ -106,7 +106,7 @@ static int get_index(const char **tbl, char *name) - return i; - - for (i = 0; tbl[i]; i++) -- if (strncmp(tbl[i], name, strlen(tbl[i])) == 0) -+ if (strcmp(tbl[i], name) == 0) - return i; - - return -1; --- -1.8.3.1 - diff --git a/SOURCES/0058-bridge.8-minor-formatting-cleanup.patch b/SOURCES/0058-bridge.8-minor-formatting-cleanup.patch new file mode 100644 index 0000000..815ee82 --- /dev/null +++ b/SOURCES/0058-bridge.8-minor-formatting-cleanup.patch @@ -0,0 +1,170 @@ +From f68083e618f8450858815dadd541eff0d20eb6e2 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:11:59 +0100 +Subject: [PATCH] bridge.8: minor formatting cleanup + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit fc31817d1f2ee + +commit fc31817d1f2ee8098b875a8b122f136a7564e339 +Author: Phil Sutter +Date: Tue Nov 24 15:50:00 2015 +0100 + + bridge.8: minor formatting cleanup + + - Replace commas at end of subsection with dots. + - Replace double whitespace by single one. + + Signed-off-by: Phil Sutter +--- + man/man8/bridge.8 | 46 +++++++++++++++++++++++----------------------- + 1 file changed, 23 insertions(+), 23 deletions(-) + +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 38f7b8b..864f983 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -25,14 +25,14 @@ bridge \- show / manipulate bridge addresses and devices + + .ti -8 + .BR "bridge link set" +-.B dev ++.B dev + .IR DEV + .IR " [ " +-.B cost ++.B cost + .IR COST " ] [ " +-.B priority +-.IR PRIO " ] [ " +-.B state ++.B priority ++.IR PRIO " ] [ " ++.B state + .IR STATE "] [" + .BR guard " { " on " | " off " } ] [ " + .BR hairpin " { " on " | " off " } ] [ " +@@ -42,21 +42,21 @@ bridge \- show / manipulate bridge addresses and devices + .BR learning_sync " { " on " | " off " } ] [ " + .BR flood " { " on " | " off " } ] [ " + .BR hwmode " { " vepa " | " veb " } ] [ " +-.BR self " ] [ " master " ] " ++.BR self " ] [ " master " ] " + + .ti -8 + .BR "bridge link" " [ " show " ] [ " +-.B dev ++.B dev + .IR DEV " ]" + + .ti -8 + .BR "bridge fdb" " { " add " | " append " | " del " | " replace " } " + .I LLADDR +-.B dev ++.B dev + .IR DEV " { " + .BR local " | " temp " } [ " + .BR self " ] [ " master " ] [ " router " ] [ " use " ] [ " +-.B dst ++.B dst + .IR IPADDR " ] [ " + .B vni + .IR VNI " ] [" +@@ -67,12 +67,12 @@ bridge \- show / manipulate bridge addresses and devices + + .ti -8 + .BR "bridge fdb" " [ " show " ] [ " +-.B dev ++.B dev + .IR DEV " ]" + + .ti -8 + .BR "bridge mdb" " { " add " | " del " } " +-.B dev ++.B dev + .IR DEV + .B port + .IR PORT +@@ -84,21 +84,21 @@ bridge \- show / manipulate bridge addresses and devices + + .ti -8 + .BR "bridge mdb show " [ " +-.B dev ++.B dev + .IR DEV " ]" + + .ti -8 + .BR "bridge vlan" " { " add " | " del " } " +-.B dev ++.B dev + .IR DEV +-.B vid ++.B vid + .IR VID " [ " +-.BR pvid " ] [ " untagged " ] [ " +-.BR self " ] [ " master " ] " ++.BR pvid " ] [ " untagged " ] [ " ++.BR self " ] [ " master " ] " + + .ti -8 + .BR "bridge vlan" " [ " show " ] [ " +-.B dev ++.B dev + .IR DEV " ]" + + .ti -8 +@@ -319,7 +319,7 @@ This command displays the current bridge port configuration and flags. + .SH bridge fdb - forwarding database management + + .B fdb +-objects contain known Ethernet addresses on a link. ++objects contain known Ethernet addresses on a link. + + .P + The corresponding commands display fdb entries, add new entries, +@@ -398,21 +398,21 @@ sends a copy of the data packet to each entry found. + + .PP + The arguments are the same as with +-.BR "bridge fdb add" , ++.BR "bridge fdb add" . + + .SS bridge fdb delete - delete a forwarding database entry + This command removes an existing fdb entry. + + .PP + The arguments are the same as with +-.BR "bridge fdb add" , ++.BR "bridge fdb add" . + + .SS bridge fdb replace - replace a forwarding database entry + If no matching entry is found, a new one will be created instead. + + .PP + The arguments are the same as with +-.BR "bridge fdb add" , ++.BR "bridge fdb add" . + + .SS bridge fdb show - list forwarding entries. + +@@ -548,7 +548,7 @@ This command displays the current VLAN filter table. + + The + .B bridge +-utility can monitor the state of devices and addresses ++utility can monitor the state of devices and addresses + continuously. This option has a slightly different format. + Namely, the + .B monitor +@@ -560,7 +560,7 @@ command is the first in the command line and then the object list follows: + .I OBJECT-LIST + is the list of object types that we want to monitor. + It may contain +-.BR link ", " fdb ", and " mdb "." ++.BR link ", " fdb ", and " mdb "." + If no + .B file + argument is given, +-- +1.8.3.1 + diff --git a/SOURCES/0058-iplink_bond_slave-show-mii_status-only-once.patch b/SOURCES/0058-iplink_bond_slave-show-mii_status-only-once.patch deleted file mode 100644 index 69fe012..0000000 --- a/SOURCES/0058-iplink_bond_slave-show-mii_status-only-once.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 49d156bff02820e919f594fb6b95b19fc6fce87d Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:26:25 +0100 -Subject: [PATCH] iplink_bond_slave: show mii_status only once -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 574e7488060ff - -commit 574e7488060ff3fb1ca65f3ee05bf34e718dbb1a -Author: Michal Kubeček -Date: Fri Feb 28 14:58:15 2014 +0100 - - iplink_bond_slave: show mii_status only once - - With "ip -d link show", bonding slave mii status is displayed - twice, once as a number and once as a name. - - Fixes: 730d3f61 ("iplink: add support for bonding slave") - Signed-off-by: Michal Kubecek ---- - ip/iplink_bond_slave.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/ip/iplink_bond_slave.c b/ip/iplink_bond_slave.c -index bb4e1d6..8f3fc6c 100644 ---- a/ip/iplink_bond_slave.c -+++ b/ip/iplink_bond_slave.c -@@ -43,7 +43,6 @@ static void print_slave_mii_status(FILE *f, struct rtattr *tb) - { - unsigned int status = rta_getattr_u8(tb); - -- fprintf(f, "mii_status %d ", status); - if (status >= sizeof(slave_mii_status) / sizeof(slave_mii_status[0])) - fprintf(f, "mii_status %d ", status); - else --- -1.8.3.1 - diff --git a/SOURCES/0059-bridge-support-for-static-fdb-entries.patch b/SOURCES/0059-bridge-support-for-static-fdb-entries.patch new file mode 100644 index 0000000..408b800 --- /dev/null +++ b/SOURCES/0059-bridge-support-for-static-fdb-entries.patch @@ -0,0 +1,80 @@ +From 6c0e3f0160da03f50871e2e3692e3168f8c2a62b Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:00 +0100 +Subject: [PATCH] bridge: support for static fdb entries + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit a1987cd17fcb0 + +commit a1987cd17fcb042bd80f0dc2bf51941769fdb493 +Author: Roopa Prabhu +Date: Wed Jan 27 09:09:37 2016 -0800 + + bridge: support for static fdb entries + + There is no intuitive option to add static fdb entries today. + 'temp' seems to have a side effect of adding + 'static' fdb entries. But the name and intent + of 'temp' does not say anything about it being static. + + example: + bridge fdb add operates as follows: + + $bridge fdb add 00:01:02:03:04:05 dev eth0 master + $bridge fdb add 00:01:02:03:04:06 dev eth0 master temp + $bridge fdb add 00:01:02:03:04:07 dev eth0 master local + + $bridge fdb show + 00:01:02:03:04:05 dev eth0 permanent + 00:01:02:03:04:06 dev eth0 static + 00:01:02:03:04:07 dev eth0 permanent + 00:01:02:03:04:08 dev eth0 <<== dynamic, ageable learned mac + + This patch adds a new bridge fdb type 'static' which + makes sure NUD_NOARP and NUD_REACHABLE is set for static + entries. This effectively is nothing but what 'temp' + does today. But the name 'temp' is misleading. + + After the patch: + $bridge fdb add 00:01:02:03:04:06 dev eth0 master static + + $bridge fdb show + 00:01:02:03:04:06 dev eth0 static + + 'temp' could ideally be a dynamic mac that can age (ie just + NUD_REACHABLE). But, 'temp' sets 'NUD_NOARP' and 'NUD_REACHABLE'. + Too late to change 'temp' now. But, we are thinking of introduing a + 'dynamic' keyword after this patch that only sets NUD_REACHABLE. + + Signed-off-by: Wilson Kok + Signed-off-by: Roopa Prabhu +--- + bridge/fdb.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 8767c96..cb07345 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -32,7 +32,7 @@ static void usage(void) + { + fprintf(stderr, "Usage: bridge fdb { add | append | del | replace } ADDR dev DEV\n" + " [ self ] [ master ] [ use ] [ router ]\n" +- " [ local | temp ] [ dst IPADDR ] [ vlan VID ]\n" ++ " [ local | temp | static ] [ dst IPADDR ] [ vlan VID ]\n" + " [ port PORT] [ vni VNI ] [ via DEV ]\n"); + fprintf(stderr, " bridge fdb [ show [ br BRDEV ] [ brport DEV ] ]\n"); + exit(-1); +@@ -300,7 +300,8 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) + } else if (matches(*argv, "local") == 0|| + matches(*argv, "permanent") == 0) { + req.ndm.ndm_state |= NUD_PERMANENT; +- } else if (matches(*argv, "temp") == 0) { ++ } else if (matches(*argv, "temp") == 0 || ++ matches(*argv, "static") == 0) { + req.ndm.ndm_state |= NUD_REACHABLE; + } else if (matches(*argv, "vlan") == 0) { + if (vid >= 0) +-- +1.8.3.1 + diff --git a/SOURCES/0059-iplink-can-fix-help-text-and-man-page.patch b/SOURCES/0059-iplink-can-fix-help-text-and-man-page.patch deleted file mode 100644 index bd43c94..0000000 --- a/SOURCES/0059-iplink-can-fix-help-text-and-man-page.patch +++ /dev/null @@ -1,64 +0,0 @@ -From fe40921238c1acaa322de13c7fd3ebb0cb8f2c9c Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:26:25 +0100 -Subject: [PATCH] iplink: can: fix help text and man page - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 2b70fe156b719 - -commit 2b70fe156b7198ee1cbe34610025c3a86461ed02 -Author: Oliver Hartkopp -Date: Thu May 15 19:52:19 2014 +0200 - - iplink: can: fix help text and man page - - Controller Area Network (CAN) interfaces are physical network interfaces. - They can't be 'created' like software devices by 'ip link add type can'. - - Signed-off-by: Oliver Hartkopp ---- - ip/iplink.c | 4 ++-- - man/man8/ip-link.8.in | 5 +---- - 2 files changed, 3 insertions(+), 6 deletions(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index 8d6a2b3..7e6d992 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -91,8 +91,8 @@ void iplink_usage(void) - fprintf(stderr, " ip link help [ TYPE ]\n"); - fprintf(stderr, "\n"); - fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"); -- fprintf(stderr, " can | bridge | bond | ipoib | ip6tnl | ipip | sit |\n"); -- fprintf(stderr, " vxlan | gre | gretap | ip6gre | ip6gretap | vti }\n"); -+ fprintf(stderr, " bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |\n"); -+ fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti }\n"); - } - exit(-1); - } -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index d69c930..82ae316 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -164,9 +164,6 @@ Link types: - .B bond - - Bonding device - .sp --.B can --- Controller Area Network interface --.sp - .B dummy - - Dummy network interface - .sp -@@ -180,7 +177,7 @@ Link types: - - Virtual interface base on link layer address (MAC) - .sp - .B vcan --- Virtual Local CAN interface -+- Virtual Controller Area Network interface - .sp - .B veth - - Virtual ethernet interface --- -1.8.3.1 - diff --git a/SOURCES/0060-ip-add-nlmon-as-a-device-type-to-help-message.patch b/SOURCES/0060-ip-add-nlmon-as-a-device-type-to-help-message.patch deleted file mode 100644 index 3d00c45..0000000 --- a/SOURCES/0060-ip-add-nlmon-as-a-device-type-to-help-message.patch +++ /dev/null @@ -1,39 +0,0 @@ -From ee76da8edee35ab8c6b69dbb2376a93ee736e7ed Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:26:25 +0100 -Subject: [PATCH] ip: add nlmon as a device type to help message - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 7968262df6fe7 - -commit 7968262df6fe7103352105e222bc98ac1ba7a821 -Author: Masatake YAMATO -Date: Thu Jun 12 04:08:38 2014 +0900 - - ip: add nlmon as a device type to help message - - Though nlmon device can be added, it was not listed - in the output of "ip link help". - - Signed-off-by: Masatake YAMATO - Acked-by: Daniel Borkmann ---- - ip/iplink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index 7e6d992..2f8bbf9 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -92,7 +92,7 @@ void iplink_usage(void) - fprintf(stderr, "\n"); - fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"); - fprintf(stderr, " bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |\n"); -- fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti }\n"); -+ fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti | nlmon }\n"); - } - exit(-1); - } --- -1.8.3.1 - diff --git a/SOURCES/0060-iplink-bridge-export-bridge_id-and-designated_root.patch b/SOURCES/0060-iplink-bridge-export-bridge_id-and-designated_root.patch new file mode 100644 index 0000000..46a399a --- /dev/null +++ b/SOURCES/0060-iplink-bridge-export-bridge_id-and-designated_root.patch @@ -0,0 +1,76 @@ +From e356155477080e21d9c443fc963b7019bbc579ca Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:00 +0100 +Subject: [PATCH] iplink: bridge: export bridge_id and designated_root + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 70dfb0b8836d8 + +commit 70dfb0b8836d8fb17009b5473b14f4bc470cb68d +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:19 2016 +0100 + + iplink: bridge: export bridge_id and designated_root + + Netlink returns the bridge_id and designated_root, we just need to + make them visible. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 1c71f2e..050afaa 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + + #include "rt_names.h" + #include "utils.h" +@@ -39,6 +40,15 @@ static void explain(void) + print_explain(stderr); + } + ++static void br_dump_bridge_id(const struct ifla_bridge_id *id, char *buf, ++ size_t len) ++{ ++ char eaddr[32]; ++ ++ ether_ntoa_r((const struct ether_addr *)id->addr, eaddr); ++ snprintf(buf, len, "%.2x%.2x.%s", id->prio[0], id->prio[1], eaddr); ++} ++ + static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + struct nlmsghdr *n) + { +@@ -161,6 +171,22 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + ll_proto_n2a(rta_getattr_u16(tb[IFLA_BR_VLAN_PROTOCOL]), + b1, sizeof(b1))); + } ++ ++ if (tb[IFLA_BR_BRIDGE_ID]) { ++ char bridge_id[32]; ++ ++ br_dump_bridge_id(RTA_DATA(tb[IFLA_BR_BRIDGE_ID]), bridge_id, ++ sizeof(bridge_id)); ++ fprintf(f, "bridge_id %s ", bridge_id); ++ } ++ ++ if (tb[IFLA_BR_ROOT_ID]) { ++ char root_id[32]; ++ ++ br_dump_bridge_id(RTA_DATA(tb[IFLA_BR_BRIDGE_ID]), root_id, ++ sizeof(root_id)); ++ fprintf(f, "designated_root %s ", root_id); ++ } + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0061-iplink-bridge-export-root_-port-path_cost-topology_c.patch b/SOURCES/0061-iplink-bridge-export-root_-port-path_cost-topology_c.patch new file mode 100644 index 0000000..1d48064 --- /dev/null +++ b/SOURCES/0061-iplink-bridge-export-root_-port-path_cost-topology_c.patch @@ -0,0 +1,52 @@ +From abf463728db5643a88cf212f7ff6937ae888674c Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:00 +0100 +Subject: [PATCH] iplink: bridge: export root_(port|path_cost), topology_change + and change_detected + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 4e3bbc66580fc + +commit 4e3bbc66580fc7249217df9e0ef18cbb50876561 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:20 2016 +0100 + + iplink: bridge: export root_(port|path_cost), topology_change and change_detected + + Netlink already export these values, we just need to make them visible. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 050afaa..bf6cb71 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -187,6 +187,22 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + sizeof(root_id)); + fprintf(f, "designated_root %s ", root_id); + } ++ ++ if (tb[IFLA_BR_ROOT_PORT]) ++ fprintf(f, "root_port %u ", ++ rta_getattr_u16(tb[IFLA_BR_ROOT_PORT])); ++ ++ if (tb[IFLA_BR_ROOT_PATH_COST]) ++ fprintf(f, "root_path_cost %u ", ++ rta_getattr_u32(tb[IFLA_BR_ROOT_PATH_COST])); ++ ++ if (tb[IFLA_BR_TOPOLOGY_CHANGE]) ++ fprintf(f, "topology_change %u ", ++ rta_getattr_u8(tb[IFLA_BR_TOPOLOGY_CHANGE])); ++ ++ if (tb[IFLA_BR_TOPOLOGY_CHANGE_DETECTED]) ++ fprintf(f, "topology_change_detected %u ", ++ rta_getattr_u8(tb[IFLA_BR_TOPOLOGY_CHANGE_DETECTED])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0061-iproute2-allow-to-change-slave-options-via-type_slav.patch b/SOURCES/0061-iproute2-allow-to-change-slave-options-via-type_slav.patch deleted file mode 100644 index 890dc84..0000000 --- a/SOURCES/0061-iproute2-allow-to-change-slave-options-via-type_slav.patch +++ /dev/null @@ -1,111 +0,0 @@ -From c05b809a58c55860dabb5930ba19dbf8f71f137f Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:26:25 +0100 -Subject: [PATCH] iproute2: allow to change slave options via type_slave - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 620ddedada7fd - -commit 620ddedada7fddd0d1d04a3da0145535423bc237 -Author: Nikolay Aleksandrov -Date: Wed Sep 3 17:57:30 2014 +0200 - - iproute2: allow to change slave options via type_slave - - This patch adds the necessary changes to allow altering a slave device's - options via ip link set type _slave specific-option. - It also adds support to set the bonding slaves' queue_id. - - Example: - ip link set eth0 type bond_slave queue_id 10 - - Signed-off-by: Nikolay Aleksandrov - Acked-by: Jiri Pirko ---- - ip/iplink.c | 22 +++++++++++++++++++--- - ip/iplink_bond_slave.c | 19 +++++++++++++++++++ - 2 files changed, 38 insertions(+), 3 deletions(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index 2f8bbf9..f444bef 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -92,7 +92,8 @@ void iplink_usage(void) - fprintf(stderr, "\n"); - fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"); - fprintf(stderr, " bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |\n"); -- fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti | nlmon }\n"); -+ fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti | nlmon |\n"); -+ fprintf(stderr, " bond_slave }\n"); - } - exit(-1); - } -@@ -654,14 +655,29 @@ static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv) - - if (type) { - struct rtattr *linkinfo = NLMSG_TAIL(&req.n); -+ char slavebuf[128], *ulinep = strchr(type, '_'); -+ int iflatype; -+ - addattr_l(&req.n, sizeof(req), IFLA_LINKINFO, NULL, 0); - addattr_l(&req.n, sizeof(req), IFLA_INFO_KIND, type, - strlen(type)); - -- lu = get_link_kind(type); -+ if (ulinep && !strcmp(ulinep, "_slave")) { -+ strncpy(slavebuf, type, sizeof(slavebuf)); -+ slavebuf[sizeof(slavebuf) - 1] = '\0'; -+ ulinep = strchr(slavebuf, '_'); -+ /* check in case it was after sizeof(slavebuf) - 1*/ -+ if (ulinep) -+ *ulinep = '\0'; -+ lu = get_link_slave_kind(slavebuf); -+ iflatype = IFLA_INFO_SLAVE_DATA; -+ } else { -+ lu = get_link_kind(type); -+ iflatype = IFLA_INFO_DATA; -+ } - if (lu && argc) { - struct rtattr * data = NLMSG_TAIL(&req.n); -- addattr_l(&req.n, sizeof(req), IFLA_INFO_DATA, NULL, 0); -+ addattr_l(&req.n, sizeof(req), iflatype, NULL, 0); - - if (lu->parse_opt && - lu->parse_opt(lu, argc, argv, &req.n)) -diff --git a/ip/iplink_bond_slave.c b/ip/iplink_bond_slave.c -index 8f3fc6c..aacba14 100644 ---- a/ip/iplink_bond_slave.c -+++ b/ip/iplink_bond_slave.c -@@ -80,10 +80,29 @@ static void bond_slave_print_opt(struct link_util *lu, FILE *f, struct rtattr *t - rta_getattr_u16(tb[IFLA_BOND_SLAVE_AD_AGGREGATOR_ID])); - } - -+static int bond_slave_parse_opt(struct link_util *lu, int argc, char **argv, -+ struct nlmsghdr *n) -+{ -+ __u16 queue_id; -+ -+ while (argc > 0) { -+ if (matches(*argv, "queue_id") == 0) { -+ NEXT_ARG(); -+ if (get_u16(&queue_id, *argv, 0)) -+ invarg("queue_id is invalid", *argv); -+ addattr16(n, 1024, IFLA_BOND_SLAVE_QUEUE_ID, queue_id); -+ } -+ argc--, argv++; -+ } -+ -+ return 0; -+} -+ - struct link_util bond_slave_link_util = { - .id = "bond", - .maxattr = IFLA_BOND_SLAVE_MAX, - .print_opt = bond_slave_print_opt, -+ .parse_opt = bond_slave_parse_opt, - .slave = true, - }; - --- -1.8.3.1 - diff --git a/SOURCES/0062-add-help-command-to-bonding-master.patch b/SOURCES/0062-add-help-command-to-bonding-master.patch deleted file mode 100644 index b3a0174..0000000 --- a/SOURCES/0062-add-help-command-to-bonding-master.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 93cd31f4ccc36ef387667fb0dbf6d78b493fa5b9 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:26:25 +0100 -Subject: [PATCH] add help command to bonding master - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 7feb76ce98edf - -commit 7feb76ce98edfeeffc51e3ec4deab0910df1edf4 -Author: Jiri Pirko -Date: Fri Sep 5 15:24:16 2014 +0200 - - add help command to bonding master - - Signed-off-by: Jiri Pirko ---- - ip/iplink_bond.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c -index 7a950df..539a2e6 100644 ---- a/ip/iplink_bond.c -+++ b/ip/iplink_bond.c -@@ -339,6 +339,9 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - } - ad_select = get_index(ad_select_tbl, *argv); - addattr8(n, 1024, IFLA_BOND_AD_SELECT, ad_select); -+ } else if (matches(*argv, "help") == 0) { -+ explain(); -+ return -1; - } else { - fprintf(stderr, "bond: unknown command \"%s\"?\n", *argv); - explain(); --- -1.8.3.1 - diff --git a/SOURCES/0062-iplink-bridge-export-read-only-timers.patch b/SOURCES/0062-iplink-bridge-export-read-only-timers.patch new file mode 100644 index 0000000..1ffc114 --- /dev/null +++ b/SOURCES/0062-iplink-bridge-export-read-only-timers.patch @@ -0,0 +1,100 @@ +From 58d4d6459347811ef8d75826221f94b3f56b824a Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:00 +0100 +Subject: [PATCH] iplink: bridge: export read-only timers + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 8c0f7a16305f8 + +commit 8c0f7a16305f86baaefe16050139a03b1f3b24ee +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:21 2016 +0100 + + iplink: bridge: export read-only timers + + Netlink already provides hello_timer, tcn_timer, topology_change_timer + and gc_timer, so let's make them visible. + + Signed-off-by: Nikolay Aleksandrov +--- + include/utils.h | 18 ++++++++++++++++++ + ip/iplink_bridge.c | 34 ++++++++++++++++++++++++++++++++++ + 2 files changed, 52 insertions(+) + +diff --git a/include/utils.h b/include/utils.h +index 22198cb..9839d9d 100644 +--- a/include/utils.h ++++ b/include/utils.h +@@ -159,6 +159,24 @@ static inline __u32 nl_mgrp(__u32 group) + return group ? (1 << (group - 1)) : 0; + } + ++/* courtesy of bridge-utils */ ++static inline unsigned long __tv_to_jiffies(const struct timeval *tv) ++{ ++ unsigned long long jif; ++ ++ jif = 1000000ULL * tv->tv_sec + tv->tv_usec; ++ ++ return jif/10000; ++} ++ ++static inline void __jiffies_to_tv(struct timeval *tv, unsigned long jiffies) ++{ ++ unsigned long long tvusec; ++ ++ tvusec = 10000ULL*jiffies; ++ tv->tv_sec = tvusec/1000000; ++ tv->tv_usec = tvusec - 1000000 * tv->tv_sec; ++} + + int print_timestamp(FILE *fp); + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index bf6cb71..2bd3182 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -203,6 +203,40 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_TOPOLOGY_CHANGE_DETECTED]) + fprintf(f, "topology_change_detected %u ", + rta_getattr_u8(tb[IFLA_BR_TOPOLOGY_CHANGE_DETECTED])); ++ ++ if (tb[IFLA_BR_HELLO_TIMER]) { ++ struct timeval tv; ++ ++ __jiffies_to_tv(&tv, rta_getattr_u64(tb[IFLA_BR_HELLO_TIMER])); ++ fprintf(f, "hello_timer %4i.%.2i ", (int)tv.tv_sec, ++ (int)tv.tv_usec/10000); ++ } ++ ++ if (tb[IFLA_BR_TCN_TIMER]) { ++ struct timeval tv; ++ ++ __jiffies_to_tv(&tv, rta_getattr_u64(tb[IFLA_BR_TCN_TIMER])); ++ fprintf(f, "tcn_timer %4i.%.2i ", (int)tv.tv_sec, ++ (int)tv.tv_usec/10000); ++ } ++ ++ if (tb[IFLA_BR_TOPOLOGY_CHANGE_TIMER]) { ++ unsigned long jiffies; ++ struct timeval tv; ++ ++ jiffies = rta_getattr_u64(tb[IFLA_BR_TOPOLOGY_CHANGE_TIMER]); ++ __jiffies_to_tv(&tv, jiffies); ++ fprintf(f, "topology_change_timer %4i.%.2i ", (int)tv.tv_sec, ++ (int)tv.tv_usec/10000); ++ } ++ ++ if (tb[IFLA_BR_GC_TIMER]) { ++ struct timeval tv; ++ ++ __jiffies_to_tv(&tv, rta_getattr_u64(tb[IFLA_BR_GC_TIMER])); ++ fprintf(f, "gc_timer %4i.%.2i ", (int)tv.tv_sec, ++ (int)tv.tv_usec/10000); ++ } + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0063-ip-link-Shortify-printing-the-usage-of-link-type.patch b/SOURCES/0063-ip-link-Shortify-printing-the-usage-of-link-type.patch deleted file mode 100644 index db03cc5..0000000 --- a/SOURCES/0063-ip-link-Shortify-printing-the-usage-of-link-type.patch +++ /dev/null @@ -1,78 +0,0 @@ -From eb7bc8d12d4b763c3938086b9a7aa7ae45a40a5d Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:26:25 +0100 -Subject: [PATCH] ip link: Shortify printing the usage of link type - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 561e650eff679 -Conflicts: Reapplying an already backported commit, just applying - it's changes to ip/iplink_bond.c. - -commit 561e650eff679296d3f4c12657721ae769cbc187 -Author: vadimk -Date: Tue Sep 30 08:17:31 2014 +0300 - - ip link: Shortify printing the usage of link type - - Allow to print particular link type usage by: - - ip link help [TYPE] - - Currently to print usage for some link type it is needed - to use the following way: - - ip link { add | del | set } type TYPE help - - Signed-off-by: Vadim Kochan ---- - ip/iplink_bond.c | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - -diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c -index 539a2e6..a573f92 100644 ---- a/ip/iplink_bond.c -+++ b/ip/iplink_bond.c -@@ -112,9 +112,9 @@ static int get_index(const char **tbl, char *name) - return -1; - } - --static void explain(void) -+static void print_explain(FILE *f) - { -- fprintf(stderr, -+ fprintf(f, - "Usage: ... bond [ mode BONDMODE ] [ active_slave SLAVE_DEV ]\n" - " [ clear_active_slave ] [ miimon MIIMON ]\n" - " [ updelay UPDELAY ] [ downdelay DOWNDELAY ]\n" -@@ -147,6 +147,11 @@ static void explain(void) - ); - } - -+static void explain(void) -+{ -+ print_explain(stderr); -+} -+ - static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - struct nlmsghdr *n) - { -@@ -531,9 +536,16 @@ static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - } - } - -+static void bond_print_help(struct link_util *lu, int argc, char **argv, -+ FILE *f) -+{ -+ print_explain(f); -+} -+ - struct link_util bond_link_util = { - .id = "bond", - .maxattr = IFLA_BOND_MAX, - .parse_opt = bond_parse_opt, - .print_opt = bond_print_opt, -+ .print_help = bond_print_help, - }; --- -1.8.3.1 - diff --git a/SOURCES/0063-iplink-bridge-add-support-for-IFLA_BR_GROUP_FWD_MASK.patch b/SOURCES/0063-iplink-bridge-add-support-for-IFLA_BR_GROUP_FWD_MASK.patch new file mode 100644 index 0000000..cbb1cea --- /dev/null +++ b/SOURCES/0063-iplink-bridge-add-support-for-IFLA_BR_GROUP_FWD_MASK.patch @@ -0,0 +1,63 @@ +From 5eacb8e1529a21a32cb45d58fdb1d8c3d562aea0 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:00 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_GROUP_FWD_MASK + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 8caaf33bdb61d + +commit 8caaf33bdb61d8bc55db4445fd81e098777e8014 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:22 2016 +0100 + + iplink: bridge: add support for IFLA_BR_GROUP_FWD_MASK + + This patch implements support for the IFLA_BR_GROUP_FWD_MASK attribute + in iproute2 so it can change the group forwarding mask. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 2bd3182..77d4ee1 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -28,6 +28,7 @@ static void print_explain(FILE *f) + " [ ageing_time AGEING_TIME ]\n" + " [ stp_state STP_STATE ]\n" + " [ priority PRIORITY ]\n" ++ " [ group_fwd_mask MASK ]\n" + " [ vlan_filtering VLAN_FILTERING ]\n" + " [ vlan_protocol VLAN_PROTOCOL ]\n" + "\n" +@@ -117,6 +118,14 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + return -1; + } + addattr16(n, 1024, IFLA_BR_VLAN_PROTOCOL, vlan_proto); ++ } else if (matches(*argv, "group_fwd_mask") == 0) { ++ __u16 fwd_mask; ++ ++ NEXT_ARG(); ++ if (get_u16(&fwd_mask, *argv, 0)) ++ invarg("invalid group_fwd_mask", *argv); ++ ++ addattr16(n, 1024, IFLA_BR_GROUP_FWD_MASK, fwd_mask); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -237,6 +246,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + fprintf(f, "gc_timer %4i.%.2i ", (int)tv.tv_sec, + (int)tv.tv_usec/10000); + } ++ ++ if (tb[IFLA_BR_GROUP_FWD_MASK]) ++ fprintf(f, "group_fwd_mask %#x ", ++ rta_getattr_u16(tb[IFLA_BR_GROUP_FWD_MASK])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0064-iplink-bridge-add-support-for-IFLA_BR_GROUP_ADDR.patch b/SOURCES/0064-iplink-bridge-add-support-for-IFLA_BR_GROUP_ADDR.patch new file mode 100644 index 0000000..cb05396 --- /dev/null +++ b/SOURCES/0064-iplink-bridge-add-support-for-IFLA_BR_GROUP_ADDR.patch @@ -0,0 +1,69 @@ +From 070419b6c1eec0a88a464bcfcd8a3a3755f19ffc Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:00 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_GROUP_ADDR + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 0a61aa3963e25 + +commit 0a61aa3963e25a32e82cad8cdd04f31532ec5b3f +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:23 2016 +0100 + + iplink: bridge: add support for IFLA_BR_GROUP_ADDR + + This patch implements support for the IFLA_BR_GROUP_ADDR attribute + in iproute2 so it can change the group address. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 77d4ee1..6ef6c4b 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -29,6 +29,7 @@ static void print_explain(FILE *f) + " [ stp_state STP_STATE ]\n" + " [ priority PRIORITY ]\n" + " [ group_fwd_mask MASK ]\n" ++ " [ group_address ADDRESS ]\n" + " [ vlan_filtering VLAN_FILTERING ]\n" + " [ vlan_protocol VLAN_PROTOCOL ]\n" + "\n" +@@ -126,6 +127,15 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + invarg("invalid group_fwd_mask", *argv); + + addattr16(n, 1024, IFLA_BR_GROUP_FWD_MASK, fwd_mask); ++ } else if (matches(*argv, "group_address") == 0) { ++ char llabuf[32]; ++ int len; ++ ++ NEXT_ARG(); ++ len = ll_addr_a2n(llabuf, sizeof(llabuf), *argv); ++ if (len < 0) ++ return -1; ++ addattr_l(n, 1024, IFLA_BR_GROUP_ADDR, llabuf, len); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -250,6 +260,15 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_GROUP_FWD_MASK]) + fprintf(f, "group_fwd_mask %#x ", + rta_getattr_u16(tb[IFLA_BR_GROUP_FWD_MASK])); ++ ++ if (tb[IFLA_BR_GROUP_ADDR]) { ++ SPRINT_BUF(mac); ++ ++ fprintf(f, "group_address %s ", ++ ll_addr_n2a(RTA_DATA(tb[IFLA_BR_GROUP_ADDR]), ++ RTA_PAYLOAD(tb[IFLA_BR_GROUP_ADDR]), ++ 1 /*ARPHDR_ETHER*/, mac, sizeof(mac))); ++ } + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0064-iplink_bond-add-support-for-ad_actor-and-port_key-op.patch b/SOURCES/0064-iplink_bond-add-support-for-ad_actor-and-port_key-op.patch deleted file mode 100644 index edb0570..0000000 --- a/SOURCES/0064-iplink_bond-add-support-for-ad_actor-and-port_key-op.patch +++ /dev/null @@ -1,109 +0,0 @@ -From e4fb787ac29b773e8d754f78f643dc9eb7445dce Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:27:20 +0100 -Subject: [PATCH] iplink_bond: add support for ad_actor and port_key options - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 6fc1f8add30b3 - -commit 6fc1f8add30b3c4387e675d0b7c1787b737f8777 -Author: Jonathan Toppins -Date: Sat May 9 00:01:59 2015 -0700 - - iplink_bond: add support for ad_actor and port_key options - - This adds support for setting and displaying the following bonding - options: - * ad_user_port_key - * ad_actor_sys_prio - * ad_actor_system - - Signed-off-by: Jonathan Toppins ---- - ip/iplink_bond.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 49 insertions(+) - -diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c -index a573f92..2a9783e 100644 ---- a/ip/iplink_bond.c -+++ b/ip/iplink_bond.c -@@ -135,6 +135,9 @@ static void print_explain(FILE *f) - " [ packets_per_slave PACKETS_PER_SLAVE ]\n" - " [ lacp_rate LACP_RATE ]\n" - " [ ad_select AD_SELECT ]\n" -+ " [ ad_user_port_key PORTKEY ]\n" -+ " [ ad_actor_sys_prio SYSPRIO ]\n" -+ " [ ad_actor_system LLADDR ]\n" - "\n" - "BONDMODE := balance-rr|active-backup|balance-xor|broadcast|802.3ad|balance-tlb|balance-alb\n" - "ARP_VALIDATE := none|active|backup|all\n" -@@ -158,6 +161,7 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - __u8 mode, use_carrier, primary_reselect, fail_over_mac; - __u8 xmit_hash_policy, num_peer_notif, all_slaves_active; - __u8 lacp_rate, ad_select; -+ __u16 ad_user_port_key, ad_actor_sys_prio; - __u32 miimon, updelay, downdelay, arp_interval, arp_validate; - __u32 arp_all_targets, resend_igmp, min_links, lp_interval; - __u32 packets_per_slave; -@@ -344,6 +348,32 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - } - ad_select = get_index(ad_select_tbl, *argv); - addattr8(n, 1024, IFLA_BOND_AD_SELECT, ad_select); -+ } else if (matches(*argv, "ad_user_port_key") == 0) { -+ NEXT_ARG(); -+ if (get_u16(&ad_user_port_key, *argv, 0)) { -+ invarg("invalid ad_user_port_key", *argv); -+ return -1; -+ } -+ addattr16(n, 1024, IFLA_BOND_AD_USER_PORT_KEY, -+ ad_user_port_key); -+ } else if (matches(*argv, "ad_actor_sys_prio") == 0) { -+ NEXT_ARG(); -+ if (get_u16(&ad_actor_sys_prio, *argv, 0)) { -+ invarg("invalid ad_actor_sys_prio", *argv); -+ return -1; -+ } -+ addattr16(n, 1024, IFLA_BOND_AD_ACTOR_SYS_PRIO, -+ ad_actor_sys_prio); -+ } else if (matches(*argv, "ad_actor_system") == 0) { -+ int len; -+ char abuf[32]; -+ -+ NEXT_ARG(); -+ len = ll_addr_a2n(abuf, sizeof(abuf), *argv); -+ if (len < 0) -+ return -1; -+ addattr_l(n, 1024, IFLA_BOND_AD_ACTOR_SYSTEM, -+ abuf, len); - } else if (matches(*argv, "help") == 0) { - explain(); - return -1; -@@ -534,6 +564,25 @@ static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - ll_addr_n2a(p, ETH_ALEN, 0, b, sizeof(b))); - } - } -+ -+ if (tb[IFLA_BOND_AD_ACTOR_SYS_PRIO]) { -+ fprintf(f, "ad_actor_sys_prio %u ", -+ rta_getattr_u16(tb[IFLA_BOND_AD_ACTOR_SYS_PRIO])); -+ } -+ -+ if (tb[IFLA_BOND_AD_USER_PORT_KEY]) { -+ fprintf(f, "ad_user_port_key %u ", -+ rta_getattr_u16(tb[IFLA_BOND_AD_USER_PORT_KEY])); -+ } -+ -+ if (tb[IFLA_BOND_AD_ACTOR_SYSTEM]) { -+ /* We assume the l2 address is an Ethernet MAC address */ -+ SPRINT_BUF(b1); -+ fprintf(f, "ad_actor_system %s ", -+ ll_addr_n2a(RTA_DATA(tb[IFLA_BOND_AD_ACTOR_SYSTEM]), -+ RTA_PAYLOAD(tb[IFLA_BOND_AD_ACTOR_SYSTEM]), -+ 1 /*ARPHDR_ETHER*/, b1, sizeof(b1))); -+ } - } - - static void bond_print_help(struct link_util *lu, int argc, char **argv, --- -1.8.3.1 - diff --git a/SOURCES/0065-bonding-export-3ad-actor-and-partner-port-state.patch b/SOURCES/0065-bonding-export-3ad-actor-and-partner-port-state.patch deleted file mode 100644 index 0870c63..0000000 --- a/SOURCES/0065-bonding-export-3ad-actor-and-partner-port-state.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 773a7f959b38eae8f01301b3fafaa0392759404b Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:27:20 +0100 -Subject: [PATCH] bonding: export 3ad actor and partner port state - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 7d6bc3b87abad - -commit 7d6bc3b87abadddaf2e0a92c113e6ef83c226ed5 -Author: Nikolay Aleksandrov -Date: Tue Jun 16 12:26:57 2015 +0300 - - bonding: export 3ad actor and partner port state - - This patch adds support to retrieve the new bond slave attributes: - IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE - IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE - which are read-only. - - (Removed if_link.h changes already updated in net-next) - - Signed-off-by: Nikolay Aleksandrov ---- - ip/iplink_bond_slave.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/ip/iplink_bond_slave.c b/ip/iplink_bond_slave.c -index aacba14..33bea91 100644 ---- a/ip/iplink_bond_slave.c -+++ b/ip/iplink_bond_slave.c -@@ -78,6 +78,14 @@ static void bond_slave_print_opt(struct link_util *lu, FILE *f, struct rtattr *t - if (tb[IFLA_BOND_SLAVE_AD_AGGREGATOR_ID]) - fprintf(f, "ad_aggregator_id %d ", - rta_getattr_u16(tb[IFLA_BOND_SLAVE_AD_AGGREGATOR_ID])); -+ -+ if (tb[IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE]) -+ fprintf(f, "ad_actor_oper_port_state %d\n", -+ rta_getattr_u8(tb[IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE])); -+ -+ if (tb[IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE]) -+ fprintf(f, "ad_partner_oper_port_state %d\n", -+ rta_getattr_u16(tb[IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE])); - } - - static int bond_slave_parse_opt(struct link_util *lu, int argc, char **argv, --- -1.8.3.1 - diff --git a/SOURCES/0065-iplink-bridge-add-support-for-IFLA_BR_VLAN_DEFAULT_P.patch b/SOURCES/0065-iplink-bridge-add-support-for-IFLA_BR_VLAN_DEFAULT_P.patch new file mode 100644 index 0000000..e01b302 --- /dev/null +++ b/SOURCES/0065-iplink-bridge-add-support-for-IFLA_BR_VLAN_DEFAULT_P.patch @@ -0,0 +1,64 @@ +From f4ee3de83773cd4b84c2ffe3639c2f9558005c23 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:00 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_VLAN_DEFAULT_PVID + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 719832af6c862 + +commit 719832af6c862a04247f28c73b72bf0eea4c7984 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:24 2016 +0100 + + iplink: bridge: add support for IFLA_BR_VLAN_DEFAULT_PVID + + This patch implements support for the IFLA_BR_VLAN_DEFAULT_PVID + attribute in iproute2 so it can change the default pvid. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 6ef6c4b..da3a063 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -32,6 +32,7 @@ static void print_explain(FILE *f) + " [ group_address ADDRESS ]\n" + " [ vlan_filtering VLAN_FILTERING ]\n" + " [ vlan_protocol VLAN_PROTOCOL ]\n" ++ " [ vlan_default_pvid VLAN_DEFAULT_PVID ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -136,6 +137,15 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + if (len < 0) + return -1; + addattr_l(n, 1024, IFLA_BR_GROUP_ADDR, llabuf, len); ++ } else if (matches(*argv, "vlan_default_pvid") == 0) { ++ __u16 default_pvid; ++ ++ NEXT_ARG(); ++ if (get_u16(&default_pvid, *argv, 0)) ++ invarg("invalid vlan_default_pvid", *argv); ++ ++ addattr16(n, 1024, IFLA_BR_VLAN_DEFAULT_PVID, ++ default_pvid); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -257,6 +267,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + (int)tv.tv_usec/10000); + } + ++ if (tb[IFLA_BR_VLAN_DEFAULT_PVID]) ++ fprintf(f, "vlan_default_pvid %u ", ++ rta_getattr_u16(tb[IFLA_BR_VLAN_DEFAULT_PVID])); ++ + if (tb[IFLA_BR_GROUP_FWD_MASK]) + fprintf(f, "group_fwd_mask %#x ", + rta_getattr_u16(tb[IFLA_BR_GROUP_FWD_MASK])); +-- +1.8.3.1 + diff --git a/SOURCES/0066-iplink-bonding-add-support-for-IFLA_BOND_TLB_DYNAMIC.patch b/SOURCES/0066-iplink-bonding-add-support-for-IFLA_BOND_TLB_DYNAMIC.patch deleted file mode 100644 index bdffa80..0000000 --- a/SOURCES/0066-iplink-bonding-add-support-for-IFLA_BOND_TLB_DYNAMIC.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 3e07fbb9852e7d395f5fef89ee10365802df559a Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:27:20 +0100 -Subject: [PATCH] iplink: bonding: add support for IFLA_BOND_TLB_DYNAMIC_LB - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit d02e46627f29b - -commit d02e46627f29b6bc761e6b6afd9198da001b13f1 -Author: Nikolay Aleksandrov -Date: Mon Aug 3 12:19:55 2015 +0200 - - iplink: bonding: add support for IFLA_BOND_TLB_DYNAMIC_LB - - Add support to be able to set and show the value of tlb_dynamic_lb - (IFLA_BOND_TLB_DYNAMIC_LB). - Example: - $ ip -d link show dev bond0 type bond - 7: bond0: mtu 1500 qdisc noop state DOWN - mode DEFAULT group default - link/ether ce:2f:e1:6e:d7:e0 brd ff:ff:ff:ff:ff:ff promiscuity 0 - bond mode balance-tlb miimon 100 updelay 0 downdelay 0 use_carrier 1 - arp_interval 0 arp_validate none arp_all_targets any primary_reselect - always fail_over_mac none xmit_hash_policy layer2 resend_igmp 1 - num_grat_arp 1 all_slaves_active 0 min_links 0 lp_interval 1 - packets_per_slave 1 lacp_rate slow ad_select stable tlb_dynamic_lb 1 - addrgenmode eui64 - - $ ip -d l set dev bond0 type bond tlb_dynamic_lb 0 - $ ip -d link show dev bond0 type bond - 7: bond0: mtu 1500 qdisc noop state DOWN - mode DEFAULT group default - link/ether ce:2f:e1:6e:d7:e0 brd ff:ff:ff:ff:ff:ff promiscuity 0 - bond mode balance-tlb miimon 100 updelay 0 downdelay 0 use_carrier 1 - arp_interval 0 arp_validate none arp_all_targets any primary_reselect - always fail_over_mac none xmit_hash_policy layer2 resend_igmp 1 - num_grat_arp 1 all_slaves_active 0 min_links 0 lp_interval 1 - packets_per_slave 1 lacp_rate slow ad_select stable tlb_dynamic_lb 0 - addrgenmode eui64 - - Signed-off-by: Nikolay Aleksandrov ---- - ip/iplink_bond.c | 16 +++++++++++++++- - 1 file changed, 15 insertions(+), 1 deletion(-) - -diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c -index 2a9783e..1b50de9 100644 ---- a/ip/iplink_bond.c -+++ b/ip/iplink_bond.c -@@ -133,6 +133,7 @@ static void print_explain(FILE *f) - " [ min_links MIN_LINKS ]\n" - " [ lp_interval LP_INTERVAL ]\n" - " [ packets_per_slave PACKETS_PER_SLAVE ]\n" -+ " [ tlb_dynamic_lb TLB_DYNAMIC_LB ]\n" - " [ lacp_rate LACP_RATE ]\n" - " [ ad_select AD_SELECT ]\n" - " [ ad_user_port_key PORTKEY ]\n" -@@ -160,7 +161,7 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - { - __u8 mode, use_carrier, primary_reselect, fail_over_mac; - __u8 xmit_hash_policy, num_peer_notif, all_slaves_active; -- __u8 lacp_rate, ad_select; -+ __u8 lacp_rate, ad_select, tlb_dynamic_lb; - __u16 ad_user_port_key, ad_actor_sys_prio; - __u32 miimon, updelay, downdelay, arp_interval, arp_validate; - __u32 arp_all_targets, resend_igmp, min_links, lp_interval; -@@ -374,6 +375,14 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - return -1; - addattr_l(n, 1024, IFLA_BOND_AD_ACTOR_SYSTEM, - abuf, len); -+ } else if (matches(*argv, "tlb_dynamic_lb") == 0) { -+ NEXT_ARG(); -+ if (get_u8(&tlb_dynamic_lb, *argv, 0)) { -+ invarg("invalid tlb_dynamic_lb", *argv); -+ return -1; -+ } -+ addattr8(n, 1024, IFLA_BOND_TLB_DYNAMIC_LB, -+ tlb_dynamic_lb); - } else if (matches(*argv, "help") == 0) { - explain(); - return -1; -@@ -583,6 +592,11 @@ static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - RTA_PAYLOAD(tb[IFLA_BOND_AD_ACTOR_SYSTEM]), - 1 /*ARPHDR_ETHER*/, b1, sizeof(b1))); - } -+ -+ if (tb[IFLA_BOND_TLB_DYNAMIC_LB]) { -+ fprintf(f, "tlb_dynamic_lb %u ", -+ rta_getattr_u8(tb[IFLA_BOND_TLB_DYNAMIC_LB])); -+ } - } - - static void bond_print_help(struct link_util *lu, int argc, char **argv, --- -1.8.3.1 - diff --git a/SOURCES/0066-iplink-bridge-add-support-for-IFLA_BR_MCAST_ROUTER.patch b/SOURCES/0066-iplink-bridge-add-support-for-IFLA_BR_MCAST_ROUTER.patch new file mode 100644 index 0000000..f9882d4 --- /dev/null +++ b/SOURCES/0066-iplink-bridge-add-support-for-IFLA_BR_MCAST_ROUTER.patch @@ -0,0 +1,63 @@ +From 8cb947c8168fdbe1d63fbf9dc6945ce8f17eb6d3 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:00 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_MCAST_ROUTER + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 963d137cf927c + +commit 963d137cf927c4d323cf77fb30c3695feff5367b +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:25 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_ROUTER + + This patch implements support for the IFLA_BR_MCAST_ROUTER attribute + in iproute2 so it can change the multicast router value. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index da3a063..7c2165c 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -33,6 +33,7 @@ static void print_explain(FILE *f) + " [ vlan_filtering VLAN_FILTERING ]\n" + " [ vlan_protocol VLAN_PROTOCOL ]\n" + " [ vlan_default_pvid VLAN_DEFAULT_PVID ]\n" ++ " [ mcast_router MULTICAST_ROUTER ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -146,6 +147,14 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + + addattr16(n, 1024, IFLA_BR_VLAN_DEFAULT_PVID, + default_pvid); ++ } else if (matches(*argv, "mcast_router") == 0) { ++ __u8 mcast_router; ++ ++ NEXT_ARG(); ++ if (get_u8(&mcast_router, *argv, 0)) ++ invarg("invalid mcast_router", *argv); ++ ++ addattr8(n, 1024, IFLA_BR_MCAST_ROUTER, mcast_router); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -283,6 +292,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + RTA_PAYLOAD(tb[IFLA_BR_GROUP_ADDR]), + 1 /*ARPHDR_ETHER*/, mac, sizeof(mac))); + } ++ ++ if (tb[IFLA_BR_MCAST_ROUTER]) ++ fprintf(f, "mcast_router %u ", ++ rta_getattr_u8(tb[IFLA_BR_MCAST_ROUTER])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0067-bond-fix-return-after-invarg.patch b/SOURCES/0067-bond-fix-return-after-invarg.patch deleted file mode 100644 index e36ba60..0000000 --- a/SOURCES/0067-bond-fix-return-after-invarg.patch +++ /dev/null @@ -1,234 +0,0 @@ -From 83016b9c3734c833ea2c329b371369a1de8bdc09 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:27:20 +0100 -Subject: [PATCH] bond: fix return after invarg - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit e0f229fb75349 - -commit e0f229fb7534991f7f1b4ca16a4fcc091a8d50af -Author: Stephen Hemminger -Date: Thu Aug 13 14:20:54 2015 -0700 - - bond: fix return after invarg ---- - ip/iplink_bond.c | 95 +++++++++++++++++++------------------------------------- - 1 file changed, 32 insertions(+), 63 deletions(-) - -diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c -index 1b50de9..9d96cfe 100644 ---- a/ip/iplink_bond.c -+++ b/ip/iplink_bond.c -@@ -171,10 +171,8 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - while (argc > 0) { - if (matches(*argv, "mode") == 0) { - NEXT_ARG(); -- if (get_index(mode_tbl, *argv) < 0) { -+ if (get_index(mode_tbl, *argv) < 0) - invarg("invalid mode", *argv); -- return -1; -- } - mode = get_index(mode_tbl, *argv); - addattr8(n, 1024, IFLA_BOND_MODE, mode); - } else if (matches(*argv, "active_slave") == 0) { -@@ -187,38 +185,28 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - addattr32(n, 1024, IFLA_BOND_ACTIVE_SLAVE, 0); - } else if (matches(*argv, "miimon") == 0) { - NEXT_ARG(); -- if (get_u32(&miimon, *argv, 0)) { -+ if (get_u32(&miimon, *argv, 0)) - invarg("invalid miimon", *argv); -- return -1; -- } - addattr32(n, 1024, IFLA_BOND_MIIMON, miimon); - } else if (matches(*argv, "updelay") == 0) { - NEXT_ARG(); -- if (get_u32(&updelay, *argv, 0)) { -+ if (get_u32(&updelay, *argv, 0)) - invarg("invalid updelay", *argv); -- return -1; -- } - addattr32(n, 1024, IFLA_BOND_UPDELAY, updelay); - } else if (matches(*argv, "downdelay") == 0) { - NEXT_ARG(); -- if (get_u32(&downdelay, *argv, 0)) { -+ if (get_u32(&downdelay, *argv, 0)) - invarg("invalid downdelay", *argv); -- return -1; -- } - addattr32(n, 1024, IFLA_BOND_DOWNDELAY, downdelay); - } else if (matches(*argv, "use_carrier") == 0) { - NEXT_ARG(); -- if (get_u8(&use_carrier, *argv, 0)) { -+ if (get_u8(&use_carrier, *argv, 0)) - invarg("invalid use_carrier", *argv); -- return -1; -- } - addattr8(n, 1024, IFLA_BOND_USE_CARRIER, use_carrier); - } else if (matches(*argv, "arp_interval") == 0) { - NEXT_ARG(); -- if (get_u32(&arp_interval, *argv, 0)) { -+ if (get_u32(&arp_interval, *argv, 0)) - invarg("invalid arp_interval", *argv); -- return -1; -- } - addattr32(n, 1024, IFLA_BOND_ARP_INTERVAL, arp_interval); - } else if (matches(*argv, "arp_ip_target") == 0) { - struct rtattr * nest = addattr_nest(n, 1024, -@@ -239,18 +227,14 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - addattr_nest_end(n, nest); - } else if (matches(*argv, "arp_validate") == 0) { - NEXT_ARG(); -- if (get_index(arp_validate_tbl, *argv) < 0) { -+ if (get_index(arp_validate_tbl, *argv) < 0) - invarg("invalid arp_validate", *argv); -- return -1; -- } - arp_validate = get_index(arp_validate_tbl, *argv); - addattr32(n, 1024, IFLA_BOND_ARP_VALIDATE, arp_validate); - } else if (matches(*argv, "arp_all_targets") == 0) { - NEXT_ARG(); -- if (get_index(arp_all_targets_tbl, *argv) < 0) { -+ if (get_index(arp_all_targets_tbl, *argv) < 0) - invarg("invalid arp_all_targets", *argv); -- return -1; -- } - arp_all_targets = get_index(arp_all_targets_tbl, *argv); - addattr32(n, 1024, IFLA_BOND_ARP_ALL_TARGETS, arp_all_targets); - } else if (matches(*argv, "primary") == 0) { -@@ -261,108 +245,93 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, - addattr32(n, 1024, IFLA_BOND_PRIMARY, ifindex); - } else if (matches(*argv, "primary_reselect") == 0) { - NEXT_ARG(); -- if (get_index(primary_reselect_tbl, *argv) < 0) { -+ if (get_index(primary_reselect_tbl, *argv) < 0) - invarg("invalid primary_reselect", *argv); -- return -1; -- } - primary_reselect = get_index(primary_reselect_tbl, *argv); - addattr8(n, 1024, IFLA_BOND_PRIMARY_RESELECT, - primary_reselect); - } else if (matches(*argv, "fail_over_mac") == 0) { - NEXT_ARG(); -- if (get_index(fail_over_mac_tbl, *argv) < 0) { -+ if (get_index(fail_over_mac_tbl, *argv) < 0) - invarg("invalid fail_over_mac", *argv); -- return -1; -- } - fail_over_mac = get_index(fail_over_mac_tbl, *argv); - addattr8(n, 1024, IFLA_BOND_FAIL_OVER_MAC, - fail_over_mac); - } else if (matches(*argv, "xmit_hash_policy") == 0) { - NEXT_ARG(); -- if (get_index(xmit_hash_policy_tbl, *argv) < 0) { -+ if (get_index(xmit_hash_policy_tbl, *argv) < 0) - invarg("invalid xmit_hash_policy", *argv); -- return -1; -- } -+ - xmit_hash_policy = get_index(xmit_hash_policy_tbl, *argv); - addattr8(n, 1024, IFLA_BOND_XMIT_HASH_POLICY, - xmit_hash_policy); - } else if (matches(*argv, "resend_igmp") == 0) { - NEXT_ARG(); -- if (get_u32(&resend_igmp, *argv, 0)) { -+ if (get_u32(&resend_igmp, *argv, 0)) - invarg("invalid resend_igmp", *argv); -- return -1; -- } -+ - addattr32(n, 1024, IFLA_BOND_RESEND_IGMP, resend_igmp); - } else if (matches(*argv, "num_grat_arp") == 0 || - matches(*argv, "num_unsol_na") == 0) { - NEXT_ARG(); -- if (get_u8(&num_peer_notif, *argv, 0)) { -+ if (get_u8(&num_peer_notif, *argv, 0)) - invarg("invalid num_grat_arp|num_unsol_na", - *argv); -- return -1; -- } -+ - addattr8(n, 1024, IFLA_BOND_NUM_PEER_NOTIF, - num_peer_notif); - } else if (matches(*argv, "all_slaves_active") == 0) { - NEXT_ARG(); -- if (get_u8(&all_slaves_active, *argv, 0)) { -+ if (get_u8(&all_slaves_active, *argv, 0)) - invarg("invalid all_slaves_active", *argv); -- return -1; -- } -+ - addattr8(n, 1024, IFLA_BOND_ALL_SLAVES_ACTIVE, - all_slaves_active); - } else if (matches(*argv, "min_links") == 0) { - NEXT_ARG(); -- if (get_u32(&min_links, *argv, 0)) { -+ if (get_u32(&min_links, *argv, 0)) - invarg("invalid min_links", *argv); -- return -1; -- } -+ - addattr32(n, 1024, IFLA_BOND_MIN_LINKS, min_links); - } else if (matches(*argv, "lp_interval") == 0) { - NEXT_ARG(); -- if (get_u32(&lp_interval, *argv, 0)) { -+ if (get_u32(&lp_interval, *argv, 0)) - invarg("invalid lp_interval", *argv); -- return -1; -- } -+ - addattr32(n, 1024, IFLA_BOND_LP_INTERVAL, lp_interval); - } else if (matches(*argv, "packets_per_slave") == 0) { - NEXT_ARG(); -- if (get_u32(&packets_per_slave, *argv, 0)) { -+ if (get_u32(&packets_per_slave, *argv, 0)) - invarg("invalid packets_per_slave", *argv); -- return -1; -- } -+ - addattr32(n, 1024, IFLA_BOND_PACKETS_PER_SLAVE, - packets_per_slave); - } else if (matches(*argv, "lacp_rate") == 0) { - NEXT_ARG(); -- if (get_index(lacp_rate_tbl, *argv) < 0) { -+ if (get_index(lacp_rate_tbl, *argv) < 0) - invarg("invalid lacp_rate", *argv); -- return -1; -- } -+ - lacp_rate = get_index(lacp_rate_tbl, *argv); - addattr8(n, 1024, IFLA_BOND_AD_LACP_RATE, lacp_rate); - } else if (matches(*argv, "ad_select") == 0) { - NEXT_ARG(); -- if (get_index(ad_select_tbl, *argv) < 0) { -+ if (get_index(ad_select_tbl, *argv) < 0) - invarg("invalid ad_select", *argv); -- return -1; -- } -+ - ad_select = get_index(ad_select_tbl, *argv); - addattr8(n, 1024, IFLA_BOND_AD_SELECT, ad_select); - } else if (matches(*argv, "ad_user_port_key") == 0) { - NEXT_ARG(); -- if (get_u16(&ad_user_port_key, *argv, 0)) { -+ if (get_u16(&ad_user_port_key, *argv, 0)) - invarg("invalid ad_user_port_key", *argv); -- return -1; -- } -+ - addattr16(n, 1024, IFLA_BOND_AD_USER_PORT_KEY, - ad_user_port_key); - } else if (matches(*argv, "ad_actor_sys_prio") == 0) { - NEXT_ARG(); -- if (get_u16(&ad_actor_sys_prio, *argv, 0)) { -+ if (get_u16(&ad_actor_sys_prio, *argv, 0)) - invarg("invalid ad_actor_sys_prio", *argv); -- return -1; -- } -+ - addattr16(n, 1024, IFLA_BOND_AD_ACTOR_SYS_PRIO, - ad_actor_sys_prio); - } else if (matches(*argv, "ad_actor_system") == 0) { --- -1.8.3.1 - diff --git a/SOURCES/0067-iplink-bridge-add-support-for-IFLA_BR_MCAST_SNOOPING.patch b/SOURCES/0067-iplink-bridge-add-support-for-IFLA_BR_MCAST_SNOOPING.patch new file mode 100644 index 0000000..6975c9a --- /dev/null +++ b/SOURCES/0067-iplink-bridge-add-support-for-IFLA_BR_MCAST_SNOOPING.patch @@ -0,0 +1,63 @@ +From 8769aa87b7b1def755ce8f7c1865815b038580c9 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:00 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_MCAST_SNOOPING + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 7ddd2d946cebf + +commit 7ddd2d946cebf031c90d7b0d62b32bd880f7af8c +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:26 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_SNOOPING + + This patch implements support for the IFLA_BR_MCAST_SNOOPING attribute + in iproute2 so it can change the multicast snooping value. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 7c2165c..a216bd4 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -33,6 +33,7 @@ static void print_explain(FILE *f) + " [ vlan_filtering VLAN_FILTERING ]\n" + " [ vlan_protocol VLAN_PROTOCOL ]\n" + " [ vlan_default_pvid VLAN_DEFAULT_PVID ]\n" ++ " [ mcast_snooping MULTICAST_SNOOPING ]\n" + " [ mcast_router MULTICAST_ROUTER ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" +@@ -155,6 +156,14 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + invarg("invalid mcast_router", *argv); + + addattr8(n, 1024, IFLA_BR_MCAST_ROUTER, mcast_router); ++ } else if (matches(*argv, "mcast_snooping") == 0) { ++ __u8 mcast_snoop; ++ ++ NEXT_ARG(); ++ if (get_u8(&mcast_snoop, *argv, 0)) ++ invarg("invalid mcast_snooping", *argv); ++ ++ addattr8(n, 1024, IFLA_BR_MCAST_SNOOPING, mcast_snoop); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -293,6 +302,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + 1 /*ARPHDR_ETHER*/, mac, sizeof(mac))); + } + ++ if (tb[IFLA_BR_MCAST_SNOOPING]) ++ fprintf(f, "mcast_snooping %u ", ++ rta_getattr_u8(tb[IFLA_BR_MCAST_SNOOPING])); ++ + if (tb[IFLA_BR_MCAST_ROUTER]) + fprintf(f, "mcast_router %u ", + rta_getattr_u8(tb[IFLA_BR_MCAST_ROUTER])); +-- +1.8.3.1 + diff --git a/SOURCES/0068-ip-link-missing-options-in-bond-usage.patch b/SOURCES/0068-ip-link-missing-options-in-bond-usage.patch deleted file mode 100644 index 7bd2e26..0000000 --- a/SOURCES/0068-ip-link-missing-options-in-bond-usage.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 66db03bb795390998c935f05bcfe5d379853c46e Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:27:28 +0100 -Subject: [PATCH] ip link: missing options in bond usage - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit a197883432896 - -commit a197883432896d52c8f3b0ef34c2c4887a61473e -Author: Arthur Gautier -Date: Fri Sep 11 12:48:28 2015 +0000 - - ip link: missing options in bond usage - - Signed-off-by: Arthur Gautier ---- - ip/iplink_bond.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c -index 9d96cfe..cb2f045 100644 ---- a/ip/iplink_bond.c -+++ b/ip/iplink_bond.c -@@ -145,7 +145,7 @@ static void print_explain(FILE *f) - "ARP_ALL_TARGETS := any|all\n" - "PRIMARY_RESELECT := always|better|failure\n" - "FAIL_OVER_MAC := none|active|follow\n" -- "XMIT_HASH_POLICY := layer2|layer2+3|layer3+4\n" -+ "XMIT_HASH_POLICY := layer2|layer2+3|layer3+4|encap2+3|encap3+4\n" - "LACP_RATE := slow|fast\n" - "AD_SELECT := stable|bandwidth|count\n" - ); --- -1.8.3.1 - diff --git a/SOURCES/0068-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_US.patch b/SOURCES/0068-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_US.patch new file mode 100644 index 0000000..1e24f01 --- /dev/null +++ b/SOURCES/0068-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_US.patch @@ -0,0 +1,66 @@ +From 5bc978a10c2bb2f4542f329c3cb8a44b323e26fd Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:01 +0100 +Subject: [PATCH] iplink: bridge: add support for + IFLA_BR_MCAST_QUERY_USE_IFADDR + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 449843d1d6b7e + +commit 449843d1d6b7ed11723b6a6585a4b781a110ffdd +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:27 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_QUERY_USE_IFADDR + + This patch implements support for the IFLA_BR_MCAST_QUERY_USE_IFADDR + attribute in iproute2 so it can toggle the multicast_query_use_ifaddr val. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index a216bd4..7b2bba8 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -35,6 +35,7 @@ static void print_explain(FILE *f) + " [ vlan_default_pvid VLAN_DEFAULT_PVID ]\n" + " [ mcast_snooping MULTICAST_SNOOPING ]\n" + " [ mcast_router MULTICAST_ROUTER ]\n" ++ " [ mcast_query_use_ifaddr MCAST_QUERY_USE_IFADDR ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -164,6 +165,16 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + invarg("invalid mcast_snooping", *argv); + + addattr8(n, 1024, IFLA_BR_MCAST_SNOOPING, mcast_snoop); ++ } else if (matches(*argv, "mcast_query_use_ifaddr") == 0) { ++ __u8 mcast_qui; ++ ++ NEXT_ARG(); ++ if (get_u8(&mcast_qui, *argv, 0)) ++ invarg("invalid mcast_query_use_ifaddr", ++ *argv); ++ ++ addattr8(n, 1024, IFLA_BR_MCAST_QUERY_USE_IFADDR, ++ mcast_qui); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -309,6 +320,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_ROUTER]) + fprintf(f, "mcast_router %u ", + rta_getattr_u8(tb[IFLA_BR_MCAST_ROUTER])); ++ ++ if (tb[IFLA_BR_MCAST_QUERY_USE_IFADDR]) ++ fprintf(f, "mcast_query_use_ifaddr %u ", ++ rta_getattr_u8(tb[IFLA_BR_MCAST_QUERY_USE_IFADDR])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0069-ip-remove-extra-newlines-at-end-of-file.patch b/SOURCES/0069-ip-remove-extra-newlines-at-end-of-file.patch deleted file mode 100644 index 817301b..0000000 --- a/SOURCES/0069-ip-remove-extra-newlines-at-end-of-file.patch +++ /dev/null @@ -1,73 +0,0 @@ -From f681ef8608cd2d4addf701d1773d5e01afcbde95 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:27:28 +0100 -Subject: [PATCH] ip: remove extra newlines at end-of-file - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit f7520a1998995 -Conflicts: Dropped changes to ip/ipfou.c since RHEL7 does not support - that. - -commit f7520a1998995f29730692212c1c87a39064e168 -Author: Stephen Hemminger -Date: Fri Oct 23 15:41:58 2015 -0700 - - ip: remove extra newlines at end-of-file - - Shouldn't have extra blank lines. ---- - ip/ipaddrlabel.c | 1 - - ip/iplink_bond_slave.c | 1 - - ip/ipprefix.c | 1 - - ip/iproute.c | 1 - - ip/tcp_metrics.c | 1 - - 5 files changed, 5 deletions(-) - -diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c -index c5d69f4..1158b33 100644 ---- a/ip/ipaddrlabel.c -+++ b/ip/ipaddrlabel.c -@@ -263,4 +263,3 @@ int do_ipaddrlabel(int argc, char **argv) - fprintf(stderr, "Command \"%s\" is unknown, try \"ip addrlabel help\".\n", *argv); - exit(-1); - } -- -diff --git a/ip/iplink_bond_slave.c b/ip/iplink_bond_slave.c -index 33bea91..9b569b1 100644 ---- a/ip/iplink_bond_slave.c -+++ b/ip/iplink_bond_slave.c -@@ -113,4 +113,3 @@ struct link_util bond_slave_link_util = { - .parse_opt = bond_slave_parse_opt, - .slave = true, - }; -- -diff --git a/ip/ipprefix.c b/ip/ipprefix.c -index 42f51e7..286c09b 100644 ---- a/ip/ipprefix.c -+++ b/ip/ipprefix.c -@@ -108,4 +108,3 @@ int print_prefix(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) - - return 0; - } -- -diff --git a/ip/iproute.c b/ip/iproute.c -index 27e04a8..b7e0b15 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -1696,4 +1696,3 @@ int do_iproute(int argc, char **argv) - fprintf(stderr, "Command \"%s\" is unknown, try \"ip route help\".\n", *argv); - exit(-1); - } -- -diff --git a/ip/tcp_metrics.c b/ip/tcp_metrics.c -index 8fa4b26..7e7cf27 100644 ---- a/ip/tcp_metrics.c -+++ b/ip/tcp_metrics.c -@@ -427,4 +427,3 @@ int do_tcp_metrics(int argc, char **argv) - "try \"ip tcp_metrics help\".\n", *argv); - exit(-1); - } -- --- -1.8.3.1 - diff --git a/SOURCES/0069-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERIER.patch b/SOURCES/0069-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERIER.patch new file mode 100644 index 0000000..9731e19 --- /dev/null +++ b/SOURCES/0069-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERIER.patch @@ -0,0 +1,63 @@ +From fe330edb2a14d72af6175027c00b19c336501c6c Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:01 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_MCAST_QUERIER + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 0778b741225a5 + +commit 0778b741225a51bb6d72fe42683267e86bc31215 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:28 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_QUERIER + + This patch implements support for the IFLA_BR_MCAST_QUERIER attribute + in iproute2 so it can toggle the mcast querier value. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 7b2bba8..620a9f9 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -36,6 +36,7 @@ static void print_explain(FILE *f) + " [ mcast_snooping MULTICAST_SNOOPING ]\n" + " [ mcast_router MULTICAST_ROUTER ]\n" + " [ mcast_query_use_ifaddr MCAST_QUERY_USE_IFADDR ]\n" ++ " [ mcast_querier MULTICAST_QUERIER ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -175,6 +176,14 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + + addattr8(n, 1024, IFLA_BR_MCAST_QUERY_USE_IFADDR, + mcast_qui); ++ } else if (matches(*argv, "mcast_querier") == 0) { ++ __u8 mcast_querier; ++ ++ NEXT_ARG(); ++ if (get_u8(&mcast_querier, *argv, 0)) ++ invarg("invalid mcast_querier", *argv); ++ ++ addattr8(n, 1024, IFLA_BR_MCAST_QUERIER, mcast_querier); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -324,6 +333,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_QUERY_USE_IFADDR]) + fprintf(f, "mcast_query_use_ifaddr %u ", + rta_getattr_u8(tb[IFLA_BR_MCAST_QUERY_USE_IFADDR])); ++ ++ if (tb[IFLA_BR_MCAST_QUERIER]) ++ fprintf(f, "mcast_querier %u ", ++ rta_getattr_u8(tb[IFLA_BR_MCAST_QUERIER])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0070-iplink-bond_slave-fix-ad_actor-partner_oper_port_sta.patch b/SOURCES/0070-iplink-bond_slave-fix-ad_actor-partner_oper_port_sta.patch deleted file mode 100644 index 90b00f3..0000000 --- a/SOURCES/0070-iplink-bond_slave-fix-ad_actor-partner_oper_port_sta.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 35fdf5a241f8111eba6b81e9f736ac9df1e07bc4 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 23 Feb 2016 18:28:00 +0100 -Subject: [PATCH] iplink: bond_slave: fix ad_actor/partner_oper_port_state - output - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit e6c38e2c59c92 - -commit e6c38e2c59c922229ca615b6f913523dd6ee7c24 -Author: Nikolay Aleksandrov -Date: Mon Feb 8 17:13:58 2016 +0100 - - iplink: bond_slave: fix ad_actor/partner_oper_port_state output - - It seems that I've made a mistake when I exported these, instead of a - space in the end I've put a newline character which is wrong and breaks - the single line output. - - Fixes: 7d6bc3b87abad ("bonding: export 3ad actor and partner port state") - Reported-by: Sam Tannous - Signed-off-by: Nikolay Aleksandrov ---- - ip/iplink_bond_slave.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ip/iplink_bond_slave.c b/ip/iplink_bond_slave.c -index 9b569b1..2f3364e 100644 ---- a/ip/iplink_bond_slave.c -+++ b/ip/iplink_bond_slave.c -@@ -80,11 +80,11 @@ static void bond_slave_print_opt(struct link_util *lu, FILE *f, struct rtattr *t - rta_getattr_u16(tb[IFLA_BOND_SLAVE_AD_AGGREGATOR_ID])); - - if (tb[IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE]) -- fprintf(f, "ad_actor_oper_port_state %d\n", -+ fprintf(f, "ad_actor_oper_port_state %d ", - rta_getattr_u8(tb[IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE])); - - if (tb[IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE]) -- fprintf(f, "ad_partner_oper_port_state %d\n", -+ fprintf(f, "ad_partner_oper_port_state %d ", - rta_getattr_u16(tb[IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE])); - } - --- -1.8.3.1 - diff --git a/SOURCES/0070-iplink-bridge-add-support-for-IFLA_BR_MCAST_HASH_ELA.patch b/SOURCES/0070-iplink-bridge-add-support-for-IFLA_BR_MCAST_HASH_ELA.patch new file mode 100644 index 0000000..6609d4f --- /dev/null +++ b/SOURCES/0070-iplink-bridge-add-support-for-IFLA_BR_MCAST_HASH_ELA.patch @@ -0,0 +1,65 @@ +From 42636a2ce4901df806543e994fa6cffc6992656f Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:01 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_MCAST_HASH_ELASTICITY + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 92c0ef7071b38 + +commit 92c0ef7071b3895ea89f26b7b7b6a77141e43578 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:29 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_HASH_ELASTICITY + + This patch implements support for the IFLA_BR_MCAST_HASH_ELASTICTITY + attribute in iproute2 so it can change the hash elasticity value. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 620a9f9..3e444d3 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -37,6 +37,7 @@ static void print_explain(FILE *f) + " [ mcast_router MULTICAST_ROUTER ]\n" + " [ mcast_query_use_ifaddr MCAST_QUERY_USE_IFADDR ]\n" + " [ mcast_querier MULTICAST_QUERIER ]\n" ++ " [ mcast_hash_elasticity HASH_ELASTICITY ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -184,6 +185,16 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + invarg("invalid mcast_querier", *argv); + + addattr8(n, 1024, IFLA_BR_MCAST_QUERIER, mcast_querier); ++ } else if (matches(*argv, "mcast_hash_elasticity") == 0) { ++ __u32 mcast_hash_el; ++ ++ NEXT_ARG(); ++ if (get_u32(&mcast_hash_el, *argv, 0)) ++ invarg("invalid mcast_hash_elasticity", ++ *argv); ++ ++ addattr32(n, 1024, IFLA_BR_MCAST_HASH_ELASTICITY, ++ mcast_hash_el); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -337,6 +348,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_QUERIER]) + fprintf(f, "mcast_querier %u ", + rta_getattr_u8(tb[IFLA_BR_MCAST_QUERIER])); ++ ++ if (tb[IFLA_BR_MCAST_HASH_ELASTICITY]) ++ fprintf(f, "mcast_hash_elasticity %u ", ++ rta_getattr_u32(tb[IFLA_BR_MCAST_HASH_ELASTICITY])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0071-add-bridge_slave-device-support.patch b/SOURCES/0071-add-bridge_slave-device-support.patch deleted file mode 100644 index d97b0c3..0000000 --- a/SOURCES/0071-add-bridge_slave-device-support.patch +++ /dev/null @@ -1,227 +0,0 @@ -From 6ec8ce797ff664a31494a1b9693465f1c545fb91 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 24 Feb 2016 10:48:07 +0100 -Subject: [PATCH] add bridge_slave device support - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1270759 -Upstream Status: iproute2.git commit 8c39db391d21a -Conflicts: Context conflict due to missing HSR device support. - -commit 8c39db391d21ad118e9f2fd6d35f097dea01cdf4 -Author: Jiri Pirko -Date: Sun Sep 28 16:31:04 2014 -0700 - - add bridge_slave device support - - Note this depends on "iproute2: allow to change slave options via - type_slave" ---- - ip/Makefile | 3 +- - ip/iplink_bridge_slave.c | 181 +++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 183 insertions(+), 1 deletion(-) - create mode 100644 ip/iplink_bridge_slave.c - -diff --git a/ip/Makefile b/ip/Makefile -index 080b079..8d4f128 100644 ---- a/ip/Makefile -+++ b/ip/Makefile -@@ -5,7 +5,8 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ - iplink_vlan.o link_veth.o link_gre.o iplink_can.o \ - iplink_macvlan.o iplink_macvtap.o ipl2tp.o link_vti.o link_vti6.o \ - iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ -- link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o -+ link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o \ -+ iplink_bridge_slave.o - - RTMONOBJ=rtmon.o - -diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c -new file mode 100644 -index 0000000..a285185 ---- /dev/null -+++ b/ip/iplink_bridge_slave.c -@@ -0,0 +1,181 @@ -+/* -+ * iplink_bridge_slave.c Bridge slave device support -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Jiri Pirko -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+#include "rt_names.h" -+#include "utils.h" -+#include "ip_common.h" -+ -+static void explain(void) -+{ -+ fprintf(stderr, -+ "Usage: ... bridge_slave [ state STATE ] [ priority PRIO ] [cost COST ]\n" -+ " [ guard {on | off} ]\n" -+ " [ hairpin {on | off} ] \n" -+ " [ fastleave {on | off} ]\n" -+ " [ root_block {on | off} ]\n" -+ " [ learning {on | off} ]\n" -+ " [ flood {on | off} ]\n" -+ ); -+} -+ -+static const char *port_states[] = { -+ [BR_STATE_DISABLED] = "disabled", -+ [BR_STATE_LISTENING] = "listening", -+ [BR_STATE_LEARNING] = "learning", -+ [BR_STATE_FORWARDING] = "forwarding", -+ [BR_STATE_BLOCKING] = "blocking", -+}; -+ -+static void print_portstate(FILE *f, __u8 state) -+{ -+ if (state <= BR_STATE_BLOCKING) -+ fprintf(f, "state %s ", port_states[state]); -+ else -+ fprintf(f, "state (%d) ", state); -+} -+ -+static void print_onoff(FILE *f, char *flag, __u8 val) -+{ -+ fprintf(f, "%s %s ", flag, val ? "on" : "off"); -+} -+ -+static void bridge_slave_print_opt(struct link_util *lu, FILE *f, -+ struct rtattr *tb[]) -+{ -+ if (!tb) -+ return; -+ -+ if (tb[IFLA_BRPORT_STATE]) -+ print_portstate(f, rta_getattr_u8(tb[IFLA_BRPORT_STATE])); -+ -+ if (tb[IFLA_BRPORT_PRIORITY]) -+ fprintf(f, "priority %d ", -+ rta_getattr_u16(tb[IFLA_BRPORT_PRIORITY])); -+ -+ if (tb[IFLA_BRPORT_COST]) -+ fprintf(f, "cost %d ", -+ rta_getattr_u32(tb[IFLA_BRPORT_COST])); -+ -+ if (tb[IFLA_BRPORT_MODE]) -+ print_onoff(f, "hairpin", -+ rta_getattr_u8(tb[IFLA_BRPORT_MODE])); -+ -+ if (tb[IFLA_BRPORT_GUARD]) -+ print_onoff(f, "guard", -+ rta_getattr_u8(tb[IFLA_BRPORT_GUARD])); -+ -+ if (tb[IFLA_BRPORT_PROTECT]) -+ print_onoff(f, "root_block", -+ rta_getattr_u8(tb[IFLA_BRPORT_PROTECT])); -+ -+ if (tb[IFLA_BRPORT_FAST_LEAVE]) -+ print_onoff(f, "fastleave", -+ rta_getattr_u8(tb[IFLA_BRPORT_FAST_LEAVE])); -+ -+ if (tb[IFLA_BRPORT_LEARNING]) -+ print_onoff(f, "learning", -+ rta_getattr_u8(tb[IFLA_BRPORT_LEARNING])); -+ -+ if (tb[IFLA_BRPORT_UNICAST_FLOOD]) -+ print_onoff(f, "flood", -+ rta_getattr_u8(tb[IFLA_BRPORT_UNICAST_FLOOD])); -+} -+ -+static void bridge_slave_parse_on_off(char *arg_name, char *arg_val, -+ struct nlmsghdr *n, int type) -+{ -+ __u8 val; -+ -+ if (strcmp(arg_val, "on") == 0) -+ val = 1; -+ else if (strcmp(arg_val, "off") == 0) -+ val = 0; -+ else -+ invarg("should be \"on\" or \"off\"", arg_name); -+ -+ addattr8(n, 1024, type, val); -+} -+ -+static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv, -+ struct nlmsghdr *n) -+{ -+ __u8 state; -+ __u16 priority; -+ __u32 cost; -+ -+ while (argc > 0) { -+ if (matches(*argv, "state") == 0) { -+ NEXT_ARG(); -+ if (get_u8(&state, *argv, 0)) -+ invarg("state is invalid", *argv); -+ addattr8(n, 1024, IFLA_BRPORT_STATE, state); -+ } else if (matches(*argv, "priority") == 0) { -+ NEXT_ARG(); -+ if (get_u16(&priority, *argv, 0)) -+ invarg("priority is invalid", *argv); -+ addattr16(n, 1024, IFLA_BRPORT_PRIORITY, priority); -+ } else if (matches(*argv, "cost") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&cost, *argv, 0)) -+ invarg("cost is invalid", *argv); -+ addattr32(n, 1024, IFLA_BRPORT_COST, cost); -+ } else if (matches(*argv, "hairpin") == 0) { -+ NEXT_ARG(); -+ bridge_slave_parse_on_off("hairpin", *argv, n, -+ IFLA_BRPORT_MODE); -+ } else if (matches(*argv, "guard") == 0) { -+ NEXT_ARG(); -+ bridge_slave_parse_on_off("guard", *argv, n, -+ IFLA_BRPORT_GUARD); -+ } else if (matches(*argv, "root_block") == 0) { -+ NEXT_ARG(); -+ bridge_slave_parse_on_off("root_block", *argv, n, -+ IFLA_BRPORT_PROTECT); -+ } else if (matches(*argv, "fastleave") == 0) { -+ NEXT_ARG(); -+ bridge_slave_parse_on_off("fastleave", *argv, n, -+ IFLA_BRPORT_FAST_LEAVE); -+ } else if (matches(*argv, "learning") == 0) { -+ NEXT_ARG(); -+ bridge_slave_parse_on_off("learning", *argv, n, -+ IFLA_BRPORT_LEARNING); -+ } else if (matches(*argv, "flood") == 0) { -+ NEXT_ARG(); -+ bridge_slave_parse_on_off("flood", *argv, n, -+ IFLA_BRPORT_UNICAST_FLOOD); -+ } else if (matches(*argv, "help") == 0) { -+ explain(); -+ return -1; -+ } else { -+ fprintf(stderr, "bridge_slave: unknown option \"%s\"?\n", -+ *argv); -+ explain(); -+ return -1; -+ } -+ argc--, argv++; -+ } -+ -+ return 0; -+} -+ -+struct link_util bridge_slave_link_util = { -+ .id = "bridge", -+ .maxattr = IFLA_BRPORT_MAX, -+ .print_opt = bridge_slave_print_opt, -+ .parse_opt = bridge_slave_parse_opt, -+ .slave = true, -+}; --- -1.8.3.1 - diff --git a/SOURCES/0071-iplink-bridge-add-support-for-IFLA_BR_MCAST_HASH_MAX.patch b/SOURCES/0071-iplink-bridge-add-support-for-IFLA_BR_MCAST_HASH_MAX.patch new file mode 100644 index 0000000..1736339 --- /dev/null +++ b/SOURCES/0071-iplink-bridge-add-support-for-IFLA_BR_MCAST_HASH_MAX.patch @@ -0,0 +1,64 @@ +From 41e7d29781bc840644e366ba340d41af80076cdc Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:01 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_MCAST_HASH_MAX + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 8b9eb7cd25941 + +commit 8b9eb7cd259416d0a46bd7ed7820f6bfdd909b64 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:30 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_HASH_MAX + + This patch implements support for the IFLA_BR_MCAST_HASH_MAX attribute + in iproute2 so it can change the maximum hashed entries. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 3e444d3..42067ed 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -38,6 +38,7 @@ static void print_explain(FILE *f) + " [ mcast_query_use_ifaddr MCAST_QUERY_USE_IFADDR ]\n" + " [ mcast_querier MULTICAST_QUERIER ]\n" + " [ mcast_hash_elasticity HASH_ELASTICITY ]\n" ++ " [ mcast_hash_max HASH_MAX ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -195,6 +196,15 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + + addattr32(n, 1024, IFLA_BR_MCAST_HASH_ELASTICITY, + mcast_hash_el); ++ } else if (matches(*argv, "mcast_hash_max") == 0) { ++ __u32 mcast_hash_max; ++ ++ NEXT_ARG(); ++ if (get_u32(&mcast_hash_max, *argv, 0)) ++ invarg("invalid mcast_hash_max", *argv); ++ ++ addattr32(n, 1024, IFLA_BR_MCAST_HASH_MAX, ++ mcast_hash_max); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -352,6 +362,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_HASH_ELASTICITY]) + fprintf(f, "mcast_hash_elasticity %u ", + rta_getattr_u32(tb[IFLA_BR_MCAST_HASH_ELASTICITY])); ++ ++ if (tb[IFLA_BR_MCAST_HASH_MAX]) ++ fprintf(f, "mcast_hash_max %u ", ++ rta_getattr_u32(tb[IFLA_BR_MCAST_HASH_MAX])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0072-add-bridge-master-device-support.patch b/SOURCES/0072-add-bridge-master-device-support.patch deleted file mode 100644 index cc04000..0000000 --- a/SOURCES/0072-add-bridge-master-device-support.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 9c8e31c1555b5d06b90a4a0c64ffd4254a1ae28a Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 24 Feb 2016 10:48:44 +0100 -Subject: [PATCH] add bridge master device support - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1270759 -Upstream Status: iproute2.git commit 28d84b429e4e2 -Conflicts: Context changed due to missing HSR device support. - -commit 28d84b429e4e20e63f6e4746285ccfdb72eac92f -Author: Jiri Pirko -Date: Sun Sep 28 16:33:29 2014 -0700 - - add bridge master device support - - Signed-off-by: Jiri Pirko ---- - ip/Makefile | 2 +- - ip/iplink_bridge.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 94 insertions(+), 1 deletion(-) - create mode 100644 ip/iplink_bridge.c - -diff --git a/ip/Makefile b/ip/Makefile -index 8d4f128..35065d6 100644 ---- a/ip/Makefile -+++ b/ip/Makefile -@@ -6,7 +6,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ - iplink_macvlan.o iplink_macvtap.o ipl2tp.o link_vti.o link_vti6.o \ - iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ - link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o \ -- iplink_bridge_slave.o -+ iplink_bridge.o iplink_bridge_slave.o - - RTMONOBJ=rtmon.o - -diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c -new file mode 100644 -index 0000000..0cea7d1 ---- /dev/null -+++ b/ip/iplink_bridge.c -@@ -0,0 +1,93 @@ -+/* -+ * iplink_bridge.c Bridge device support -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Jiri Pirko -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#include "utils.h" -+#include "ip_common.h" -+ -+static void explain(void) -+{ -+ fprintf(stderr, -+ "Usage: ... bridge [ forward_delay FORWARD_DELAY ]\n" -+ " [ hello_time HELLO_TIME ]\n" -+ " [ max_age MAX_AGE ]\n" -+ ); -+} -+ -+static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, -+ struct nlmsghdr *n) -+{ -+ __u32 val; -+ -+ while (argc > 0) { -+ if (matches(*argv, "forward_delay") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&val, *argv, 0)) { -+ invarg("invalid forward_delay", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BR_FORWARD_DELAY, val); -+ } else if (matches(*argv, "hello_time") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&val, *argv, 0)) { -+ invarg("invalid hello_time", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BR_HELLO_TIME, val); -+ } else if (matches(*argv, "max_age") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&val, *argv, 0)) { -+ invarg("invalid max_age", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BR_MAX_AGE, val); -+ } else if (matches(*argv, "help") == 0) { -+ explain(); -+ return -1; -+ } else { -+ fprintf(stderr, "bridge: unknown command \"%s\"?\n", *argv); -+ explain(); -+ return -1; -+ } -+ argc--, argv++; -+ } -+ -+ return 0; -+} -+ -+static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) -+{ -+ if (!tb) -+ return; -+ -+ if (tb[IFLA_BR_FORWARD_DELAY]) -+ fprintf(f, "forward_delay %u ", -+ rta_getattr_u32(tb[IFLA_BR_FORWARD_DELAY])); -+ -+ if (tb[IFLA_BR_HELLO_TIME]) -+ fprintf(f, "hello_time %u ", -+ rta_getattr_u32(tb[IFLA_BR_HELLO_TIME])); -+ -+ if (tb[IFLA_BR_MAX_AGE]) -+ fprintf(f, "max_age %u ", -+ rta_getattr_u32(tb[IFLA_BR_MAX_AGE])); -+} -+ -+struct link_util bridge_link_util = { -+ .id = "bridge", -+ .maxattr = IFLA_BR_MAX, -+ .parse_opt = bridge_parse_opt, -+ .print_opt = bridge_print_opt, -+}; --- -1.8.3.1 - diff --git a/SOURCES/0072-iplink-bridge-add-support-for-IFLA_BR_MCAST_LAST_MEM.patch b/SOURCES/0072-iplink-bridge-add-support-for-IFLA_BR_MCAST_LAST_MEM.patch new file mode 100644 index 0000000..ed05a79 --- /dev/null +++ b/SOURCES/0072-iplink-bridge-add-support-for-IFLA_BR_MCAST_LAST_MEM.patch @@ -0,0 +1,65 @@ +From 9cc95859ba4632a7774631d80191aec91c84753a Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:01 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_MCAST_LAST_MEMBER_CNT + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit fb44cadb9200f + +commit fb44cadb9200f85fc1c78c5a208ce7bed2c5a594 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:31 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_LAST_MEMBER_CNT + + This patch implements support for the IFLA_BR_MCAST_LAST_MEMBER_CNT + attribute in iproute2 so it can change the last member count value. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 42067ed..54297a7 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -39,6 +39,7 @@ static void print_explain(FILE *f) + " [ mcast_querier MULTICAST_QUERIER ]\n" + " [ mcast_hash_elasticity HASH_ELASTICITY ]\n" + " [ mcast_hash_max HASH_MAX ]\n" ++ " [ mcast_last_member_count LAST_MEMBER_COUNT ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -205,6 +206,16 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + + addattr32(n, 1024, IFLA_BR_MCAST_HASH_MAX, + mcast_hash_max); ++ } else if (matches(*argv, "mcast_last_member_count") == 0) { ++ __u32 mcast_lmc; ++ ++ NEXT_ARG(); ++ if (get_u32(&mcast_lmc, *argv, 0)) ++ invarg("invalid mcast_last_member_count", ++ *argv); ++ ++ addattr32(n, 1024, IFLA_BR_MCAST_LAST_MEMBER_CNT, ++ mcast_lmc); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -366,6 +377,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_HASH_MAX]) + fprintf(f, "mcast_hash_max %u ", + rta_getattr_u32(tb[IFLA_BR_MCAST_HASH_MAX])); ++ ++ if (tb[IFLA_BR_MCAST_LAST_MEMBER_CNT]) ++ fprintf(f, "mcast_last_member_count %u ", ++ rta_getattr_u32(tb[IFLA_BR_MCAST_LAST_MEMBER_CNT])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0073-iplink-bridge-add-support-for-IFLA_BR_MCAST_STARTUP_.patch b/SOURCES/0073-iplink-bridge-add-support-for-IFLA_BR_MCAST_STARTUP_.patch new file mode 100644 index 0000000..ec1c15e --- /dev/null +++ b/SOURCES/0073-iplink-bridge-add-support-for-IFLA_BR_MCAST_STARTUP_.patch @@ -0,0 +1,66 @@ +From 8367034ba2ee56645911c33f7b6b4b4cd712ec4a Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:01 +0100 +Subject: [PATCH] iplink: bridge: add support for + IFLA_BR_MCAST_STARTUP_QUERY_CNT + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit ceb6486655254 + +commit ceb6486655254f6abde06276b564b0bb1fc2ea11 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:32 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_STARTUP_QUERY_CNT + + This patch implements support for the IFLA_BR_MCAST_STARTUP_QUERY_CNT + attribute in iproute2 so it can change the startup query count. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 54297a7..86ae6f9 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -40,6 +40,7 @@ static void print_explain(FILE *f) + " [ mcast_hash_elasticity HASH_ELASTICITY ]\n" + " [ mcast_hash_max HASH_MAX ]\n" + " [ mcast_last_member_count LAST_MEMBER_COUNT ]\n" ++ " [ mcast_startup_query_count STARTUP_QUERY_COUNT ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -216,6 +217,16 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + + addattr32(n, 1024, IFLA_BR_MCAST_LAST_MEMBER_CNT, + mcast_lmc); ++ } else if (matches(*argv, "mcast_startup_query_count") == 0) { ++ __u32 mcast_sqc; ++ ++ NEXT_ARG(); ++ if (get_u32(&mcast_sqc, *argv, 0)) ++ invarg("invalid mcast_startup_query_count", ++ *argv); ++ ++ addattr32(n, 1024, IFLA_BR_MCAST_STARTUP_QUERY_CNT, ++ mcast_sqc); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -381,6 +392,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_LAST_MEMBER_CNT]) + fprintf(f, "mcast_last_member_count %u ", + rta_getattr_u32(tb[IFLA_BR_MCAST_LAST_MEMBER_CNT])); ++ ++ if (tb[IFLA_BR_MCAST_STARTUP_QUERY_CNT]) ++ fprintf(f, "mcast_startup_query_count %u ", ++ rta_getattr_u32(tb[IFLA_BR_MCAST_STARTUP_QUERY_CNT])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0073-iplink_bridge-add-support-for-ageing_time.patch b/SOURCES/0073-iplink_bridge-add-support-for-ageing_time.patch deleted file mode 100644 index 732f062..0000000 --- a/SOURCES/0073-iplink_bridge-add-support-for-ageing_time.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 7e957986a9ff1832aed84cc8f0b77e540f36c4af Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 24 Feb 2016 10:49:04 +0100 -Subject: [PATCH] iplink_bridge: add support for ageing_time - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1270759 -Upstream Status: iproute2.git commit 6c99fb60765b7 - -commit 6c99fb60765b7a18c760f2357f6ca4da54505d9d -Author: Nikolay Aleksandrov -Date: Tue Jun 16 13:38:47 2015 +0300 - - iplink_bridge: add support for ageing_time - - This patch adds support to set ageing_time via IFLA_BR_AGEING_TIME. - - Signed-off-by: Nikolay Aleksandrov ---- - ip/iplink_bridge.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c -index 0cea7d1..2726a36 100644 ---- a/ip/iplink_bridge.c -+++ b/ip/iplink_bridge.c -@@ -23,6 +23,7 @@ static void explain(void) - "Usage: ... bridge [ forward_delay FORWARD_DELAY ]\n" - " [ hello_time HELLO_TIME ]\n" - " [ max_age MAX_AGE ]\n" -+ " [ ageing_time AGEING_TIME ]\n" - ); - } - -@@ -53,6 +54,13 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, - return -1; - } - addattr32(n, 1024, IFLA_BR_MAX_AGE, val); -+ } else if (matches(*argv, "ageing_time") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&val, *argv, 0)) { -+ invarg("invalid ageing_time", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BR_AGEING_TIME, val); - } else if (matches(*argv, "help") == 0) { - explain(); - return -1; --- -1.8.3.1 - diff --git a/SOURCES/0074-iplink-bridge-add-support-for-IFLA_BR_MCAST_LAST_MEM.patch b/SOURCES/0074-iplink-bridge-add-support-for-IFLA_BR_MCAST_LAST_MEM.patch new file mode 100644 index 0000000..07aa3c0 --- /dev/null +++ b/SOURCES/0074-iplink-bridge-add-support-for-IFLA_BR_MCAST_LAST_MEM.patch @@ -0,0 +1,66 @@ +From 53337da90ff5a087814056c2fc271e07b4db852c Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:01 +0100 +Subject: [PATCH] iplink: bridge: add support for + IFLA_BR_MCAST_LAST_MEMBER_INTVL + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 10082a253fb26 + +commit 10082a253fb2649b94093dec7737b15c72e159d4 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:33 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_LAST_MEMBER_INTVL + + This patch implements support for the IFLA_BR_MCAST_LAST_MEMBER_INTVL + attribute in iproute2 so it can change the last member interval. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 86ae6f9..5d8810c 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -41,6 +41,7 @@ static void print_explain(FILE *f) + " [ mcast_hash_max HASH_MAX ]\n" + " [ mcast_last_member_count LAST_MEMBER_COUNT ]\n" + " [ mcast_startup_query_count STARTUP_QUERY_COUNT ]\n" ++ " [ mcast_last_member_interval LAST_MEMBER_INTERVAL ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -227,6 +228,16 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + + addattr32(n, 1024, IFLA_BR_MCAST_STARTUP_QUERY_CNT, + mcast_sqc); ++ } else if (matches(*argv, "mcast_last_member_interval") == 0) { ++ __u64 mcast_last_member_intvl; ++ ++ NEXT_ARG(); ++ if (get_u64(&mcast_last_member_intvl, *argv, 0)) ++ invarg("invalid mcast_last_member_interval", ++ *argv); ++ ++ addattr64(n, 1024, IFLA_BR_MCAST_LAST_MEMBER_INTVL, ++ mcast_last_member_intvl); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -396,6 +407,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_STARTUP_QUERY_CNT]) + fprintf(f, "mcast_startup_query_count %u ", + rta_getattr_u32(tb[IFLA_BR_MCAST_STARTUP_QUERY_CNT])); ++ ++ if (tb[IFLA_BR_MCAST_LAST_MEMBER_INTVL]) ++ fprintf(f, "mcast_last_member_interval %llu ", ++ rta_getattr_u64(tb[IFLA_BR_MCAST_LAST_MEMBER_INTVL])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0074-iplink_bridge-add-support-for-stp_state.patch b/SOURCES/0074-iplink_bridge-add-support-for-stp_state.patch deleted file mode 100644 index 0bc1b9b..0000000 --- a/SOURCES/0074-iplink_bridge-add-support-for-stp_state.patch +++ /dev/null @@ -1,50 +0,0 @@ -From a86ae0b0475aef00435b503628b3bf4faeb4a599 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 24 Feb 2016 10:49:04 +0100 -Subject: [PATCH] iplink_bridge: add support for stp_state - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1270759 -Upstream Status: iproute2.git commit dab049628a8e5 - -commit dab049628a8e5e962ecc9edf9e37ac858ce3200b -Author: Nikolay Aleksandrov -Date: Tue Jun 16 13:38:48 2015 +0300 - - iplink_bridge: add support for stp_state - - This patch adds support to set stp_state via IFLA_BR_STP_STATE. - - Signed-off-by: Nikolay Aleksandrov ---- - ip/iplink_bridge.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c -index 2726a36..79b9e04 100644 ---- a/ip/iplink_bridge.c -+++ b/ip/iplink_bridge.c -@@ -24,6 +24,7 @@ static void explain(void) - " [ hello_time HELLO_TIME ]\n" - " [ max_age MAX_AGE ]\n" - " [ ageing_time AGEING_TIME ]\n" -+ " [ stp_state STP_STATE ]\n" - ); - } - -@@ -61,6 +62,13 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, - return -1; - } - addattr32(n, 1024, IFLA_BR_AGEING_TIME, val); -+ } else if (matches(*argv, "stp_state") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&val, *argv, 0)) { -+ invarg("invalid stp_state", *argv); -+ return -1; -+ } -+ addattr32(n, 1024, IFLA_BR_STP_STATE, val); - } else if (matches(*argv, "help") == 0) { - explain(); - return -1; --- -1.8.3.1 - diff --git a/SOURCES/0075-iplink-bridge-add-support-for-IFLA_BR_MCAST_MEMBERSH.patch b/SOURCES/0075-iplink-bridge-add-support-for-IFLA_BR_MCAST_MEMBERSH.patch new file mode 100644 index 0000000..2bdf0f7 --- /dev/null +++ b/SOURCES/0075-iplink-bridge-add-support-for-IFLA_BR_MCAST_MEMBERSH.patch @@ -0,0 +1,67 @@ +From 4e6c30dc16307138c4af26258ad1206b62933364 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:01 +0100 +Subject: [PATCH] iplink: bridge: add support for + IFLA_BR_MCAST_MEMBERSHIP_INTVL + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 7f3d559226458 + +commit 7f3d559226458b4b99e78c17080fd263a913e386 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:34 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_MEMBERSHIP_INTVL + + This patch implements support for the IFLA_BR_MCAST_MEMBERSHIP_INTVL + attribute in iproute2 so it can change the membership interval. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 5d8810c..8f4c207 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -42,6 +42,7 @@ static void print_explain(FILE *f) + " [ mcast_last_member_count LAST_MEMBER_COUNT ]\n" + " [ mcast_startup_query_count STARTUP_QUERY_COUNT ]\n" + " [ mcast_last_member_interval LAST_MEMBER_INTERVAL ]\n" ++ " [ mcast_membership_interval MEMBERSHIP_INTERVAL ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -238,6 +239,17 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + + addattr64(n, 1024, IFLA_BR_MCAST_LAST_MEMBER_INTVL, + mcast_last_member_intvl); ++ } else if (matches(*argv, "mcast_membership_interval") == 0) { ++ __u64 mcast_membership_intvl; ++ ++ NEXT_ARG(); ++ if (get_u64(&mcast_membership_intvl, *argv, 0)) { ++ invarg("invalid mcast_membership_interval", ++ *argv); ++ return -1; ++ } ++ addattr64(n, 1024, IFLA_BR_MCAST_MEMBERSHIP_INTVL, ++ mcast_membership_intvl); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -411,6 +423,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_LAST_MEMBER_INTVL]) + fprintf(f, "mcast_last_member_interval %llu ", + rta_getattr_u64(tb[IFLA_BR_MCAST_LAST_MEMBER_INTVL])); ++ ++ if (tb[IFLA_BR_MCAST_MEMBERSHIP_INTVL]) ++ fprintf(f, "mcast_membership_interval %llu ", ++ rta_getattr_u64(tb[IFLA_BR_MCAST_MEMBERSHIP_INTVL])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0075-iplink_bridge-add-support-for-priority.patch b/SOURCES/0075-iplink_bridge-add-support-for-priority.patch deleted file mode 100644 index c388dfe..0000000 --- a/SOURCES/0075-iplink_bridge-add-support-for-priority.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 8b3aa8fa4f5e02ba2f49b4030299e6f75fdf1072 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 24 Feb 2016 10:49:04 +0100 -Subject: [PATCH] iplink_bridge: add support for priority - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1270759 -Upstream Status: iproute2.git commit b0197a047e5c4 - -commit b0197a047e5c41a37d5dd724290eadd5b9353558 -Author: Nikolay Aleksandrov -Date: Tue Jun 16 13:38:49 2015 +0300 - - iplink_bridge: add support for priority - - This patch adds support to set bridge stp priority via IFLA_BR_PRIORITY. - - Signed-off-by: Nikolay Aleksandrov ---- - ip/iplink_bridge.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c -index 79b9e04..297160c 100644 ---- a/ip/iplink_bridge.c -+++ b/ip/iplink_bridge.c -@@ -25,6 +25,7 @@ static void explain(void) - " [ max_age MAX_AGE ]\n" - " [ ageing_time AGEING_TIME ]\n" - " [ stp_state STP_STATE ]\n" -+ " [ priority PRIORITY ]\n" - ); - } - -@@ -69,6 +70,15 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, - return -1; - } - addattr32(n, 1024, IFLA_BR_STP_STATE, val); -+ } else if (matches(*argv, "priority") == 0) { -+ __u16 prio; -+ -+ NEXT_ARG(); -+ if (get_u16(&prio, *argv, 0)) { -+ invarg("invalid priority", *argv); -+ return -1; -+ } -+ addattr16(n, 1024, IFLA_BR_PRIORITY, prio); - } else if (matches(*argv, "help") == 0) { - explain(); - return -1; --- -1.8.3.1 - diff --git a/SOURCES/0076-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERIER_.patch b/SOURCES/0076-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERIER_.patch new file mode 100644 index 0000000..e0451f2 --- /dev/null +++ b/SOURCES/0076-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERIER_.patch @@ -0,0 +1,66 @@ +From 14f79941a8b8622ea0b2310685a4dc625ec3b2c5 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:02 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_MCAST_QUERIER_INTVL + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 1f2244b851dd2 + +commit 1f2244b851dd21dd023b43afd902251d39b2d43b +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:35 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_QUERIER_INTVL + + This patch implements support for the IFLA_BR_MCAST_QUERIER_INTVL + attribute in iproute2 so it can change the querier interval. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 8f4c207..6f54dbb 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -43,6 +43,7 @@ static void print_explain(FILE *f) + " [ mcast_startup_query_count STARTUP_QUERY_COUNT ]\n" + " [ mcast_last_member_interval LAST_MEMBER_INTERVAL ]\n" + " [ mcast_membership_interval MEMBERSHIP_INTERVAL ]\n" ++ " [ mcast_querier_interval QUERIER_INTERVAL ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -250,6 +251,17 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + } + addattr64(n, 1024, IFLA_BR_MCAST_MEMBERSHIP_INTVL, + mcast_membership_intvl); ++ } else if (matches(*argv, "mcast_querier_interval") == 0) { ++ __u64 mcast_querier_intvl; ++ ++ NEXT_ARG(); ++ if (get_u64(&mcast_querier_intvl, *argv, 0)) { ++ invarg("invalid mcast_querier_interval", ++ *argv); ++ return -1; ++ } ++ addattr64(n, 1024, IFLA_BR_MCAST_QUERIER_INTVL, ++ mcast_querier_intvl); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -427,6 +439,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_MEMBERSHIP_INTVL]) + fprintf(f, "mcast_membership_interval %llu ", + rta_getattr_u64(tb[IFLA_BR_MCAST_MEMBERSHIP_INTVL])); ++ ++ if (tb[IFLA_BR_MCAST_QUERIER_INTVL]) ++ fprintf(f, "mcast_querier_interval %llu ", ++ rta_getattr_u64(tb[IFLA_BR_MCAST_QUERIER_INTVL])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0076-iplink-use-the-short-format-to-print-help-info.patch b/SOURCES/0076-iplink-use-the-short-format-to-print-help-info.patch deleted file mode 100644 index 13c5a1a..0000000 --- a/SOURCES/0076-iplink-use-the-short-format-to-print-help-info.patch +++ /dev/null @@ -1,69 +0,0 @@ -From a36e0ae05b37cb2055bd2a4304d43b486888d5a7 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 24 Feb 2016 10:49:04 +0100 -Subject: [PATCH] iplink: use the short format to print help info - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1270759 -Upstream Status: iproute2.git commit 43367ef7eb047 - -commit 43367ef7eb0473ea4ecdc3925f076107f05873a0 -Author: Zhang Shengju -Date: Wed Aug 12 06:03:23 2015 +0000 - - iplink: use the short format to print help info - - Allow to print link type usage by: ip link help bridge - - Signed-off-by: Zhang Shengju ---- - ip/iplink_bridge.c | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - -diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c -index 297160c..1e69960 100644 ---- a/ip/iplink_bridge.c -+++ b/ip/iplink_bridge.c -@@ -17,9 +17,9 @@ - #include "utils.h" - #include "ip_common.h" - --static void explain(void) -+static void print_explain(FILE *f) - { -- fprintf(stderr, -+ fprintf(f, - "Usage: ... bridge [ forward_delay FORWARD_DELAY ]\n" - " [ hello_time HELLO_TIME ]\n" - " [ max_age MAX_AGE ]\n" -@@ -29,6 +29,11 @@ static void explain(void) - ); - } - -+static void explain(void) -+{ -+ print_explain(stderr); -+} -+ - static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, - struct nlmsghdr *n) - { -@@ -111,9 +116,16 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - rta_getattr_u32(tb[IFLA_BR_MAX_AGE])); - } - -+static void bridge_print_help(struct link_util *lu, int argc, char **argv, -+ FILE *f) -+{ -+ print_explain(f); -+} -+ - struct link_util bridge_link_util = { - .id = "bridge", - .maxattr = IFLA_BR_MAX, - .parse_opt = bridge_parse_opt, - .print_opt = bridge_print_opt, -+ .print_help = bridge_print_help, - }; --- -1.8.3.1 - diff --git a/SOURCES/0077-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_IN.patch b/SOURCES/0077-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_IN.patch new file mode 100644 index 0000000..05d96f6 --- /dev/null +++ b/SOURCES/0077-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_IN.patch @@ -0,0 +1,66 @@ +From 5265f76dc4a09dcfe073f3e2c91bf43dcfab87dd Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:02 +0100 +Subject: [PATCH] iplink: bridge: add support for IFLA_BR_MCAST_QUERY_INTVL + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 5a32388f5ce73 + +commit 5a32388f5ce730d7df2b512dbe31398e5a027a96 +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:36 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_QUERY_INTVL + + This patch implements support for the IFLA_BR_MCAST_QUERY_INTVL attribute + in iproute2 so it can change the query interval. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 6f54dbb..d9fabf4 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -44,6 +44,7 @@ static void print_explain(FILE *f) + " [ mcast_last_member_interval LAST_MEMBER_INTERVAL ]\n" + " [ mcast_membership_interval MEMBERSHIP_INTERVAL ]\n" + " [ mcast_querier_interval QUERIER_INTERVAL ]\n" ++ " [ mcast_query_interval QUERY_INTERVAL ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -262,6 +263,17 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + } + addattr64(n, 1024, IFLA_BR_MCAST_QUERIER_INTVL, + mcast_querier_intvl); ++ } else if (matches(*argv, "mcast_query_interval") == 0) { ++ __u64 mcast_query_intvl; ++ ++ NEXT_ARG(); ++ if (get_u64(&mcast_query_intvl, *argv, 0)) { ++ invarg("invalid mcast_query_interval", ++ *argv); ++ return -1; ++ } ++ addattr64(n, 1024, IFLA_BR_MCAST_QUERY_INTVL, ++ mcast_query_intvl); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -443,6 +455,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_QUERIER_INTVL]) + fprintf(f, "mcast_querier_interval %llu ", + rta_getattr_u64(tb[IFLA_BR_MCAST_QUERIER_INTVL])); ++ ++ if (tb[IFLA_BR_MCAST_QUERY_INTVL]) ++ fprintf(f, "mcast_query_interval %llu ", ++ rta_getattr_u64(tb[IFLA_BR_MCAST_QUERY_INTVL])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0077-iplink-shortify-printing-the-usage-of-link-type.patch b/SOURCES/0077-iplink-shortify-printing-the-usage-of-link-type.patch deleted file mode 100644 index d7ff8af..0000000 --- a/SOURCES/0077-iplink-shortify-printing-the-usage-of-link-type.patch +++ /dev/null @@ -1,70 +0,0 @@ -From f1041556927a428d05b7349a1abe5eaf6af50575 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 24 Feb 2016 10:49:05 +0100 -Subject: [PATCH] iplink: shortify printing the usage of link type - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1270759 -Upstream Status: iproute2.git commit a560d850d9cd2 - -commit a560d850d9cd24b06281897c97eb6afef3f00d8b -Author: Zhang Shengju -Date: Wed Aug 12 06:03:24 2015 +0000 - - iplink: shortify printing the usage of link type - - Allow to print link type usage by: ip link help bridge_slave - - Signed-off-by: Zhang Shengju ---- - ip/iplink_bridge_slave.c | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - -diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c -index a285185..4593872 100644 ---- a/ip/iplink_bridge_slave.c -+++ b/ip/iplink_bridge_slave.c -@@ -19,9 +19,9 @@ - #include "utils.h" - #include "ip_common.h" - --static void explain(void) -+static void print_explain(FILE *f) - { -- fprintf(stderr, -+ fprintf(f, - "Usage: ... bridge_slave [ state STATE ] [ priority PRIO ] [cost COST ]\n" - " [ guard {on | off} ]\n" - " [ hairpin {on | off} ] \n" -@@ -32,6 +32,11 @@ static void explain(void) - ); - } - -+static void explain(void) -+{ -+ print_explain(stderr); -+} -+ - static const char *port_states[] = { - [BR_STATE_DISABLED] = "disabled", - [BR_STATE_LISTENING] = "listening", -@@ -172,10 +177,17 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv, - return 0; - } - -+static void bridge_slave_print_help(struct link_util *lu, int argc, char **argv, -+ FILE *f) -+{ -+ print_explain(f); -+} -+ - struct link_util bridge_slave_link_util = { - .id = "bridge", - .maxattr = IFLA_BRPORT_MAX, - .print_opt = bridge_slave_print_opt, - .parse_opt = bridge_slave_parse_opt, -+ .print_help = bridge_slave_print_help, - .slave = true, - }; --- -1.8.3.1 - diff --git a/SOURCES/0078-iplink-add-ageing_time-stp_state-and-priority-for-br.patch b/SOURCES/0078-iplink-add-ageing_time-stp_state-and-priority-for-br.patch deleted file mode 100644 index 69174d7..0000000 --- a/SOURCES/0078-iplink-add-ageing_time-stp_state-and-priority-for-br.patch +++ /dev/null @@ -1,48 +0,0 @@ -From eed74d8f509bda634bb310dcf054da09319a308b Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 24 Feb 2016 10:49:05 +0100 -Subject: [PATCH] iplink: add ageing_time, stp_state and priority for bridge - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1270759 -Upstream Status: iproute2.git commit fdba05155c700 - -commit fdba05155c7008d18b5760624c99978ba0d369d4 -Author: Nikolay Aleksandrov -Date: Wed Aug 12 09:11:30 2015 -0700 - - iplink: add ageing_time, stp_state and priority for bridge - - When showing bridge attributes, show also ageing_time, stp_state and - priority if available. - - Signed-off-by: Nikolay Aleksandrov ---- - ip/iplink_bridge.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c -index 1e69960..e704e29 100644 ---- a/ip/iplink_bridge.c -+++ b/ip/iplink_bridge.c -@@ -114,6 +114,18 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - if (tb[IFLA_BR_MAX_AGE]) - fprintf(f, "max_age %u ", - rta_getattr_u32(tb[IFLA_BR_MAX_AGE])); -+ -+ if (tb[IFLA_BR_AGEING_TIME]) -+ fprintf(f, "ageing_time %u ", -+ rta_getattr_u32(tb[IFLA_BR_AGEING_TIME])); -+ -+ if (tb[IFLA_BR_STP_STATE]) -+ fprintf(f, "stp_state %u ", -+ rta_getattr_u32(tb[IFLA_BR_STP_STATE])); -+ -+ if (tb[IFLA_BR_PRIORITY]) -+ fprintf(f, "priority %u ", -+ rta_getattr_u16(tb[IFLA_BR_PRIORITY])); - } - - static void bridge_print_help(struct link_util *lu, int argc, char **argv, --- -1.8.3.1 - diff --git a/SOURCES/0078-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_RE.patch b/SOURCES/0078-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_RE.patch new file mode 100644 index 0000000..def6f64 --- /dev/null +++ b/SOURCES/0078-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_RE.patch @@ -0,0 +1,67 @@ +From 8ca6ae82fe2238d2fa645d45922d6bc50c1a8f6c Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:02 +0100 +Subject: [PATCH] iplink: bridge: add support for + IFLA_BR_MCAST_QUERY_RESPONSE_INTVL + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 483df11cf1136 + +commit 483df11cf113668116cdc69e076194d0b4e7cc7f +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:37 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_QUERY_RESPONSE_INTVL + + This patch implements support for the IFLA_BR_MCAST_QUERY_RESPONSE_INTVL + attribute in iproute2 so it can change the query response interval. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index d9fabf4..3bdb954 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -45,6 +45,7 @@ static void print_explain(FILE *f) + " [ mcast_membership_interval MEMBERSHIP_INTERVAL ]\n" + " [ mcast_querier_interval QUERIER_INTERVAL ]\n" + " [ mcast_query_interval QUERY_INTERVAL ]\n" ++ " [ mcast_query_response_interval QUERY_RESPONSE_INTERVAL ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -274,6 +275,17 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + } + addattr64(n, 1024, IFLA_BR_MCAST_QUERY_INTVL, + mcast_query_intvl); ++ } else if (!matches(*argv, "mcast_query_response_interval")) { ++ __u64 mcast_query_resp_intvl; ++ ++ NEXT_ARG(); ++ if (get_u64(&mcast_query_resp_intvl, *argv, 0)) { ++ invarg("invalid mcast_query_response_interval", ++ *argv); ++ return -1; ++ } ++ addattr64(n, 1024, IFLA_BR_MCAST_QUERY_RESPONSE_INTVL, ++ mcast_query_resp_intvl); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -459,6 +471,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_QUERY_INTVL]) + fprintf(f, "mcast_query_interval %llu ", + rta_getattr_u64(tb[IFLA_BR_MCAST_QUERY_INTVL])); ++ ++ if (tb[IFLA_BR_MCAST_QUERY_RESPONSE_INTVL]) ++ fprintf(f, "mcast_query_response_interval %llu ", ++ rta_getattr_u64(tb[IFLA_BR_MCAST_QUERY_RESPONSE_INTVL])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0079-ip-link-consolidate-macvlan-and-macvtap.patch b/SOURCES/0079-ip-link-consolidate-macvlan-and-macvtap.patch deleted file mode 100644 index 59d625e..0000000 --- a/SOURCES/0079-ip-link-consolidate-macvlan-and-macvtap.patch +++ /dev/null @@ -1,246 +0,0 @@ -From ecbf839299f6156ebcc159a39b5fcb01b1273e42 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Fri, 4 Mar 2016 17:46:07 +0100 -Subject: [PATCH] ip: link: consolidate macvlan and macvtap - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: iproute2.git commit 541f1b3e1d101 - -commit 541f1b3e1d1011718cbef85adb284a72b183c676 -Author: Phil Sutter -Date: Fri Sep 25 14:09:49 2015 +0200 - - ip: link: consolidate macvlan and macvtap - - After eliminating the minor differences in both files which existed - solely because features/fixes were applied to only one of them and not - the other, the remaining differences were in function naming and error - messages. The latter is addressed by using the 'id' field of struct - link_util. - - Fold both files into one in order to share common code and eliminate the - chance of having fixes/enhancements applied to only one of them. - - Signed-off-by: Phil Sutter ---- - ip/Makefile | 2 +- - ip/iplink_macvlan.c | 40 +++++++++++++------- - ip/iplink_macvtap.c | 105 ---------------------------------------------------- - 3 files changed, 28 insertions(+), 119 deletions(-) - delete mode 100644 ip/iplink_macvtap.c - -diff --git a/ip/Makefile b/ip/Makefile -index 35065d6..e4f0507 100644 ---- a/ip/Makefile -+++ b/ip/Makefile -@@ -3,7 +3,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ - ipmaddr.o ipmonitor.o ipmroute.o ipprefix.o iptuntap.o iptoken.o \ - ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o \ - iplink_vlan.o link_veth.o link_gre.o iplink_can.o \ -- iplink_macvlan.o iplink_macvtap.o ipl2tp.o link_vti.o link_vti6.o \ -+ iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \ - iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ - link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o \ - iplink_bridge.o iplink_bridge_slave.o -diff --git a/ip/iplink_macvlan.c b/ip/iplink_macvlan.c -index e080157..b972d0e 100644 ---- a/ip/iplink_macvlan.c -+++ b/ip/iplink_macvlan.c -@@ -1,5 +1,5 @@ - /* -- * iplink_vlan.c VLAN device support -+ * iplink_macvlan.c macvlan/macvtap device support - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License -@@ -20,22 +20,29 @@ - #include "utils.h" - #include "ip_common.h" - --static void print_explain(FILE *f) -+#define pfx_err(lu, ...) { \ -+ fprintf(stderr, "%s: ", lu->id); \ -+ fprintf(stderr, __VA_ARGS__); \ -+ fprintf(stderr, "\n"); \ -+} -+ -+static void print_explain(struct link_util *lu, FILE *f) - { - fprintf(f, -- "Usage: ... macvlan mode { private | vepa | bridge | passthru }\n" -+ "Usage: ... %s mode { private | vepa | bridge | passthru }\n", -+ lu->id - ); - } - --static void explain(void) -+static void explain(struct link_util *lu) - { -- print_explain(stderr); -+ print_explain(lu, stderr); - } - --static int mode_arg(void) -+static int mode_arg(const char *arg) - { - fprintf(stderr, "Error: argument of \"mode\" must be \"private\", " -- "\"vepa\", \"bridge\" or \"passthru\" \n"); -+ "\"vepa\", \"bridge\" or \"passthru\", not \"%s\"\n", arg); - return -1; - } - -@@ -56,15 +63,14 @@ static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv, - else if (strcmp(*argv, "passthru") == 0) - mode = MACVLAN_MODE_PASSTHRU; - else -- return mode_arg(); -- -+ return mode_arg(*argv); - addattr32(n, 1024, IFLA_MACVLAN_MODE, mode); - } else if (matches(*argv, "help") == 0) { -- explain(); -+ explain(lu); - return -1; - } else { -- fprintf(stderr, "macvlan: unknown option \"%s\"?\n", *argv); -- explain(); -+ pfx_err(lu, "unknown option \"%s\"?", *argv); -+ explain(lu); - return -1; - } - argc--, argv++; -@@ -96,7 +102,7 @@ static void macvlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[] - static void macvlan_print_help(struct link_util *lu, int argc, char **argv, - FILE *f) - { -- print_explain(f); -+ print_explain(lu, f); - } - - struct link_util macvlan_link_util = { -@@ -106,3 +112,11 @@ struct link_util macvlan_link_util = { - .print_opt = macvlan_print_opt, - .print_help = macvlan_print_help, - }; -+ -+struct link_util macvtap_link_util = { -+ .id = "macvtap", -+ .maxattr = IFLA_MACVLAN_MAX, -+ .parse_opt = macvlan_parse_opt, -+ .print_opt = macvlan_print_opt, -+ .print_help = macvlan_print_help, -+}; -diff --git a/ip/iplink_macvtap.c b/ip/iplink_macvtap.c -deleted file mode 100644 -index 9c2cd74..0000000 ---- a/ip/iplink_macvtap.c -+++ /dev/null -@@ -1,105 +0,0 @@ --/* -- * iplink_macvtap.c macvtap device support -- * -- * This program is free software; you can redistribute it and/or -- * modify it under the terms of the GNU General Public License -- * as published by the Free Software Foundation; either version -- * 2 of the License, or (at your option) any later version. -- */ -- --#include --#include --#include --#include --#include -- --#include "rt_names.h" --#include "utils.h" --#include "ip_common.h" -- --static void print_explain(FILE *f) --{ -- fprintf(stderr, -- "Usage: ... macvtap mode { private | vepa | bridge | passthru }\n" -- ); --} -- --static void explain(void) --{ -- print_explain(stderr); --} -- --static int mode_arg(const char *arg) --{ -- fprintf(stderr, "Error: argument of \"mode\" must be \"private\", " -- "\"vepa\", \"bridge\" or \"passthru\", not \"%s\"\n", arg); -- return -1; --} -- --static int macvtap_parse_opt(struct link_util *lu, int argc, char **argv, -- struct nlmsghdr *n) --{ -- while (argc > 0) { -- if (matches(*argv, "mode") == 0) { -- __u32 mode = 0; -- NEXT_ARG(); -- -- if (strcmp(*argv, "private") == 0) -- mode = MACVLAN_MODE_PRIVATE; -- else if (strcmp(*argv, "vepa") == 0) -- mode = MACVLAN_MODE_VEPA; -- else if (strcmp(*argv, "bridge") == 0) -- mode = MACVLAN_MODE_BRIDGE; -- else if (strcmp(*argv, "passthru") == 0) -- mode = MACVLAN_MODE_PASSTHRU; -- else -- return mode_arg(*argv); -- -- addattr32(n, 1024, IFLA_MACVLAN_MODE, mode); -- } else if (matches(*argv, "help") == 0) { -- explain(); -- return -1; -- } else { -- fprintf(stderr, "macvtap: unknown command \"%s\"?\n", *argv); -- explain(); -- return -1; -- } -- argc--, argv++; -- } -- -- return 0; --} -- --static void macvtap_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) --{ -- __u32 mode; -- -- if (!tb) -- return; -- -- if (!tb[IFLA_MACVLAN_MODE] || -- RTA_PAYLOAD(tb[IFLA_MACVLAN_MODE]) < sizeof(__u32)) -- return; -- -- mode = rta_getattr_u32(tb[IFLA_VLAN_ID]); -- fprintf(f, " mode %s ", -- mode == MACVLAN_MODE_PRIVATE ? "private" -- : mode == MACVLAN_MODE_VEPA ? "vepa" -- : mode == MACVLAN_MODE_BRIDGE ? "bridge" -- : mode == MACVLAN_MODE_PASSTHRU ? "passthru" -- : "unknown"); --} -- --static void macvtap_print_help(struct link_util *lu, int argc, char **argv, -- FILE *f) --{ -- print_explain(f); --} -- --struct link_util macvtap_link_util = { -- .id = "macvtap", -- .maxattr = IFLA_MACVLAN_MAX, -- .parse_opt = macvtap_parse_opt, -- .print_opt = macvtap_print_opt, -- .print_help = macvtap_print_help, --}; --- -1.8.3.1 - diff --git a/SOURCES/0079-iplink-bridge-add-support-for-IFLA_BR_MCAST_STARTUP_.patch b/SOURCES/0079-iplink-bridge-add-support-for-IFLA_BR_MCAST_STARTUP_.patch new file mode 100644 index 0000000..27000ce --- /dev/null +++ b/SOURCES/0079-iplink-bridge-add-support-for-IFLA_BR_MCAST_STARTUP_.patch @@ -0,0 +1,67 @@ +From 288eb5fb2e9e8925fed54ec078ee4873ca3e5978 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:02 +0100 +Subject: [PATCH] iplink: bridge: add support for + IFLA_BR_MCAST_STARTUP_QUERY_INTVL + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 178b18066a871 + +commit 178b18066a871f1bc7e7e91620d4a1ca859bba7c +Author: Nikolay Aleksandrov +Date: Tue Feb 9 00:14:38 2016 +0100 + + iplink: bridge: add support for IFLA_BR_MCAST_STARTUP_QUERY_INTVL + + This patch implements support for the IFLA_BR_MCAST_STARTUP_QUERY_INTVL + attribute in iproute2 so it can change the startup query interval. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 3bdb954..2c8f351 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -46,6 +46,7 @@ static void print_explain(FILE *f) + " [ mcast_querier_interval QUERIER_INTERVAL ]\n" + " [ mcast_query_interval QUERY_INTERVAL ]\n" + " [ mcast_query_response_interval QUERY_RESPONSE_INTERVAL ]\n" ++ " [ mcast_startup_query_interval STARTUP_QUERY_INTERVAL ]\n" + "\n" + "Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n" + ); +@@ -286,6 +287,17 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + } + addattr64(n, 1024, IFLA_BR_MCAST_QUERY_RESPONSE_INTVL, + mcast_query_resp_intvl); ++ } else if (!matches(*argv, "mcast_startup_query_interval")) { ++ __u64 mcast_startup_query_intvl; ++ ++ NEXT_ARG(); ++ if (get_u64(&mcast_startup_query_intvl, *argv, 0)) { ++ invarg("invalid mcast_startup_query_interval", ++ *argv); ++ return -1; ++ } ++ addattr64(n, 1024, IFLA_BR_MCAST_STARTUP_QUERY_INTVL, ++ mcast_startup_query_intvl); + } else if (matches(*argv, "help") == 0) { + explain(); + return -1; +@@ -475,6 +487,10 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_BR_MCAST_QUERY_RESPONSE_INTVL]) + fprintf(f, "mcast_query_response_interval %llu ", + rta_getattr_u64(tb[IFLA_BR_MCAST_QUERY_RESPONSE_INTVL])); ++ ++ if (tb[IFLA_BR_MCAST_STARTUP_QUERY_INTVL]) ++ fprintf(f, "mcast_startup_query_interval %llu ", ++ rta_getattr_u64(tb[IFLA_BR_MCAST_STARTUP_QUERY_INTVL])); + } + + static void bridge_print_help(struct link_util *lu, int argc, char **argv, +-- +1.8.3.1 + diff --git a/SOURCES/0080-ip-macvlan-support-MACVLAN_FLAG_NOPROMISC-flag.patch b/SOURCES/0080-ip-macvlan-support-MACVLAN_FLAG_NOPROMISC-flag.patch deleted file mode 100644 index 7b3b36e..0000000 --- a/SOURCES/0080-ip-macvlan-support-MACVLAN_FLAG_NOPROMISC-flag.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 65d44f53fc70fa57b76a4eb5dadb1eeda5996924 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Fri, 4 Mar 2016 17:46:07 +0100 -Subject: [PATCH] ip: macvlan: support MACVLAN_FLAG_NOPROMISC flag - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: iproute2.git commit 3cf8ba596026b - -commit 3cf8ba596026b61f58e674fa28f3a310597e8d36 -Author: Phil Sutter -Date: Fri Sep 25 14:09:50 2015 +0200 - - ip: macvlan: support MACVLAN_FLAG_NOPROMISC flag - - This flag is allowed for devices in passthru mode to prevent forcing the - underlying interface into promiscuous mode. - - Signed-off-by: Phil Sutter ---- - ip/iplink_macvlan.c | 30 +++++++++++++++++++++++++++--- - 1 file changed, 27 insertions(+), 3 deletions(-) - -diff --git a/ip/iplink_macvlan.c b/ip/iplink_macvlan.c -index b972d0e..f2677e1 100644 ---- a/ip/iplink_macvlan.c -+++ b/ip/iplink_macvlan.c -@@ -29,7 +29,7 @@ - static void print_explain(struct link_util *lu, FILE *f) - { - fprintf(f, -- "Usage: ... %s mode { private | vepa | bridge | passthru }\n", -+ "Usage: ... %s mode { private | vepa | bridge | passthru [nopromisc] }\n", - lu->id - ); - } -@@ -49,9 +49,11 @@ static int mode_arg(const char *arg) - static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv, - struct nlmsghdr *n) - { -+ __u32 mode = 0; -+ __u16 flags = 0; -+ - while (argc > 0) { - if (matches(*argv, "mode") == 0) { -- __u32 mode = 0; - NEXT_ARG(); - - if (strcmp(*argv, "private") == 0) -@@ -64,7 +66,8 @@ static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv, - mode = MACVLAN_MODE_PASSTHRU; - else - return mode_arg(*argv); -- addattr32(n, 1024, IFLA_MACVLAN_MODE, mode); -+ } else if (matches(*argv, "nopromisc") == 0) { -+ flags |= MACVLAN_FLAG_NOPROMISC; - } else if (matches(*argv, "help") == 0) { - explain(lu); - return -1; -@@ -76,12 +79,25 @@ static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv, - argc--, argv++; - } - -+ if (mode) -+ addattr32(n, 1024, IFLA_MACVLAN_MODE, mode); -+ -+ if (flags) { -+ if (flags & MACVLAN_FLAG_NOPROMISC && -+ mode != MACVLAN_MODE_PASSTHRU) { -+ pfx_err(lu, "nopromisc flag only valid in passthru mode"); -+ explain(lu); -+ return -1; -+ } -+ addattr16(n, 1024, IFLA_MACVLAN_FLAGS, flags); -+ } - return 0; - } - - static void macvlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - { - __u32 mode; -+ __u16 flags; - - if (!tb) - return; -@@ -97,6 +113,14 @@ static void macvlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[] - : mode == MACVLAN_MODE_BRIDGE ? "bridge" - : mode == MACVLAN_MODE_PASSTHRU ? "passthru" - : "unknown"); -+ -+ if (!tb[IFLA_MACVLAN_FLAGS] || -+ RTA_PAYLOAD(tb[IFLA_MACVLAN_FLAGS]) < sizeof(__u16)) -+ return; -+ -+ flags = rta_getattr_u16(tb[IFLA_MACVLAN_FLAGS]); -+ if (flags & MACVLAN_FLAG_NOPROMISC) -+ fprintf(f, "nopromisc "); - } - - static void macvlan_print_help(struct link_util *lu, int argc, char **argv, --- -1.8.3.1 - diff --git a/SOURCES/0080-iplink-bridge_slave-export-read-only-values.patch b/SOURCES/0080-iplink-bridge_slave-export-read-only-values.patch new file mode 100644 index 0000000..0d92ea2 --- /dev/null +++ b/SOURCES/0080-iplink-bridge_slave-export-read-only-values.patch @@ -0,0 +1,137 @@ +From 6eda4d7ea7eda19e7a67b0ae0892993fff9bd573 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:02 +0100 +Subject: [PATCH] iplink: bridge_slave: export read-only values + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 3069539fb8efd +Conflicts: Changed context due to other backports in that area. + +commit 3069539fb8efd8353d46a6be1a501f77871888ca +Author: Nikolay Aleksandrov +Date: Tue Feb 16 16:08:51 2016 +0100 + + iplink: bridge_slave: export read-only values + + Export all the read-only values that get returned about a bridge port + such as the timers, the ids, designated_port and cost, + topology_change_ack and config_pending. For the bridge ids the + br_dump_bridge_id function is exported from iplink_bridge. + + Signed-off-by: Nikolay Aleksandrov +--- + ip/ip_common.h | 2 ++ + ip/iplink_bridge.c | 3 +-- + ip/iplink_bridge_slave.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 72 insertions(+), 2 deletions(-) + +diff --git a/ip/ip_common.h b/ip/ip_common.h +index 286f61f..abab49d 100644 +--- a/ip/ip_common.h ++++ b/ip/ip_common.h +@@ -89,6 +89,8 @@ struct link_util + struct link_util *get_link_kind(const char *kind); + struct link_util *get_link_slave_kind(const char *slave_kind); + ++void br_dump_bridge_id(const struct ifla_bridge_id *id, char *buf, size_t len); ++ + #ifndef INFINITY_LIFE_TIME + #define INFINITY_LIFE_TIME 0xFFFFFFFFU + #endif +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 2c8f351..7cec078 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -57,8 +57,7 @@ static void explain(void) + print_explain(stderr); + } + +-static void br_dump_bridge_id(const struct ifla_bridge_id *id, char *buf, +- size_t len) ++void br_dump_bridge_id(const struct ifla_bridge_id *id, char *buf, size_t len) + { + char eaddr[32]; + +diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c +index 3538176..3ec2bba 100644 +--- a/ip/iplink_bridge_slave.c ++++ b/ip/iplink_bridge_slave.c +@@ -103,6 +103,75 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f, + print_onoff(f, "flood", + rta_getattr_u8(tb[IFLA_BRPORT_UNICAST_FLOOD])); + ++ if (tb[IFLA_BRPORT_ID]) ++ fprintf(f, "port_id 0x%x ", ++ rta_getattr_u16(tb[IFLA_BRPORT_ID])); ++ ++ if (tb[IFLA_BRPORT_NO]) ++ fprintf(f, "port_no 0x%x ", ++ rta_getattr_u16(tb[IFLA_BRPORT_NO])); ++ ++ if (tb[IFLA_BRPORT_DESIGNATED_PORT]) ++ fprintf(f, "designated_port %u ", ++ rta_getattr_u16(tb[IFLA_BRPORT_DESIGNATED_PORT])); ++ ++ if (tb[IFLA_BRPORT_DESIGNATED_COST]) ++ fprintf(f, "designated_cost %u ", ++ rta_getattr_u16(tb[IFLA_BRPORT_DESIGNATED_COST])); ++ ++ if (tb[IFLA_BRPORT_BRIDGE_ID]) { ++ char bridge_id[32]; ++ ++ br_dump_bridge_id(RTA_DATA(tb[IFLA_BRPORT_BRIDGE_ID]), ++ bridge_id, sizeof(bridge_id)); ++ fprintf(f, "designated_bridge %s ", bridge_id); ++ } ++ ++ if (tb[IFLA_BRPORT_ROOT_ID]) { ++ char root_id[32]; ++ ++ br_dump_bridge_id(RTA_DATA(tb[IFLA_BRPORT_ROOT_ID]), ++ root_id, sizeof(root_id)); ++ fprintf(f, "designated_root %s ", root_id); ++ } ++ ++ if (tb[IFLA_BRPORT_HOLD_TIMER]) { ++ struct timeval tv; ++ __u64 htimer; ++ ++ htimer = rta_getattr_u64(tb[IFLA_BRPORT_HOLD_TIMER]); ++ __jiffies_to_tv(&tv, htimer); ++ fprintf(f, "hold_timer %4i.%.2i ", (int)tv.tv_sec, ++ (int)tv.tv_usec/10000); ++ } ++ ++ if (tb[IFLA_BRPORT_MESSAGE_AGE_TIMER]) { ++ struct timeval tv; ++ __u64 agetimer; ++ ++ agetimer = rta_getattr_u64(tb[IFLA_BRPORT_MESSAGE_AGE_TIMER]); ++ __jiffies_to_tv(&tv, agetimer); ++ fprintf(f, "message_age_timer %4i.%.2i ", (int)tv.tv_sec, ++ (int)tv.tv_usec/10000); ++ } ++ ++ if (tb[IFLA_BRPORT_FORWARD_DELAY_TIMER]) { ++ struct timeval tv; ++ __u64 fwdtimer; ++ ++ fwdtimer = rta_getattr_u64(tb[IFLA_BRPORT_FORWARD_DELAY_TIMER]); ++ __jiffies_to_tv(&tv, fwdtimer); ++ fprintf(f, "forward_delay_timer %4i.%.2i ", (int)tv.tv_sec, ++ (int)tv.tv_usec/10000); ++ } ++ ++ if (tb[IFLA_BRPORT_TOPOLOGY_CHANGE_ACK]) ++ fprintf(f, "topology_change_ack %u ", ++ rta_getattr_u8(tb[IFLA_BRPORT_TOPOLOGY_CHANGE_ACK])); ++ ++ if (tb[IFLA_BRPORT_CONFIG_PENDING]) ++ fprintf(f, "config_pending %u ", ++ rta_getattr_u8(tb[IFLA_BRPORT_CONFIG_PENDING])); + if (tb[IFLA_BRPORT_PROXYARP]) + print_onoff(f, "proxy_arp", + rta_getattr_u8(tb[IFLA_BRPORT_PROXYARP])); +-- +1.8.3.1 + diff --git a/SOURCES/0081-bridge-add-support-for-dynamic-fdb-entries.patch b/SOURCES/0081-bridge-add-support-for-dynamic-fdb-entries.patch new file mode 100644 index 0000000..95d474c --- /dev/null +++ b/SOURCES/0081-bridge-add-support-for-dynamic-fdb-entries.patch @@ -0,0 +1,94 @@ +From cd6557d21815618a2ba6d27d8a2015575a854fd1 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:21 +0100 +Subject: [PATCH] bridge: add support for dynamic fdb entries + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit c6d0cfb54b8b4 + +commit c6d0cfb54b8b467a57d259f5c9cec91f94f4e59e +Author: Roopa Prabhu +Date: Fri Feb 19 21:34:52 2016 -0800 + + bridge: add support for dynamic fdb entries + + This patch is a follow up to the recently added + 'static' fdb option. + + It introduces a new option 'dynamic' which adds + dynamic fdb entries with NUD_REACHABLE. + + $bridge fdb add 00:01:02:03:04:06 dev eth0 master dynamic + + $bridge fdb show + 00:01:02:03:04:06 dev eth0 + + This patch also documents all fdb types. Removes 'temp' + from usage message since it is now replaced by 'static'. + 'temp' still works and is synonymous with static. + + Signed-off-by: Wilson Kok + Signed-off-by: Roopa Prabhu +--- + bridge/fdb.c | 5 ++++- + man/man8/bridge.8 | 14 +++++++++++++- + 2 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index cb07345..0222fd6 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -32,7 +32,7 @@ static void usage(void) + { + fprintf(stderr, "Usage: bridge fdb { add | append | del | replace } ADDR dev DEV\n" + " [ self ] [ master ] [ use ] [ router ]\n" +- " [ local | temp | static ] [ dst IPADDR ] [ vlan VID ]\n" ++ " [ local | static | dynamic ] [ dst IPADDR ] [ vlan VID ]\n" + " [ port PORT] [ vni VNI ] [ via DEV ]\n"); + fprintf(stderr, " bridge fdb [ show [ br BRDEV ] [ brport DEV ] ]\n"); + exit(-1); +@@ -303,6 +303,9 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) + } else if (matches(*argv, "temp") == 0 || + matches(*argv, "static") == 0) { + req.ndm.ndm_state |= NUD_REACHABLE; ++ } else if (matches(*argv, "dynamic") == 0) { ++ req.ndm.ndm_state |= NUD_REACHABLE; ++ req.ndm.ndm_state &= ~NUD_NOARP; + } else if (matches(*argv, "vlan") == 0) { + if (vid >= 0) + duparg2("vlan", *argv); +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 864f983..0a36e75 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -54,7 +54,7 @@ bridge \- show / manipulate bridge addresses and devices + .I LLADDR + .B dev + .IR DEV " { " +-.BR local " | " temp " } [ " ++.BR local " | " static " | " dynamic " } [ " + .BR self " ] [ " master " ] [ " router " ] [ " use " ] [ " + .B dst + .IR IPADDR " ] [ " +@@ -338,6 +338,18 @@ the Ethernet MAC address. + .BI dev " DEV" + the interface to which this address is associated. + ++.B local ++- is a local permanent fdb entry ++.sp ++ ++.B static ++- is a static (no arp) fdb entry ++.sp ++ ++.B dynamic ++- is a dynamic reachable age-able fdb entry ++.sp ++ + .B self + - the address is associated with the port drivers fdb. Usually hardware. + .sp +-- +1.8.3.1 + diff --git a/SOURCES/0081-iproute2-ip6gre-update-man-pages.patch b/SOURCES/0081-iproute2-ip6gre-update-man-pages.patch deleted file mode 100644 index 75a65d7..0000000 --- a/SOURCES/0081-iproute2-ip6gre-update-man-pages.patch +++ /dev/null @@ -1,196 +0,0 @@ -From 7ec0dbe4a48ad0231fbc3b0962e822a530adb985 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 15:57:00 +0100 -Subject: [PATCH] iproute2: ip6gre: update man pages - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: iproute2.git commit 9abde37cde92e - -commit 9abde37cde92e9b84f2f72aad9a03635972ffdf3 -Author: xeb@mail.ru -Date: Tue Oct 1 11:18:34 2013 +0400 - - iproute2: ip6gre: update man pages - - Update man pages with ip6gre info. - - Signed-off-by: Dmitry Kozlov ---- - man/man8/ip-link.8.in | 124 +++++++++++++++++++++++++++++++++++++++++++++++++- - man/man8/ip-tunnel.8 | 4 +- - 2 files changed, 125 insertions(+), 3 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 82ae316..81ef4bb 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -64,7 +64,11 @@ ip-link \- network device configuration - .BR vxlan " |" - .BR ip6tnl " |" - .BR ipip " |" --.BR sit " ]" -+.BR sit " |" -+.BR gre " |" -+.BR gretap " |" -+.BR ip6gre " |" -+.BR ip6gretap " ]" - - .ti -8 - .BI "ip link delete " DEVICE -@@ -196,6 +200,18 @@ Link types: - .sp - .BR sit - - Virtual tunnel interface IPv6 over IPv4 -+.sp -+.BR gre -+- Virtual tunnel interface GRE over IPv4 -+.sp -+.BR gretap -+- Virtual L2 tuunel interface GRE over IPv4 -+.sp -+.BR ip6gre -+- Virtual tuunel interface GRE over IPv6 -+.sp -+.BR ip6gretap -+- Virtual L2 tuunel interface GRE over IPv6 - .in -8 - - .TP -@@ -443,6 +459,112 @@ Example: - - .in -8 - -+.TP -+IP6GRE/IP6GRETAP Type Support -+For a link of type -+.I IP6GRE/IP6GRETAP -+the following additional arguments are supported: -+ -+.BI "ip link add " DEVICE -+.BI type " { ip6gre | ip6gretap } " remote " ADDR " local " ADDR -+.R " [ " -+.I "[i|o]seq]" -+.R " ] [ " -+.I "[i|o]key" KEY -+.R " ] [ " -+.I " [i|o]csum " -+.R " ] [ " -+.BI hoplimit " TTL " -+.R " ] [ " -+.BI encaplimit " ELIM " -+.R " ] [ " -+.BI tclass " TCLASS " -+.R " ] [ " -+.BI flowlabel " FLOWLABEL " -+.R " ] [ " -+.BI "dscp inherit" -+.R " ] [ " -+.BI dev " PHYS_DEV " -+.R " ]" -+ -+.in +8 -+.sp -+.BI remote " ADDR " -+- specifies the remote IPv6 address of the tunnel. -+ -+.sp -+.BI local " ADDR " -+- specifies the fixed local IPv6 address for tunneled packets. -+It must be and address on another interface on this host. -+ -+.sp -+.BI [i|o]seq -+- serialize packets. -+The -+.B oseq -+flag enables sequencing of outgoing packets. -+The -+.B iseq -+flag requires that all input packets are serialized. -+ -+.sp -+.BI [i|o]key " KEY" -+- use keyed GRE with key -+.IR KEY ". "KEY -+is either a number or an IPv4 address-like dotted quad. -+The -+.B key -+parameter specifies the same key to use in both directions. -+The -+.BR ikey " and " okey -+parameters specify different keys for input and output. -+ -+.sp -+.BI [i|o]csum -+- generate/require checksums for tunneled packets. -+The -+.B ocsum -+flag calculates checksums for outgoing packets. -+The -+.B icsum -+flag requires that all input packets have the correct -+checksum. The -+.B csum -+flag is equivalent to the combination -+.BR "icsum ocsum" . -+ -+.sp -+.BI hoplimit " TTL" -+- specifies Hop Limit value to use in outgoing packets. -+ -+.sp -+.BI encaplimit " ELIM" -+- specifies a fixed encapsulation limit. Default is 4. -+ -+.sp -+.BI flowlabel " FLOWLABEL" -+- specifies a fixed flowlabel. -+ -+.sp -+.BI tclass " TCLASS" -+- specifies the traffic class field on -+tunneled packets, which can be specified as either a two-digit -+hex value (e.g. c0) or a predefined string (e.g. internet). -+The value -+.B inherit -+causes the field to be copied from the original IP header. The -+values -+.BI "inherit/" STRING -+or -+.BI "inherit/" 00 ".." ff -+will set the field to -+.I STRING -+or -+.IR 00 ".." ff -+when tunneling non-IP packets. The default value is 00. -+ -+.in -8 -+ - .SS ip link delete - delete virtual link - .I DEVICE - specifies the virtual device to act operate on. -diff --git a/man/man8/ip-tunnel.8 b/man/man8/ip-tunnel.8 -index f697b4f..c97c28c 100644 ---- a/man/man8/ip-tunnel.8 -+++ b/man/man8/ip-tunnel.8 -@@ -50,7 +50,7 @@ ip-tunnel - tunnel configuration - - .ti -8 - .IR MODE " := " --.RB " { " ipip " | " gre " | " sit " | " isatap " | " ip6ip6 " | " ipip6 " | " any " }" -+.RB " { " ipip " | " gre " | " sit " | " isatap " | " ip6ip6 " | " ipip6 " | " ip6gre " | " any " }" - - .ti -8 - .IR ADDR " := { " IP_ADDRESS " |" -@@ -110,7 +110,7 @@ Modes for IPv4 encapsulation available: - .BR ipip ", " sit ", " isatap " and " gre "." - .br - Modes for IPv6 encapsulation available: --.BR ip6ip6 ", " ipip6 " and " any "." -+.BR ip6ip6 ", " ipip6 ", " ip6gre ", and " any "." - - .TP - .BI remote " ADDRESS" --- -1.8.3.1 - diff --git a/SOURCES/0082-iplink-bridge-remove-unnecessary-returns.patch b/SOURCES/0082-iplink-bridge-remove-unnecessary-returns.patch new file mode 100644 index 0000000..0aaf96a --- /dev/null +++ b/SOURCES/0082-iplink-bridge-remove-unnecessary-returns.patch @@ -0,0 +1,120 @@ +From 7ddb2ef80b5e6cb2ec411dc5721d574d9bec1ff8 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:21 +0100 +Subject: [PATCH] iplink: bridge: remove unnecessary returns + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 8a4cd3943fb84 +Conflicts: Dropped some chunks due to missing nf_call_* support. + +commit 8a4cd3943fb8498a108f0d494bb3176deb01ab0f +Author: Nikolay Aleksandrov +Date: Thu Feb 18 20:54:34 2016 +0100 + + iplink: bridge: remove unnecessary returns + + invarg exits so no need to return, remove this c&p error from my recent + patches + + Signed-off-by: Nikolay Aleksandrov +--- + ip/iplink_bridge.c | 35 ++++++++++++++--------------------- + 1 file changed, 14 insertions(+), 21 deletions(-) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 7cec078..6a0acf7 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -119,19 +119,17 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + __u8 vlan_filter; + + NEXT_ARG(); +- if (get_u8(&vlan_filter, *argv, 0)) { ++ if (get_u8(&vlan_filter, *argv, 0)) + invarg("invalid vlan_filtering", *argv); +- return -1; +- } ++ + addattr8(n, 1024, IFLA_BR_VLAN_FILTERING, vlan_filter); + } else if (matches(*argv, "vlan_protocol") == 0) { + __u16 vlan_proto; + + NEXT_ARG(); +- if (ll_proto_a2n(&vlan_proto, *argv)) { ++ if (ll_proto_a2n(&vlan_proto, *argv)) + invarg("invalid vlan_protocol", *argv); +- return -1; +- } ++ + addattr16(n, 1024, IFLA_BR_VLAN_PROTOCOL, vlan_proto); + } else if (matches(*argv, "group_fwd_mask") == 0) { + __u16 fwd_mask; +@@ -246,55 +244,50 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, + __u64 mcast_membership_intvl; + + NEXT_ARG(); +- if (get_u64(&mcast_membership_intvl, *argv, 0)) { ++ if (get_u64(&mcast_membership_intvl, *argv, 0)) + invarg("invalid mcast_membership_interval", + *argv); +- return -1; +- } ++ + addattr64(n, 1024, IFLA_BR_MCAST_MEMBERSHIP_INTVL, + mcast_membership_intvl); + } else if (matches(*argv, "mcast_querier_interval") == 0) { + __u64 mcast_querier_intvl; + + NEXT_ARG(); +- if (get_u64(&mcast_querier_intvl, *argv, 0)) { ++ if (get_u64(&mcast_querier_intvl, *argv, 0)) + invarg("invalid mcast_querier_interval", + *argv); +- return -1; +- } ++ + addattr64(n, 1024, IFLA_BR_MCAST_QUERIER_INTVL, + mcast_querier_intvl); + } else if (matches(*argv, "mcast_query_interval") == 0) { + __u64 mcast_query_intvl; + + NEXT_ARG(); +- if (get_u64(&mcast_query_intvl, *argv, 0)) { ++ if (get_u64(&mcast_query_intvl, *argv, 0)) + invarg("invalid mcast_query_interval", + *argv); +- return -1; +- } ++ + addattr64(n, 1024, IFLA_BR_MCAST_QUERY_INTVL, + mcast_query_intvl); + } else if (!matches(*argv, "mcast_query_response_interval")) { + __u64 mcast_query_resp_intvl; + + NEXT_ARG(); +- if (get_u64(&mcast_query_resp_intvl, *argv, 0)) { ++ if (get_u64(&mcast_query_resp_intvl, *argv, 0)) + invarg("invalid mcast_query_response_interval", + *argv); +- return -1; +- } ++ + addattr64(n, 1024, IFLA_BR_MCAST_QUERY_RESPONSE_INTVL, + mcast_query_resp_intvl); + } else if (!matches(*argv, "mcast_startup_query_interval")) { + __u64 mcast_startup_query_intvl; + + NEXT_ARG(); +- if (get_u64(&mcast_startup_query_intvl, *argv, 0)) { ++ if (get_u64(&mcast_startup_query_intvl, *argv, 0)) + invarg("invalid mcast_startup_query_interval", + *argv); +- return -1; +- } ++ + addattr64(n, 1024, IFLA_BR_MCAST_STARTUP_QUERY_INTVL, + mcast_startup_query_intvl); + } else if (matches(*argv, "help") == 0) { +-- +1.8.3.1 + diff --git a/SOURCES/0082-iproute-Descriptions-of-fou-and-gue-options-in-ip-li.patch b/SOURCES/0082-iproute-Descriptions-of-fou-and-gue-options-in-ip-li.patch deleted file mode 100644 index d12a4a2..0000000 --- a/SOURCES/0082-iproute-Descriptions-of-fou-and-gue-options-in-ip-li.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 6d19d559d29c1060c0d472f4d6a5daf2c5e608a9 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 15:57:00 +0100 -Subject: [PATCH] iproute: Descriptions of fou and gue options in ip-link man - pages - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: iproute2.git commit 90f1df715eb38 - -commit 90f1df715eb38bbbb4554ebbad783d67690a38b2 -Author: Tom Herbert -Date: Thu Jan 29 08:52:01 2015 -0800 - - iproute: Descriptions of fou and gue options in ip-link man pages - - Add section for additional arguments to GRE, IPIP, and SIT types - that are related to Foo-over-UDP and Generic UDP Encapsulation. - Also, added an example GUE configuration in the examples section. - - Signed-off-by: Tom Herbert ---- - man/man8/ip-link.8.in | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 67 insertions(+), 1 deletion(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 81ef4bb..9e667a2 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -460,6 +460,63 @@ Example: - .in -8 - - .TP -+GRE, IPIP, SIT Type Support -+For a link of types -+.I GRE/IPIP/SIT -+the following additional arguments are supported: -+ -+.BI "ip link add " DEVICE -+.BR type " { gre | ipip | sit } " -+.BI " remote " ADDR " local " ADDR -+.R " [ " -+.BR encap " { fou | gue | none } " -+.R " ] [ " -+.BI "encap-sport { " PORT " | auto } " -+.R " ] [ " -+.BI "encap-dport " PORT -+.R " ] [ " -+.I " [no]encap-csum " -+.R " ] [ " -+.I " [no]encap-remcsum " -+.R " ]" -+ -+.in +8 -+.sp -+.BI remote " ADDR " -+- specifies the remote address of the tunnel. -+ -+.sp -+.BI local " ADDR " -+- specifies the fixed local address for tunneled packets. -+It must be an address on another interface on this host. -+ -+.sp -+.BR encap " { fou | gue | none } " -+- specifies type of secondary UDP encapsulation. "fou" indicates -+Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation. -+ -+.sp -+.BI "encap-sport { " PORT " | auto } " -+- specifies the source port in UDP encapsulation. -+.IR PORT -+indicates the port by number, "auto" -+indicates that the port number should be chosen automatically -+(the kernel picks a flow based on the flow hash of the -+encapsulated packet). -+ -+.sp -+.I [no]encap-csum -+- specifies if UDP checksums are enabled in the secondary -+encapsulation. -+ -+.sp -+.I [no]encap-remcsum -+- specifies if Remote Checksum Offload is enabled. This is only -+applicable for Generic UDP Encapsulation. -+ -+.in -8 -+ -+.TP - IP6GRE/IP6GRETAP Type Support - For a link of type - .I IP6GRE/IP6GRETAP -@@ -495,7 +552,7 @@ the following additional arguments are supported: - .sp - .BI local " ADDR " - - specifies the fixed local IPv6 address for tunneled packets. --It must be and address on another interface on this host. -+It must be an address on another interface on this host. - - .sp - .BI [i|o]seq -@@ -831,6 +888,15 @@ ip link help gre - .RS 4 - Display help for the gre link type. - .RE -+.PP -+ip link add name tun1 type ipip remote 192.168.1.1 -+local 192.168.1.2 ttl 225 encap gue encap-sport auto -+encap-dport 5555 encap-csum encap-remcsum -+.RS 4 -+Creates an IPIP that is encapsulated with Generic UDP Encapsulation, -+and the outer UDP checksum and remote checksum offload are enabled. -+ -+.RE - - .SH SEE ALSO - .br --- -1.8.3.1 - diff --git a/SOURCES/0083-bridge-mdb-add-user-space-support-for-extended-attri.patch b/SOURCES/0083-bridge-mdb-add-user-space-support-for-extended-attri.patch new file mode 100644 index 0000000..604f48c --- /dev/null +++ b/SOURCES/0083-bridge-mdb-add-user-space-support-for-extended-attri.patch @@ -0,0 +1,111 @@ +From c55cf2cf1b127e5a08830c158fddc45fc8e5c8d8 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:38 +0100 +Subject: [PATCH] bridge: mdb: add user-space support for extended attributes + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 05d4f64d4abfe + +commit 05d4f64d4abfe198144df807d7d496086c5a7ce9 +Author: Nikolay Aleksandrov +Date: Mon Feb 22 15:16:13 2016 +0100 + + bridge: mdb: add user-space support for extended attributes + + Recently support was added to the kernel to be able to add more per-mdb + entry attributes via standard netlink attributes of type MDBA_MDB_EATTR_. + This patch adds support to iproute2 to parse and output these + attributes. The first exported attribute is the mdb "timer" value which + is shown only when the "-s" iproute2 arg is used. + + Example: + $ bridge -s mdb show + dev br0 port eth1 grp 239.0.0.11 permanent 0.00 + dev br0 port eth1 grp 239.0.0.10 temp 244.15 + dev br0 port eth1 grp 239.0.0.1 temp 245.21 + dev br0 port eth1 grp 239.0.0.5 temp 246.43 + dev br0 port eth2 grp 239.0.0.5 temp 248.44 + dev br0 port eth1 grp 239.0.0.2 temp 245.32 + + Signed-off-by: Nikolay Aleksandrov +--- + bridge/br_common.h | 3 +++ + bridge/mdb.c | 15 ++++++++++++--- + man/man8/bridge.8 | 5 +++++ + 3 files changed, 20 insertions(+), 3 deletions(-) + +diff --git a/bridge/br_common.h b/bridge/br_common.h +index 169a162..41eb0dc 100644 +--- a/bridge/br_common.h ++++ b/bridge/br_common.h +@@ -1,3 +1,6 @@ ++#define MDB_RTA(r) \ ++ ((struct rtattr *)(((char *)(r)) + RTA_ALIGN(sizeof(struct br_mdb_entry)))) ++ + extern int print_linkinfo(const struct sockaddr_nl *who, + struct nlmsghdr *n, + void *arg); +diff --git a/bridge/mdb.c b/bridge/mdb.c +index 24c4903..09d4b22 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -49,7 +49,7 @@ static void br_print_router_ports(FILE *f, struct rtattr *attr) + } + + static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e, +- struct nlmsghdr *n) ++ struct nlmsghdr *n, struct rtattr **tb) + { + SPRINT_BUF(abuf); + const void *src; +@@ -66,20 +66,29 @@ static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e, + (e->state & MDB_PERMANENT) ? "permanent" : "temp"); + if (e->vid) + fprintf(f, " vid %hu", e->vid); ++ if (show_stats && tb && tb[MDBA_MDB_EATTR_TIMER]) { ++ struct timeval tv; ++ ++ __jiffies_to_tv(&tv, rta_getattr_u32(tb[MDBA_MDB_EATTR_TIMER])); ++ fprintf(f, "%4i.%.2i", (int)tv.tv_sec, (int)tv.tv_usec/10000); ++ } + fprintf(f, "\n"); + } + + static void br_print_mdb_entry(FILE *f, int ifindex, struct rtattr *attr, + struct nlmsghdr *n) + { ++ struct rtattr *etb[MDBA_MDB_EATTR_MAX + 1]; ++ struct br_mdb_entry *e; + struct rtattr *i; + int rem; +- struct br_mdb_entry *e; + + rem = RTA_PAYLOAD(attr); + for (i = RTA_DATA(attr); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) { + e = RTA_DATA(i); +- print_mdb_entry(f, ifindex, e, n); ++ parse_rtattr(etb, MDBA_MDB_EATTR_MAX, MDB_RTA(RTA_DATA(i)), ++ RTA_PAYLOAD(i) - RTA_ALIGN(sizeof(*e))); ++ print_mdb_entry(f, ifindex, e, n, etb); + } + } + +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 0a36e75..08f327b 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -503,6 +503,11 @@ With the + option, the command becomes verbose. It prints out the ports known to have + a connected router. + ++.PP ++With the ++.B -statistics ++option, the command displays timer values for mdb entries. ++ + .SH bridge vlan - VLAN filter list + + .B vlan +-- +1.8.3.1 + diff --git a/SOURCES/0083-ip-link-Document-IPoIB-link-type-in-the-man-page.patch b/SOURCES/0083-ip-link-Document-IPoIB-link-type-in-the-man-page.patch deleted file mode 100644 index 60b36c1..0000000 --- a/SOURCES/0083-ip-link-Document-IPoIB-link-type-in-the-man-page.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 00618aeedb8287dc27609ff80ba077710ddeca25 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 15:57:00 +0100 -Subject: [PATCH] ip-link: Document IPoIB link type in the man page - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: iproute2.git commit 8ca8fac7aaf61 - -commit 8ca8fac7aaf61a05ee074fe1f1daee4acabf8588 -Author: Or Gerlitz -Date: Sun Nov 16 09:43:34 2014 +0200 - - ip-link: Document IPoIB link type in the man page - - Add documentation on how to create devices of type IP-over-Infiniband - in the man page. - - Signed-off-by: Or Gerlitz ---- - man/man8/ip-link.8.in | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 9e667a2..dffa25b 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -622,6 +622,23 @@ when tunneling non-IP packets. The default value is 00. - - .in -8 - -+.TP -+IPoIB Type Support -+For a link of type -+.I IPoIB -+the following additional arguments are supported: -+ -+.BI "ip link add " DEVICE " name " NAME -+.BI type " ipoib [ " pkey " PKEY ] [" mode " MODE " ] -+ -+.in +8 -+.sp -+.BI pkey " PKEY " -+- specifies the IB P-Key to use. -+ -+.BI mode " MODE " -+- specifies the mode (datagram or connected) to use. -+ - .SS ip link delete - delete virtual link - .I DEVICE - specifies the virtual device to act operate on. --- -1.8.3.1 - diff --git a/SOURCES/0084-bridge-mdb-add-support-for-offloaded-mdb-entries.patch b/SOURCES/0084-bridge-mdb-add-support-for-offloaded-mdb-entries.patch new file mode 100644 index 0000000..110805f --- /dev/null +++ b/SOURCES/0084-bridge-mdb-add-support-for-offloaded-mdb-entries.patch @@ -0,0 +1,43 @@ +From 74776a9a952915531233e5092e6e1dbfdaf846d5 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:38 +0100 +Subject: [PATCH] bridge: mdb: add support for offloaded mdb entries + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 29d61fb385967 + +commit 29d61fb385967e6e558aad99f68714df42f18c38 +Author: Elad Raz +Date: Sun Mar 6 12:46:04 2016 -0800 + + bridge: mdb: add support for offloaded mdb entries + + Mark MDB entries which are offloaded to HW with "offload" flag + + Signed-off-by: Elad Raz + Signed-off-by: Jiri Pirko +--- + bridge/mdb.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/bridge/mdb.c b/bridge/mdb.c +index 09d4b22..600596c 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -60,10 +60,11 @@ static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e, + (const void *)&e->addr.u.ip6; + if (n->nlmsg_type == RTM_DELMDB) + fprintf(f, "Deleted "); +- fprintf(f, "dev %s port %s grp %s %s", ll_index_to_name(ifindex), ++ fprintf(f, "dev %s port %s grp %s %s %s", ll_index_to_name(ifindex), + ll_index_to_name(e->ifindex), + inet_ntop(af, src, abuf, sizeof(abuf)), +- (e->state & MDB_PERMANENT) ? "permanent" : "temp"); ++ (e->state & MDB_PERMANENT) ? "permanent" : "temp", ++ (e->flags & MDB_FLAGS_OFFLOAD) ? "offload" : ""); + if (e->vid) + fprintf(f, " vid %hu", e->vid); + if (show_stats && tb && tb[MDBA_MDB_EATTR_TIMER]) { +-- +1.8.3.1 + diff --git a/SOURCES/0084-iproute2-ip-link.8.in-Spelling-fixes.patch b/SOURCES/0084-iproute2-ip-link.8.in-Spelling-fixes.patch deleted file mode 100644 index 5b75942..0000000 --- a/SOURCES/0084-iproute2-ip-link.8.in-Spelling-fixes.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 977e3cbb92fe7f4d8fcd1332c347bfe1391a4d0e Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 15:57:00 +0100 -Subject: [PATCH] iproute2: ip-link.8.in: Spelling fixes - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: iproute2.git commit d36d9d41d6e66 - -commit d36d9d41d6e66c130b0632b82ea74c3ae4d0fbe3 -Author: Reese Moore -Date: Wed Feb 4 14:04:48 2015 -0500 - - iproute2: ip-link.8.in: Spelling fixes - - In the ip-link(8) man page, for the gretap, ip6gre, and ip6gretap types, the - word tunnel was incorrectly spelled 'tuunel'. - - Signed-off-by: Reese Moore ---- - man/man8/ip-link.8.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index dffa25b..d8fca23 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -205,13 +205,13 @@ Link types: - - Virtual tunnel interface GRE over IPv4 - .sp - .BR gretap --- Virtual L2 tuunel interface GRE over IPv4 -+- Virtual L2 tunnel interface GRE over IPv4 - .sp - .BR ip6gre --- Virtual tuunel interface GRE over IPv6 -+- Virtual tunnel interface GRE over IPv6 - .sp - .BR ip6gretap --- Virtual L2 tuunel interface GRE over IPv6 -+- Virtual L2 tunnel interface GRE over IPv6 - .in -8 - - .TP --- -1.8.3.1 - diff --git a/SOURCES/0085-bridge-mdb-add-support-for-extended-router-port-info.patch b/SOURCES/0085-bridge-mdb-add-support-for-extended-router-port-info.patch new file mode 100644 index 0000000..aea98ac --- /dev/null +++ b/SOURCES/0085-bridge-mdb-add-support-for-extended-router-port-info.patch @@ -0,0 +1,155 @@ +From 90e24d0fe6dc4f5f4b5e6d75322e604c63f1cb14 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:38 +0100 +Subject: [PATCH] bridge: mdb: add support for extended router port information + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit ba0372670d1fa + +commit ba0372670d1fad0ae6cdbf970000ac7f4f72030f +Author: Nikolay Aleksandrov +Date: Mon Mar 14 11:04:46 2016 +0100 + + bridge: mdb: add support for extended router port information + + Recently a new temp router port mode was added and with it the dumped + information was extended similar to how mdb entries were done. This + patch adds support to dump the new information by using the "-s" switch. + Example: + $ bridge -d -s mdb show + dev br0 port eth1 grp ff02::1:ffbf:5716 temp 234.39 + dev br0 port eth1 grp 239.0.0.2 temp 97.17 + dev br0 port eth1 grp 239.0.0.3 temp 105.36 + router ports on br0: eth1 0.00 permanent + router ports on br0: eth2 254.87 temp + + It also updates the bridge man page. + + Signed-off-by: Nikolay Aleksandrov +--- + bridge/br_common.h | 3 +++ + bridge/mdb.c | 53 ++++++++++++++++++++++++++++++++++++++++++++--------- + man/man8/bridge.8 | 6 +++++- + 3 files changed, 52 insertions(+), 10 deletions(-) + +diff --git a/bridge/br_common.h b/bridge/br_common.h +index 41eb0dc..5ea45c9 100644 +--- a/bridge/br_common.h ++++ b/bridge/br_common.h +@@ -1,6 +1,9 @@ + #define MDB_RTA(r) \ + ((struct rtattr *)(((char *)(r)) + RTA_ALIGN(sizeof(struct br_mdb_entry)))) + ++#define MDB_RTR_RTA(r) \ ++ ((struct rtattr *)(((char *)(r)) + RTA_ALIGN(sizeof(__u32)))) ++ + extern int print_linkinfo(const struct sockaddr_nl *who, + struct nlmsghdr *n, + void *arg); +diff --git a/bridge/mdb.c b/bridge/mdb.c +index 600596c..97da4dc 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -33,19 +33,56 @@ static void usage(void) + exit(-1); + } + +-static void br_print_router_ports(FILE *f, struct rtattr *attr) ++static bool is_temp_mcast_rtr(__u8 type) ++{ ++ return type == MDB_RTR_TYPE_TEMP_QUERY || type == MDB_RTR_TYPE_TEMP; ++} ++ ++static void __print_router_port_stats(FILE *f, struct rtattr *pattr) ++{ ++ struct rtattr *tb[MDBA_ROUTER_PATTR_MAX + 1]; ++ struct timeval tv; ++ __u8 type; ++ ++ parse_rtattr(tb, MDBA_ROUTER_PATTR_MAX, MDB_RTR_RTA(RTA_DATA(pattr)), ++ RTA_PAYLOAD(pattr) - RTA_ALIGN(sizeof(uint32_t))); ++ if (tb[MDBA_ROUTER_PATTR_TIMER]) { ++ __jiffies_to_tv(&tv, ++ rta_getattr_u32(tb[MDBA_ROUTER_PATTR_TIMER])); ++ fprintf(f, " %4i.%.2i", ++ (int)tv.tv_sec, (int)tv.tv_usec/10000); ++ } ++ if (tb[MDBA_ROUTER_PATTR_TYPE]) { ++ type = rta_getattr_u8(tb[MDBA_ROUTER_PATTR_TYPE]); ++ fprintf(f, " %s", ++ is_temp_mcast_rtr(type) ? "temp" : "permanent"); ++ } ++} ++ ++static void br_print_router_ports(FILE *f, struct rtattr *attr, __u32 brifidx) + { + uint32_t *port_ifindex; + struct rtattr *i; + int rem; + ++ if (!show_stats) ++ fprintf(f, "router ports on %s: ", ll_index_to_name(brifidx)); ++ + rem = RTA_PAYLOAD(attr); + for (i = RTA_DATA(attr); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) { + port_ifindex = RTA_DATA(i); +- fprintf(f, "%s ", ll_index_to_name(*port_ifindex)); ++ if (show_stats) { ++ fprintf(f, "router ports on %s: %s", ++ ll_index_to_name(brifidx), ++ ll_index_to_name(*port_ifindex)); ++ __print_router_port_stats(f, i); ++ fprintf(f, "\n"); ++ } else { ++ fprintf(f, "%s ", ll_index_to_name(*port_ifindex)); ++ } + } +- +- fprintf(f, "\n"); ++ if (!show_stats) ++ fprintf(f, "\n"); + } + + static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e, +@@ -127,11 +164,9 @@ int print_mdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + if (tb[MDBA_ROUTER]) { + if (n->nlmsg_type == RTM_GETMDB) { +- if (show_details) { +- fprintf(fp, "router ports on %s: ", +- ll_index_to_name(r->ifindex)); +- br_print_router_ports(fp, tb[MDBA_ROUTER]); +- } ++ if (show_details) ++ br_print_router_ports(fp, tb[MDBA_ROUTER], ++ r->ifindex); + } else { + uint32_t *port_ifindex; + +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 08f327b..4d5d743 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -119,6 +119,10 @@ is given multiple times, the amount of information increases. + As a rule, the information is statistics or some time values. + + .TP ++.BR "\-d" , " \-details" ++print detailed information about MDB router ports. ++ ++.TP + .BR "\-n" , " \-net" , " \-netns " + switches + .B bridge +@@ -506,7 +510,7 @@ a connected router. + .PP + With the + .B -statistics +-option, the command displays timer values for mdb entries. ++option, the command displays timer values for mdb and router port entries. + + .SH bridge vlan - VLAN filter list + +-- +1.8.3.1 + diff --git a/SOURCES/0085-man-ip-link-Add-missing-link-types-vti-ipvlan-nlmon.patch b/SOURCES/0085-man-ip-link-Add-missing-link-types-vti-ipvlan-nlmon.patch deleted file mode 100644 index ecae525..0000000 --- a/SOURCES/0085-man-ip-link-Add-missing-link-types-vti-ipvlan-nlmon.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2f5dccc695c146101b4fc796e0f31fc71e97aaff Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 15:57:01 +0100 -Subject: [PATCH] man ip-link: Add missing link types - vti,ipvlan,nlmon - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: iproute2.git commit b6d6b5a1cdd91 - -commit b6d6b5a1cdd91c878ab2541f38402a44ffb75ee7 -Author: Vadim Kochan -Date: Sat Apr 4 19:00:55 2015 +0300 - - man ip-link: Add missing link types - vti,ipvlan,nlmon - - Signed-off-by: Vadim Kochan ---- - man/man8/ip-link.8.in | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index d8fca23..339b5c5 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -68,7 +68,10 @@ ip-link \- network device configuration - .BR gre " |" - .BR gretap " |" - .BR ip6gre " |" --.BR ip6gretap " ]" -+.BR ip6gretap " |" -+.BR vti " |" -+.BR nlmon " |" -+.BR ipvlan " ]" - - .ti -8 - .BI "ip link delete " DEVICE -@@ -212,6 +215,15 @@ Link types: - .sp - .BR ip6gretap - - Virtual L2 tunnel interface GRE over IPv6 -+.sp -+.BR vti -+- Virtual tunnel interface -+.sp -+.BR nlmon -+- Netlink monitoring device -+.sp -+.BR ipvlan -+- Interface for L3 (IPv6/IPv4) based VLANs - .in -8 - - .TP --- -1.8.3.1 - diff --git a/SOURCES/0086-bridge-code-cleanup.patch b/SOURCES/0086-bridge-code-cleanup.patch new file mode 100644 index 0000000..a07b3a3 --- /dev/null +++ b/SOURCES/0086-bridge-code-cleanup.patch @@ -0,0 +1,313 @@ +From 86b1bf040e1282bf95244c9c8b43c16567b6e133 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:38 +0100 +Subject: [PATCH] bridge: code cleanup + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit df4b043f0845e + +commit df4b043f0845eaf3534b32925c5e79970f9a95a0 +Author: Stephen Hemminger +Date: Mon Mar 21 11:56:01 2016 -0700 + + bridge: code cleanup + + Use checkpatch auto fix to cleanup lingering style issues +--- + bridge/fdb.c | 20 +++++++++++--------- + bridge/link.c | 25 +++++++++++++------------ + bridge/mdb.c | 6 +++--- + bridge/monitor.c | 13 +++++++------ + bridge/vlan.c | 9 +++++---- + 5 files changed, 39 insertions(+), 34 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 0222fd6..2d2498a 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -33,12 +33,12 @@ static void usage(void) + fprintf(stderr, "Usage: bridge fdb { add | append | del | replace } ADDR dev DEV\n" + " [ self ] [ master ] [ use ] [ router ]\n" + " [ local | static | dynamic ] [ dst IPADDR ] [ vlan VID ]\n" +- " [ port PORT] [ vni VNI ] [ via DEV ]\n"); ++ " [ port PORT] [ vni VNI ] [ via DEV ]\n"); + fprintf(stderr, " bridge fdb [ show [ br BRDEV ] [ brport DEV ] ]\n"); + exit(-1); + } + +-static const char *state_n2a(unsigned s) ++static const char *state_n2a(unsigned int s) + { + static char buf[32]; + +@@ -63,7 +63,7 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + FILE *fp = arg; + struct ndmsg *r = NLMSG_DATA(n); + int len = n->nlmsg_len; +- struct rtattr * tb[NDA_MAX+1]; ++ struct rtattr *tb[NDA_MAX+1]; + + if (n->nlmsg_type != RTM_NEWNEIGH && n->nlmsg_type != RTM_DELNEIGH) { + fprintf(stderr, "Not RTM_NEWNEIGH: %08x %08x %08x\n", +@@ -118,6 +118,7 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + if (tb[NDA_VLAN]) { + __u16 vid = rta_getattr_u16(tb[NDA_VLAN]); ++ + fprintf(fp, "vlan %hu ", vid); + } + +@@ -170,9 +171,9 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + static int fdb_show(int argc, char **argv) + { + struct { +- struct nlmsghdr n; ++ struct nlmsghdr n; + struct ifinfomsg ifm; +- char buf[256]; ++ char buf[256]; + } req; + + char *filter_dev = NULL; +@@ -199,6 +200,7 @@ static int fdb_show(int argc, char **argv) + + if (br) { + int br_ifindex = ll_name_to_index(br); ++ + if (br_ifindex == 0) { + fprintf(stderr, "Cannot find bridge device \"%s\"\n", br); + return -1; +@@ -234,9 +236,9 @@ static int fdb_show(int argc, char **argv) + static int fdb_modify(int cmd, int flags, int argc, char **argv) + { + struct { +- struct nlmsghdr n; +- struct ndmsg ndm; +- char buf[256]; ++ struct nlmsghdr n; ++ struct ndmsg ndm; ++ char buf[256]; + } req; + char *addr = NULL; + char *d = NULL; +@@ -297,7 +299,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) + req.ndm.ndm_flags |= NTF_MASTER; + } else if (matches(*argv, "router") == 0) { + req.ndm.ndm_flags |= NTF_ROUTER; +- } else if (matches(*argv, "local") == 0|| ++ } else if (matches(*argv, "local") == 0 || + matches(*argv, "permanent") == 0) { + req.ndm.ndm_state |= NUD_PERMANENT; + } else if (matches(*argv, "temp") == 0 || +diff --git a/bridge/link.c b/bridge/link.c +index a9b1262..353e1c3 100644 +--- a/bridge/link.c ++++ b/bridge/link.c +@@ -25,17 +25,17 @@ static const char *port_states[] = { + [BR_STATE_BLOCKING] = "blocking", + }; + +-extern char *if_indextoname (unsigned int __ifindex, char *__ifname); ++extern char *if_indextoname(unsigned int __ifindex, char *__ifname); + +-static void print_link_flags(FILE *fp, unsigned flags) ++static void print_link_flags(FILE *fp, unsigned int flags) + { + fprintf(fp, "<"); + if (flags & IFF_UP && !(flags & IFF_RUNNING)) + fprintf(fp, "NO-CARRIER%s", flags ? "," : ""); + flags &= ~IFF_RUNNING; + #define _PF(f) if (flags&IFF_##f) { \ +- flags &= ~IFF_##f ; \ +- fprintf(fp, #f "%s", flags ? "," : ""); } ++ flags &= ~IFF_##f ; \ ++ fprintf(fp, #f "%s", flags ? "," : ""); } + _PF(LOOPBACK); + _PF(BROADCAST); + _PF(POINTOPOINT); +@@ -55,7 +55,7 @@ static void print_link_flags(FILE *fp, unsigned flags) + _PF(DORMANT); + _PF(ECHO); + #undef _PF +- if (flags) ++ if (flags) + fprintf(fp, "%x", flags); + fprintf(fp, "> "); + } +@@ -69,7 +69,7 @@ static const char *hw_mode[] = {"VEB", "VEPA"}; + + static void print_operstate(FILE *f, __u8 state) + { +- if (state >= sizeof(oper_states)/sizeof(oper_states[0])) ++ if (state >= ARRAY_SIZE(oper_states)) + fprintf(f, "state %#x ", state); + else + fprintf(f, "state %s ", oper_states[state]); +@@ -90,7 +90,7 @@ static void print_onoff(FILE *f, char *flag, __u8 val) + + static void print_hwmode(FILE *f, __u16 mode) + { +- if (mode >= sizeof(hw_mode)/sizeof(hw_mode[0])) ++ if (mode >= ARRAY_SIZE(hw_mode)) + fprintf(f, "hwmode %#hx ", mode); + else + fprintf(f, "hwmode %s ", hw_mode[mode]); +@@ -102,14 +102,14 @@ int print_linkinfo(const struct sockaddr_nl *who, + FILE *fp = arg; + int len = n->nlmsg_len; + struct ifinfomsg *ifi = NLMSG_DATA(n); +- struct rtattr * tb[IFLA_MAX+1]; ++ struct rtattr *tb[IFLA_MAX+1]; + char b1[IFNAMSIZ]; + + len -= NLMSG_LENGTH(sizeof(*ifi)); + if (len < 0) { + fprintf(stderr, "Message too short!\n"); + return -1; +- } ++ } + + if (!(ifi->ifi_family == AF_BRIDGE || ifi->ifi_family == AF_UNSPEC)) + return 0; +@@ -136,6 +136,7 @@ int print_linkinfo(const struct sockaddr_nl *who, + if (tb[IFLA_LINK]) { + SPRINT_BUF(b1); + int iflink = rta_getattr_u32(tb[IFLA_LINK]); ++ + if (iflink == 0) + fprintf(fp, "@NONE: "); + else +@@ -220,7 +221,7 @@ static void usage(void) + { + fprintf(stderr, "Usage: bridge link set dev DEV [ cost COST ] [ priority PRIO ] [ state STATE ]\n"); + fprintf(stderr, " [ guard {on | off} ]\n"); +- fprintf(stderr, " [ hairpin {on | off} ] \n"); ++ fprintf(stderr, " [ hairpin {on | off} ]\n"); + fprintf(stderr, " [ fastleave {on | off} ]\n"); + fprintf(stderr, " [ root_block {on | off} ]\n"); + fprintf(stderr, " [ learning {on | off} ]\n"); +@@ -319,6 +320,7 @@ static int brlink_modify(int argc, char **argv) + NEXT_ARG(); + char *endptr; + size_t nstates = sizeof(port_states) / sizeof(*port_states); ++ + state = strtol(*argv, &endptr, 10); + if (!(**argv != '\0' && *endptr == '\0')) { + for (state = 0; state < nstates; state++) +@@ -339,8 +341,7 @@ static int brlink_modify(int argc, char **argv) + mode = BRIDGE_MODE_VEB; + else { + fprintf(stderr, +- "Mode argument must be \"vepa\" or " +- "\"veb\".\n"); ++ "Mode argument must be \"vepa\" or \"veb\".\n"); + return -1; + } + } else if (strcmp(*argv, "self") == 0) { +diff --git a/bridge/mdb.c b/bridge/mdb.c +index 97da4dc..842536e 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -21,7 +21,7 @@ + + #ifndef MDBA_RTA + #define MDBA_RTA(r) \ +- ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct br_port_msg)))) ++ ((struct rtattr *)(((char *)(r)) + NLMSG_ALIGN(sizeof(struct br_port_msg)))) + #endif + + static unsigned int filter_index; +@@ -224,9 +224,9 @@ static int mdb_show(int argc, char **argv) + static int mdb_modify(int cmd, int flags, int argc, char **argv) + { + struct { +- struct nlmsghdr n; ++ struct nlmsghdr n; + struct br_port_msg bpm; +- char buf[1024]; ++ char buf[1024]; + } req; + struct br_mdb_entry entry; + char *d = NULL, *p = NULL, *grp = NULL; +diff --git a/bridge/monitor.c b/bridge/monitor.c +index 590de76..987257c 100644 +--- a/bridge/monitor.c ++++ b/bridge/monitor.c +@@ -86,10 +86,10 @@ static int accept_msg(const struct sockaddr_nl *who, + int do_monitor(int argc, char **argv) + { + char *file = NULL; +- unsigned groups = ~RTMGRP_TC; +- int llink=0; +- int lneigh=0; +- int lmdb=0; ++ unsigned int groups = ~RTMGRP_TC; ++ int llink = 0; ++ int lneigh = 0; ++ int lmdb = 0; + + rtnl_close(&rth); + +@@ -98,7 +98,7 @@ int do_monitor(int argc, char **argv) + NEXT_ARG(); + file = *argv; + } else if (matches(*argv, "link") == 0) { +- llink=1; ++ llink = 1; + groups = 0; + } else if (matches(*argv, "fdb") == 0) { + lneigh = 1; +@@ -108,7 +108,7 @@ int do_monitor(int argc, char **argv) + groups = 0; + } else if (strcmp(*argv, "all") == 0) { + groups = ~RTMGRP_TC; +- prefix_banner=1; ++ prefix_banner = 1; + } else if (matches(*argv, "help") == 0) { + usage(); + } else { +@@ -132,6 +132,7 @@ int do_monitor(int argc, char **argv) + if (file) { + FILE *fp; + int err; ++ + fp = fopen(file, "r"); + if (fp == NULL) { + perror("Cannot fopen"); +diff --git a/bridge/vlan.c b/bridge/vlan.c +index ac2f523..ae58832 100644 +--- a/bridge/vlan.c ++++ b/bridge/vlan.c +@@ -26,9 +26,9 @@ static void usage(void) + static int vlan_modify(int cmd, int argc, char **argv) + { + struct { +- struct nlmsghdr n; +- struct ifinfomsg ifm; +- char buf[1024]; ++ struct nlmsghdr n; ++ struct ifinfomsg ifm; ++ char buf[1024]; + } req; + char *d = NULL; + short vid = -1; +@@ -51,6 +51,7 @@ static int vlan_modify(int cmd, int argc, char **argv) + d = *argv; + } else if (strcmp(*argv, "vid") == 0) { + char *p; ++ + NEXT_ARG(); + p = strchr(*argv, '-'); + if (p) { +@@ -144,7 +145,7 @@ static int print_vlan(const struct sockaddr_nl *who, + FILE *fp = arg; + struct ifinfomsg *ifm = NLMSG_DATA(n); + int len = n->nlmsg_len; +- struct rtattr * tb[IFLA_MAX+1]; ++ struct rtattr *tb[IFLA_MAX+1]; + + if (n->nlmsg_type != RTM_NEWLINK) { + fprintf(stderr, "Not RTM_NEWLINK: %08x %08x %08x\n", +-- +1.8.3.1 + diff --git a/SOURCES/0086-man-ip-link-fix-a-typo.patch b/SOURCES/0086-man-ip-link-fix-a-typo.patch deleted file mode 100644 index 31fcb43..0000000 --- a/SOURCES/0086-man-ip-link-fix-a-typo.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 4b2882df80788b9740cce915d2ac5ca8b263cfa0 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 15:57:01 +0100 -Subject: [PATCH] man: ip-link: fix a typo - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: iproute2.git commit e37a9c73d2e0b - -commit e37a9c73d2e0bbf1288eb16e9b47028012db2bf8 -Author: Masatake YAMATO -Date: Fri Nov 7 03:57:05 2014 +0900 - - man: ip-link: fix a typo - - Signed-off-by: Masatake YAMATO ---- - man/man8/ip-link.8.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 339b5c5..88e014b 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -52,7 +52,7 @@ ip-link \- network device configuration - .ti -8 - .IR TYPE " := [ " - .BR bridge " | " --.BR bond " ]" -+.BR bond " | " - .BR can " | " - .BR dummy " | " - .BR ifb " | " --- -1.8.3.1 - diff --git a/SOURCES/0087-bridge-fdb-add-support-to-filter-by-vlan-id.patch b/SOURCES/0087-bridge-fdb-add-support-to-filter-by-vlan-id.patch new file mode 100644 index 0000000..54bc4a7 --- /dev/null +++ b/SOURCES/0087-bridge-fdb-add-support-to-filter-by-vlan-id.patch @@ -0,0 +1,99 @@ +From a6192164b9d05f22e93266f63ec090a910930f29 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:44 +0100 +Subject: [PATCH] bridge: fdb: add support to filter by vlan id + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit ae6eb9075fdfe + +commit ae6eb9075fdfe1bf0804c9a9315a37e111e8e293 +Author: Nikolay Aleksandrov +Date: Mon Apr 11 17:45:14 2016 +0200 + + bridge: fdb: add support to filter by vlan id + + Add the optional keyword "vlan" to bridge fdb show so the user can request + filtering by a specific vlan id. Currently the filtering is implemented + only in user-space. The argument name has been chosen to match the + add/del one - "vlan". + + Example: + $ bridge fdb show vlan 400 + 52:54:00:bf:57:16 dev eth2 vlan 400 master br0 permanent + + Signed-off-by: Nikolay Aleksandrov +--- + bridge/fdb.c | 21 +++++++++++++++------ + 1 file changed, 15 insertions(+), 6 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 2d2498a..d184f7e 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -26,7 +26,7 @@ + #include "rt_names.h" + #include "utils.h" + +-static unsigned int filter_index; ++static unsigned int filter_index, filter_vlan; + + static void usage(void) + { +@@ -34,7 +34,7 @@ static void usage(void) + " [ self ] [ master ] [ use ] [ router ]\n" + " [ local | static | dynamic ] [ dst IPADDR ] [ vlan VID ]\n" + " [ port PORT] [ vni VNI ] [ via DEV ]\n"); +- fprintf(stderr, " bridge fdb [ show [ br BRDEV ] [ brport DEV ] ]\n"); ++ fprintf(stderr, " bridge fdb [ show [ br BRDEV ] [ brport DEV ] [ vlan VID ] ]\n"); + exit(-1); + } + +@@ -64,6 +64,7 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + struct ndmsg *r = NLMSG_DATA(n); + int len = n->nlmsg_len; + struct rtattr *tb[NDA_MAX+1]; ++ __u16 vid = 0; + + if (n->nlmsg_type != RTM_NEWNEIGH && n->nlmsg_type != RTM_DELNEIGH) { + fprintf(stderr, "Not RTM_NEWNEIGH: %08x %08x %08x\n", +@@ -87,6 +88,12 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + parse_rtattr(tb, NDA_MAX, NDA_RTA(r), + n->nlmsg_len - NLMSG_LENGTH(sizeof(*r))); + ++ if (tb[NDA_VLAN]) ++ vid = rta_getattr_u16(tb[NDA_VLAN]); ++ ++ if (filter_vlan && filter_vlan != vid) ++ return 0; ++ + if (n->nlmsg_type == RTM_DELNEIGH) + fprintf(fp, "Deleted "); + +@@ -116,11 +123,8 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + abuf, sizeof(abuf))); + } + +- if (tb[NDA_VLAN]) { +- __u16 vid = rta_getattr_u16(tb[NDA_VLAN]); +- ++ if (vid) + fprintf(fp, "vlan %hu ", vid); +- } + + if (tb[NDA_PORT]) + fprintf(fp, "port %d ", ntohs(rta_getattr_u16(tb[NDA_PORT]))); +@@ -191,6 +195,11 @@ static int fdb_show(int argc, char **argv) + } else if (strcmp(*argv, "br") == 0) { + NEXT_ARG(); + br = *argv; ++ } else if (strcmp(*argv, "vlan") == 0) { ++ NEXT_ARG(); ++ if (filter_vlan) ++ duparg("vlan", *argv); ++ filter_vlan = atoi(*argv); + } else { + if (matches(*argv, "help") == 0) + usage(); +-- +1.8.3.1 + diff --git a/SOURCES/0087-man-ip-link-document-MACVLAN-MACVTAP-interface-types.patch b/SOURCES/0087-man-ip-link-document-MACVLAN-MACVTAP-interface-types.patch deleted file mode 100644 index 1f60800..0000000 --- a/SOURCES/0087-man-ip-link-document-MACVLAN-MACVTAP-interface-types.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 2d76f7483d2bf0857d325883fe22c924d1dfcb53 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 15:57:01 +0100 -Subject: [PATCH] man: ip-link: document MACVLAN/MACVTAP interface types - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: iproute2.git commit a60223bc1c10d -Conflicts: Changed context due to missing GENEVE support - -commit a60223bc1c10d4b172caa966acebb5a1620d0d6f -Author: Phil Sutter -Date: Fri Sep 25 14:09:51 2015 +0200 - - man: ip-link: document MACVLAN/MACVTAP interface types - - Signed-off-by: Phil Sutter ---- - man/man8/ip-link.8.in | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 50 insertions(+) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 88e014b..4614ba3 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -651,6 +651,56 @@ the following additional arguments are supported: - .BI mode " MODE " - - specifies the mode (datagram or connected) to use. - -+.TP -+MACVLAN and MACVTAP Type Support -+For a link of type -+.I MACVLAN -+or -+.I MACVTAP -+the following additional arguments are supported: -+ -+.BI "ip link add link " DEVICE " name " NAME -+.BR type " { " macvlan " | " macvtap " } " -+.BR mode " { " private " | " vepa " | " bridge " | " passthru -+.BR " [ " nopromisc " ] } " -+ -+.in +8 -+.sp -+.BR type " { " macvlan " | " macvtap " } " -+- specifies the link type to use. -+.BR macvlan " creates just a virtual interface, while " -+.BR macvtap " in addition creates a character device " -+.BR /dev/tapX " to be used just like a " tuntap " device." -+ -+.B mode private -+- Do not allow communication between -+.B macvlan -+instances on the same physical interface, even if the external switch supports -+hairpin mode. -+ -+.B mode vepa -+- Virtual Ethernet Port Aggregator mode. Data from one -+.B macvlan -+instance to the other on the same physical interface is transmitted over the -+physical interface. Either the attached switch needs to support hairpin mode, -+or there must be a TCP/IP router forwarding the packets in order to allow -+communication. This is the default mode. -+ -+.B mode bridge -+- In bridge mode, all endpoints are directly connected to each other, -+communication is not redirected through the physical interface's peer. -+ -+.BR mode " " passthru " [ " nopromisc " ] " -+- This mode gives more power to a single endpoint, usually in -+.BR macvtap " mode. It is not allowed for more than one endpoint on the same " -+physical interface. All traffic will be forwarded to this endpoint, allowing -+virtio guests to change MAC address or set promiscuous mode in order to bridge -+the interface or create vlan interfaces on top of it. By default, this mode -+forces the underlying interface into promiscuous mode. Passing the -+.BR nopromisc " flag prevents this, so the promisc flag may be controlled " -+using standard tools. -+.in -8 -+ - .SS ip link delete - delete virtual link - .I DEVICE - specifies the virtual device to act operate on. --- -1.8.3.1 - diff --git a/SOURCES/0088-bridge-mdb-add-support-to-filter-by-vlan-id.patch b/SOURCES/0088-bridge-mdb-add-support-to-filter-by-vlan-id.patch new file mode 100644 index 0000000..d7986d5 --- /dev/null +++ b/SOURCES/0088-bridge-mdb-add-support-to-filter-by-vlan-id.patch @@ -0,0 +1,71 @@ +From 1cb87286da87c759ec99bc6833ae177a3141ac73 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:44 +0100 +Subject: [PATCH] bridge: mdb: add support to filter by vlan id + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 24687d678fd54 + +commit 24687d678fd540c554f76dd43a06933ba1ca5c7d +Author: Nikolay Aleksandrov +Date: Mon Apr 11 17:45:15 2016 +0200 + + bridge: mdb: add support to filter by vlan id + + Add the optional keyword "vid" to bridge mdb show so the user can + request filtering by a specific vlan id. Currently the filtering is + implemented only in user-space. The argument name has been chosen to match + the add/del one - "vid". + + Example: + $ bridge mdb show vid 200 + dev br0 port eth2 grp 239.0.0.1 permanent vid 200 + + Signed-off-by: Nikolay Aleksandrov +--- + bridge/mdb.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/bridge/mdb.c b/bridge/mdb.c +index 842536e..6c904f8 100644 +--- a/bridge/mdb.c ++++ b/bridge/mdb.c +@@ -24,12 +24,12 @@ + ((struct rtattr *)(((char *)(r)) + NLMSG_ALIGN(sizeof(struct br_port_msg)))) + #endif + +-static unsigned int filter_index; ++static unsigned int filter_index, filter_vlan; + + static void usage(void) + { + fprintf(stderr, "Usage: bridge mdb { add | del } dev DEV port PORT grp GROUP [permanent | temp] [vid VID]\n"); +- fprintf(stderr, " bridge mdb {show} [ dev DEV ]\n"); ++ fprintf(stderr, " bridge mdb {show} [ dev DEV ] [ vid VID ]\n"); + exit(-1); + } + +@@ -92,6 +92,8 @@ static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e, + const void *src; + int af; + ++ if (filter_vlan && e->vid != filter_vlan) ++ return; + af = e->addr.proto == htons(ETH_P_IP) ? AF_INET : AF_INET6; + src = af == AF_INET ? (const void *)&e->addr.u.ip4 : + (const void *)&e->addr.u.ip6; +@@ -195,6 +197,11 @@ static int mdb_show(int argc, char **argv) + if (filter_dev) + duparg("dev", *argv); + filter_dev = *argv; ++ } else if (strcmp(*argv, "vid") == 0) { ++ NEXT_ARG(); ++ if (filter_vlan) ++ duparg("vid", *argv); ++ filter_vlan = atoi(*argv); + } + argc--; argv++; + } +-- +1.8.3.1 + diff --git a/SOURCES/0088-iplink-macvtap-fix-man-page.patch b/SOURCES/0088-iplink-macvtap-fix-man-page.patch deleted file mode 100644 index 35f4dfd..0000000 --- a/SOURCES/0088-iplink-macvtap-fix-man-page.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 360aec0603f2dc23eea1e2ec80497f5f4ef673ac Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 16:11:30 +0100 -Subject: [PATCH] iplink: macvtap: fix man page - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: iproute2.git commit e4c356827acc6 - -commit e4c356827acc661e33b6a6bdffc5ededf7beb659 -Author: Rami Rosen -Date: Sat Jul 19 12:00:25 2014 +0300 - - iplink: macvtap: fix man page - - This patch adds description about macvtap to ip-link.8 man page. - - Signed-off-by: Rami Rosen ---- - man/man8/ip-link.8.in | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 4614ba3..4982268 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -58,6 +58,7 @@ ip-link \- network device configuration - .BR ifb " | " - .BR ipoib " |" - .BR macvlan " | " -+.BR macvtap " | " - .BR vcan " | " - .BR veth " | " - .BR vlan " | " -@@ -183,6 +184,9 @@ Link types: - .B macvlan - - Virtual interface base on link layer address (MAC) - .sp -+.B macvtap -+- Virtual interface based on link layer address (MAC) and TAP. -+.sp - .B vcan - - Virtual Controller Area Network interface - .sp --- -1.8.3.1 - diff --git a/SOURCES/0089-bridge-vlan-add-support-to-filter-by-vlan-id.patch b/SOURCES/0089-bridge-vlan-add-support-to-filter-by-vlan-id.patch new file mode 100644 index 0000000..b7c55a7 --- /dev/null +++ b/SOURCES/0089-bridge-vlan-add-support-to-filter-by-vlan-id.patch @@ -0,0 +1,162 @@ +From e139f3f1d7f669edea662b9f847faee30f2c5f6c Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:44 +0100 +Subject: [PATCH] bridge: vlan: add support to filter by vlan id + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 5a2d0201cce16 + +commit 5a2d0201cce161617b30102d10b709fa24c6e833 +Author: Nikolay Aleksandrov +Date: Mon Apr 11 17:45:16 2016 +0200 + + bridge: vlan: add support to filter by vlan id + + Add the optional keyword "vid" to bridge vlan show so the user can + request filtering by a specific vlan id. Currently the filtering is + implemented only in user-space. The argument name has been chosen to + match the add/del one - "vid". This filtering can be used also with the + "-compressvlans" option to see in which range is a vlan (if in any). + Also this will be used to show only specific per-vlan statistics later + when support is added to the kernel for it. + + Examples: + $ bridge vlan show vid 450 + port vlan ids + eth2 450 + + $ bridge -c vlan show vid 450 + port vlan ids + eth2 400-500 + + $ bridge vlan show vid 1 + port vlan ids + eth1 1 PVID Egress Untagged + eth2 1 PVID + br0 1 PVID Egress Untagged + + Signed-off-by: Nikolay Aleksandrov +--- + bridge/vlan.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 50 insertions(+), 10 deletions(-) + +diff --git a/bridge/vlan.c b/bridge/vlan.c +index ae58832..717025a 100644 +--- a/bridge/vlan.c ++++ b/bridge/vlan.c +@@ -13,13 +13,13 @@ + #include "br_common.h" + #include "utils.h" + +-static unsigned int filter_index; ++static unsigned int filter_index, filter_vlan; + + static void usage(void) + { + fprintf(stderr, "Usage: bridge vlan { add | del } vid VLAN_ID dev DEV [ pvid] [ untagged ]\n"); + fprintf(stderr, " [ self ] [ master ]\n"); +- fprintf(stderr, " bridge vlan { show } [ dev DEV ]\n"); ++ fprintf(stderr, " bridge vlan { show } [ dev DEV ] [ vid VLAN_ID ]\n"); + exit(-1); + } + +@@ -138,6 +138,26 @@ static int vlan_modify(int cmd, int argc, char **argv) + return 0; + } + ++/* In order to use this function for both filtering and non-filtering cases ++ * we need to make it a tristate: ++ * return -1 - if filtering we've gone over so don't continue ++ * return 0 - skip entry and continue (applies to range start or to entries ++ * which are less than filter_vlan) ++ * return 1 - print the entry and continue ++ */ ++static int filter_vlan_check(struct bridge_vlan_info *vinfo) ++{ ++ /* if we're filtering we should stop on the first greater entry */ ++ if (filter_vlan && vinfo->vid > filter_vlan && ++ !(vinfo->flags & BRIDGE_VLAN_INFO_RANGE_END)) ++ return -1; ++ if ((vinfo->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN) || ++ vinfo->vid < filter_vlan) ++ return 0; ++ ++ return 1; ++} ++ + static int print_vlan(const struct sockaddr_nl *who, + struct nlmsghdr *n, + void *arg) +@@ -169,26 +189,40 @@ static int print_vlan(const struct sockaddr_nl *who, + + /* if AF_SPEC isn't there, vlan table is not preset for this port */ + if (!tb[IFLA_AF_SPEC]) { +- fprintf(fp, "%s\tNone\n", ll_index_to_name(ifm->ifi_index)); ++ if (!filter_vlan) ++ fprintf(fp, "%s\tNone\n", ++ ll_index_to_name(ifm->ifi_index)); + return 0; + } else { + struct rtattr *i, *list = tb[IFLA_AF_SPEC]; + int rem = RTA_PAYLOAD(list); ++ __u16 last_vid_start = 0; + +- fprintf(fp, "%s", ll_index_to_name(ifm->ifi_index)); ++ if (!filter_vlan) ++ fprintf(fp, "%s", ll_index_to_name(ifm->ifi_index)); + for (i = RTA_DATA(list); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) { + struct bridge_vlan_info *vinfo; ++ int vcheck_ret; + + if (i->rta_type != IFLA_BRIDGE_VLAN_INFO) + continue; + + vinfo = RTA_DATA(i); +- if (vinfo->flags & BRIDGE_VLAN_INFO_RANGE_END) +- fprintf(fp, "-%hu", vinfo->vid); +- else +- fprintf(fp, "\t %hu", vinfo->vid); +- if (vinfo->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN) ++ ++ if (!(vinfo->flags & BRIDGE_VLAN_INFO_RANGE_END)) ++ last_vid_start = vinfo->vid; ++ vcheck_ret = filter_vlan_check(vinfo); ++ if (vcheck_ret == -1) ++ break; ++ else if (vcheck_ret == 0) + continue; ++ ++ if (filter_vlan) ++ fprintf(fp, "%s", ++ ll_index_to_name(ifm->ifi_index)); ++ fprintf(fp, "\t %hu", last_vid_start); ++ if (last_vid_start != vinfo->vid) ++ fprintf(fp, "-%hu", vinfo->vid); + if (vinfo->flags & BRIDGE_VLAN_INFO_PVID) + fprintf(fp, " PVID"); + if (vinfo->flags & BRIDGE_VLAN_INFO_UNTAGGED) +@@ -196,7 +230,8 @@ static int print_vlan(const struct sockaddr_nl *who, + fprintf(fp, "\n"); + } + } +- fprintf(fp, "\n"); ++ if (!filter_vlan) ++ fprintf(fp, "\n"); + fflush(fp); + return 0; + } +@@ -211,6 +246,11 @@ static int vlan_show(int argc, char **argv) + if (filter_dev) + duparg("dev", *argv); + filter_dev = *argv; ++ } else if (strcmp(*argv, "vid") == 0) { ++ NEXT_ARG(); ++ if (filter_vlan) ++ duparg("vid", *argv); ++ filter_vlan = atoi(*argv); + } + argc--; argv++; + } +-- +1.8.3.1 + diff --git a/SOURCES/0089-iprule-Align-help-text-with-man-page-synopsis.patch b/SOURCES/0089-iprule-Align-help-text-with-man-page-synopsis.patch deleted file mode 100644 index 332f350..0000000 --- a/SOURCES/0089-iprule-Align-help-text-with-man-page-synopsis.patch +++ /dev/null @@ -1,43 +0,0 @@ -From a1655d17463e2a71af8d43381333c14661ad1e50 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:32:48 +0100 -Subject: [PATCH] iprule: Align help text with man page synopsis - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 67eedcd9a145f -Conflicts: Patch adjusted to missing save/restore support. - -commit 67eedcd9a145f30aa0a185b7235f01b66349effe -Author: Phil Sutter -Date: Thu Feb 25 13:07:35 2016 +0100 - - iprule: Align help text with man page synopsis - - The help text was misleading: One could think it is possible to list - rules by selector, which would be nice but isn't. This change also - clarifies that 'ip rule' defaults to 'list' if no further arguments are - given. - - Signed-off-by: Phil Sutter ---- - ip/iprule.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/ip/iprule.c b/ip/iprule.c -index 89fa7ef..059b50b 100644 ---- a/ip/iprule.c -+++ b/ip/iprule.c -@@ -32,7 +32,9 @@ static void usage(void) __attribute__((noreturn)); - - static void usage(void) - { -- fprintf(stderr, "Usage: ip rule [ list | add | del | flush ] SELECTOR ACTION\n"); -+ fprintf(stderr, "Usage: ip rule { add | del } SELECTOR ACTION\n"); -+ fprintf(stderr, " ip rule { flush }\n"); -+ fprintf(stderr, " ip rule [ list ]\n"); - fprintf(stderr, "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n"); - fprintf(stderr, " [ iif STRING ] [ oif STRING ] [ pref NUMBER ]\n"); - fprintf(stderr, "ACTION := [ table TABLE_ID ]\n"); --- -1.8.3.1 - diff --git a/SOURCES/0090-bridge-vlan-fix-a-few-fdb-typos-in-vlan-doc.patch b/SOURCES/0090-bridge-vlan-fix-a-few-fdb-typos-in-vlan-doc.patch new file mode 100644 index 0000000..d5cbf9b --- /dev/null +++ b/SOURCES/0090-bridge-vlan-fix-a-few-fdb-typos-in-vlan-doc.patch @@ -0,0 +1,50 @@ +From 5445d3424bd41eb6c1296a48104095777d44204d Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:44 +0100 +Subject: [PATCH] bridge: vlan: fix a few "fdb" typos in vlan doc + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 296cee6fdfaab + +commit 296cee6fdfaabfbf29a9f6bbf106c83c82c1d838 +Author: Vivien Didelot +Date: Tue Jun 21 15:28:26 2016 -0400 + + bridge: vlan: fix a few "fdb" typos in vlan doc + + Signed-off-by: Vivien Didelot +--- + bridge/vlan.c | 2 +- + man/man8/bridge.8 | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/bridge/vlan.c b/bridge/vlan.c +index 717025a..a8a2e1d 100644 +--- a/bridge/vlan.c ++++ b/bridge/vlan.c +@@ -299,6 +299,6 @@ int do_vlan(int argc, char **argv) + } else + return vlan_show(0, NULL); + +- fprintf(stderr, "Command \"%s\" is unknown, try \"bridge fdb help\".\n", *argv); ++ fprintf(stderr, "Command \"%s\" is unknown, try \"bridge vlan help\".\n", *argv); + exit(-1); + } +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 4d5d743..3024eb2 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -551,8 +551,8 @@ device is the bridge device. + .BI master + the vlan is configured on the software bridge (default). + +-.SS bridge vlan delete - delete a forwarding database entry +-This command removes an existing fdb entry. ++.SS bridge vlan delete - delete a vlan filter entry ++This command removes an existing vlan filter entry. + + .PP + The arguments are the same as with +-- +1.8.3.1 + diff --git a/SOURCES/0090-ipl2tp-Print-help-even-on-systems-without-l2tp-suppo.patch b/SOURCES/0090-ipl2tp-Print-help-even-on-systems-without-l2tp-suppo.patch deleted file mode 100644 index 69f49a1..0000000 --- a/SOURCES/0090-ipl2tp-Print-help-even-on-systems-without-l2tp-suppo.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 4112b882e90a2338ecc9ad83a8b01d77725ab52d Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:33:46 +0100 -Subject: [PATCH] ipl2tp: Print help even on systems without l2tp support - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit e897776690aec - -commit e897776690aec728f9033eef146783d3a3d48033 -Author: Phil Sutter -Date: Wed Feb 24 09:12:47 2016 +0100 - - ipl2tp: Print help even on systems without l2tp support - - Signed-off-by: Phil Sutter ---- - ip/ipl2tp.c | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -diff --git a/ip/ipl2tp.c b/ip/ipl2tp.c -index 2f7c9bf..92e15c5 100644 ---- a/ip/ipl2tp.c -+++ b/ip/ipl2tp.c -@@ -719,6 +719,9 @@ static int do_show(int argc, char **argv) - - int do_ipl2tp(int argc, char **argv) - { -+ if (argc < 1 || !matches(*argv, "help")) -+ usage(); -+ - if (genl_family < 0) { - if (rtnl_open_byproto(&genl_rth, 0, NETLINK_GENERIC) < 0) { - fprintf(stderr, "Cannot open generic netlink socket\n"); -@@ -730,9 +733,6 @@ int do_ipl2tp(int argc, char **argv) - exit(1); - } - -- if (argc < 1) -- usage(); -- - if (matches(*argv, "add") == 0) - return do_add(argc-1, argv+1); - if (matches(*argv, "delete") == 0) -@@ -741,8 +741,6 @@ int do_ipl2tp(int argc, char **argv) - matches(*argv, "lst") == 0 || - matches(*argv, "list") == 0) - return do_show(argc-1, argv+1); -- if (matches(*argv, "help") == 0) -- usage(); - - fprintf(stderr, "Command \"%s\" is unknown, try \"ip l2tp help\".\n", *argv); - exit(-1); --- -1.8.3.1 - diff --git a/SOURCES/0091-bridge-man-fix-brige-typo.patch b/SOURCES/0091-bridge-man-fix-brige-typo.patch new file mode 100644 index 0000000..79d4c41 --- /dev/null +++ b/SOURCES/0091-bridge-man-fix-brige-typo.patch @@ -0,0 +1,35 @@ +From c3556926885b1ed7bf587c3b52ae4000ef5d7994 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:44 +0100 +Subject: [PATCH] bridge: man: fix "brige" typo + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 7fab22abd1ff6 + +commit 7fab22abd1ff6c8e8d4e5cd3602d7c28a3fa98de +Author: Vivien Didelot +Date: Tue Jun 21 15:28:50 2016 -0400 + + bridge: man: fix "brige" typo + + Signed-off-by: Vivien Didelot +--- + man/man8/bridge.8 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index 3024eb2..d654e1c 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -234,7 +234,7 @@ error. + .sp + + .B 1 +-- STP LISTENING state. Only valid if STP is enabled on the brige. In this ++- STP LISTENING state. Only valid if STP is enabled on the bridge. In this + state the port for list for STP BPDUs and drop all other traffic. + .sp + +-- +1.8.3.1 + diff --git a/SOURCES/0091-ip-align-help-text-with-manpage.patch b/SOURCES/0091-ip-align-help-text-with-manpage.patch deleted file mode 100644 index dc4cad6..0000000 --- a/SOURCES/0091-ip-align-help-text-with-manpage.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 6f07a04604fada54d38c78c51b174931c2e42a35 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:33:46 +0100 -Subject: [PATCH] ip: align help text with manpage - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 7a53aa592fffb - -commit 7a53aa592fffbe5984aa8adbe76f5b370b247f05 -Author: Phil Sutter -Date: Wed Mar 2 19:19:49 2016 +0100 - - ip: align help text with manpage - - Although the ip command accepts both "neighbor" and "neighbour" as - subcommand, I assume it's sufficient to list it in help text as just - "neigh" like ip.8 does. - - Signed-off-by: Phil Sutter ---- - ip/ip.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/ip.c b/ip/ip.c -index 361daf4..8b9b9c0 100644 ---- a/ip/ip.c -+++ b/ip/ip.c -@@ -47,7 +47,7 @@ static void usage(void) - fprintf(stderr, - "Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n" - " ip [ -force ] -batch filename\n" --"where OBJECT := { link | address | addrlabel | route | rule | neighbor | ntable |\n" -+"where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |\n" - " tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |\n" - " netns | l2tp | tcp_metrics | token }\n" - " OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n" --- -1.8.3.1 - diff --git a/SOURCES/0092-bridge-man-fix-BPUD-typo.patch b/SOURCES/0092-bridge-man-fix-BPUD-typo.patch new file mode 100644 index 0000000..2d9bcf3 --- /dev/null +++ b/SOURCES/0092-bridge-man-fix-BPUD-typo.patch @@ -0,0 +1,37 @@ +From 12eec28475af5e65ceb63734ac57f6cf453e2c79 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:44 +0100 +Subject: [PATCH] bridge: man: fix BPUD typo + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 400b5404af35f + +commit 400b5404af35f58f501780663693886d37c2061e +Author: Vivien Didelot +Date: Wed Jun 29 15:26:10 2016 -0400 + + bridge: man: fix BPUD typo + + s/BPUD/BPDU/ in guard description. + + Signed-off-by: Vivien Didelot +--- + man/man8/bridge.8 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index d654e1c..bf9c2c1 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -256,7 +256,7 @@ STP BPDUs. + + .TP + .BR "guard on " or " guard off " +-Controls whether STP BPUDs will be processed by the bridge port. By default, ++Controls whether STP BPDUs will be processed by the bridge port. By default, + the flag is turned off allowed BPDU processing. Turning this flag on will + cause the port to stop processing STP BPDUs. + +-- +1.8.3.1 + diff --git a/SOURCES/0092-ipaddrlabel-Improve-help-text-precision.patch b/SOURCES/0092-ipaddrlabel-Improve-help-text-precision.patch deleted file mode 100644 index d31aea3..0000000 --- a/SOURCES/0092-ipaddrlabel-Improve-help-text-precision.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 42bab91fdeafcbbc1766ccc348b7a57082a7fbb4 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:33:46 +0100 -Subject: [PATCH] ipaddrlabel: Improve help text precision - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 27ff1a564bb20 - -commit 27ff1a564bb20f80dca1023b29d5d22fe196e727 -Author: Phil Sutter -Date: Wed Mar 2 19:19:50 2016 +0100 - - ipaddrlabel: Improve help text precision - - Neither 'list' nor 'flush' actions accept parameters, and with given - prefix the action keyword is not optional anymore. - - Signed-off-by: Phil Sutter ---- - ip/ipaddrlabel.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c -index 1158b33..7f25f0b 100644 ---- a/ip/ipaddrlabel.c -+++ b/ip/ipaddrlabel.c -@@ -50,7 +50,8 @@ static void usage(void) __attribute__((noreturn)); - - static void usage(void) - { -- fprintf(stderr, "Usage: ip addrlabel [ list | add | del | flush ] prefix PREFIX [ dev DEV ] [ label LABEL ]\n"); -+ fprintf(stderr, "Usage: ip addrlabel { add | del } prefix PREFIX [ dev DEV ] [ label LABEL ]\n"); -+ fprintf(stderr, " ip addrlabel [ list | flush | help ]\n"); - exit(-1); - } - --- -1.8.3.1 - diff --git a/SOURCES/0093-bridge-man-fix-STP-LISTENING-description.patch b/SOURCES/0093-bridge-man-fix-STP-LISTENING-description.patch new file mode 100644 index 0000000..fb61898 --- /dev/null +++ b/SOURCES/0093-bridge-man-fix-STP-LISTENING-description.patch @@ -0,0 +1,37 @@ +From 98a6989361034f7b1687e01252fc04daf692b992 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:45 +0100 +Subject: [PATCH] bridge: man: fix STP LISTENING description + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 3aa8f8cb7af95 + +commit 3aa8f8cb7af952bd09efb7ec6d4f3f0507ada16a +Author: Vivien Didelot +Date: Wed Jun 29 15:26:29 2016 -0400 + + bridge: man: fix STP LISTENING description + + Correct the unclear and poorly conjugated STP LISTENING documentation. + + Signed-off-by: Vivien Didelot +--- + man/man8/bridge.8 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index bf9c2c1..c09b8c3 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -235,7 +235,7 @@ error. + + .B 1 + - STP LISTENING state. Only valid if STP is enabled on the bridge. In this +-state the port for list for STP BPDUs and drop all other traffic. ++state the port listens for STP BPDUs and drops all other traffic frames. + .sp + + .B 2 +-- +1.8.3.1 + diff --git a/SOURCES/0093-iplink-fix-help-text-syntax.patch b/SOURCES/0093-iplink-fix-help-text-syntax.patch deleted file mode 100644 index 1c3016a..0000000 --- a/SOURCES/0093-iplink-fix-help-text-syntax.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 99bd608a259c2ef0cafdbb96aa38c8e934c63955 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:33:46 +0100 -Subject: [PATCH] iplink: fix help text syntax - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 5c2ea5b8c001f -Conflicts: Missing commit 6c5ffb9a2c3db ("iplink: cleanup whitespace and - checkpatch issues"), which introduces worse conflicts. - Relevant changes therefore incorporated here. - -commit 5c2ea5b8c001fe3e7c85f2c93b9b05bcb035bafa -Author: Phil Sutter -Date: Wed Mar 2 19:19:51 2016 +0100 - - iplink: fix help text syntax - - Get rid of extraneous closing brackets and while here, merge the double - netns parameter. - - Signed-off-by: Phil Sutter ---- - ip/iplink.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index f444bef..787d743 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -70,17 +70,16 @@ void iplink_usage(void) - fprintf(stderr, " [ address LLADDR ]\n"); - fprintf(stderr, " [ broadcast LLADDR ]\n"); - fprintf(stderr, " [ mtu MTU ]\n"); -- fprintf(stderr, " [ netns PID ]\n"); -- fprintf(stderr, " [ netns NAME ]\n"); -+ fprintf(stderr, " [ netns { PID | NAME } ]\n"); - fprintf(stderr, " [ link-netnsid ID ]\n"); - fprintf(stderr, " [ alias NAME ]\n"); - fprintf(stderr, " [ vf NUM [ mac LLADDR ]\n"); - fprintf(stderr, " [ vlan VLANID [ qos VLAN-QOS ] ]\n"); - -- fprintf(stderr, " [ rate TXRATE ] ] \n"); -+ fprintf(stderr, " [ rate TXRATE ]\n"); - -- fprintf(stderr, " [ spoofchk { on | off} ] ] \n"); -- fprintf(stderr, " [ query_rss { on | off} ] ] \n"); -+ fprintf(stderr, " [ spoofchk { on | off} ]\n"); -+ fprintf(stderr, " [ query_rss { on | off} ]\n"); - fprintf(stderr, " [ state { auto | enable | disable} ] ]\n"); - fprintf(stderr, " [ master DEVICE ]\n"); - fprintf(stderr, " [ nomaster ]\n"); --- -1.8.3.1 - diff --git a/SOURCES/0094-RH-INTERNAL-Update-kernel-headers-to-v4.10.0.patch b/SOURCES/0094-RH-INTERNAL-Update-kernel-headers-to-v4.10.0.patch new file mode 100644 index 0000000..c608274 --- /dev/null +++ b/SOURCES/0094-RH-INTERNAL-Update-kernel-headers-to-v4.10.0.patch @@ -0,0 +1,2769 @@ +From be29df0107ec0cdc9c8d0b8ed4ada5380fefe570 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:12:45 +0100 +Subject: [PATCH] RH-INTERNAL: Update kernel headers to v4.10.0 + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: RHEL only. + +Obtained using the following command: +$ git checkout v4.10.0 -- include/linux +--- + include/linux/bpf.h | 571 ++++++++++++++++++++++++----------- + include/linux/can.h | 1 + + include/linux/devlink.h | 16 + + include/linux/fib_rules.h | 8 + + include/linux/gen_stats.h | 1 + + include/linux/genetlink.h | 3 +- + include/linux/if.h | 4 +- + include/linux/if_alg.h | 42 +++ + include/linux/if_bonding.h | 130 ++++++++ + include/linux/if_bridge.h | 47 +++ + include/linux/if_ether.h | 5 + + include/linux/if_link.h | 112 ++++++- + include/linux/if_packet.h | 301 ++++++++++++++++++ + include/linux/if_tunnel.h | 21 +- + include/linux/ila.h | 8 + + include/linux/in.h | 1 + + include/linux/in6.h | 2 + + include/linux/inet_diag.h | 42 ++- + include/linux/l2tp.h | 28 +- + include/linux/libc-compat.h | 28 +- + include/linux/lwtunnel.h | 26 ++ + include/linux/neighbour.h | 2 + + include/linux/netfilter.h | 2 +- + include/linux/netlink_diag.h | 1 + + include/linux/pkt_cls.h | 76 ++++- + include/linux/pkt_sched.h | 11 +- + include/linux/rtnetlink.h | 10 +- + include/linux/sock_diag.h | 1 + + include/linux/tc_act/tc_bpf.h | 2 + + include/linux/tc_act/tc_connmark.h | 1 + + include/linux/tc_act/tc_csum.h | 1 + + include/linux/tc_act/tc_defact.h | 1 + + include/linux/tc_act/tc_gact.h | 1 + + include/linux/tc_act/tc_ife.h | 4 +- + include/linux/tc_act/tc_ipt.h | 1 + + include/linux/tc_act/tc_mirred.h | 1 + + include/linux/tc_act/tc_nat.h | 1 + + include/linux/tc_act/tc_pedit.h | 1 + + include/linux/tc_act/tc_skbedit.h | 5 + + include/linux/tc_act/tc_tunnel_key.h | 42 +++ + include/linux/tc_act/tc_vlan.h | 3 + + include/linux/tcp.h | 25 ++ + include/linux/tcp_metrics.h | 1 + + include/linux/tipc.h | 30 +- + include/linux/tipc_netlink.h | 41 +++ + include/linux/types.h | 4 - + include/linux/xfrm.h | 3 +- + 47 files changed, 1470 insertions(+), 198 deletions(-) + create mode 100644 include/linux/if_alg.h + create mode 100644 include/linux/if_bonding.h + create mode 100644 include/linux/if_packet.h + create mode 100644 include/linux/tc_act/tc_tunnel_key.h + +diff --git a/include/linux/bpf.h b/include/linux/bpf.h +index 0f5d6f5..2d45228 100644 +--- a/include/linux/bpf.h ++++ b/include/linux/bpf.h +@@ -73,6 +73,8 @@ enum bpf_cmd { + BPF_PROG_LOAD, + BPF_OBJ_PIN, + BPF_OBJ_GET, ++ BPF_PROG_ATTACH, ++ BPF_PROG_DETACH, + }; + + enum bpf_map_type { +@@ -84,6 +86,9 @@ enum bpf_map_type { + BPF_MAP_TYPE_PERCPU_HASH, + BPF_MAP_TYPE_PERCPU_ARRAY, + BPF_MAP_TYPE_STACK_TRACE, ++ BPF_MAP_TYPE_CGROUP_ARRAY, ++ BPF_MAP_TYPE_LRU_HASH, ++ BPF_MAP_TYPE_LRU_PERCPU_HASH, + }; + + enum bpf_prog_type { +@@ -92,8 +97,31 @@ enum bpf_prog_type { + BPF_PROG_TYPE_KPROBE, + BPF_PROG_TYPE_SCHED_CLS, + BPF_PROG_TYPE_SCHED_ACT, ++ BPF_PROG_TYPE_TRACEPOINT, ++ BPF_PROG_TYPE_XDP, ++ BPF_PROG_TYPE_PERF_EVENT, ++ BPF_PROG_TYPE_CGROUP_SKB, ++ BPF_PROG_TYPE_CGROUP_SOCK, ++ BPF_PROG_TYPE_LWT_IN, ++ BPF_PROG_TYPE_LWT_OUT, ++ BPF_PROG_TYPE_LWT_XMIT, + }; + ++enum bpf_attach_type { ++ BPF_CGROUP_INET_INGRESS, ++ BPF_CGROUP_INET_EGRESS, ++ BPF_CGROUP_INET_SOCK_CREATE, ++ __MAX_BPF_ATTACH_TYPE ++}; ++ ++#define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE ++ ++/* If BPF_F_ALLOW_OVERRIDE flag is used in BPF_PROG_ATTACH command ++ * to the given target_fd cgroup the descendent cgroup will be able to ++ * override effective bpf program that was inherited from this cgroup ++ */ ++#define BPF_F_ALLOW_OVERRIDE (1U << 0) ++ + #define BPF_PSEUDO_MAP_FD 1 + + /* flags for BPF_MAP_UPDATE_ELEM command */ +@@ -102,6 +130,13 @@ enum bpf_prog_type { + #define BPF_EXIST 2 /* update existing element */ + + #define BPF_F_NO_PREALLOC (1U << 0) ++/* Instead of having one common LRU list in the ++ * BPF_MAP_TYPE_LRU_[PERCPU_]HASH map, use a percpu LRU list ++ * which can scale and perform better. ++ * Note, the LRU nodes (including free nodes) cannot be moved ++ * across different LRU lists. ++ */ ++#define BPF_F_NO_COMMON_LRU (1U << 1) + + union bpf_attr { + struct { /* anonymous struct used by BPF_MAP_CREATE command */ +@@ -137,183 +172,328 @@ union bpf_attr { + __aligned_u64 pathname; + __u32 bpf_fd; + }; ++ ++ struct { /* anonymous struct used by BPF_PROG_ATTACH/DETACH commands */ ++ __u32 target_fd; /* container object to attach to */ ++ __u32 attach_bpf_fd; /* eBPF program to attach */ ++ __u32 attach_type; ++ __u32 attach_flags; ++ }; + } __attribute__((aligned(8))); + ++/* BPF helper function descriptions: ++ * ++ * void *bpf_map_lookup_elem(&map, &key) ++ * Return: Map value or NULL ++ * ++ * int bpf_map_update_elem(&map, &key, &value, flags) ++ * Return: 0 on success or negative error ++ * ++ * int bpf_map_delete_elem(&map, &key) ++ * Return: 0 on success or negative error ++ * ++ * int bpf_probe_read(void *dst, int size, void *src) ++ * Return: 0 on success or negative error ++ * ++ * u64 bpf_ktime_get_ns(void) ++ * Return: current ktime ++ * ++ * int bpf_trace_printk(const char *fmt, int fmt_size, ...) ++ * Return: length of buffer written or negative error ++ * ++ * u32 bpf_prandom_u32(void) ++ * Return: random value ++ * ++ * u32 bpf_raw_smp_processor_id(void) ++ * Return: SMP processor ID ++ * ++ * int bpf_skb_store_bytes(skb, offset, from, len, flags) ++ * store bytes into packet ++ * @skb: pointer to skb ++ * @offset: offset within packet from skb->mac_header ++ * @from: pointer where to copy bytes from ++ * @len: number of bytes to store into packet ++ * @flags: bit 0 - if true, recompute skb->csum ++ * other bits - reserved ++ * Return: 0 on success or negative error ++ * ++ * int bpf_l3_csum_replace(skb, offset, from, to, flags) ++ * recompute IP checksum ++ * @skb: pointer to skb ++ * @offset: offset within packet where IP checksum is located ++ * @from: old value of header field ++ * @to: new value of header field ++ * @flags: bits 0-3 - size of header field ++ * other bits - reserved ++ * Return: 0 on success or negative error ++ * ++ * int bpf_l4_csum_replace(skb, offset, from, to, flags) ++ * recompute TCP/UDP checksum ++ * @skb: pointer to skb ++ * @offset: offset within packet where TCP/UDP checksum is located ++ * @from: old value of header field ++ * @to: new value of header field ++ * @flags: bits 0-3 - size of header field ++ * bit 4 - is pseudo header ++ * other bits - reserved ++ * Return: 0 on success or negative error ++ * ++ * int bpf_tail_call(ctx, prog_array_map, index) ++ * jump into another BPF program ++ * @ctx: context pointer passed to next program ++ * @prog_array_map: pointer to map which type is BPF_MAP_TYPE_PROG_ARRAY ++ * @index: index inside array that selects specific program to run ++ * Return: 0 on success or negative error ++ * ++ * int bpf_clone_redirect(skb, ifindex, flags) ++ * redirect to another netdev ++ * @skb: pointer to skb ++ * @ifindex: ifindex of the net device ++ * @flags: bit 0 - if set, redirect to ingress instead of egress ++ * other bits - reserved ++ * Return: 0 on success or negative error ++ * ++ * u64 bpf_get_current_pid_tgid(void) ++ * Return: current->tgid << 32 | current->pid ++ * ++ * u64 bpf_get_current_uid_gid(void) ++ * Return: current_gid << 32 | current_uid ++ * ++ * int bpf_get_current_comm(char *buf, int size_of_buf) ++ * stores current->comm into buf ++ * Return: 0 on success or negative error ++ * ++ * u32 bpf_get_cgroup_classid(skb) ++ * retrieve a proc's classid ++ * @skb: pointer to skb ++ * Return: classid if != 0 ++ * ++ * int bpf_skb_vlan_push(skb, vlan_proto, vlan_tci) ++ * Return: 0 on success or negative error ++ * ++ * int bpf_skb_vlan_pop(skb) ++ * Return: 0 on success or negative error ++ * ++ * int bpf_skb_get_tunnel_key(skb, key, size, flags) ++ * int bpf_skb_set_tunnel_key(skb, key, size, flags) ++ * retrieve or populate tunnel metadata ++ * @skb: pointer to skb ++ * @key: pointer to 'struct bpf_tunnel_key' ++ * @size: size of 'struct bpf_tunnel_key' ++ * @flags: room for future extensions ++ * Return: 0 on success or negative error ++ * ++ * u64 bpf_perf_event_read(&map, index) ++ * Return: Number events read or error code ++ * ++ * int bpf_redirect(ifindex, flags) ++ * redirect to another netdev ++ * @ifindex: ifindex of the net device ++ * @flags: bit 0 - if set, redirect to ingress instead of egress ++ * other bits - reserved ++ * Return: TC_ACT_REDIRECT ++ * ++ * u32 bpf_get_route_realm(skb) ++ * retrieve a dst's tclassid ++ * @skb: pointer to skb ++ * Return: realm if != 0 ++ * ++ * int bpf_perf_event_output(ctx, map, index, data, size) ++ * output perf raw sample ++ * @ctx: struct pt_regs* ++ * @map: pointer to perf_event_array map ++ * @index: index of event in the map ++ * @data: data on stack to be output as raw data ++ * @size: size of data ++ * Return: 0 on success or negative error ++ * ++ * int bpf_get_stackid(ctx, map, flags) ++ * walk user or kernel stack and return id ++ * @ctx: struct pt_regs* ++ * @map: pointer to stack_trace map ++ * @flags: bits 0-7 - numer of stack frames to skip ++ * bit 8 - collect user stack instead of kernel ++ * bit 9 - compare stacks by hash only ++ * bit 10 - if two different stacks hash into the same stackid ++ * discard old ++ * other bits - reserved ++ * Return: >= 0 stackid on success or negative error ++ * ++ * s64 bpf_csum_diff(from, from_size, to, to_size, seed) ++ * calculate csum diff ++ * @from: raw from buffer ++ * @from_size: length of from buffer ++ * @to: raw to buffer ++ * @to_size: length of to buffer ++ * @seed: optional seed ++ * Return: csum result or negative error code ++ * ++ * int bpf_skb_get_tunnel_opt(skb, opt, size) ++ * retrieve tunnel options metadata ++ * @skb: pointer to skb ++ * @opt: pointer to raw tunnel option data ++ * @size: size of @opt ++ * Return: option size ++ * ++ * int bpf_skb_set_tunnel_opt(skb, opt, size) ++ * populate tunnel options metadata ++ * @skb: pointer to skb ++ * @opt: pointer to raw tunnel option data ++ * @size: size of @opt ++ * Return: 0 on success or negative error ++ * ++ * int bpf_skb_change_proto(skb, proto, flags) ++ * Change protocol of the skb. Currently supported is v4 -> v6, ++ * v6 -> v4 transitions. The helper will also resize the skb. eBPF ++ * program is expected to fill the new headers via skb_store_bytes ++ * and lX_csum_replace. ++ * @skb: pointer to skb ++ * @proto: new skb->protocol type ++ * @flags: reserved ++ * Return: 0 on success or negative error ++ * ++ * int bpf_skb_change_type(skb, type) ++ * Change packet type of skb. ++ * @skb: pointer to skb ++ * @type: new skb->pkt_type type ++ * Return: 0 on success or negative error ++ * ++ * int bpf_skb_under_cgroup(skb, map, index) ++ * Check cgroup2 membership of skb ++ * @skb: pointer to skb ++ * @map: pointer to bpf_map in BPF_MAP_TYPE_CGROUP_ARRAY type ++ * @index: index of the cgroup in the bpf_map ++ * Return: ++ * == 0 skb failed the cgroup2 descendant test ++ * == 1 skb succeeded the cgroup2 descendant test ++ * < 0 error ++ * ++ * u32 bpf_get_hash_recalc(skb) ++ * Retrieve and possibly recalculate skb->hash. ++ * @skb: pointer to skb ++ * Return: hash ++ * ++ * u64 bpf_get_current_task(void) ++ * Returns current task_struct ++ * Return: current ++ * ++ * int bpf_probe_write_user(void *dst, void *src, int len) ++ * safely attempt to write to a location ++ * @dst: destination address in userspace ++ * @src: source address on stack ++ * @len: number of bytes to copy ++ * Return: 0 on success or negative error ++ * ++ * int bpf_current_task_under_cgroup(map, index) ++ * Check cgroup2 membership of current task ++ * @map: pointer to bpf_map in BPF_MAP_TYPE_CGROUP_ARRAY type ++ * @index: index of the cgroup in the bpf_map ++ * Return: ++ * == 0 current failed the cgroup2 descendant test ++ * == 1 current succeeded the cgroup2 descendant test ++ * < 0 error ++ * ++ * int bpf_skb_change_tail(skb, len, flags) ++ * The helper will resize the skb to the given new size, to be used f.e. ++ * with control messages. ++ * @skb: pointer to skb ++ * @len: new skb length ++ * @flags: reserved ++ * Return: 0 on success or negative error ++ * ++ * int bpf_skb_pull_data(skb, len) ++ * The helper will pull in non-linear data in case the skb is non-linear ++ * and not all of len are part of the linear section. Only needed for ++ * read/write with direct packet access. ++ * @skb: pointer to skb ++ * @len: len to make read/writeable ++ * Return: 0 on success or negative error ++ * ++ * s64 bpf_csum_update(skb, csum) ++ * Adds csum into skb->csum in case of CHECKSUM_COMPLETE. ++ * @skb: pointer to skb ++ * @csum: csum to add ++ * Return: csum on success or negative error ++ * ++ * void bpf_set_hash_invalid(skb) ++ * Invalidate current skb->hash. ++ * @skb: pointer to skb ++ * ++ * int bpf_get_numa_node_id() ++ * Return: Id of current NUMA node. ++ * ++ * int bpf_skb_change_head() ++ * Grows headroom of skb and adjusts MAC header offset accordingly. ++ * Will extends/reallocae as required automatically. ++ * May change skb data pointer and will thus invalidate any check ++ * performed for direct packet access. ++ * @skb: pointer to skb ++ * @len: length of header to be pushed in front ++ * @flags: Flags (unused for now) ++ * Return: 0 on success or negative error ++ * ++ * int bpf_xdp_adjust_head(xdp_md, delta) ++ * Adjust the xdp_md.data by delta ++ * @xdp_md: pointer to xdp_md ++ * @delta: An positive/negative integer to be added to xdp_md.data ++ * Return: 0 on success or negative on error ++ */ ++#define __BPF_FUNC_MAPPER(FN) \ ++ FN(unspec), \ ++ FN(map_lookup_elem), \ ++ FN(map_update_elem), \ ++ FN(map_delete_elem), \ ++ FN(probe_read), \ ++ FN(ktime_get_ns), \ ++ FN(trace_printk), \ ++ FN(get_prandom_u32), \ ++ FN(get_smp_processor_id), \ ++ FN(skb_store_bytes), \ ++ FN(l3_csum_replace), \ ++ FN(l4_csum_replace), \ ++ FN(tail_call), \ ++ FN(clone_redirect), \ ++ FN(get_current_pid_tgid), \ ++ FN(get_current_uid_gid), \ ++ FN(get_current_comm), \ ++ FN(get_cgroup_classid), \ ++ FN(skb_vlan_push), \ ++ FN(skb_vlan_pop), \ ++ FN(skb_get_tunnel_key), \ ++ FN(skb_set_tunnel_key), \ ++ FN(perf_event_read), \ ++ FN(redirect), \ ++ FN(get_route_realm), \ ++ FN(perf_event_output), \ ++ FN(skb_load_bytes), \ ++ FN(get_stackid), \ ++ FN(csum_diff), \ ++ FN(skb_get_tunnel_opt), \ ++ FN(skb_set_tunnel_opt), \ ++ FN(skb_change_proto), \ ++ FN(skb_change_type), \ ++ FN(skb_under_cgroup), \ ++ FN(get_hash_recalc), \ ++ FN(get_current_task), \ ++ FN(probe_write_user), \ ++ FN(current_task_under_cgroup), \ ++ FN(skb_change_tail), \ ++ FN(skb_pull_data), \ ++ FN(csum_update), \ ++ FN(set_hash_invalid), \ ++ FN(get_numa_node_id), \ ++ FN(skb_change_head), \ ++ FN(xdp_adjust_head), ++ + /* integer value in 'imm' field of BPF_CALL instruction selects which helper + * function eBPF program intends to call + */ ++#define __BPF_ENUM_FN(x) BPF_FUNC_ ## x + enum bpf_func_id { +- BPF_FUNC_unspec, +- BPF_FUNC_map_lookup_elem, /* void *map_lookup_elem(&map, &key) */ +- BPF_FUNC_map_update_elem, /* int map_update_elem(&map, &key, &value, flags) */ +- BPF_FUNC_map_delete_elem, /* int map_delete_elem(&map, &key) */ +- BPF_FUNC_probe_read, /* int bpf_probe_read(void *dst, int size, void *src) */ +- BPF_FUNC_ktime_get_ns, /* u64 bpf_ktime_get_ns(void) */ +- BPF_FUNC_trace_printk, /* int bpf_trace_printk(const char *fmt, int fmt_size, ...) */ +- BPF_FUNC_get_prandom_u32, /* u32 prandom_u32(void) */ +- BPF_FUNC_get_smp_processor_id, /* u32 raw_smp_processor_id(void) */ +- +- /** +- * skb_store_bytes(skb, offset, from, len, flags) - store bytes into packet +- * @skb: pointer to skb +- * @offset: offset within packet from skb->mac_header +- * @from: pointer where to copy bytes from +- * @len: number of bytes to store into packet +- * @flags: bit 0 - if true, recompute skb->csum +- * other bits - reserved +- * Return: 0 on success +- */ +- BPF_FUNC_skb_store_bytes, +- +- /** +- * l3_csum_replace(skb, offset, from, to, flags) - recompute IP checksum +- * @skb: pointer to skb +- * @offset: offset within packet where IP checksum is located +- * @from: old value of header field +- * @to: new value of header field +- * @flags: bits 0-3 - size of header field +- * other bits - reserved +- * Return: 0 on success +- */ +- BPF_FUNC_l3_csum_replace, +- +- /** +- * l4_csum_replace(skb, offset, from, to, flags) - recompute TCP/UDP checksum +- * @skb: pointer to skb +- * @offset: offset within packet where TCP/UDP checksum is located +- * @from: old value of header field +- * @to: new value of header field +- * @flags: bits 0-3 - size of header field +- * bit 4 - is pseudo header +- * other bits - reserved +- * Return: 0 on success +- */ +- BPF_FUNC_l4_csum_replace, +- +- /** +- * bpf_tail_call(ctx, prog_array_map, index) - jump into another BPF program +- * @ctx: context pointer passed to next program +- * @prog_array_map: pointer to map which type is BPF_MAP_TYPE_PROG_ARRAY +- * @index: index inside array that selects specific program to run +- * Return: 0 on success +- */ +- BPF_FUNC_tail_call, +- +- /** +- * bpf_clone_redirect(skb, ifindex, flags) - redirect to another netdev +- * @skb: pointer to skb +- * @ifindex: ifindex of the net device +- * @flags: bit 0 - if set, redirect to ingress instead of egress +- * other bits - reserved +- * Return: 0 on success +- */ +- BPF_FUNC_clone_redirect, +- +- /** +- * u64 bpf_get_current_pid_tgid(void) +- * Return: current->tgid << 32 | current->pid +- */ +- BPF_FUNC_get_current_pid_tgid, +- +- /** +- * u64 bpf_get_current_uid_gid(void) +- * Return: current_gid << 32 | current_uid +- */ +- BPF_FUNC_get_current_uid_gid, +- +- /** +- * bpf_get_current_comm(char *buf, int size_of_buf) +- * stores current->comm into buf +- * Return: 0 on success +- */ +- BPF_FUNC_get_current_comm, +- +- /** +- * bpf_get_cgroup_classid(skb) - retrieve a proc's classid +- * @skb: pointer to skb +- * Return: classid if != 0 +- */ +- BPF_FUNC_get_cgroup_classid, +- BPF_FUNC_skb_vlan_push, /* bpf_skb_vlan_push(skb, vlan_proto, vlan_tci) */ +- BPF_FUNC_skb_vlan_pop, /* bpf_skb_vlan_pop(skb) */ +- +- /** +- * bpf_skb_[gs]et_tunnel_key(skb, key, size, flags) +- * retrieve or populate tunnel metadata +- * @skb: pointer to skb +- * @key: pointer to 'struct bpf_tunnel_key' +- * @size: size of 'struct bpf_tunnel_key' +- * @flags: room for future extensions +- * Retrun: 0 on success +- */ +- BPF_FUNC_skb_get_tunnel_key, +- BPF_FUNC_skb_set_tunnel_key, +- BPF_FUNC_perf_event_read, /* u64 bpf_perf_event_read(&map, index) */ +- /** +- * bpf_redirect(ifindex, flags) - redirect to another netdev +- * @ifindex: ifindex of the net device +- * @flags: bit 0 - if set, redirect to ingress instead of egress +- * other bits - reserved +- * Return: TC_ACT_REDIRECT +- */ +- BPF_FUNC_redirect, +- +- /** +- * bpf_get_route_realm(skb) - retrieve a dst's tclassid +- * @skb: pointer to skb +- * Return: realm if != 0 +- */ +- BPF_FUNC_get_route_realm, +- +- /** +- * bpf_perf_event_output(ctx, map, index, data, size) - output perf raw sample +- * @ctx: struct pt_regs* +- * @map: pointer to perf_event_array map +- * @index: index of event in the map +- * @data: data on stack to be output as raw data +- * @size: size of data +- * Return: 0 on success +- */ +- BPF_FUNC_perf_event_output, +- BPF_FUNC_skb_load_bytes, +- +- /** +- * bpf_get_stackid(ctx, map, flags) - walk user or kernel stack and return id +- * @ctx: struct pt_regs* +- * @map: pointer to stack_trace map +- * @flags: bits 0-7 - numer of stack frames to skip +- * bit 8 - collect user stack instead of kernel +- * bit 9 - compare stacks by hash only +- * bit 10 - if two different stacks hash into the same stackid +- * discard old +- * other bits - reserved +- * Return: >= 0 stackid on success or negative error +- */ +- BPF_FUNC_get_stackid, +- +- /** +- * bpf_csum_diff(from, from_size, to, to_size, seed) - calculate csum diff +- * @from: raw from buffer +- * @from_size: length of from buffer +- * @to: raw to buffer +- * @to_size: length of to buffer +- * @seed: optional seed +- * Return: csum result +- */ +- BPF_FUNC_csum_diff, +- +- /** +- * bpf_skb_[gs]et_tunnel_opt(skb, opt, size) +- * retrieve or populate tunnel options metadata +- * @skb: pointer to skb +- * @opt: pointer to raw tunnel option data +- * @size: size of @opt +- * Return: 0 on success for set, option size for get +- */ +- BPF_FUNC_skb_get_tunnel_opt, +- BPF_FUNC_skb_set_tunnel_opt, ++ __BPF_FUNC_MAPPER(__BPF_ENUM_FN) + __BPF_FUNC_MAX_ID, + }; ++#undef __BPF_ENUM_FN + + /* All flags used by eBPF helper functions, placed here. */ + +@@ -346,6 +526,12 @@ enum bpf_func_id { + #define BPF_F_ZERO_CSUM_TX (1ULL << 1) + #define BPF_F_DONT_FRAGMENT (1ULL << 2) + ++/* BPF_FUNC_perf_event_output and BPF_FUNC_perf_event_read flags. */ ++#define BPF_F_INDEX_MASK 0xffffffffULL ++#define BPF_F_CURRENT_CPU BPF_F_INDEX_MASK ++/* BPF_FUNC_perf_event_output for sk_buff input context. */ ++#define BPF_F_CTXLEN_MASK (0xfffffULL << 32) ++ + /* user accessible mirror of in-kernel sk_buff. + * new fields can only be added to the end of this structure + */ +@@ -365,6 +551,8 @@ struct __sk_buff { + __u32 cb[5]; + __u32 hash; + __u32 tc_classid; ++ __u32 data; ++ __u32 data_end; + }; + + struct bpf_tunnel_key { +@@ -379,4 +567,49 @@ struct bpf_tunnel_key { + __u32 tunnel_label; + }; + ++/* Generic BPF return codes which all BPF program types may support. ++ * The values are binary compatible with their TC_ACT_* counter-part to ++ * provide backwards compatibility with existing SCHED_CLS and SCHED_ACT ++ * programs. ++ * ++ * XDP is handled seprately, see XDP_*. ++ */ ++enum bpf_ret_code { ++ BPF_OK = 0, ++ /* 1 reserved */ ++ BPF_DROP = 2, ++ /* 3-6 reserved */ ++ BPF_REDIRECT = 7, ++ /* >127 are reserved for prog type specific return codes */ ++}; ++ ++struct bpf_sock { ++ __u32 bound_dev_if; ++ __u32 family; ++ __u32 type; ++ __u32 protocol; ++}; ++ ++#define XDP_PACKET_HEADROOM 256 ++ ++/* User return codes for XDP prog type. ++ * A valid XDP program must return one of these defined values. All other ++ * return codes are reserved for future use. Unknown return codes will result ++ * in packet drop. ++ */ ++enum xdp_action { ++ XDP_ABORTED = 0, ++ XDP_DROP, ++ XDP_PASS, ++ XDP_TX, ++}; ++ ++/* user accessible metadata for XDP packet hook ++ * new fields must be added to the end of this structure ++ */ ++struct xdp_md { ++ __u32 data; ++ __u32 data_end; ++}; ++ + #endif /* __LINUX_BPF_H__ */ +diff --git a/include/linux/can.h b/include/linux/can.h +index 4af39b0..f7a810d 100644 +--- a/include/linux/can.h ++++ b/include/linux/can.h +@@ -196,5 +196,6 @@ struct can_filter { + }; + + #define CAN_INV_FILTER 0x20000000U /* to be set in can_filter.can_id */ ++#define CAN_RAW_FILTER_MAX 512 /* maximum number of can_filter set via setsockopt() */ + + #endif /* !_UAPI_CAN_H */ +diff --git a/include/linux/devlink.h b/include/linux/devlink.h +index 0e21d00..7c14d77 100644 +--- a/include/linux/devlink.h ++++ b/include/linux/devlink.h +@@ -57,6 +57,8 @@ enum devlink_command { + DEVLINK_CMD_SB_OCC_SNAPSHOT, + DEVLINK_CMD_SB_OCC_MAX_CLEAR, + ++ DEVLINK_CMD_ESWITCH_MODE_GET, ++ DEVLINK_CMD_ESWITCH_MODE_SET, + /* add new commands above here */ + + __DEVLINK_CMD_MAX, +@@ -95,6 +97,18 @@ enum devlink_sb_threshold_type { + + #define DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX 20 + ++enum devlink_eswitch_mode { ++ DEVLINK_ESWITCH_MODE_LEGACY, ++ DEVLINK_ESWITCH_MODE_SWITCHDEV, ++}; ++ ++enum devlink_eswitch_inline_mode { ++ DEVLINK_ESWITCH_INLINE_MODE_NONE, ++ DEVLINK_ESWITCH_INLINE_MODE_LINK, ++ DEVLINK_ESWITCH_INLINE_MODE_NETWORK, ++ DEVLINK_ESWITCH_INLINE_MODE_TRANSPORT, ++}; ++ + enum devlink_attr { + /* don't change the order or add anything between, this is ABI! */ + DEVLINK_ATTR_UNSPEC, +@@ -125,6 +139,8 @@ enum devlink_attr { + DEVLINK_ATTR_SB_TC_INDEX, /* u16 */ + DEVLINK_ATTR_SB_OCC_CUR, /* u32 */ + DEVLINK_ATTR_SB_OCC_MAX, /* u32 */ ++ DEVLINK_ATTR_ESWITCH_MODE, /* u16 */ ++ DEVLINK_ATTR_ESWITCH_INLINE_MODE, /* u8 */ + + /* add new attributes above here, update the policy in devlink.c */ + +diff --git a/include/linux/fib_rules.h b/include/linux/fib_rules.h +index 96161b8..bbf02a6 100644 +--- a/include/linux/fib_rules.h ++++ b/include/linux/fib_rules.h +@@ -29,6 +29,11 @@ struct fib_rule_hdr { + __u32 flags; + }; + ++struct fib_rule_uid_range { ++ __u32 start; ++ __u32 end; ++}; ++ + enum { + FRA_UNSPEC, + FRA_DST, /* destination address */ +@@ -49,6 +54,9 @@ enum { + FRA_TABLE, /* Extended table id */ + FRA_FWMASK, /* mask for netfilter mark */ + FRA_OIFNAME, ++ FRA_PAD, ++ FRA_L3MDEV, /* iif or oif is l3mdev goto its table */ ++ FRA_UID_RANGE, /* UID range */ + __FRA_MAX + }; + +diff --git a/include/linux/gen_stats.h b/include/linux/gen_stats.h +index 6487317..52deccc 100644 +--- a/include/linux/gen_stats.h ++++ b/include/linux/gen_stats.h +@@ -10,6 +10,7 @@ enum { + TCA_STATS_QUEUE, + TCA_STATS_APP, + TCA_STATS_RATE_EST64, ++ TCA_STATS_PAD, + __TCA_STATS_MAX, + }; + #define TCA_STATS_MAX (__TCA_STATS_MAX - 1) +diff --git a/include/linux/genetlink.h b/include/linux/genetlink.h +index e792092..08239d8 100644 +--- a/include/linux/genetlink.h ++++ b/include/linux/genetlink.h +@@ -26,10 +26,11 @@ struct genlmsghdr { + /* + * List of reserved static generic netlink identifiers: + */ +-#define GENL_ID_GENERATE 0 + #define GENL_ID_CTRL NLMSG_MIN_TYPE + #define GENL_ID_VFS_DQUOT (NLMSG_MIN_TYPE + 1) + #define GENL_ID_PMCRAID (NLMSG_MIN_TYPE + 2) ++/* must be last reserved + 1 */ ++#define GENL_START_ALLOC (NLMSG_MIN_TYPE + 3) + + /************************************************************************** + * Controller +diff --git a/include/linux/if.h b/include/linux/if.h +index 5b84948..bf33a3e 100644 +--- a/include/linux/if.h ++++ b/include/linux/if.h +@@ -31,7 +31,7 @@ + #include + + /* For glibc compatibility. An empty enum does not compile. */ +-#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 && \ ++#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 || \ + __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 + /** + * enum net_device_flags - &struct net_device flags +@@ -99,7 +99,7 @@ enum net_device_flags { + IFF_ECHO = 1<<18, /* __volatile__ */ + #endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */ + }; +-#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 && __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 */ ++#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 || __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 */ + + /* for compatibility with glibc net/if.h */ + #if __UAPI_DEF_IF_NET_DEVICE_FLAGS +diff --git a/include/linux/if_alg.h b/include/linux/if_alg.h +new file mode 100644 +index 0000000..f2acd2f +--- /dev/null ++++ b/include/linux/if_alg.h +@@ -0,0 +1,42 @@ ++/* ++ * if_alg: User-space algorithm interface ++ * ++ * Copyright (c) 2010 Herbert Xu ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by the Free ++ * Software Foundation; either version 2 of the License, or (at your option) ++ * any later version. ++ * ++ */ ++ ++#ifndef _LINUX_IF_ALG_H ++#define _LINUX_IF_ALG_H ++ ++#include ++ ++struct sockaddr_alg { ++ __u16 salg_family; ++ __u8 salg_type[14]; ++ __u32 salg_feat; ++ __u32 salg_mask; ++ __u8 salg_name[64]; ++}; ++ ++struct af_alg_iv { ++ __u32 ivlen; ++ __u8 iv[0]; ++}; ++ ++/* Socket options */ ++#define ALG_SET_KEY 1 ++#define ALG_SET_IV 2 ++#define ALG_SET_OP 3 ++#define ALG_SET_AEAD_ASSOCLEN 4 ++#define ALG_SET_AEAD_AUTHSIZE 5 ++ ++/* Operations */ ++#define ALG_OP_DECRYPT 0 ++#define ALG_OP_ENCRYPT 1 ++ ++#endif /* _LINUX_IF_ALG_H */ +diff --git a/include/linux/if_bonding.h b/include/linux/if_bonding.h +new file mode 100644 +index 0000000..9635a62 +--- /dev/null ++++ b/include/linux/if_bonding.h +@@ -0,0 +1,130 @@ ++/* ++ * Bond several ethernet interfaces into a Cisco, running 'Etherchannel'. ++ * ++ * ++ * Portions are (c) Copyright 1995 Simon "Guru Aleph-Null" Janes ++ * NCM: Network and Communications Management, Inc. ++ * ++ * BUT, I'm the one who modified it for ethernet, so: ++ * (c) Copyright 1999, Thomas Davis, tadavis@lbl.gov ++ * ++ * This software may be used and distributed according to the terms ++ * of the GNU Public License, incorporated herein by reference. ++ * ++ * 2003/03/18 - Amir Noam ++ * - Added support for getting slave's speed and duplex via ethtool. ++ * Needed for 802.3ad and other future modes. ++ * ++ * 2003/03/18 - Tsippy Mendelson and ++ * Shmulik Hen ++ * - Enable support of modes that need to use the unique mac address of ++ * each slave. ++ * ++ * 2003/03/18 - Tsippy Mendelson and ++ * Amir Noam ++ * - Moved driver's private data types to bonding.h ++ * ++ * 2003/03/18 - Amir Noam , ++ * Tsippy Mendelson and ++ * Shmulik Hen ++ * - Added support for IEEE 802.3ad Dynamic link aggregation mode. ++ * ++ * 2003/05/01 - Amir Noam ++ * - Added ABI version control to restore compatibility between ++ * new/old ifenslave and new/old bonding. ++ * ++ * 2003/12/01 - Shmulik Hen ++ * - Code cleanup and style changes ++ * ++ * 2005/05/05 - Jason Gabler ++ * - added definitions for various XOR hashing policies ++ */ ++ ++#ifndef _LINUX_IF_BONDING_H ++#define _LINUX_IF_BONDING_H ++ ++#include ++#include ++#include ++ ++/* userland - kernel ABI version (2003/05/08) */ ++#define BOND_ABI_VERSION 2 ++ ++/* ++ * We can remove these ioctl definitions in 2.5. People should use the ++ * SIOC*** versions of them instead ++ */ ++#define BOND_ENSLAVE_OLD (SIOCDEVPRIVATE) ++#define BOND_RELEASE_OLD (SIOCDEVPRIVATE + 1) ++#define BOND_SETHWADDR_OLD (SIOCDEVPRIVATE + 2) ++#define BOND_SLAVE_INFO_QUERY_OLD (SIOCDEVPRIVATE + 11) ++#define BOND_INFO_QUERY_OLD (SIOCDEVPRIVATE + 12) ++#define BOND_CHANGE_ACTIVE_OLD (SIOCDEVPRIVATE + 13) ++ ++#define BOND_CHECK_MII_STATUS (SIOCGMIIPHY) ++ ++#define BOND_MODE_ROUNDROBIN 0 ++#define BOND_MODE_ACTIVEBACKUP 1 ++#define BOND_MODE_XOR 2 ++#define BOND_MODE_BROADCAST 3 ++#define BOND_MODE_8023AD 4 ++#define BOND_MODE_TLB 5 ++#define BOND_MODE_ALB 6 /* TLB + RLB (receive load balancing) */ ++ ++/* each slave's link has 4 states */ ++#define BOND_LINK_UP 0 /* link is up and running */ ++#define BOND_LINK_FAIL 1 /* link has just gone down */ ++#define BOND_LINK_DOWN 2 /* link has been down for too long time */ ++#define BOND_LINK_BACK 3 /* link is going back */ ++ ++/* each slave has several states */ ++#define BOND_STATE_ACTIVE 0 /* link is active */ ++#define BOND_STATE_BACKUP 1 /* link is backup */ ++ ++#define BOND_DEFAULT_MAX_BONDS 1 /* Default maximum number of devices to support */ ++ ++#define BOND_DEFAULT_TX_QUEUES 16 /* Default number of tx queues per device */ ++ ++#define BOND_DEFAULT_RESEND_IGMP 1 /* Default number of IGMP membership reports */ ++ ++/* hashing types */ ++#define BOND_XMIT_POLICY_LAYER2 0 /* layer 2 (MAC only), default */ ++#define BOND_XMIT_POLICY_LAYER34 1 /* layer 3+4 (IP ^ (TCP || UDP)) */ ++#define BOND_XMIT_POLICY_LAYER23 2 /* layer 2+3 (IP ^ MAC) */ ++#define BOND_XMIT_POLICY_ENCAP23 3 /* encapsulated layer 2+3 */ ++#define BOND_XMIT_POLICY_ENCAP34 4 /* encapsulated layer 3+4 */ ++ ++typedef struct ifbond { ++ __s32 bond_mode; ++ __s32 num_slaves; ++ __s32 miimon; ++} ifbond; ++ ++typedef struct ifslave { ++ __s32 slave_id; /* Used as an IN param to the BOND_SLAVE_INFO_QUERY ioctl */ ++ char slave_name[IFNAMSIZ]; ++ __s8 link; ++ __s8 state; ++ __u32 link_failure_count; ++} ifslave; ++ ++struct ad_info { ++ __u16 aggregator_id; ++ __u16 ports; ++ __u16 actor_key; ++ __u16 partner_key; ++ __u8 partner_system[ETH_ALEN]; ++}; ++ ++#endif /* _LINUX_IF_BONDING_H */ ++ ++/* ++ * Local variables: ++ * version-control: t ++ * kept-new-versions: 5 ++ * c-indent-level: 8 ++ * c-basic-offset: 8 ++ * tab-width: 8 ++ * End: ++ */ ++ +diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h +index 8de96b7..b7393dd 100644 +--- a/include/linux/if_bridge.h ++++ b/include/linux/if_bridge.h +@@ -134,6 +134,16 @@ struct bridge_vlan_info { + __u16 vid; + }; + ++struct bridge_vlan_xstats { ++ __u64 rx_bytes; ++ __u64 rx_packets; ++ __u64 tx_bytes; ++ __u64 tx_packets; ++ __u16 vid; ++ __u16 flags; ++ __u32 pad2; ++}; ++ + /* Bridge multicast database attributes + * [MDBA_MDB] = { + * [MDBA_MDB_ENTRY] = { +@@ -233,4 +243,41 @@ enum { + }; + #define MDBA_SET_ENTRY_MAX (__MDBA_SET_ENTRY_MAX - 1) + ++/* Embedded inside LINK_XSTATS_TYPE_BRIDGE */ ++enum { ++ BRIDGE_XSTATS_UNSPEC, ++ BRIDGE_XSTATS_VLAN, ++ BRIDGE_XSTATS_MCAST, ++ BRIDGE_XSTATS_PAD, ++ __BRIDGE_XSTATS_MAX ++}; ++#define BRIDGE_XSTATS_MAX (__BRIDGE_XSTATS_MAX - 1) ++ ++enum { ++ BR_MCAST_DIR_RX, ++ BR_MCAST_DIR_TX, ++ BR_MCAST_DIR_SIZE ++}; ++ ++/* IGMP/MLD statistics */ ++struct br_mcast_stats { ++ __u64 igmp_v1queries[BR_MCAST_DIR_SIZE]; ++ __u64 igmp_v2queries[BR_MCAST_DIR_SIZE]; ++ __u64 igmp_v3queries[BR_MCAST_DIR_SIZE]; ++ __u64 igmp_leaves[BR_MCAST_DIR_SIZE]; ++ __u64 igmp_v1reports[BR_MCAST_DIR_SIZE]; ++ __u64 igmp_v2reports[BR_MCAST_DIR_SIZE]; ++ __u64 igmp_v3reports[BR_MCAST_DIR_SIZE]; ++ __u64 igmp_parse_errors; ++ ++ __u64 mld_v1queries[BR_MCAST_DIR_SIZE]; ++ __u64 mld_v2queries[BR_MCAST_DIR_SIZE]; ++ __u64 mld_leaves[BR_MCAST_DIR_SIZE]; ++ __u64 mld_v1reports[BR_MCAST_DIR_SIZE]; ++ __u64 mld_v2reports[BR_MCAST_DIR_SIZE]; ++ __u64 mld_parse_errors; ++ ++ __u64 mcast_bytes[BR_MCAST_DIR_SIZE]; ++ __u64 mcast_packets[BR_MCAST_DIR_SIZE]; ++}; + #endif /* _LINUX_IF_BRIDGE_H */ +diff --git a/include/linux/if_ether.h b/include/linux/if_ether.h +index 8f3b0f4..6ff4a72 100644 +--- a/include/linux/if_ether.h ++++ b/include/linux/if_ether.h +@@ -35,6 +35,9 @@ + #define ETH_FRAME_LEN 1514 /* Max. octets in frame sans FCS */ + #define ETH_FCS_LEN 4 /* Octets in the FCS */ + ++#define ETH_MIN_MTU 68 /* Min IPv4 MTU per RFC791 */ ++#define ETH_MAX_MTU 0xFFFFU /* 65535, same as IP_MAX_MTU */ ++ + /* + * These are the defined Ethernet Protocol ID's. + */ +@@ -87,11 +90,13 @@ + #define ETH_P_8021AH 0x88E7 /* 802.1ah Backbone Service Tag */ + #define ETH_P_MVRP 0x88F5 /* 802.1Q MVRP */ + #define ETH_P_1588 0x88F7 /* IEEE 1588 Timesync */ ++#define ETH_P_NCSI 0x88F8 /* NCSI protocol */ + #define ETH_P_PRP 0x88FB /* IEC 62439-3 PRP/HSRv0 */ + #define ETH_P_FCOE 0x8906 /* Fibre Channel over Ethernet */ + #define ETH_P_TDLS 0x890D /* TDLS */ + #define ETH_P_FIP 0x8914 /* FCoE Initialization Protocol */ + #define ETH_P_80221 0x8917 /* IEEE 802.21 Media Independent Handover Protocol */ ++#define ETH_P_HSR 0x892F /* IEC 62439-3 HSRv1 */ + #define ETH_P_LOOPBACK 0x9000 /* Ethernet loopback packet, per IEEE 802.3 */ + #define ETH_P_QINQ1 0x9100 /* deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] */ + #define ETH_P_QINQ2 0x9200 /* deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] */ +diff --git a/include/linux/if_link.h b/include/linux/if_link.h +index 6a688e8..4422474 100644 +--- a/include/linux/if_link.h ++++ b/include/linux/if_link.h +@@ -155,6 +155,8 @@ enum { + IFLA_PROTO_DOWN, + IFLA_GSO_MAX_SEGS, + IFLA_GSO_MAX_SIZE, ++ IFLA_PAD, ++ IFLA_XDP, + __IFLA_MAX + }; + +@@ -268,6 +270,11 @@ enum { + IFLA_BR_NF_CALL_IP6TABLES, + IFLA_BR_NF_CALL_ARPTABLES, + IFLA_BR_VLAN_DEFAULT_PVID, ++ IFLA_BR_PAD, ++ IFLA_BR_VLAN_STATS_ENABLED, ++ IFLA_BR_MCAST_STATS_ENABLED, ++ IFLA_BR_MCAST_IGMP_VERSION, ++ IFLA_BR_MCAST_MLD_VERSION, + __IFLA_BR_MAX, + }; + +@@ -310,6 +317,8 @@ enum { + IFLA_BRPORT_HOLD_TIMER, + IFLA_BRPORT_FLUSH, + IFLA_BRPORT_MULTICAST_ROUTER, ++ IFLA_BRPORT_PAD, ++ IFLA_BRPORT_MCAST_FLOOD, + __IFLA_BRPORT_MAX + }; + #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) +@@ -429,6 +438,7 @@ enum { + IFLA_MACSEC_SCB, + IFLA_MACSEC_REPLAY_PROTECT, + IFLA_MACSEC_VALIDATION, ++ IFLA_MACSEC_PAD, + __IFLA_MACSEC_MAX, + }; + +@@ -454,6 +464,7 @@ enum { + enum ipvlan_mode { + IPVLAN_MODE_L2 = 0, + IPVLAN_MODE_L3, ++ IPVLAN_MODE_L3S, + IPVLAN_MODE_MAX + }; + +@@ -486,6 +497,7 @@ enum { + IFLA_VXLAN_REMCSUM_NOPARTIAL, + IFLA_VXLAN_COLLECT_METADATA, + IFLA_VXLAN_LABEL, ++ IFLA_VXLAN_GPE, + __IFLA_VXLAN_MAX + }; + #define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1) +@@ -513,6 +525,24 @@ enum { + }; + #define IFLA_GENEVE_MAX (__IFLA_GENEVE_MAX - 1) + ++/* PPP section */ ++enum { ++ IFLA_PPP_UNSPEC, ++ IFLA_PPP_DEV_FD, ++ __IFLA_PPP_MAX ++}; ++#define IFLA_PPP_MAX (__IFLA_PPP_MAX - 1) ++ ++/* GTP section */ ++enum { ++ IFLA_GTP_UNSPEC, ++ IFLA_GTP_FD0, ++ IFLA_GTP_FD1, ++ IFLA_GTP_PDP_HASHSIZE, ++ __IFLA_GTP_MAX, ++}; ++#define IFLA_GTP_MAX (__IFLA_GTP_MAX - 1) ++ + /* Bonding section */ + + enum { +@@ -589,7 +619,7 @@ enum { + enum { + IFLA_VF_UNSPEC, + IFLA_VF_MAC, /* Hardware queue specific attributes */ +- IFLA_VF_VLAN, ++ IFLA_VF_VLAN, /* VLAN ID and QoS */ + IFLA_VF_TX_RATE, /* Max TX Bandwidth Allocation */ + IFLA_VF_SPOOFCHK, /* Spoof Checking on/off switch */ + IFLA_VF_LINK_STATE, /* link state enable/disable/auto switch */ +@@ -601,6 +631,7 @@ enum { + IFLA_VF_TRUST, /* Trust VF */ + IFLA_VF_IB_NODE_GUID, /* VF Infiniband node GUID */ + IFLA_VF_IB_PORT_GUID, /* VF Infiniband port GUID */ ++ IFLA_VF_VLAN_LIST, /* nested list of vlans, option for QinQ */ + __IFLA_VF_MAX, + }; + +@@ -617,6 +648,22 @@ struct ifla_vf_vlan { + __u32 qos; + }; + ++enum { ++ IFLA_VF_VLAN_INFO_UNSPEC, ++ IFLA_VF_VLAN_INFO, /* VLAN ID, QoS and VLAN protocol */ ++ __IFLA_VF_VLAN_INFO_MAX, ++}; ++ ++#define IFLA_VF_VLAN_INFO_MAX (__IFLA_VF_VLAN_INFO_MAX - 1) ++#define MAX_VLAN_LIST_LEN 1 ++ ++struct ifla_vf_vlan_info { ++ __u32 vf; ++ __u32 vlan; /* 0 - 4095, 0 disables VLAN filter */ ++ __u32 qos; ++ __be16 vlan_proto; /* VLAN protocol either 802.1Q or 802.1ad */ ++}; ++ + struct ifla_vf_tx_rate { + __u32 vf; + __u32 rate; /* Max TX bandwidth in Mbps, 0 disables throttling */ +@@ -662,6 +709,7 @@ enum { + IFLA_VF_STATS_TX_BYTES, + IFLA_VF_STATS_BROADCAST, + IFLA_VF_STATS_MULTICAST, ++ IFLA_VF_STATS_PAD, + __IFLA_VF_STATS_MAX, + }; + +@@ -772,9 +820,71 @@ enum { + IFLA_HSR_MULTICAST_SPEC, /* Last byte of supervision addr */ + IFLA_HSR_SUPERVISION_ADDR, /* Supervision frame multicast addr */ + IFLA_HSR_SEQ_NR, ++ IFLA_HSR_VERSION, /* HSR version */ + __IFLA_HSR_MAX, + }; + + #define IFLA_HSR_MAX (__IFLA_HSR_MAX - 1) + ++/* STATS section */ ++ ++struct if_stats_msg { ++ __u8 family; ++ __u8 pad1; ++ __u16 pad2; ++ __u32 ifindex; ++ __u32 filter_mask; ++}; ++ ++/* A stats attribute can be netdev specific or a global stat. ++ * For netdev stats, lets use the prefix IFLA_STATS_LINK_* ++ */ ++enum { ++ IFLA_STATS_UNSPEC, /* also used as 64bit pad attribute */ ++ IFLA_STATS_LINK_64, ++ IFLA_STATS_LINK_XSTATS, ++ IFLA_STATS_LINK_XSTATS_SLAVE, ++ IFLA_STATS_LINK_OFFLOAD_XSTATS, ++ __IFLA_STATS_MAX, ++}; ++ ++#define IFLA_STATS_MAX (__IFLA_STATS_MAX - 1) ++ ++#define IFLA_STATS_FILTER_BIT(ATTR) (1 << (ATTR - 1)) ++ ++/* These are embedded into IFLA_STATS_LINK_XSTATS: ++ * [IFLA_STATS_LINK_XSTATS] ++ * -> [LINK_XSTATS_TYPE_xxx] ++ * -> [rtnl link type specific attributes] ++ */ ++enum { ++ LINK_XSTATS_TYPE_UNSPEC, ++ LINK_XSTATS_TYPE_BRIDGE, ++ __LINK_XSTATS_TYPE_MAX ++}; ++#define LINK_XSTATS_TYPE_MAX (__LINK_XSTATS_TYPE_MAX - 1) ++ ++/* These are stats embedded into IFLA_STATS_LINK_OFFLOAD_XSTATS */ ++enum { ++ IFLA_OFFLOAD_XSTATS_UNSPEC, ++ IFLA_OFFLOAD_XSTATS_CPU_HIT, /* struct rtnl_link_stats64 */ ++ __IFLA_OFFLOAD_XSTATS_MAX ++}; ++#define IFLA_OFFLOAD_XSTATS_MAX (__IFLA_OFFLOAD_XSTATS_MAX - 1) ++ ++/* XDP section */ ++ ++#define XDP_FLAGS_UPDATE_IF_NOEXIST (1U << 0) ++#define XDP_FLAGS_MASK (XDP_FLAGS_UPDATE_IF_NOEXIST) ++ ++enum { ++ IFLA_XDP_UNSPEC, ++ IFLA_XDP_FD, ++ IFLA_XDP_ATTACHED, ++ IFLA_XDP_FLAGS, ++ __IFLA_XDP_MAX, ++}; ++ ++#define IFLA_XDP_MAX (__IFLA_XDP_MAX - 1) ++ + #endif /* _LINUX_IF_LINK_H */ +diff --git a/include/linux/if_packet.h b/include/linux/if_packet.h +new file mode 100644 +index 0000000..9e7edfd +--- /dev/null ++++ b/include/linux/if_packet.h +@@ -0,0 +1,301 @@ ++#ifndef __LINUX_IF_PACKET_H ++#define __LINUX_IF_PACKET_H ++ ++#include ++ ++struct sockaddr_pkt { ++ unsigned short spkt_family; ++ unsigned char spkt_device[14]; ++ __be16 spkt_protocol; ++}; ++ ++struct sockaddr_ll { ++ unsigned short sll_family; ++ __be16 sll_protocol; ++ int sll_ifindex; ++ unsigned short sll_hatype; ++ unsigned char sll_pkttype; ++ unsigned char sll_halen; ++ unsigned char sll_addr[8]; ++}; ++ ++/* Packet types */ ++ ++#define PACKET_HOST 0 /* To us */ ++#define PACKET_BROADCAST 1 /* To all */ ++#define PACKET_MULTICAST 2 /* To group */ ++#define PACKET_OTHERHOST 3 /* To someone else */ ++#define PACKET_OUTGOING 4 /* Outgoing of any type */ ++#define PACKET_LOOPBACK 5 /* MC/BRD frame looped back */ ++#define PACKET_USER 6 /* To user space */ ++#define PACKET_KERNEL 7 /* To kernel space */ ++/* Unused, PACKET_FASTROUTE and PACKET_LOOPBACK are invisible to user space */ ++#define PACKET_FASTROUTE 6 /* Fastrouted frame */ ++ ++/* Packet socket options */ ++ ++#define PACKET_ADD_MEMBERSHIP 1 ++#define PACKET_DROP_MEMBERSHIP 2 ++#define PACKET_RECV_OUTPUT 3 ++/* Value 4 is still used by obsolete turbo-packet. */ ++#define PACKET_RX_RING 5 ++#define PACKET_STATISTICS 6 ++#define PACKET_COPY_THRESH 7 ++#define PACKET_AUXDATA 8 ++#define PACKET_ORIGDEV 9 ++#define PACKET_VERSION 10 ++#define PACKET_HDRLEN 11 ++#define PACKET_RESERVE 12 ++#define PACKET_TX_RING 13 ++#define PACKET_LOSS 14 ++#define PACKET_VNET_HDR 15 ++#define PACKET_TX_TIMESTAMP 16 ++#define PACKET_TIMESTAMP 17 ++#define PACKET_FANOUT 18 ++#define PACKET_TX_HAS_OFF 19 ++#define PACKET_QDISC_BYPASS 20 ++#define PACKET_ROLLOVER_STATS 21 ++#define PACKET_FANOUT_DATA 22 ++ ++#define PACKET_FANOUT_HASH 0 ++#define PACKET_FANOUT_LB 1 ++#define PACKET_FANOUT_CPU 2 ++#define PACKET_FANOUT_ROLLOVER 3 ++#define PACKET_FANOUT_RND 4 ++#define PACKET_FANOUT_QM 5 ++#define PACKET_FANOUT_CBPF 6 ++#define PACKET_FANOUT_EBPF 7 ++#define PACKET_FANOUT_FLAG_ROLLOVER 0x1000 ++#define PACKET_FANOUT_FLAG_DEFRAG 0x8000 ++ ++struct tpacket_stats { ++ unsigned int tp_packets; ++ unsigned int tp_drops; ++}; ++ ++struct tpacket_stats_v3 { ++ unsigned int tp_packets; ++ unsigned int tp_drops; ++ unsigned int tp_freeze_q_cnt; ++}; ++ ++struct tpacket_rollover_stats { ++ __aligned_u64 tp_all; ++ __aligned_u64 tp_huge; ++ __aligned_u64 tp_failed; ++}; ++ ++union tpacket_stats_u { ++ struct tpacket_stats stats1; ++ struct tpacket_stats_v3 stats3; ++}; ++ ++struct tpacket_auxdata { ++ __u32 tp_status; ++ __u32 tp_len; ++ __u32 tp_snaplen; ++ __u16 tp_mac; ++ __u16 tp_net; ++ __u16 tp_vlan_tci; ++ __u16 tp_vlan_tpid; ++}; ++ ++/* Rx ring - header status */ ++#define TP_STATUS_KERNEL 0 ++#define TP_STATUS_USER (1 << 0) ++#define TP_STATUS_COPY (1 << 1) ++#define TP_STATUS_LOSING (1 << 2) ++#define TP_STATUS_CSUMNOTREADY (1 << 3) ++#define TP_STATUS_VLAN_VALID (1 << 4) /* auxdata has valid tp_vlan_tci */ ++#define TP_STATUS_BLK_TMO (1 << 5) ++#define TP_STATUS_VLAN_TPID_VALID (1 << 6) /* auxdata has valid tp_vlan_tpid */ ++#define TP_STATUS_CSUM_VALID (1 << 7) ++ ++/* Tx ring - header status */ ++#define TP_STATUS_AVAILABLE 0 ++#define TP_STATUS_SEND_REQUEST (1 << 0) ++#define TP_STATUS_SENDING (1 << 1) ++#define TP_STATUS_WRONG_FORMAT (1 << 2) ++ ++/* Rx and Tx ring - header status */ ++#define TP_STATUS_TS_SOFTWARE (1 << 29) ++#define TP_STATUS_TS_SYS_HARDWARE (1 << 30) /* deprecated, never set */ ++#define TP_STATUS_TS_RAW_HARDWARE (1 << 31) ++ ++/* Rx ring - feature request bits */ ++#define TP_FT_REQ_FILL_RXHASH 0x1 ++ ++struct tpacket_hdr { ++ unsigned long tp_status; ++ unsigned int tp_len; ++ unsigned int tp_snaplen; ++ unsigned short tp_mac; ++ unsigned short tp_net; ++ unsigned int tp_sec; ++ unsigned int tp_usec; ++}; ++ ++#define TPACKET_ALIGNMENT 16 ++#define TPACKET_ALIGN(x) (((x)+TPACKET_ALIGNMENT-1)&~(TPACKET_ALIGNMENT-1)) ++#define TPACKET_HDRLEN (TPACKET_ALIGN(sizeof(struct tpacket_hdr)) + sizeof(struct sockaddr_ll)) ++ ++struct tpacket2_hdr { ++ __u32 tp_status; ++ __u32 tp_len; ++ __u32 tp_snaplen; ++ __u16 tp_mac; ++ __u16 tp_net; ++ __u32 tp_sec; ++ __u32 tp_nsec; ++ __u16 tp_vlan_tci; ++ __u16 tp_vlan_tpid; ++ __u8 tp_padding[4]; ++}; ++ ++struct tpacket_hdr_variant1 { ++ __u32 tp_rxhash; ++ __u32 tp_vlan_tci; ++ __u16 tp_vlan_tpid; ++ __u16 tp_padding; ++}; ++ ++struct tpacket3_hdr { ++ __u32 tp_next_offset; ++ __u32 tp_sec; ++ __u32 tp_nsec; ++ __u32 tp_snaplen; ++ __u32 tp_len; ++ __u32 tp_status; ++ __u16 tp_mac; ++ __u16 tp_net; ++ /* pkt_hdr variants */ ++ union { ++ struct tpacket_hdr_variant1 hv1; ++ }; ++ __u8 tp_padding[8]; ++}; ++ ++struct tpacket_bd_ts { ++ unsigned int ts_sec; ++ union { ++ unsigned int ts_usec; ++ unsigned int ts_nsec; ++ }; ++}; ++ ++struct tpacket_hdr_v1 { ++ __u32 block_status; ++ __u32 num_pkts; ++ __u32 offset_to_first_pkt; ++ ++ /* Number of valid bytes (including padding) ++ * blk_len <= tp_block_size ++ */ ++ __u32 blk_len; ++ ++ /* ++ * Quite a few uses of sequence number: ++ * 1. Make sure cache flush etc worked. ++ * Well, one can argue - why not use the increasing ts below? ++ * But look at 2. below first. ++ * 2. When you pass around blocks to other user space decoders, ++ * you can see which blk[s] is[are] outstanding etc. ++ * 3. Validate kernel code. ++ */ ++ __aligned_u64 seq_num; ++ ++ /* ++ * ts_last_pkt: ++ * ++ * Case 1. Block has 'N'(N >=1) packets and TMO'd(timed out) ++ * ts_last_pkt == 'time-stamp of last packet' and NOT the ++ * time when the timer fired and the block was closed. ++ * By providing the ts of the last packet we can absolutely ++ * guarantee that time-stamp wise, the first packet in the ++ * next block will never precede the last packet of the ++ * previous block. ++ * Case 2. Block has zero packets and TMO'd ++ * ts_last_pkt = time when the timer fired and the block ++ * was closed. ++ * Case 3. Block has 'N' packets and NO TMO. ++ * ts_last_pkt = time-stamp of the last pkt in the block. ++ * ++ * ts_first_pkt: ++ * Is always the time-stamp when the block was opened. ++ * Case a) ZERO packets ++ * No packets to deal with but atleast you know the ++ * time-interval of this block. ++ * Case b) Non-zero packets ++ * Use the ts of the first packet in the block. ++ * ++ */ ++ struct tpacket_bd_ts ts_first_pkt, ts_last_pkt; ++}; ++ ++union tpacket_bd_header_u { ++ struct tpacket_hdr_v1 bh1; ++}; ++ ++struct tpacket_block_desc { ++ __u32 version; ++ __u32 offset_to_priv; ++ union tpacket_bd_header_u hdr; ++}; ++ ++#define TPACKET2_HDRLEN (TPACKET_ALIGN(sizeof(struct tpacket2_hdr)) + sizeof(struct sockaddr_ll)) ++#define TPACKET3_HDRLEN (TPACKET_ALIGN(sizeof(struct tpacket3_hdr)) + sizeof(struct sockaddr_ll)) ++ ++enum tpacket_versions { ++ TPACKET_V1, ++ TPACKET_V2, ++ TPACKET_V3 ++}; ++ ++/* ++ Frame structure: ++ ++ - Start. Frame must be aligned to TPACKET_ALIGNMENT=16 ++ - struct tpacket_hdr ++ - pad to TPACKET_ALIGNMENT=16 ++ - struct sockaddr_ll ++ - Gap, chosen so that packet data (Start+tp_net) alignes to TPACKET_ALIGNMENT=16 ++ - Start+tp_mac: [ Optional MAC header ] ++ - Start+tp_net: Packet data, aligned to TPACKET_ALIGNMENT=16. ++ - Pad to align to TPACKET_ALIGNMENT=16 ++ */ ++ ++struct tpacket_req { ++ unsigned int tp_block_size; /* Minimal size of contiguous block */ ++ unsigned int tp_block_nr; /* Number of blocks */ ++ unsigned int tp_frame_size; /* Size of frame */ ++ unsigned int tp_frame_nr; /* Total number of frames */ ++}; ++ ++struct tpacket_req3 { ++ unsigned int tp_block_size; /* Minimal size of contiguous block */ ++ unsigned int tp_block_nr; /* Number of blocks */ ++ unsigned int tp_frame_size; /* Size of frame */ ++ unsigned int tp_frame_nr; /* Total number of frames */ ++ unsigned int tp_retire_blk_tov; /* timeout in msecs */ ++ unsigned int tp_sizeof_priv; /* offset to private data area */ ++ unsigned int tp_feature_req_word; ++}; ++ ++union tpacket_req_u { ++ struct tpacket_req req; ++ struct tpacket_req3 req3; ++}; ++ ++struct packet_mreq { ++ int mr_ifindex; ++ unsigned short mr_type; ++ unsigned short mr_alen; ++ unsigned char mr_address[8]; ++}; ++ ++#define PACKET_MR_MULTICAST 0 ++#define PACKET_MR_PROMISC 1 ++#define PACKET_MR_ALLMULTI 2 ++#define PACKET_MR_UNICAST 3 ++ ++#endif +diff --git a/include/linux/if_tunnel.h b/include/linux/if_tunnel.h +index f0201ca..4f975f5 100644 +--- a/include/linux/if_tunnel.h ++++ b/include/linux/if_tunnel.h +@@ -2,6 +2,9 @@ + #define _IF_TUNNEL_H_ + + #include ++#include ++#include ++#include + #include + + +@@ -24,9 +27,23 @@ + #define GRE_SEQ __cpu_to_be16(0x1000) + #define GRE_STRICT __cpu_to_be16(0x0800) + #define GRE_REC __cpu_to_be16(0x0700) +-#define GRE_FLAGS __cpu_to_be16(0x00F8) ++#define GRE_ACK __cpu_to_be16(0x0080) ++#define GRE_FLAGS __cpu_to_be16(0x0078) + #define GRE_VERSION __cpu_to_be16(0x0007) + ++#define GRE_IS_CSUM(f) ((f) & GRE_CSUM) ++#define GRE_IS_ROUTING(f) ((f) & GRE_ROUTING) ++#define GRE_IS_KEY(f) ((f) & GRE_KEY) ++#define GRE_IS_SEQ(f) ((f) & GRE_SEQ) ++#define GRE_IS_STRICT(f) ((f) & GRE_STRICT) ++#define GRE_IS_REC(f) ((f) & GRE_REC) ++#define GRE_IS_ACK(f) ((f) & GRE_ACK) ++ ++#define GRE_VERSION_0 __cpu_to_be16(0x0000) ++#define GRE_VERSION_1 __cpu_to_be16(0x0001) ++#define GRE_PROTO_PPP __cpu_to_be16(0x880b) ++#define GRE_PPTP_KEY_MASK __cpu_to_be32(0xffff) ++ + struct ip_tunnel_parm { + char name[IFNAMSIZ]; + int link; +@@ -57,6 +74,7 @@ enum { + IFLA_IPTUN_ENCAP_FLAGS, + IFLA_IPTUN_ENCAP_SPORT, + IFLA_IPTUN_ENCAP_DPORT, ++ IFLA_IPTUN_COLLECT_METADATA, + __IFLA_IPTUN_MAX, + }; + #define IFLA_IPTUN_MAX (__IFLA_IPTUN_MAX - 1) +@@ -113,6 +131,7 @@ enum { + IFLA_GRE_ENCAP_SPORT, + IFLA_GRE_ENCAP_DPORT, + IFLA_GRE_COLLECT_METADATA, ++ IFLA_GRE_IGNORE_DF, + __IFLA_GRE_MAX, + }; + +diff --git a/include/linux/ila.h b/include/linux/ila.h +index 4f9e1de..7e328d7 100644 +--- a/include/linux/ila.h ++++ b/include/linux/ila.h +@@ -14,6 +14,8 @@ enum { + ILA_ATTR_LOCATOR_MATCH, /* u64 */ + ILA_ATTR_IFINDEX, /* s32 */ + ILA_ATTR_DIR, /* u32 */ ++ ILA_ATTR_PAD, ++ ILA_ATTR_CSUM_MODE, /* u8 */ + + __ILA_ATTR_MAX, + }; +@@ -34,4 +36,10 @@ enum { + #define ILA_DIR_IN (1 << 0) + #define ILA_DIR_OUT (1 << 1) + ++enum { ++ ILA_CSUM_ADJUST_TRANSPORT, ++ ILA_CSUM_NEUTRAL_MAP, ++ ILA_CSUM_NO_ACTION, ++}; ++ + #endif /* _LINUX_ILA_H */ +diff --git a/include/linux/in.h b/include/linux/in.h +index 194b43b..9439efa 100644 +--- a/include/linux/in.h ++++ b/include/linux/in.h +@@ -117,6 +117,7 @@ struct in_addr { + #define IP_NODEFRAG 22 + #define IP_CHECKSUM 23 + #define IP_BIND_ADDRESS_NO_PORT 24 ++#define IP_RECVFRAGSIZE 25 + + /* IP_MTU_DISCOVER values */ + #define IP_PMTUDISC_DONT 0 /* Never send DF frames */ +diff --git a/include/linux/in6.h b/include/linux/in6.h +index aa5b66d..6f3bdee 100644 +--- a/include/linux/in6.h ++++ b/include/linux/in6.h +@@ -143,6 +143,7 @@ struct in6_flowlabel_req { + #define IPV6_TLV_PAD1 0 + #define IPV6_TLV_PADN 1 + #define IPV6_TLV_ROUTERALERT 5 ++#define IPV6_TLV_CALIPSO 7 /* RFC 5570 */ + #define IPV6_TLV_JUMBO 194 + #define IPV6_TLV_HAO 201 /* home address option */ + +@@ -282,6 +283,7 @@ struct in6_flowlabel_req { + #define IPV6_RECVORIGDSTADDR IPV6_ORIGDSTADDR + #define IPV6_TRANSPARENT 75 + #define IPV6_UNICAST_IF 76 ++#define IPV6_RECVFRAGSIZE 77 + + /* + * Multicast Routing: +diff --git a/include/linux/inet_diag.h b/include/linux/inet_diag.h +index b806fcf..f7bf781 100644 +--- a/include/linux/inet_diag.h ++++ b/include/linux/inet_diag.h +@@ -43,6 +43,23 @@ struct inet_diag_req_v2 { + struct inet_diag_sockid id; + }; + ++/* ++ * SOCK_RAW sockets require the underlied protocol to be ++ * additionally specified so we can use @pad member for ++ * this, but we can't rename it because userspace programs ++ * still may depend on this name. Instead lets use another ++ * structure definition as an alias for struct ++ * @inet_diag_req_v2. ++ */ ++struct inet_diag_req_raw { ++ __u8 sdiag_family; ++ __u8 sdiag_protocol; ++ __u8 idiag_ext; ++ __u8 sdiag_raw_protocol; ++ __u32 idiag_states; ++ struct inet_diag_sockid id; ++}; ++ + enum { + INET_DIAG_REQ_NONE, + INET_DIAG_REQ_BYTECODE, +@@ -72,6 +89,8 @@ enum { + INET_DIAG_BC_AUTO, + INET_DIAG_BC_S_COND, + INET_DIAG_BC_D_COND, ++ INET_DIAG_BC_DEV_COND, /* u32 ifindex */ ++ INET_DIAG_BC_MARK_COND, + }; + + struct inet_diag_hostcond { +@@ -81,6 +100,11 @@ struct inet_diag_hostcond { + __be32 addr[0]; + }; + ++struct inet_diag_markcond { ++ __u32 mark; ++ __u32 mask; ++}; ++ + /* Base info structure. It contains socket identity (addrs/ports/cookie) + * and, alas, the information shown by netstat. */ + struct inet_diag_msg { +@@ -115,9 +139,13 @@ enum { + INET_DIAG_SKV6ONLY, + INET_DIAG_LOCALS, + INET_DIAG_PEERS, ++ INET_DIAG_PAD, ++ INET_DIAG_MARK, ++ INET_DIAG_BBRINFO, ++ __INET_DIAG_MAX, + }; + +-#define INET_DIAG_MAX INET_DIAG_SKV6ONLY ++#define INET_DIAG_MAX (__INET_DIAG_MAX - 1) + + /* INET_DIAG_MEM */ + +@@ -147,8 +175,20 @@ struct tcp_dctcp_info { + __u32 dctcp_ab_tot; + }; + ++/* INET_DIAG_BBRINFO */ ++ ++struct tcp_bbr_info { ++ /* u64 bw: max-filtered BW (app throughput) estimate in Byte per sec: */ ++ __u32 bbr_bw_lo; /* lower 32 bits of bw */ ++ __u32 bbr_bw_hi; /* upper 32 bits of bw */ ++ __u32 bbr_min_rtt; /* min-filtered RTT in uSec */ ++ __u32 bbr_pacing_gain; /* pacing gain shifted left 8 bits */ ++ __u32 bbr_cwnd_gain; /* cwnd gain shifted left 8 bits */ ++}; ++ + union tcp_cc_info { + struct tcpvegas_info vegas; + struct tcp_dctcp_info dctcp; ++ struct tcp_bbr_info bbr; + }; + #endif /* _INET_DIAG_H_ */ +diff --git a/include/linux/l2tp.h b/include/linux/l2tp.h +index 5b0e36d..8a80007 100644 +--- a/include/linux/l2tp.h ++++ b/include/linux/l2tp.h +@@ -9,7 +9,8 @@ + + #include + #include +-#include ++#include ++#include + + #define IPPROTO_L2TP 115 + +@@ -29,7 +30,7 @@ struct sockaddr_l2tpip { + __u32 l2tp_conn_id; /* Connection ID of tunnel */ + + /* Pad to size of `struct sockaddr'. */ +- unsigned char __pad[sizeof(struct sockaddr) - ++ unsigned char __pad[__SOCK_SIZE__ - + sizeof(__kernel_sa_family_t) - + sizeof(__be16) - sizeof(struct in_addr) - + sizeof(__u32)]; +@@ -106,7 +107,7 @@ enum { + L2TP_ATTR_VLAN_ID, /* u16 */ + L2TP_ATTR_COOKIE, /* 0, 4 or 8 bytes */ + L2TP_ATTR_PEER_COOKIE, /* 0, 4 or 8 bytes */ +- L2TP_ATTR_DEBUG, /* u32 */ ++ L2TP_ATTR_DEBUG, /* u32, enum l2tp_debug_flags */ + L2TP_ATTR_RECV_SEQ, /* u8 */ + L2TP_ATTR_SEND_SEQ, /* u8 */ + L2TP_ATTR_LNS_MODE, /* u8 */ +@@ -122,8 +123,9 @@ enum { + L2TP_ATTR_STATS, /* nested */ + L2TP_ATTR_IP6_SADDR, /* struct in6_addr */ + L2TP_ATTR_IP6_DADDR, /* struct in6_addr */ +- L2TP_ATTR_UDP_ZERO_CSUM6_TX, /* u8 */ +- L2TP_ATTR_UDP_ZERO_CSUM6_RX, /* u8 */ ++ L2TP_ATTR_UDP_ZERO_CSUM6_TX, /* flag */ ++ L2TP_ATTR_UDP_ZERO_CSUM6_RX, /* flag */ ++ L2TP_ATTR_PAD, + __L2TP_ATTR_MAX, + }; + +@@ -140,6 +142,7 @@ enum { + L2TP_ATTR_RX_SEQ_DISCARDS, /* u64 */ + L2TP_ATTR_RX_OOS_PACKETS, /* u64 */ + L2TP_ATTR_RX_ERRORS, /* u64 */ ++ L2TP_ATTR_STATS_PAD, + __L2TP_ATTR_STATS_MAX, + }; + +@@ -171,6 +174,21 @@ enum l2tp_seqmode { + L2TP_SEQ_ALL = 2, + }; + ++/** ++ * enum l2tp_debug_flags - debug message categories for L2TP tunnels/sessions ++ * ++ * @L2TP_MSG_DEBUG: verbose debug (if compiled in) ++ * @L2TP_MSG_CONTROL: userspace - kernel interface ++ * @L2TP_MSG_SEQ: sequence numbers ++ * @L2TP_MSG_DATA: data packets ++ */ ++enum l2tp_debug_flags { ++ L2TP_MSG_DEBUG = (1 << 0), ++ L2TP_MSG_CONTROL = (1 << 1), ++ L2TP_MSG_SEQ = (1 << 2), ++ L2TP_MSG_DATA = (1 << 3), ++}; ++ + /* + * NETLINK_GENERIC related info + */ +diff --git a/include/linux/libc-compat.h b/include/linux/libc-compat.h +index b3c2085..f38571d 100644 +--- a/include/linux/libc-compat.h ++++ b/include/linux/libc-compat.h +@@ -52,7 +52,7 @@ + #if defined(__GLIBC__) + + /* Coordinate with glibc net/if.h header. */ +-#if defined(_NET_IF_H) ++#if defined(_NET_IF_H) && defined(__USE_MISC) + + /* GLIBC headers included first so don't define anything + * that would already be defined. */ +@@ -139,6 +139,25 @@ + + #endif /* _NETINET_IN_H */ + ++/* Coordinate with glibc netipx/ipx.h header. */ ++#if defined(__NETIPX_IPX_H) ++ ++#define __UAPI_DEF_SOCKADDR_IPX 0 ++#define __UAPI_DEF_IPX_ROUTE_DEFINITION 0 ++#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 0 ++#define __UAPI_DEF_IPX_CONFIG_DATA 0 ++#define __UAPI_DEF_IPX_ROUTE_DEF 0 ++ ++#else /* defined(__NETIPX_IPX_H) */ ++ ++#define __UAPI_DEF_SOCKADDR_IPX 1 ++#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1 ++#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1 ++#define __UAPI_DEF_IPX_CONFIG_DATA 1 ++#define __UAPI_DEF_IPX_ROUTE_DEF 1 ++ ++#endif /* defined(__NETIPX_IPX_H) */ ++ + /* Definitions for xattr.h */ + #if defined(_SYS_XATTR_H) + #define __UAPI_DEF_XATTR 0 +@@ -179,6 +198,13 @@ + #define __UAPI_DEF_IN6_PKTINFO 1 + #define __UAPI_DEF_IP6_MTUINFO 1 + ++/* Definitions for ipx.h */ ++#define __UAPI_DEF_SOCKADDR_IPX 1 ++#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1 ++#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1 ++#define __UAPI_DEF_IPX_CONFIG_DATA 1 ++#define __UAPI_DEF_IPX_ROUTE_DEF 1 ++ + /* Definitions for xattr.h */ + #define __UAPI_DEF_XATTR 1 + +diff --git a/include/linux/lwtunnel.h b/include/linux/lwtunnel.h +index 1d2f4f6..faa6eab 100644 +--- a/include/linux/lwtunnel.h ++++ b/include/linux/lwtunnel.h +@@ -9,6 +9,8 @@ enum lwtunnel_encap_types { + LWTUNNEL_ENCAP_IP, + LWTUNNEL_ENCAP_ILA, + LWTUNNEL_ENCAP_IP6, ++ LWTUNNEL_ENCAP_SEG6, ++ LWTUNNEL_ENCAP_BPF, + __LWTUNNEL_ENCAP_MAX, + }; + +@@ -22,6 +24,7 @@ enum lwtunnel_ip_t { + LWTUNNEL_IP_TTL, + LWTUNNEL_IP_TOS, + LWTUNNEL_IP_FLAGS, ++ LWTUNNEL_IP_PAD, + __LWTUNNEL_IP_MAX, + }; + +@@ -35,9 +38,32 @@ enum lwtunnel_ip6_t { + LWTUNNEL_IP6_HOPLIMIT, + LWTUNNEL_IP6_TC, + LWTUNNEL_IP6_FLAGS, ++ LWTUNNEL_IP6_PAD, + __LWTUNNEL_IP6_MAX, + }; + + #define LWTUNNEL_IP6_MAX (__LWTUNNEL_IP6_MAX - 1) + ++enum { ++ LWT_BPF_PROG_UNSPEC, ++ LWT_BPF_PROG_FD, ++ LWT_BPF_PROG_NAME, ++ __LWT_BPF_PROG_MAX, ++}; ++ ++#define LWT_BPF_PROG_MAX (__LWT_BPF_PROG_MAX - 1) ++ ++enum { ++ LWT_BPF_UNSPEC, ++ LWT_BPF_IN, ++ LWT_BPF_OUT, ++ LWT_BPF_XMIT, ++ LWT_BPF_XMIT_HEADROOM, ++ __LWT_BPF_MAX, ++}; ++ ++#define LWT_BPF_MAX (__LWT_BPF_MAX - 1) ++ ++#define LWT_BPF_MAX_HEADROOM 256 ++ + #endif /* _LWTUNNEL_H_ */ +diff --git a/include/linux/neighbour.h b/include/linux/neighbour.h +index 788655b..bd99a8d 100644 +--- a/include/linux/neighbour.h ++++ b/include/linux/neighbour.h +@@ -128,6 +128,7 @@ enum { + NDTPA_LOCKTIME, /* u64, msecs */ + NDTPA_QUEUE_LENBYTES, /* u32 */ + NDTPA_MCAST_REPROBES, /* u32 */ ++ NDTPA_PAD, + __NDTPA_MAX + }; + #define NDTPA_MAX (__NDTPA_MAX - 1) +@@ -160,6 +161,7 @@ enum { + NDTA_PARMS, /* nested TLV NDTPA_* */ + NDTA_STATS, /* struct ndt_stats, read-only */ + NDTA_GC_INTERVAL, /* u64, msecs */ ++ NDTA_PAD, + __NDTA_MAX + }; + #define NDTA_MAX (__NDTA_MAX - 1) +diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h +index b71b4c9..d8bc1e6 100644 +--- a/include/linux/netfilter.h ++++ b/include/linux/netfilter.h +@@ -13,7 +13,7 @@ + #define NF_STOLEN 2 + #define NF_QUEUE 3 + #define NF_REPEAT 4 +-#define NF_STOP 5 ++#define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ + #define NF_MAX_VERDICT NF_STOP + + /* we overload the higher bits for encoding auxiliary data such as the queue +diff --git a/include/linux/netlink_diag.h b/include/linux/netlink_diag.h +index f2159d3..defd25f 100644 +--- a/include/linux/netlink_diag.h ++++ b/include/linux/netlink_diag.h +@@ -48,6 +48,7 @@ enum { + + #define NDIAG_SHOW_MEMINFO 0x00000001 /* show memory info of a socket */ + #define NDIAG_SHOW_GROUPS 0x00000002 /* show groups of a netlink socket */ ++/* deprecated since 4.6 */ + #define NDIAG_SHOW_RING_CFG 0x00000004 /* show ring configuration */ + + #endif +diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h +index b69358b..af17f3c 100644 +--- a/include/linux/pkt_cls.h ++++ b/include/linux/pkt_cls.h +@@ -12,6 +12,7 @@ enum { + TCA_ACT_OPTIONS, + TCA_ACT_INDEX, + TCA_ACT_STATS, ++ TCA_ACT_PAD, + __TCA_ACT_MAX + }; + +@@ -60,8 +61,8 @@ struct tc_police { + __u32 mtu; + struct tc_ratespec rate; + struct tc_ratespec peakrate; +- int refcnt; +- int bindcnt; ++ int refcnt; ++ int bindcnt; + __u32 capab; + }; + +@@ -69,10 +70,11 @@ struct tcf_t { + __u64 install; + __u64 lastuse; + __u64 expires; ++ __u64 firstuse; + }; + + struct tc_cnt { +- int refcnt; ++ int refcnt; + int bindcnt; + }; + +@@ -90,12 +92,18 @@ enum { + TCA_POLICE_PEAKRATE, + TCA_POLICE_AVRATE, + TCA_POLICE_RESULT, ++ TCA_POLICE_TM, ++ TCA_POLICE_PAD, + __TCA_POLICE_MAX + #define TCA_POLICE_RESULT TCA_POLICE_RESULT + }; + + #define TCA_POLICE_MAX (__TCA_POLICE_MAX - 1) + ++/* tca flags definitions */ ++#define TCA_CLS_FLAGS_SKIP_HW (1 << 0) ++#define TCA_CLS_FLAGS_SKIP_SW (1 << 1) ++ + /* U32 filters */ + + #define TC_U32_HTID(h) ((h)&0xFFF00000) +@@ -114,11 +122,12 @@ enum { + TCA_U32_DIVISOR, + TCA_U32_SEL, + TCA_U32_POLICE, +- TCA_U32_ACT, ++ TCA_U32_ACT, + TCA_U32_INDEV, + TCA_U32_PCNT, + TCA_U32_MARK, + TCA_U32_FLAGS, ++ TCA_U32_PAD, + __TCA_U32_MAX + }; + +@@ -333,6 +342,8 @@ enum { + TCA_BPF_FD, + TCA_BPF_NAME, + TCA_BPF_FLAGS, ++ TCA_BPF_FLAGS_GEN, ++ TCA_BPF_TAG, + __TCA_BPF_MAX, + }; + +@@ -365,11 +376,68 @@ enum { + TCA_FLOWER_KEY_UDP_DST, /* be16 */ + + TCA_FLOWER_FLAGS, ++ TCA_FLOWER_KEY_VLAN_ID, /* be16 */ ++ TCA_FLOWER_KEY_VLAN_PRIO, /* u8 */ ++ TCA_FLOWER_KEY_VLAN_ETH_TYPE, /* be16 */ ++ ++ TCA_FLOWER_KEY_ENC_KEY_ID, /* be32 */ ++ TCA_FLOWER_KEY_ENC_IPV4_SRC, /* be32 */ ++ TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,/* be32 */ ++ TCA_FLOWER_KEY_ENC_IPV4_DST, /* be32 */ ++ TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,/* be32 */ ++ TCA_FLOWER_KEY_ENC_IPV6_SRC, /* struct in6_addr */ ++ TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,/* struct in6_addr */ ++ TCA_FLOWER_KEY_ENC_IPV6_DST, /* struct in6_addr */ ++ TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,/* struct in6_addr */ ++ ++ TCA_FLOWER_KEY_TCP_SRC_MASK, /* be16 */ ++ TCA_FLOWER_KEY_TCP_DST_MASK, /* be16 */ ++ TCA_FLOWER_KEY_UDP_SRC_MASK, /* be16 */ ++ TCA_FLOWER_KEY_UDP_DST_MASK, /* be16 */ ++ TCA_FLOWER_KEY_SCTP_SRC_MASK, /* be16 */ ++ TCA_FLOWER_KEY_SCTP_DST_MASK, /* be16 */ ++ ++ TCA_FLOWER_KEY_SCTP_SRC, /* be16 */ ++ TCA_FLOWER_KEY_SCTP_DST, /* be16 */ ++ ++ TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, /* be16 */ ++ TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, /* be16 */ ++ TCA_FLOWER_KEY_ENC_UDP_DST_PORT, /* be16 */ ++ TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, /* be16 */ ++ ++ TCA_FLOWER_KEY_FLAGS, /* be32 */ ++ TCA_FLOWER_KEY_FLAGS_MASK, /* be32 */ ++ ++ TCA_FLOWER_KEY_ICMPV4_CODE, /* u8 */ ++ TCA_FLOWER_KEY_ICMPV4_CODE_MASK,/* u8 */ ++ TCA_FLOWER_KEY_ICMPV4_TYPE, /* u8 */ ++ TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,/* u8 */ ++ TCA_FLOWER_KEY_ICMPV6_CODE, /* u8 */ ++ TCA_FLOWER_KEY_ICMPV6_CODE_MASK,/* u8 */ ++ TCA_FLOWER_KEY_ICMPV6_TYPE, /* u8 */ ++ TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,/* u8 */ ++ + __TCA_FLOWER_MAX, + }; + + #define TCA_FLOWER_MAX (__TCA_FLOWER_MAX - 1) + ++enum { ++ TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT = (1 << 0), ++}; ++ ++/* Match-all classifier */ ++ ++enum { ++ TCA_MATCHALL_UNSPEC, ++ TCA_MATCHALL_CLASSID, ++ TCA_MATCHALL_ACT, ++ TCA_MATCHALL_FLAGS, ++ __TCA_MATCHALL_MAX, ++}; ++ ++#define TCA_MATCHALL_MAX (__TCA_MATCHALL_MAX - 1) ++ + /* Extended Matches */ + + struct tcf_ematch_tree_hdr { +diff --git a/include/linux/pkt_sched.h b/include/linux/pkt_sched.h +index 8cb18b4..df7451d 100644 +--- a/include/linux/pkt_sched.h ++++ b/include/linux/pkt_sched.h +@@ -179,6 +179,7 @@ enum { + TCA_TBF_PRATE64, + TCA_TBF_BURST, + TCA_TBF_PBURST, ++ TCA_TBF_PAD, + __TCA_TBF_MAX, + }; + +@@ -368,6 +369,7 @@ enum { + TCA_HTB_DIRECT_QLEN, + TCA_HTB_RATE64, + TCA_HTB_CEIL64, ++ TCA_HTB_PAD, + __TCA_HTB_MAX, + }; + +@@ -531,6 +533,7 @@ enum { + TCA_NETEM_RATE, + TCA_NETEM_ECN, + TCA_NETEM_RATE64, ++ TCA_NETEM_PAD, + __TCA_NETEM_MAX, + }; + +@@ -715,6 +718,8 @@ enum { + TCA_FQ_CODEL_FLOWS, + TCA_FQ_CODEL_QUANTUM, + TCA_FQ_CODEL_CE_THRESHOLD, ++ TCA_FQ_CODEL_DROP_BATCH_SIZE, ++ TCA_FQ_CODEL_MEMORY_LIMIT, + __TCA_FQ_CODEL_MAX + }; + +@@ -739,6 +744,8 @@ struct tc_fq_codel_qd_stats { + __u32 new_flows_len; /* count of flows in new list */ + __u32 old_flows_len; /* count of flows in old list */ + __u32 ce_mark; /* packets above ce_threshold */ ++ __u32 memory_usage; /* in bytes */ ++ __u32 drop_overmemory; + }; + + struct tc_fq_codel_cl_stats { +@@ -785,6 +792,8 @@ enum { + + TCA_FQ_ORPHAN_MASK, /* mask applied to orphaned skb hashes */ + ++ TCA_FQ_LOW_RATE_THRESHOLD, /* per packet delay under this rate */ ++ + __TCA_FQ_MAX + }; + +@@ -802,7 +811,7 @@ struct tc_fq_qd_stats { + __u32 flows; + __u32 inactive_flows; + __u32 throttled_flows; +- __u32 pad; ++ __u32 unthrottle_latency_ns; + }; + + /* Heavy-Hitter Filter */ +diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h +index 6aaa2a3..78a70c2 100644 +--- a/include/linux/rtnetlink.h ++++ b/include/linux/rtnetlink.h +@@ -139,6 +139,11 @@ enum { + RTM_GETNSID = 90, + #define RTM_GETNSID RTM_GETNSID + ++ RTM_NEWSTATS = 92, ++#define RTM_NEWSTATS RTM_NEWSTATS ++ RTM_GETSTATS = 94, ++#define RTM_GETSTATS RTM_GETSTATS ++ + __RTM_MAX, + #define RTM_MAX (((__RTM_MAX + 3) & ~3) - 1) + }; +@@ -312,6 +317,8 @@ enum rtattr_type_t { + RTA_ENCAP_TYPE, + RTA_ENCAP, + RTA_EXPIRES, ++ RTA_PAD, ++ RTA_UID, + __RTA_MAX + }; + +@@ -344,7 +351,7 @@ struct rtnexthop { + #define RTNH_F_OFFLOAD 8 /* offloaded route */ + #define RTNH_F_LINKDOWN 16 /* carrier-down on nexthop */ + +-#define RTNH_COMPARE_MASK (RTNH_F_DEAD | RTNH_F_LINKDOWN) ++#define RTNH_COMPARE_MASK (RTNH_F_DEAD | RTNH_F_LINKDOWN | RTNH_F_OFFLOAD) + + /* Macros to handle hexthops */ + +@@ -536,6 +543,7 @@ enum { + TCA_FCNT, + TCA_STATS2, + TCA_STAB, ++ TCA_PAD, + __TCA_MAX + }; + +diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h +index dafcb89..901231e 100644 +--- a/include/linux/sock_diag.h ++++ b/include/linux/sock_diag.h +@@ -20,6 +20,7 @@ enum { + SK_MEMINFO_WMEM_QUEUED, + SK_MEMINFO_OPTMEM, + SK_MEMINFO_BACKLOG, ++ SK_MEMINFO_DROPS, + + SK_MEMINFO_VARS, + }; +diff --git a/include/linux/tc_act/tc_bpf.h b/include/linux/tc_act/tc_bpf.h +index 07f17cc..975b50d 100644 +--- a/include/linux/tc_act/tc_bpf.h ++++ b/include/linux/tc_act/tc_bpf.h +@@ -26,6 +26,8 @@ enum { + TCA_ACT_BPF_OPS, + TCA_ACT_BPF_FD, + TCA_ACT_BPF_NAME, ++ TCA_ACT_BPF_PAD, ++ TCA_ACT_BPF_TAG, + __TCA_ACT_BPF_MAX, + }; + #define TCA_ACT_BPF_MAX (__TCA_ACT_BPF_MAX - 1) +diff --git a/include/linux/tc_act/tc_connmark.h b/include/linux/tc_act/tc_connmark.h +index 994b097..62a5e94 100644 +--- a/include/linux/tc_act/tc_connmark.h ++++ b/include/linux/tc_act/tc_connmark.h +@@ -15,6 +15,7 @@ enum { + TCA_CONNMARK_UNSPEC, + TCA_CONNMARK_PARMS, + TCA_CONNMARK_TM, ++ TCA_CONNMARK_PAD, + __TCA_CONNMARK_MAX + }; + #define TCA_CONNMARK_MAX (__TCA_CONNMARK_MAX - 1) +diff --git a/include/linux/tc_act/tc_csum.h b/include/linux/tc_act/tc_csum.h +index a047c49..8ac8041 100644 +--- a/include/linux/tc_act/tc_csum.h ++++ b/include/linux/tc_act/tc_csum.h +@@ -10,6 +10,7 @@ enum { + TCA_CSUM_UNSPEC, + TCA_CSUM_PARMS, + TCA_CSUM_TM, ++ TCA_CSUM_PAD, + __TCA_CSUM_MAX + }; + #define TCA_CSUM_MAX (__TCA_CSUM_MAX - 1) +diff --git a/include/linux/tc_act/tc_defact.h b/include/linux/tc_act/tc_defact.h +index 17dddb4..d2a3abb 100644 +--- a/include/linux/tc_act/tc_defact.h ++++ b/include/linux/tc_act/tc_defact.h +@@ -12,6 +12,7 @@ enum { + TCA_DEF_TM, + TCA_DEF_PARMS, + TCA_DEF_DATA, ++ TCA_DEF_PAD, + __TCA_DEF_MAX + }; + #define TCA_DEF_MAX (__TCA_DEF_MAX - 1) +diff --git a/include/linux/tc_act/tc_gact.h b/include/linux/tc_act/tc_gact.h +index f7bf94e..70b536a 100644 +--- a/include/linux/tc_act/tc_gact.h ++++ b/include/linux/tc_act/tc_gact.h +@@ -25,6 +25,7 @@ enum { + TCA_GACT_TM, + TCA_GACT_PARMS, + TCA_GACT_PROB, ++ TCA_GACT_PAD, + __TCA_GACT_MAX + }; + #define TCA_GACT_MAX (__TCA_GACT_MAX - 1) +diff --git a/include/linux/tc_act/tc_ife.h b/include/linux/tc_act/tc_ife.h +index d648ff6..cd18360 100644 +--- a/include/linux/tc_act/tc_ife.h ++++ b/include/linux/tc_act/tc_ife.h +@@ -23,6 +23,7 @@ enum { + TCA_IFE_SMAC, + TCA_IFE_TYPE, + TCA_IFE_METALST, ++ TCA_IFE_PAD, + __TCA_IFE_MAX + }; + #define TCA_IFE_MAX (__TCA_IFE_MAX - 1) +@@ -31,8 +32,9 @@ enum { + #define IFE_META_HASHID 2 + #define IFE_META_PRIO 3 + #define IFE_META_QMAP 4 ++#define IFE_META_TCINDEX 5 + /*Can be overridden at runtime by module option*/ +-#define __IFE_META_MAX 5 ++#define __IFE_META_MAX 6 + #define IFE_META_MAX (__IFE_META_MAX - 1) + + #endif +diff --git a/include/linux/tc_act/tc_ipt.h b/include/linux/tc_act/tc_ipt.h +index 130aaad..7c6e155 100644 +--- a/include/linux/tc_act/tc_ipt.h ++++ b/include/linux/tc_act/tc_ipt.h +@@ -14,6 +14,7 @@ enum { + TCA_IPT_CNT, + TCA_IPT_TM, + TCA_IPT_TARG, ++ TCA_IPT_PAD, + __TCA_IPT_MAX + }; + #define TCA_IPT_MAX (__TCA_IPT_MAX - 1) +diff --git a/include/linux/tc_act/tc_mirred.h b/include/linux/tc_act/tc_mirred.h +index 7561750..3d7a2b3 100644 +--- a/include/linux/tc_act/tc_mirred.h ++++ b/include/linux/tc_act/tc_mirred.h +@@ -20,6 +20,7 @@ enum { + TCA_MIRRED_UNSPEC, + TCA_MIRRED_TM, + TCA_MIRRED_PARMS, ++ TCA_MIRRED_PAD, + __TCA_MIRRED_MAX + }; + #define TCA_MIRRED_MAX (__TCA_MIRRED_MAX - 1) +diff --git a/include/linux/tc_act/tc_nat.h b/include/linux/tc_act/tc_nat.h +index 6663aeb..923457c 100644 +--- a/include/linux/tc_act/tc_nat.h ++++ b/include/linux/tc_act/tc_nat.h +@@ -10,6 +10,7 @@ enum { + TCA_NAT_UNSPEC, + TCA_NAT_PARMS, + TCA_NAT_TM, ++ TCA_NAT_PAD, + __TCA_NAT_MAX + }; + #define TCA_NAT_MAX (__TCA_NAT_MAX - 1) +diff --git a/include/linux/tc_act/tc_pedit.h b/include/linux/tc_act/tc_pedit.h +index 716cfab..6389959 100644 +--- a/include/linux/tc_act/tc_pedit.h ++++ b/include/linux/tc_act/tc_pedit.h +@@ -10,6 +10,7 @@ enum { + TCA_PEDIT_UNSPEC, + TCA_PEDIT_TM, + TCA_PEDIT_PARMS, ++ TCA_PEDIT_PAD, + __TCA_PEDIT_MAX + }; + #define TCA_PEDIT_MAX (__TCA_PEDIT_MAX - 1) +diff --git a/include/linux/tc_act/tc_skbedit.h b/include/linux/tc_act/tc_skbedit.h +index 7a2e910..2884425 100644 +--- a/include/linux/tc_act/tc_skbedit.h ++++ b/include/linux/tc_act/tc_skbedit.h +@@ -27,6 +27,8 @@ + #define SKBEDIT_F_PRIORITY 0x1 + #define SKBEDIT_F_QUEUE_MAPPING 0x2 + #define SKBEDIT_F_MARK 0x4 ++#define SKBEDIT_F_PTYPE 0x8 ++#define SKBEDIT_F_MASK 0x10 + + struct tc_skbedit { + tc_gen; +@@ -39,6 +41,9 @@ enum { + TCA_SKBEDIT_PRIORITY, + TCA_SKBEDIT_QUEUE_MAPPING, + TCA_SKBEDIT_MARK, ++ TCA_SKBEDIT_PAD, ++ TCA_SKBEDIT_PTYPE, ++ TCA_SKBEDIT_MASK, + __TCA_SKBEDIT_MAX + }; + #define TCA_SKBEDIT_MAX (__TCA_SKBEDIT_MAX - 1) +diff --git a/include/linux/tc_act/tc_tunnel_key.h b/include/linux/tc_act/tc_tunnel_key.h +new file mode 100644 +index 0000000..84ea55e +--- /dev/null ++++ b/include/linux/tc_act/tc_tunnel_key.h +@@ -0,0 +1,42 @@ ++/* ++ * Copyright (c) 2016, Amir Vadai ++ * Copyright (c) 2016, Mellanox Technologies. All rights reserved. ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#ifndef __LINUX_TC_TUNNEL_KEY_H ++#define __LINUX_TC_TUNNEL_KEY_H ++ ++#include ++ ++#define TCA_ACT_TUNNEL_KEY 17 ++ ++#define TCA_TUNNEL_KEY_ACT_SET 1 ++#define TCA_TUNNEL_KEY_ACT_RELEASE 2 ++ ++struct tc_tunnel_key { ++ tc_gen; ++ int t_action; ++}; ++ ++enum { ++ TCA_TUNNEL_KEY_UNSPEC, ++ TCA_TUNNEL_KEY_TM, ++ TCA_TUNNEL_KEY_PARMS, ++ TCA_TUNNEL_KEY_ENC_IPV4_SRC, /* be32 */ ++ TCA_TUNNEL_KEY_ENC_IPV4_DST, /* be32 */ ++ TCA_TUNNEL_KEY_ENC_IPV6_SRC, /* struct in6_addr */ ++ TCA_TUNNEL_KEY_ENC_IPV6_DST, /* struct in6_addr */ ++ TCA_TUNNEL_KEY_ENC_KEY_ID, /* be64 */ ++ TCA_TUNNEL_KEY_PAD, ++ TCA_TUNNEL_KEY_ENC_DST_PORT, /* be16 */ ++ __TCA_TUNNEL_KEY_MAX, ++}; ++ ++#define TCA_TUNNEL_KEY_MAX (__TCA_TUNNEL_KEY_MAX - 1) ++ ++#endif +diff --git a/include/linux/tc_act/tc_vlan.h b/include/linux/tc_act/tc_vlan.h +index f7b8d44..bddb272 100644 +--- a/include/linux/tc_act/tc_vlan.h ++++ b/include/linux/tc_act/tc_vlan.h +@@ -16,6 +16,7 @@ + + #define TCA_VLAN_ACT_POP 1 + #define TCA_VLAN_ACT_PUSH 2 ++#define TCA_VLAN_ACT_MODIFY 3 + + struct tc_vlan { + tc_gen; +@@ -28,6 +29,8 @@ enum { + TCA_VLAN_PARMS, + TCA_VLAN_PUSH_VLAN_ID, + TCA_VLAN_PUSH_VLAN_PROTOCOL, ++ TCA_VLAN_PAD, ++ TCA_VLAN_PUSH_VLAN_PRIORITY, + __TCA_VLAN_MAX, + }; + #define TCA_VLAN_MAX (__TCA_VLAN_MAX - 1) +diff --git a/include/linux/tcp.h b/include/linux/tcp.h +index 7f21db9..646c488 100644 +--- a/include/linux/tcp.h ++++ b/include/linux/tcp.h +@@ -115,12 +115,22 @@ enum { + #define TCP_CC_INFO 26 /* Get Congestion Control (optional) info */ + #define TCP_SAVE_SYN 27 /* Record SYN headers for new connections */ + #define TCP_SAVED_SYN 28 /* Get SYN headers recorded for connection */ ++#define TCP_REPAIR_WINDOW 29 /* Get/set window parameters */ + + struct tcp_repair_opt { + __u32 opt_code; + __u32 opt_val; + }; + ++struct tcp_repair_window { ++ __u32 snd_wl1; ++ __u32 snd_wnd; ++ __u32 max_window; ++ ++ __u32 rcv_wnd; ++ __u32 rcv_wup; ++}; ++ + enum { + TCP_NO_QUEUE, + TCP_RECV_QUEUE, +@@ -157,6 +167,7 @@ struct tcp_info { + __u8 tcpi_backoff; + __u8 tcpi_options; + __u8 tcpi_snd_wscale : 4, tcpi_rcv_wscale : 4; ++ __u8 tcpi_delivery_rate_app_limited:1; + + __u32 tcpi_rto; + __u32 tcpi_ato; +@@ -201,6 +212,20 @@ struct tcp_info { + __u32 tcpi_min_rtt; + __u32 tcpi_data_segs_in; /* RFC4898 tcpEStatsDataSegsIn */ + __u32 tcpi_data_segs_out; /* RFC4898 tcpEStatsDataSegsOut */ ++ ++ __u64 tcpi_delivery_rate; ++ ++ __u64 tcpi_busy_time; /* Time (usec) busy sending data */ ++ __u64 tcpi_rwnd_limited; /* Time (usec) limited by receive window */ ++ __u64 tcpi_sndbuf_limited; /* Time (usec) limited by send buffer */ ++}; ++ ++/* netlink attributes types for SCM_TIMESTAMPING_OPT_STATS */ ++enum { ++ TCP_NLA_PAD, ++ TCP_NLA_BUSY, /* Time (usec) busy sending data */ ++ TCP_NLA_RWND_LIMITED, /* Time (usec) limited by receive window */ ++ TCP_NLA_SNDBUF_LIMITED, /* Time (usec) limited by send buffer */ + }; + + /* for TCP_MD5SIG socket option */ +diff --git a/include/linux/tcp_metrics.h b/include/linux/tcp_metrics.h +index 9353392..80ad90d 100644 +--- a/include/linux/tcp_metrics.h ++++ b/include/linux/tcp_metrics.h +@@ -40,6 +40,7 @@ enum { + TCP_METRICS_ATTR_FOPEN_COOKIE, /* binary */ + TCP_METRICS_ATTR_SADDR_IPV4, /* u32 */ + TCP_METRICS_ATTR_SADDR_IPV6, /* binary */ ++ TCP_METRICS_ATTR_PAD, + + __TCP_METRICS_ATTR_MAX, + }; +diff --git a/include/linux/tipc.h b/include/linux/tipc.h +index ebd3b63..4004300 100644 +--- a/include/linux/tipc.h ++++ b/include/linux/tipc.h +@@ -60,26 +60,48 @@ struct tipc_name_seq { + __u32 upper; + }; + ++/* TIPC Address Size, Offset, Mask specification for Z.C.N ++ */ ++#define TIPC_NODE_BITS 12 ++#define TIPC_CLUSTER_BITS 12 ++#define TIPC_ZONE_BITS 8 ++ ++#define TIPC_NODE_OFFSET 0 ++#define TIPC_CLUSTER_OFFSET TIPC_NODE_BITS ++#define TIPC_ZONE_OFFSET (TIPC_CLUSTER_OFFSET + TIPC_CLUSTER_BITS) ++ ++#define TIPC_NODE_SIZE ((1UL << TIPC_NODE_BITS) - 1) ++#define TIPC_CLUSTER_SIZE ((1UL << TIPC_CLUSTER_BITS) - 1) ++#define TIPC_ZONE_SIZE ((1UL << TIPC_ZONE_BITS) - 1) ++ ++#define TIPC_NODE_MASK (TIPC_NODE_SIZE << TIPC_NODE_OFFSET) ++#define TIPC_CLUSTER_MASK (TIPC_CLUSTER_SIZE << TIPC_CLUSTER_OFFSET) ++#define TIPC_ZONE_MASK (TIPC_ZONE_SIZE << TIPC_ZONE_OFFSET) ++ ++#define TIPC_ZONE_CLUSTER_MASK (TIPC_ZONE_MASK | TIPC_CLUSTER_MASK) ++ + static __inline__ __u32 tipc_addr(unsigned int zone, + unsigned int cluster, + unsigned int node) + { +- return (zone << 24) | (cluster << 12) | node; ++ return (zone << TIPC_ZONE_OFFSET) | ++ (cluster << TIPC_CLUSTER_OFFSET) | ++ node; + } + + static __inline__ unsigned int tipc_zone(__u32 addr) + { +- return addr >> 24; ++ return addr >> TIPC_ZONE_OFFSET; + } + + static __inline__ unsigned int tipc_cluster(__u32 addr) + { +- return (addr >> 12) & 0xfff; ++ return (addr & TIPC_CLUSTER_MASK) >> TIPC_CLUSTER_OFFSET; + } + + static __inline__ unsigned int tipc_node(__u32 addr) + { +- return addr & 0xfff; ++ return addr & TIPC_NODE_MASK; + } + + /* +diff --git a/include/linux/tipc_netlink.h b/include/linux/tipc_netlink.h +index d4c8f14..f9edd20 100644 +--- a/include/linux/tipc_netlink.h ++++ b/include/linux/tipc_netlink.h +@@ -56,6 +56,12 @@ enum { + TIPC_NL_NET_GET, + TIPC_NL_NET_SET, + TIPC_NL_NAME_TABLE_GET, ++ TIPC_NL_MON_SET, ++ TIPC_NL_MON_GET, ++ TIPC_NL_MON_PEER_GET, ++ TIPC_NL_PEER_REMOVE, ++ TIPC_NL_BEARER_ADD, ++ TIPC_NL_UDP_GET_REMOTEIP, + + __TIPC_NL_CMD_MAX, + TIPC_NL_CMD_MAX = __TIPC_NL_CMD_MAX - 1 +@@ -72,6 +78,8 @@ enum { + TIPC_NLA_NODE, /* nest */ + TIPC_NLA_NET, /* nest */ + TIPC_NLA_NAME_TABLE, /* nest */ ++ TIPC_NLA_MON, /* nest */ ++ TIPC_NLA_MON_PEER, /* nest */ + + __TIPC_NLA_MAX, + TIPC_NLA_MAX = __TIPC_NLA_MAX - 1 +@@ -93,6 +101,7 @@ enum { + TIPC_NLA_UDP_UNSPEC, + TIPC_NLA_UDP_LOCAL, /* sockaddr_storage */ + TIPC_NLA_UDP_REMOTE, /* sockaddr_storage */ ++ TIPC_NLA_UDP_MULTI_REMOTEIP, /* flag */ + + __TIPC_NLA_UDP_MAX, + TIPC_NLA_UDP_MAX = __TIPC_NLA_UDP_MAX - 1 +@@ -166,6 +175,20 @@ enum { + TIPC_NLA_NAME_TABLE_MAX = __TIPC_NLA_NAME_TABLE_MAX - 1 + }; + ++/* Monitor info */ ++enum { ++ TIPC_NLA_MON_UNSPEC, ++ TIPC_NLA_MON_ACTIVATION_THRESHOLD, /* u32 */ ++ TIPC_NLA_MON_REF, /* u32 */ ++ TIPC_NLA_MON_ACTIVE, /* flag */ ++ TIPC_NLA_MON_BEARER_NAME, /* string */ ++ TIPC_NLA_MON_PEERCNT, /* u32 */ ++ TIPC_NLA_MON_LISTGEN, /* u32 */ ++ ++ __TIPC_NLA_MON_MAX, ++ TIPC_NLA_MON_MAX = __TIPC_NLA_MON_MAX - 1 ++}; ++ + /* Publication info */ + enum { + TIPC_NLA_PUBL_UNSPEC, +@@ -182,6 +205,24 @@ enum { + TIPC_NLA_PUBL_MAX = __TIPC_NLA_PUBL_MAX - 1 + }; + ++/* Monitor peer info */ ++enum { ++ TIPC_NLA_MON_PEER_UNSPEC, ++ ++ TIPC_NLA_MON_PEER_ADDR, /* u32 */ ++ TIPC_NLA_MON_PEER_DOMGEN, /* u32 */ ++ TIPC_NLA_MON_PEER_APPLIED, /* u32 */ ++ TIPC_NLA_MON_PEER_UPMAP, /* u64 */ ++ TIPC_NLA_MON_PEER_MEMBERS, /* tlv */ ++ TIPC_NLA_MON_PEER_UP, /* flag */ ++ TIPC_NLA_MON_PEER_HEAD, /* flag */ ++ TIPC_NLA_MON_PEER_LOCAL, /* flag */ ++ TIPC_NLA_MON_PEER_PAD, /* flag */ ++ ++ __TIPC_NLA_MON_PEER_MAX, ++ TIPC_NLA_MON_PEER_MAX = __TIPC_NLA_MON_PEER_MAX - 1 ++}; ++ + /* Nest, connection info */ + enum { + TIPC_NLA_CON_UNSPEC, +diff --git a/include/linux/types.h b/include/linux/types.h +index 23ea78f..c640657 100644 +--- a/include/linux/types.h ++++ b/include/linux/types.h +@@ -18,11 +18,7 @@ + #else + #define __bitwise__ + #endif +-#ifdef __CHECK_ENDIAN__ + #define __bitwise __bitwise__ +-#else +-#define __bitwise +-#endif + + typedef __u16 __bitwise __le16; + typedef __u16 __bitwise __be16; +diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h +index b8f5451..d2dd1fd 100644 +--- a/include/linux/xfrm.h ++++ b/include/linux/xfrm.h +@@ -298,10 +298,11 @@ enum xfrm_attr_type_t { + XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ + XFRMA_MARK, /* struct xfrm_mark */ + XFRMA_TFCPAD, /* __u32 */ +- XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */ ++ XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_state_esn */ + XFRMA_SA_EXTRA_FLAGS, /* __u32 */ + XFRMA_PROTO, /* __u8 */ + XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */ ++ XFRMA_PAD, + __XFRMA_MAX + + #define XFRMA_MAX (__XFRMA_MAX - 1) +-- +1.8.3.1 + diff --git a/SOURCES/0094-ipneigh-add-missing-proxy-keyword-to-help-text.patch b/SOURCES/0094-ipneigh-add-missing-proxy-keyword-to-help-text.patch deleted file mode 100644 index eb6c2d1..0000000 --- a/SOURCES/0094-ipneigh-add-missing-proxy-keyword-to-help-text.patch +++ /dev/null @@ -1,37 +0,0 @@ -From bef1cf702a74c0c15a5b763ab95bc22ad34ecca9 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:36:42 +0100 -Subject: [PATCH] ipneigh: add missing proxy keyword to help text - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit c339b4cc53f64 - -commit c339b4cc53f64b79b384524ce0e124965d341579 -Author: Phil Sutter -Date: Wed Mar 2 19:19:52 2016 +0100 - - ipneigh: add missing proxy keyword to help text - - And while we're at it, add whitespace around braces and pipe symbol. - - Signed-off-by: Phil Sutter ---- - ip/ipneigh.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/ipneigh.c b/ip/ipneigh.c -index 19fd8e2..2dbd537 100644 ---- a/ip/ipneigh.c -+++ b/ip/ipneigh.c -@@ -48,7 +48,7 @@ static void usage(void) - fprintf(stderr, "Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ]\n" - " [ nud { permanent | noarp | stale | reachable } ]\n" - " | proxy ADDR } [ dev DEV ]\n"); -- fprintf(stderr, " ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n"); -+ fprintf(stderr, " ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n"); - exit(-1); - } - --- -1.8.3.1 - diff --git a/SOURCES/0095-bridge-add-support-for-the-multicast-flood-flag.patch b/SOURCES/0095-bridge-add-support-for-the-multicast-flood-flag.patch new file mode 100644 index 0000000..a6a8162 --- /dev/null +++ b/SOURCES/0095-bridge-add-support-for-the-multicast-flood-flag.patch @@ -0,0 +1,164 @@ +From b13ed2eea122977b06091fe4dc1f885ac24ff168 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:13:18 +0100 +Subject: [PATCH] bridge: add support for the multicast flood flag + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit 9208b4e7c9834 + +commit 9208b4e7c983447368c43e4cdc3d2cfce9e19069 +Author: Nikolay Aleksandrov +Date: Thu Oct 13 17:54:20 2016 +0200 + + bridge: add support for the multicast flood flag + + Recently a new per-port flag was added which controls the flooding of + unknown multicast, this patch adds support for controlling it via iproute2. + It also updates the man pages with information about the new flag. + + Signed-off-by: Nikolay Aleksandrov +--- + bridge/link.c | 12 ++++++++++++ + ip/iplink_bridge_slave.c | 9 +++++++++ + man/man8/bridge.8 | 7 ++++++- + man/man8/ip-link.8.in | 7 ++++++- + 4 files changed, 33 insertions(+), 2 deletions(-) + +diff --git a/bridge/link.c b/bridge/link.c +index 353e1c3..da49469 100644 +--- a/bridge/link.c ++++ b/bridge/link.c +@@ -195,6 +195,9 @@ int print_linkinfo(const struct sockaddr_nl *who, + if (prtb[IFLA_BRPORT_UNICAST_FLOOD]) + print_onoff(fp, "flood", + rta_getattr_u8(prtb[IFLA_BRPORT_UNICAST_FLOOD])); ++ if (prtb[IFLA_BRPORT_MCAST_FLOOD]) ++ print_onoff(fp, "mcast_flood", ++ rta_getattr_u8(prtb[IFLA_BRPORT_MCAST_FLOOD])); + } + } else + print_portstate(fp, rta_getattr_u8(tb[IFLA_PROTINFO])); +@@ -227,6 +230,7 @@ static void usage(void) + fprintf(stderr, " [ learning {on | off} ]\n"); + fprintf(stderr, " [ learning_sync {on | off} ]\n"); + fprintf(stderr, " [ flood {on | off} ]\n"); ++ fprintf(stderr, " [ mcast_flood {on | off} ]\n"); + fprintf(stderr, " [ hwmode {vepa | veb} ]\n"); + fprintf(stderr, " [ self ] [ master ]\n"); + fprintf(stderr, " bridge link show [dev DEV]\n"); +@@ -260,6 +264,7 @@ static int brlink_modify(int argc, char **argv) + __s8 learning = -1; + __s8 learning_sync = -1; + __s8 flood = -1; ++ __s8 mcast_flood = -1; + __s8 hairpin = -1; + __s8 bpdu_guard = -1; + __s8 fast_leave = -1; +@@ -310,6 +315,10 @@ static int brlink_modify(int argc, char **argv) + NEXT_ARG(); + if (!on_off("flood", &flood, *argv)) + return -1; ++ } else if (strcmp(*argv, "mcast_flood") == 0) { ++ NEXT_ARG(); ++ if (!on_off("mcast_flood", &mcast_flood, *argv)) ++ return -1; + } else if (strcmp(*argv, "cost") == 0) { + NEXT_ARG(); + cost = atoi(*argv); +@@ -382,6 +391,9 @@ static int brlink_modify(int argc, char **argv) + addattr8(&req.n, sizeof(req), IFLA_BRPORT_PROTECT, root_block); + if (flood >= 0) + addattr8(&req.n, sizeof(req), IFLA_BRPORT_UNICAST_FLOOD, flood); ++ if (mcast_flood >= 0) ++ addattr8(&req.n, sizeof(req), IFLA_BRPORT_MCAST_FLOOD, ++ mcast_flood); + if (learning >= 0) + addattr8(&req.n, sizeof(req), IFLA_BRPORT_LEARNING, learning); + if (learning_sync >= 0) +diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c +index 3ec2bba..95efca8 100644 +--- a/ip/iplink_bridge_slave.c ++++ b/ip/iplink_bridge_slave.c +@@ -33,6 +33,7 @@ static void print_explain(FILE *f) + " [ proxy_arp_wifi {on | off} ]\n" + " [ mcast_router MULTICAST_ROUTER ]\n" + " [ mcast_fast_leave {on | off} ]\n" ++ " [ mcast_flood {on | off} ]\n" + ); + } + +@@ -187,6 +188,10 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f, + if (tb[IFLA_BRPORT_FAST_LEAVE]) + print_onoff(f, "mcast_fast_leave", + rta_getattr_u8(tb[IFLA_BRPORT_FAST_LEAVE])); ++ ++ if (tb[IFLA_BRPORT_MCAST_FLOOD]) ++ print_onoff(f, "mcast_flood", ++ rta_getattr_u8(tb[IFLA_BRPORT_MCAST_FLOOD])); + } + + static void bridge_slave_parse_on_off(char *arg_name, char *arg_val, +@@ -251,6 +256,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv, + NEXT_ARG(); + bridge_slave_parse_on_off("flood", *argv, n, + IFLA_BRPORT_UNICAST_FLOOD); ++ } else if (matches(*argv, "mcast_flood") == 0) { ++ NEXT_ARG(); ++ bridge_slave_parse_on_off("mcast_flood", *argv, n, ++ IFLA_BRPORT_MCAST_FLOOD); + } else if (matches(*argv, "proxy_arp") == 0) { + NEXT_ARG(); + bridge_slave_parse_on_off("proxy_arp", *argv, n, +diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 +index c09b8c3..77124bb 100644 +--- a/man/man8/bridge.8 ++++ b/man/man8/bridge.8 +@@ -42,7 +42,8 @@ bridge \- show / manipulate bridge addresses and devices + .BR learning_sync " { " on " | " off " } ] [ " + .BR flood " { " on " | " off " } ] [ " + .BR hwmode " { " vepa " | " veb " } ] [ " +-.BR self " ] [ " master " ] " ++.BR mcast_flood " { " on " | " off " } ] [ " ++.BR self " ] [ " master " ]" + + .ti -8 + .BR "bridge link" " [ " show " ] [ " +@@ -305,6 +306,10 @@ switch. + - bridging happens in hardware. + + .TP ++.BR "mcast_flood on " or " mcast_flood off " ++Controls whether a given port will be flooded with multicast traffic for which there is no MDB entry. By default this flag is on. ++ ++.TP + .BI self + link setting is configured on specified physical device + +diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in +index 38e5416..8030203 100644 +--- a/man/man8/ip-link.8.in ++++ b/man/man8/ip-link.8.in +@@ -1144,7 +1144,9 @@ the following additional arguments are supported: + ] [ + .BI mcast_router " MULTICAST_ROUTER" + ] [ +-.BR mcast_fast_leave " { " on " | " off "} ]" ++.BR mcast_fast_leave " { " on " | " off "}" ++] [ ++.BR mcast_flood " { " on " | " off " } ]" + + .in +8 + .sp +@@ -1213,6 +1215,9 @@ queries. + .B fastleave + option above. + ++.BR mcast_flood " { " on " | " off " }" ++- controls whether a given port will be flooded with multicast traffic for which there is no MDB entry. ++ + .in -8 + + .TP +-- +1.8.3.1 + diff --git a/SOURCES/0095-ipntable-Fix-typo-in-help-text.patch b/SOURCES/0095-ipntable-Fix-typo-in-help-text.patch deleted file mode 100644 index 173f12c..0000000 --- a/SOURCES/0095-ipntable-Fix-typo-in-help-text.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0c03f463e786c6c597590cbc57b2bad29ab4fd42 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:36:42 +0100 -Subject: [PATCH] ipntable: Fix typo in help text - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit f1fdcfe66a8e1 - -commit f1fdcfe66a8e197a5015cb81c789061c03629108 -Author: Phil Sutter -Date: Wed Mar 2 19:19:53 2016 +0100 - - ipntable: Fix typo in help text - - Signed-off-by: Phil Sutter ---- - ip/ipntable.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/ipntable.c b/ip/ipntable.c -index ca5d935..3ff5e65 100644 ---- a/ip/ipntable.c -+++ b/ip/ipntable.c -@@ -53,7 +53,7 @@ static void usage(void) - - "PARMS := [ base_reachable MSEC ] [ retrans MSEC ] [ gc_stale MSEC ]\n" - " [ delay_probe MSEC ] [ queue LEN ]\n" -- " [ app_probs VAL ] [ ucast_probes VAL ] [ mcast_probes VAL ]\n" -+ " [ app_probes VAL ] [ ucast_probes VAL ] [ mcast_probes VAL ]\n" - " [ anycast_delay MSEC ] [ proxy_delay MSEC ] [ proxy_queue LEN ]\n" - " [ locktime MSEC ]\n" - ); --- -1.8.3.1 - diff --git a/SOURCES/0096-change-of-rtnetlink-to-use-RTN_F_OFFLOAD.patch b/SOURCES/0096-change-of-rtnetlink-to-use-RTN_F_OFFLOAD.patch new file mode 100644 index 0000000..0509a72 --- /dev/null +++ b/SOURCES/0096-change-of-rtnetlink-to-use-RTN_F_OFFLOAD.patch @@ -0,0 +1,35 @@ +From ecf397760bfe1a5f9742cafa75761e68678c38ee Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 28 Feb 2017 16:13:18 +0100 +Subject: [PATCH] change of rtnetlink to use RTN_F_OFFLOAD + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1417289 +Upstream Status: iproute2.git commit c52827e9077f7 + +commit c52827e9077f781f4d5f52f0c0aa67b59151e187 +Author: Stephen Hemminger +Date: Wed May 27 18:29:02 2015 -0700 + + change of rtnetlink to use RTN_F_OFFLOAD + + The definition of offload flag changed during 4.1 rc process. +--- + ip/iproute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ip/iproute.c b/ip/iproute.c +index 73c6db9..eb5d145 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -438,7 +438,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "onlink "); + if (r->rtm_flags & RTNH_F_PERVASIVE) + fprintf(fp, "pervasive "); +- if (r->rtm_flags & RTNH_F_EXTERNAL) ++ if (r->rtm_flags & RTNH_F_OFFLOAD) + fprintf(fp, "offload "); + if (r->rtm_flags & RTM_F_NOTIFY) + fprintf(fp, "notify "); +-- +1.8.3.1 + diff --git a/SOURCES/0096-iproute-TYPE-keyword-is-not-optional-fix-help-text-a.patch b/SOURCES/0096-iproute-TYPE-keyword-is-not-optional-fix-help-text-a.patch deleted file mode 100644 index 7033942..0000000 --- a/SOURCES/0096-iproute-TYPE-keyword-is-not-optional-fix-help-text-a.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 42dcbf8a80e4d9ccdf9b777674656db26fc9eb4c Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:36:42 +0100 -Subject: [PATCH] iproute: TYPE keyword is not optional, fix help text - accordingly - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 070ebbdf754b0 -Conflicts: Patch applied manually due to multiple missing features. - -commit 070ebbdf754b02e1d7f9e9dbd84e1499332d9063 -Author: Phil Sutter -Date: Wed Mar 2 19:19:54 2016 +0100 - - iproute: TYPE keyword is not optional, fix help text accordingly - - This is a bit pedantic, but brackets ([]) show optional values and since - TYPE must not become empty, they're not suited to surround the type - keyword choices. Use curly braces instead. - - Also add some missing whitespace to the parameter list above. - - Signed-off-by: Phil Sutter ---- - ip/iproute.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index b7e0b15..74599e4 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -78,12 +78,12 @@ static void usage(void) - fprintf(stderr, "NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS\n"); - fprintf(stderr, "OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ]\n"); - fprintf(stderr, " [ rtt TIME ] [ rttvar TIME ] [reordering NUMBER ]\n"); -- fprintf(stderr, " [ window NUMBER] [ cwnd NUMBER ] [ initcwnd NUMBER ]\n"); -+ fprintf(stderr, " [ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]\n"); - fprintf(stderr, " [ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]\n"); - fprintf(stderr, " [ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]\n"); - fprintf(stderr, " [ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]\n"); -- fprintf(stderr, "TYPE := [ unicast | local | broadcast | multicast | throw |\n"); -- fprintf(stderr, " unreachable | prohibit | blackhole | nat ]\n"); -+ fprintf(stderr, "TYPE := { unicast | local | broadcast | multicast | throw |\n"); -+ fprintf(stderr, " unreachable | prohibit | blackhole | nat }\n"); - fprintf(stderr, "TABLE_ID := [ local | main | default | all | NUMBER ]\n"); - fprintf(stderr, "SCOPE := [ host | link | global | NUMBER ]\n"); - fprintf(stderr, "NHFLAGS := [ onlink | pervasive ]\n"); --- -1.8.3.1 - diff --git a/SOURCES/0097-ip-make-resolve-addr-to-print-names-rather-than-addr.patch b/SOURCES/0097-ip-make-resolve-addr-to-print-names-rather-than-addr.patch new file mode 100644 index 0000000..8fcdd1e --- /dev/null +++ b/SOURCES/0097-ip-make-resolve-addr-to-print-names-rather-than-addr.patch @@ -0,0 +1,64 @@ +From 678ff7158b887b5ecd32e5c6be319a8541001b50 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:17:53 +0100 +Subject: [PATCH] ip: make -resolve addr to print names rather than addresses + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit ffa35d930b9ba + +commit ffa35d930b9bae8324768c5b018adaf26258aff9 +Author: Sami Kerola +Date: Mon Sep 30 22:01:48 2013 +0100 + + ip: make -resolve addr to print names rather than addresses + + As a system admin I occasionally want to be able to check that all + interfaces has a name in DNS or /etc/hosts file. + + Signed-off-by: Sami Kerola +--- + ip/ipaddress.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index d5bc2dc..147bcca 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -864,7 +864,7 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, + fprintf(fp, " family %d ", ifa->ifa_family); + + if (rta_tb[IFA_LOCAL]) { +- fprintf(fp, "%s", rt_addr_n2a(ifa->ifa_family, ++ fprintf(fp, "%s", format_host(ifa->ifa_family, + RTA_PAYLOAD(rta_tb[IFA_LOCAL]), + RTA_DATA(rta_tb[IFA_LOCAL]), + abuf, sizeof(abuf))); +@@ -875,7 +875,7 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, + fprintf(fp, "/%d ", ifa->ifa_prefixlen); + } else { + fprintf(fp, " peer %s/%d ", +- rt_addr_n2a(ifa->ifa_family, ++ format_host(ifa->ifa_family, + RTA_PAYLOAD(rta_tb[IFA_ADDRESS]), + RTA_DATA(rta_tb[IFA_ADDRESS]), + abuf, sizeof(abuf)), +@@ -885,14 +885,14 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, + + if (rta_tb[IFA_BROADCAST]) { + fprintf(fp, "brd %s ", +- rt_addr_n2a(ifa->ifa_family, ++ format_host(ifa->ifa_family, + RTA_PAYLOAD(rta_tb[IFA_BROADCAST]), + RTA_DATA(rta_tb[IFA_BROADCAST]), + abuf, sizeof(abuf))); + } + if (rta_tb[IFA_ANYCAST]) { + fprintf(fp, "any %s ", +- rt_addr_n2a(ifa->ifa_family, ++ format_host(ifa->ifa_family, + RTA_PAYLOAD(rta_tb[IFA_ANYCAST]), + RTA_DATA(rta_tb[IFA_ANYCAST]), + abuf, sizeof(abuf))); +-- +1.8.3.1 + diff --git a/SOURCES/0097-iprule-add-missing-nat-keyword-to-help-text.patch b/SOURCES/0097-iprule-add-missing-nat-keyword-to-help-text.patch deleted file mode 100644 index 09418e6..0000000 --- a/SOURCES/0097-iprule-add-missing-nat-keyword-to-help-text.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0c053afb5900cb6f4b91a700d595c49fc41b2005 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:41:29 +0100 -Subject: [PATCH] iprule: add missing nat keyword to help text - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 20f2af78fb85e - -commit 20f2af78fb85e53c6d41e73f010607b8d0edbd6e -Author: Phil Sutter -Date: Wed Mar 2 19:19:55 2016 +0100 - - iprule: add missing nat keyword to help text - - Signed-off-by: Phil Sutter ---- - ip/iprule.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/ip/iprule.c b/ip/iprule.c -index 059b50b..2a153f5 100644 ---- a/ip/iprule.c -+++ b/ip/iprule.c -@@ -38,6 +38,7 @@ static void usage(void) - fprintf(stderr, "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n"); - fprintf(stderr, " [ iif STRING ] [ oif STRING ] [ pref NUMBER ]\n"); - fprintf(stderr, "ACTION := [ table TABLE_ID ]\n"); -+ fprintf(stderr, " [ nat ADDRESS ]\n"); - fprintf(stderr, " [ realms [SRCREALM/]DSTREALM ]\n"); - fprintf(stderr, " [ goto NUMBER ]\n"); - fprintf(stderr, "TABLE_ID := [ local | main | default | NUMBER ]\n"); --- -1.8.3.1 - diff --git a/SOURCES/0098-man-ip-address.8-Minor-syntax-fixes.patch b/SOURCES/0098-man-ip-address.8-Minor-syntax-fixes.patch deleted file mode 100644 index 2727399..0000000 --- a/SOURCES/0098-man-ip-address.8-Minor-syntax-fixes.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 715a353a639ae91ca8dfd6c09492ed6426b060bc Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:41:30 +0100 -Subject: [PATCH] man: ip-address.8: Minor syntax fixes - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 37fdeb585d773 - -commit 37fdeb585d773b22a193c07b0beef8994c2b741f -Author: Phil Sutter -Date: Wed Mar 2 19:19:56 2016 +0100 - - man: ip-address.8: Minor syntax fixes - - Clarify that the optional '-' prefix of the 'tentative', 'deprecated' - and 'dadfailed' keywords has to be put right in front of them, no - whitespace is allowed in between. - - In addition to that, clarify that it is valid to pass both 'valid_lft' - and 'preferred_lft' at the same time to 'ip address'. - - Signed-off-by: Phil Sutter ---- - man/man8/ip-address.8.in | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index 159d906..ff3fe0b 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -58,9 +58,9 @@ ip-address \- protocol address management - - .ti -8 - .IR FLAG " := " --.RB "[ " permanent " | " dynamic " | " secondary " | " primary " | \ --[ - ] " tentative " | [ - ] " deprecated " | [ - ] " dadfailed " | "\ --temporary " | " CONFFLAG-LIST " ]" -+.RB "[ " permanent " | " dynamic " | " secondary " | " primary " |" -+.RB [ - ] tentative " | [" - ] deprecated " | [" - ] dadfailed " |" -+.BR temporary " | " CONFFLAG-LIST " ]" - - .ti -8 - .IR CONFFLAG-LIST " := [ " CONFFLAG-LIST " ] " CONFFLAG -@@ -72,7 +72,7 @@ temporary " | " CONFFLAG-LIST " ]" - .ti -8 - .IR LIFETIME " := [ " - .BI valid_lft " LFT" --.RB "| " preferred_lft -+.RB "] [ " preferred_lft - .IR LFT " ]" - - .ti -8 --- -1.8.3.1 - diff --git a/SOURCES/0098-tc-add-support-for-Flower-classifier.patch b/SOURCES/0098-tc-add-support-for-Flower-classifier.patch new file mode 100644 index 0000000..356466f --- /dev/null +++ b/SOURCES/0098-tc-add-support-for-Flower-classifier.patch @@ -0,0 +1,582 @@ +From 47a5dbb5c02336730a7c1f601b2351521c31c16b Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:17:53 +0100 +Subject: [PATCH] tc: add support for Flower classifier + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 30eb304ecd1dd + +commit 30eb304ecd1dd7e452847fabea779de0dbe3f1a5 +Author: Jiri Pirko +Date: Fri May 15 13:34:04 2015 +0200 + + tc: add support for Flower classifier + + Signed-off-by: Jiri Pirko +--- + tc/Makefile | 1 + + tc/f_flower.c | 540 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 541 insertions(+) + create mode 100644 tc/f_flower.c + +diff --git a/tc/Makefile b/tc/Makefile +index 59ee1dd..a6ad9ae 100644 +--- a/tc/Makefile ++++ b/tc/Makefile +@@ -30,6 +30,7 @@ TCMODULES += f_basic.o + TCMODULES += f_bpf.o + TCMODULES += f_flow.o + TCMODULES += f_cgroup.o ++TCMODULES += f_flower.o + TCMODULES += q_dsmark.o + TCMODULES += q_gred.o + TCMODULES += f_tcindex.o +diff --git a/tc/f_flower.c b/tc/f_flower.c +new file mode 100644 +index 0000000..9a5ea06 +--- /dev/null ++++ b/tc/f_flower.c +@@ -0,0 +1,540 @@ ++/* ++ * f_flower.c Flower Classifier ++ * ++ * This program is free software; you can distribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ * ++ * Authors: Jiri Pirko ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "utils.h" ++#include "tc_util.h" ++#include "rt_names.h" ++ ++static void explain(void) ++{ ++ fprintf(stderr, "Usage: ... flower [ MATCH-LIST ]\n"); ++ fprintf(stderr, " [ action ACTION-SPEC ] [ classid CLASSID ]\n"); ++ fprintf(stderr, "\n"); ++ fprintf(stderr, "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"); ++ fprintf(stderr, " MATCH := [ indev DEV-NAME | \n"); ++ fprintf(stderr, " dst_mac MAC-ADDR | \n"); ++ fprintf(stderr, " src_mac MAC-ADDR | \n"); ++ fprintf(stderr, " eth_type [ipv4 | ipv6 | ETH-TYPE ] | \n"); ++ fprintf(stderr, " ip_proto [tcp | udp | IP-PROTO ] | \n"); ++ fprintf(stderr, " dst_ip [ IPV4-ADDR | IPV6-ADDR ] | \n"); ++ fprintf(stderr, " src_ip [ IPV4-ADDR | IPV6-ADDR ] | \n"); ++ fprintf(stderr, " dst_port PORT-NUMBER | \n"); ++ fprintf(stderr, " src_port PORT-NUMBER | \n"); ++ fprintf(stderr, " FILTERID := X:Y:Z\n"); ++ fprintf(stderr, " ACTION-SPEC := ... look at individual actions\n"); ++ fprintf(stderr, "\n"); ++ fprintf(stderr, "NOTE: CLASSID, ETH-TYPE, IP-PROTO are parsed as hexadecimal input.\n"); ++ fprintf(stderr, "NOTE: There can be only used one mask per one prio. If user needs\n"); ++ fprintf(stderr, " to specify different mask, he has to use different prio.\n"); ++} ++ ++static int flower_parse_eth_addr(char *str, int addr_type, int mask_type, ++ struct nlmsghdr *n) ++{ ++ int ret; ++ char addr[ETH_ALEN]; ++ ++ ret = ll_addr_a2n(addr, sizeof(addr), str); ++ if (ret < 0) ++ return -1; ++ addattr_l(n, MAX_MSG, addr_type, addr, sizeof(addr)); ++ memset(addr, 0xff, ETH_ALEN); ++ addattr_l(n, MAX_MSG, mask_type, addr, sizeof(addr)); ++ return 0; ++} ++ ++static int flower_parse_eth_type(char *str, int type, __be16 *p_eth_type, ++ struct nlmsghdr *n) ++{ ++ int ret; ++ __be16 eth_type; ++ ++ if (matches(str, "ipv4") == 0) { ++ eth_type = htons(ETH_P_IP); ++ } else if (matches(str, "ipv6") == 0) { ++ eth_type = htons(ETH_P_IPV6); ++ } else { ++ __u16 tmp; ++ ++ ret = get_u16(&tmp, str, 16); ++ if (ret) ++ return -1; ++ eth_type = htons(tmp); ++ } ++ addattr16(n, MAX_MSG, type, eth_type); ++ *p_eth_type = eth_type; ++ return 0; ++} ++ ++static int flower_parse_ip_proto(char *str, __be16 eth_type, int type, ++ __u8 *p_ip_proto, struct nlmsghdr *n) ++{ ++ int ret; ++ __u8 ip_proto; ++ ++ if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6)) { ++ fprintf(stderr, "Illegal \"eth_type\" for ip proto\n"); ++ return -1; ++ } ++ if (matches(str, "tcp") == 0) { ++ ip_proto = IPPROTO_TCP; ++ } else if (matches(str, "udp") == 0) { ++ ip_proto = IPPROTO_UDP; ++ } else { ++ ret = get_u8(&ip_proto, str, 16); ++ if (ret) ++ return -1; ++ } ++ addattr8(n, MAX_MSG, type, ip_proto); ++ *p_ip_proto = ip_proto; ++ return 0; ++} ++ ++static int flower_parse_ip_addr(char *str, __be16 eth_type, ++ int addr4_type, int mask4_type, ++ int addr6_type, int mask6_type, ++ struct nlmsghdr *n) ++{ ++ int ret; ++ inet_prefix addr; ++ int family; ++ int bits; ++ int i; ++ ++ if (eth_type == htons(ETH_P_IP)) { ++ family = AF_INET; ++ } else if (eth_type == htons(ETH_P_IPV6)) { ++ family = AF_INET6; ++ } else { ++ fprintf(stderr, "Illegal \"eth_type\" for ip address\n"); ++ return -1; ++ } ++ ++ ret = get_prefix(&addr, str, family); ++ if (ret) ++ return -1; ++ ++ if (addr.family != family) ++ return -1; ++ ++ addattr_l(n, MAX_MSG, addr.family == AF_INET ? addr4_type : addr6_type, ++ addr.data, addr.bytelen); ++ ++ memset(addr.data, 0xff, addr.bytelen); ++ bits = addr.bitlen; ++ for (i = 0; i < addr.bytelen / 4; i++) { ++ if (!bits) { ++ addr.data[i] = 0; ++ } else if (bits / 32 >= 1) { ++ bits -= 32; ++ } else { ++ addr.data[i] <<= 32 - bits; ++ addr.data[i] = htonl(addr.data[i]); ++ bits = 0; ++ } ++ } ++ ++ addattr_l(n, MAX_MSG, addr.family == AF_INET ? mask4_type : mask6_type, ++ addr.data, addr.bytelen); ++ ++ return 0; ++} ++ ++static int flower_parse_port(char *str, __u8 ip_port, ++ int tcp_type, int udp_type, struct nlmsghdr *n) ++{ ++ int ret; ++ int type; ++ __be16 port; ++ ++ if (ip_port == IPPROTO_TCP) { ++ type = tcp_type; ++ } else if (ip_port == IPPROTO_UDP) { ++ type = udp_type; ++ } else { ++ fprintf(stderr, "Illegal \"ip_proto\" for port\n"); ++ return -1; ++ } ++ ++ ret = get_u16(&port, str, 10); ++ if (ret) ++ return -1; ++ ++ addattr16(n, MAX_MSG, type, htons(port)); ++ ++ return 0; ++} ++ ++static int flower_parse_opt(struct filter_util *qu, char *handle, ++ int argc, char **argv, struct nlmsghdr *n) ++{ ++ int ret; ++ struct tcmsg *t = NLMSG_DATA(n); ++ struct rtattr *tail; ++ __be16 eth_type = 0; ++ __u8 ip_proto = 0xff; ++ ++ if (argc == 0) ++ return 0; ++ ++ if (handle) { ++ ret = get_u32(&t->tcm_handle, handle, 0); ++ if (ret) { ++ fprintf(stderr, "Illegal \"handle\"\n"); ++ return -1; ++ } ++ } ++ ++ tail = (struct rtattr *) (((void *) n) + NLMSG_ALIGN(n->nlmsg_len)); ++ addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0); ++ ++ while (argc > 0) { ++ if (matches(*argv, "classid") == 0 || ++ matches(*argv, "flowid") == 0) { ++ unsigned handle; ++ ++ NEXT_ARG(); ++ ret = get_tc_classid(&handle, *argv); ++ if (ret) { ++ fprintf(stderr, "Illegal \"classid\"\n"); ++ return -1; ++ } ++ addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4); ++ } else if (matches(*argv, "indev") == 0) { ++ char ifname[IFNAMSIZ]; ++ ++ NEXT_ARG(); ++ memset(ifname, 0, sizeof(ifname)); ++ strncpy(ifname, *argv, sizeof(ifname) - 1); ++ addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, ifname); ++ } else if (matches(*argv, "dst_mac") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_eth_addr(*argv, ++ TCA_FLOWER_KEY_ETH_DST, ++ TCA_FLOWER_KEY_ETH_DST_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"dst_mac\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "src_mac") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_eth_addr(*argv, ++ TCA_FLOWER_KEY_ETH_SRC, ++ TCA_FLOWER_KEY_ETH_SRC_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"src_mac\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "eth_type") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_eth_type(*argv, ++ TCA_FLOWER_KEY_ETH_TYPE, ++ ð_type, n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"eth_type\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "ip_proto") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_ip_proto(*argv, eth_type, ++ TCA_FLOWER_KEY_IP_PROTO, ++ &ip_proto, n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"ip_proto\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "dst_ip") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_ip_addr(*argv, eth_type, ++ TCA_FLOWER_KEY_IPV4_DST, ++ TCA_FLOWER_KEY_IPV4_DST_MASK, ++ TCA_FLOWER_KEY_IPV6_DST, ++ TCA_FLOWER_KEY_IPV6_DST_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"dst_ip\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "src_ip") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_ip_addr(*argv, eth_type, ++ TCA_FLOWER_KEY_IPV4_SRC, ++ TCA_FLOWER_KEY_IPV4_SRC_MASK, ++ TCA_FLOWER_KEY_IPV6_SRC, ++ TCA_FLOWER_KEY_IPV6_SRC_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"src_ip\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "dst_port") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_port(*argv, ip_proto, ++ TCA_FLOWER_KEY_TCP_DST, ++ TCA_FLOWER_KEY_UDP_DST, n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"dst_port\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "src_port") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_port(*argv, ip_proto, ++ TCA_FLOWER_KEY_TCP_SRC, ++ TCA_FLOWER_KEY_UDP_SRC, n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"src_port\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "action") == 0) { ++ NEXT_ARG(); ++ ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n); ++ if (ret) { ++ fprintf(stderr, "Illegal \"action\"\n"); ++ return -1; ++ } ++ continue; ++ } else if (strcmp(*argv, "help") == 0) { ++ explain(); ++ return -1; ++ } else { ++ fprintf(stderr, "What is \"%s\"?\n", *argv); ++ explain(); ++ return -1; ++ } ++ argc--; argv++; ++ } ++ ++ tail->rta_len = (((void*)n)+n->nlmsg_len) - (void*)tail; ++ ++ return 0; ++} ++ ++static int __mask_bits(char *addr, size_t len) ++{ ++ int bits = 0; ++ bool hole = false; ++ int i; ++ int j; ++ ++ for (i = 0; i < len; i++, addr++) { ++ for (j = 7; j >= 0; j--) { ++ if (((*addr) >> j) & 0x1) { ++ if (hole) ++ return -1; ++ bits++; ++ } else if (bits) { ++ hole = true; ++ } else{ ++ return -1; ++ } ++ } ++ } ++ return bits; ++} ++ ++static void flower_print_eth_addr(FILE *f, char *name, ++ struct rtattr *addr_attr, ++ struct rtattr *mask_attr) ++{ ++ SPRINT_BUF(b1); ++ int bits; ++ ++ if (!addr_attr || RTA_PAYLOAD(addr_attr) != ETH_ALEN) ++ return; ++ fprintf(f, "\n %s %s", name, ll_addr_n2a(RTA_DATA(addr_attr), ETH_ALEN, ++ 0, b1, sizeof(b1))); ++ if (!mask_attr || RTA_PAYLOAD(mask_attr) != ETH_ALEN) ++ return; ++ bits = __mask_bits(RTA_DATA(mask_attr), ETH_ALEN); ++ if (bits < 0) ++ fprintf(f, "/%s", ll_addr_n2a(RTA_DATA(mask_attr), ETH_ALEN, ++ 0, b1, sizeof(b1))); ++ else if (bits < ETH_ALEN * 8) ++ fprintf(f, "/%d", bits); ++} ++ ++static void flower_print_eth_type(FILE *f, __be16 *p_eth_type, ++ struct rtattr *eth_type_attr) ++{ ++ __be16 eth_type; ++ ++ if (!eth_type_attr) ++ return; ++ ++ eth_type = rta_getattr_u16(eth_type_attr); ++ fprintf(f, "\n eth_type "); ++ if (eth_type == htons(ETH_P_IP)) ++ fprintf(f, "ipv4"); ++ else if (eth_type == htons(ETH_P_IPV6)) ++ fprintf(f, "ipv6"); ++ else ++ fprintf(f, "%04x", ntohs(eth_type)); ++ *p_eth_type = eth_type; ++} ++ ++static void flower_print_ip_proto(FILE *f, __u8 *p_ip_proto, ++ struct rtattr *ip_proto_attr) ++{ ++ __u8 ip_proto; ++ ++ if (!ip_proto_attr) ++ return; ++ ++ ip_proto = rta_getattr_u8(ip_proto_attr); ++ fprintf(f, "\n ip_proto "); ++ if (ip_proto == IPPROTO_TCP) ++ fprintf(f, "tcp"); ++ else if (ip_proto == IPPROTO_UDP) ++ fprintf(f, "udp"); ++ else ++ fprintf(f, "%02x", ip_proto); ++ *p_ip_proto = ip_proto; ++} ++ ++static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type, ++ struct rtattr *addr4_attr, ++ struct rtattr *mask4_attr, ++ struct rtattr *addr6_attr, ++ struct rtattr *mask6_attr) ++{ ++ SPRINT_BUF(b1); ++ struct rtattr *addr_attr; ++ struct rtattr *mask_attr; ++ int family; ++ size_t len; ++ int bits; ++ ++ if (eth_type == htons(ETH_P_IP)) { ++ family = AF_INET; ++ addr_attr = addr4_attr; ++ mask_attr = mask4_attr; ++ len = 4; ++ } else if (eth_type == htons(ETH_P_IPV6)) { ++ family = AF_INET6; ++ addr_attr = addr6_attr; ++ mask_attr = mask6_attr; ++ len = 16; ++ } else { ++ return; ++ } ++ if (!addr_attr || RTA_PAYLOAD(addr_attr) != len) ++ return; ++ fprintf(f, "\n %s %s", name, rt_addr_n2a(family, ++ RTA_PAYLOAD(addr_attr), ++ RTA_DATA(addr_attr), ++ b1, sizeof(b1))); ++ if (!mask_attr || RTA_PAYLOAD(mask_attr) != len) ++ return; ++ bits = __mask_bits(RTA_DATA(mask_attr), len); ++ if (bits < 0) ++ fprintf(f, "/%s", rt_addr_n2a(family, ++ RTA_PAYLOAD(mask_attr), ++ RTA_DATA(mask_attr), ++ b1, sizeof(b1))); ++ else if (bits < len * 8) ++ fprintf(f, "/%d", bits); ++} ++ ++static void flower_print_port(FILE *f, char *name, __u8 ip_proto, ++ struct rtattr *tcp_attr, ++ struct rtattr *udp_attr) ++{ ++ struct rtattr *attr; ++ ++ if (ip_proto == IPPROTO_TCP) ++ attr = tcp_attr; ++ else if (ip_proto == IPPROTO_UDP) ++ attr = udp_attr; ++ else ++ return; ++ if (!attr) ++ return; ++ fprintf(f, "\n %s %d", name, ntohs(rta_getattr_u16(attr))); ++} ++ ++static int flower_print_opt(struct filter_util *qu, FILE *f, ++ struct rtattr *opt, __u32 handle) ++{ ++ struct rtattr *tb[TCA_FLOWER_MAX + 1]; ++ __be16 eth_type = 0; ++ __u8 ip_proto = 0xff; ++ ++ if (!opt) ++ return 0; ++ ++ parse_rtattr_nested(tb, TCA_FLOWER_MAX, opt); ++ ++ if (handle) ++ fprintf(f, "handle 0x%x ", handle); ++ ++ if (tb[TCA_FLOWER_CLASSID]) { ++ SPRINT_BUF(b1); ++ fprintf(f, "classid %s ", ++ sprint_tc_classid(rta_getattr_u32(tb[TCA_FLOWER_CLASSID]), b1)); ++ } ++ ++ if (tb[TCA_FLOWER_INDEV]) { ++ struct rtattr *attr = tb[TCA_FLOWER_INDEV]; ++ ++ fprintf(f, "\n indev %s", rta_getattr_str(attr)); ++ } ++ ++ flower_print_eth_addr(f, "dst_mac", tb[TCA_FLOWER_KEY_ETH_DST], ++ tb[TCA_FLOWER_KEY_ETH_DST_MASK]); ++ flower_print_eth_addr(f, "src_mac", tb[TCA_FLOWER_KEY_ETH_SRC], ++ tb[TCA_FLOWER_KEY_ETH_SRC_MASK]); ++ ++ flower_print_eth_type(f, ð_type, tb[TCA_FLOWER_KEY_ETH_TYPE]); ++ flower_print_ip_proto(f, &ip_proto, tb[TCA_FLOWER_KEY_IP_PROTO]); ++ ++ flower_print_ip_addr(f, "dst_ip", eth_type, ++ tb[TCA_FLOWER_KEY_IPV4_DST], ++ tb[TCA_FLOWER_KEY_IPV4_DST_MASK], ++ tb[TCA_FLOWER_KEY_IPV6_DST], ++ tb[TCA_FLOWER_KEY_IPV6_DST_MASK]); ++ ++ flower_print_ip_addr(f, "src_ip", eth_type, ++ tb[TCA_FLOWER_KEY_IPV4_SRC], ++ tb[TCA_FLOWER_KEY_IPV4_SRC_MASK], ++ tb[TCA_FLOWER_KEY_IPV6_SRC], ++ tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]); ++ ++ flower_print_port(f, "dst_port", ip_proto, ++ tb[TCA_FLOWER_KEY_TCP_DST], ++ tb[TCA_FLOWER_KEY_UDP_DST]); ++ ++ flower_print_port(f, "src_port", ip_proto, ++ tb[TCA_FLOWER_KEY_TCP_SRC], ++ tb[TCA_FLOWER_KEY_UDP_SRC]); ++ ++ if (tb[TCA_FLOWER_ACT]) { ++ tc_print_action(f, tb[TCA_FLOWER_ACT]); ++ } ++ ++ return 0; ++} ++ ++struct filter_util flower_filter_util = { ++ .id = "flower", ++ .parse_fopt = flower_parse_opt, ++ .print_fopt = flower_print_opt, ++}; +-- +1.8.3.1 + diff --git a/SOURCES/0099-man-ip-link.8-minor-font-fix.patch b/SOURCES/0099-man-ip-link.8-minor-font-fix.patch deleted file mode 100644 index 5bf3e9b..0000000 --- a/SOURCES/0099-man-ip-link.8-minor-font-fix.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 4fdf53298b2ab445960d5ce2ee26208752f5b2a8 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:41:30 +0100 -Subject: [PATCH] man: ip-link.8: minor font fix - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit d890144ecf750 - -commit d890144ecf7501c9117355d14d013dd5c98936ef -Author: Phil Sutter -Date: Wed Mar 2 19:19:57 2016 +0100 - - man: ip-link.8: minor font fix - - We commonly use bold font for terminals and italic for non-terminals. - - Signed-off-by: Phil Sutter ---- - man/man8/ip-link.8.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 4982268..d369598 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -46,7 +46,7 @@ ip-link \- network device configuration - .RB "[ " numrxqueues - .IR QUEUE_COUNT " ]" - .br --.BR type " TYPE" -+.BI type " TYPE" - .RI "[ " ARGS " ]" - - .ti -8 --- -1.8.3.1 - diff --git a/SOURCES/0099-tc-improve-filter-help-texts-a-bit.patch b/SOURCES/0099-tc-improve-filter-help-texts-a-bit.patch new file mode 100644 index 0000000..b7dbdf4 --- /dev/null +++ b/SOURCES/0099-tc-improve-filter-help-texts-a-bit.patch @@ -0,0 +1,80 @@ +From c525e2783db452f86787f420e171c89502c9b1de Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:17:53 +0100 +Subject: [PATCH] tc: improve filter help texts a bit + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 0a83e1eaf7b3c +Conflicts: Context changes due to missing commits 863ecb04b4f7b + ("discourage use of direct policer interface") and + 287bf3a9900d1 ("route classifier support for multiple + actions") + +commit 0a83e1eaf7b3c2ed9e6d809bd7aac7946f9d8d87 +Author: Phil Sutter +Date: Fri Oct 23 19:21:17 2015 +0200 + + tc: improve filter help texts a bit + + This fixes a few syntax errors and changes route filter help text to use + classid instead of flowid to be consistent with other filters' help + texts. + + Signed-off-by: Phil Sutter +--- + tc/f_flower.c | 4 ++-- + tc/f_route.c | 2 +- + tc/f_rsvp.c | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 9a5ea06..a9b2c4d 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -28,7 +28,7 @@ static void explain(void) + fprintf(stderr, " [ action ACTION-SPEC ] [ classid CLASSID ]\n"); + fprintf(stderr, "\n"); + fprintf(stderr, "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"); +- fprintf(stderr, " MATCH := [ indev DEV-NAME | \n"); ++ fprintf(stderr, " MATCH := { indev DEV-NAME | \n"); + fprintf(stderr, " dst_mac MAC-ADDR | \n"); + fprintf(stderr, " src_mac MAC-ADDR | \n"); + fprintf(stderr, " eth_type [ipv4 | ipv6 | ETH-TYPE ] | \n"); +@@ -36,7 +36,7 @@ static void explain(void) + fprintf(stderr, " dst_ip [ IPV4-ADDR | IPV6-ADDR ] | \n"); + fprintf(stderr, " src_ip [ IPV4-ADDR | IPV6-ADDR ] | \n"); + fprintf(stderr, " dst_port PORT-NUMBER | \n"); +- fprintf(stderr, " src_port PORT-NUMBER | \n"); ++ fprintf(stderr, " src_port PORT-NUMBER }\n"); + fprintf(stderr, " FILTERID := X:Y:Z\n"); + fprintf(stderr, " ACTION-SPEC := ... look at individual actions\n"); + fprintf(stderr, "\n"); +diff --git a/tc/f_route.c b/tc/f_route.c +index 649e0ec..44361eb 100644 +--- a/tc/f_route.c ++++ b/tc/f_route.c +@@ -28,7 +28,7 @@ + static void explain(void) + { + fprintf(stderr, "Usage: ... route [ from REALM | fromif TAG ] [ to REALM ]\n"); +- fprintf(stderr, " [ flowid CLASSID ] [ police POLICE_SPEC ]\n"); ++ fprintf(stderr, " [ classid CLASSID ] [ police POLICE_SPEC ]\n"); + fprintf(stderr, " POLICE_SPEC := ... look at TBF\n"); + fprintf(stderr, " CLASSID := X:Y\n"); + fprintf(stderr, "\nNOTE: CLASSID is parsed as hexadecimal input.\n"); +diff --git a/tc/f_rsvp.c b/tc/f_rsvp.c +index 44d3bdf..71508e1 100644 +--- a/tc/f_rsvp.c ++++ b/tc/f_rsvp.c +@@ -27,7 +27,7 @@ + static void explain(void) + { + fprintf(stderr, "Usage: ... rsvp ipproto PROTOCOL session DST[/PORT | GPI ]\n"); +- fprintf(stderr, " [ sender SRC[/PORT | GPI ]\n"); ++ fprintf(stderr, " [ sender SRC[/PORT | GPI ] ]\n"); + fprintf(stderr, " [ classid CLASSID ] [ police POLICE_SPEC ]\n"); + fprintf(stderr, " [ tunnelid ID ] [ tunnel ID skip NUMBER ]\n"); + fprintf(stderr, "Where: GPI := { flowlabel NUMBER | spi/ah SPI | spi/esp SPI |\n"); +-- +1.8.3.1 + diff --git a/SOURCES/0100-man-ip-link.8-Fix-and-improve-synopsis.patch b/SOURCES/0100-man-ip-link.8-Fix-and-improve-synopsis.patch deleted file mode 100644 index 5373d5b..0000000 --- a/SOURCES/0100-man-ip-link.8-Fix-and-improve-synopsis.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 1cdfff2f66b7f733dc424c933e91546fae6eac4a Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:41:30 +0100 -Subject: [PATCH] man: ip-link.8: Fix and improve synopsis - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit ca611d6408c9b -Conflicts: Patch adjusted to missing features. - -commit ca611d6408c9bf17d122923c72d27d032e054cd8 -Author: Phil Sutter -Date: Wed Mar 2 19:19:58 2016 +0100 - - man: ip-link.8: Fix and improve synopsis - - Reflect that it is possible to pass multiple parameters at the same - time, also use the same trick the help text uses to emphasize vf - specific parameters. - - Signed-off-by: Phil Sutter ---- - man/man8/ip-link.8.in | 81 ++++++++++++++++++++++++++++----------------------- - 1 file changed, 45 insertions(+), 36 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index d369598..6ce2cc8 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -83,68 +83,77 @@ ip-link \- network device configuration - .BR "ip link set " { - .IR DEVICE " | " - .BI "group " GROUP --.RB "} { " up " | " down " | " arp " { " on " | " off " } |" -+.RB "} [ { " up " | " down " } ]" - .br --.BR promisc " { " on " | " off " } |" -+.RB "[ " arp " { " on " | " off " } ]" - .br --.BR allmulticast " { " on " | " off " } |" -+.RB "[ " dynamic " { " on " | " off " } ]" - .br --.BR dynamic " { " on " | " off " } |" -+.RB "[ " multicast " { " on " | " off " } ]" - .br --.BR multicast " { " on " | " off " } |" -+.RB "[ " allmulticast " { " on " | " off " } ]" - .br --.B txqueuelen --.IR PACKETS " |" -+.RB "[ " promisc " { " on " | " off " } ]" - .br --.B name --.IR NEWNAME " |" -+.RB "[ " trailers " { " on " | " off " } ]" - .br --.B address --.IR LLADDR " |" --.B broadcast --.IR LLADDR " |" -+.RB "[ " txqueuelen -+.IR PACKETS " ]" - .br --.B mtu --.IR MTU " |" -+.RB "[ " name -+.IR NEWNAME " ]" - .br --.B netns --.IR PID " |" -+.RB "[ " address -+.IR LLADDR " ]" - .br --.B netns --.IR NETNSNAME " |" -+.RB "[ " broadcast -+.IR LLADDR " ]" - .br --.B alias --.IR NAME " |" -+.RB "[ " mtu -+.IR MTU " ]" - .br --.B vf -+.RB "[ " netns " {" -+.IR PID " | " NETNSNAME " } ]" -+.br -+.RB "[ " link-netnsid -+.IR ID " ]" -+.br -+.RB "[ " alias -+.IR NAME " ]" -+.br -+.RB "[ " vf - .IR NUM " [" - .B mac --.IR LLADDR " ] [" --.B vlan -+.IR LLADDR " ]" -+.br -+.in +9 -+.RB "[ " vlan - .IR VLANID " [ " - .B qos --.IR VLAN-QOS " ] ] [" --.B rate --.IR TXRATE " ] [" --.B spoofchk { on | off } --] | -+.IR VLAN-QOS " ] ]" -+.br -+.RB "[ " rate -+.IR TXRATE " ]" - .br --.B master --.IR DEVICE " |" -+.RB "[ " spoofchk " { " on " | " off " } ]" - .br --.B nomaster " |" -+.RB "[ " state " { " auto " | " enable " | " disable " } ] ]" -+.br -+.in -9 -+.RB "[ " master -+.IR DEVICE " ]" - .br --.B addrgenmode { eui64 | none } -+.RB "[ " nomaster " ]" - .br --.B link-netnsid ID --.BR " }" -+.RB "[ " addrgenmode " { " eui64 " | " none " } ]" - - - .ti -8 - .B ip link show - .RI "[ " DEVICE " | " - .B group --.IR GROUP " ]" -+.IR GROUP " ] [" -+.BR up " ]" - - .ti -8 - .B ip link help --- -1.8.3.1 - diff --git a/SOURCES/0100-tc-add-a-man-page-for-flower-filter.patch b/SOURCES/0100-tc-add-a-man-page-for-flower-filter.patch new file mode 100644 index 0000000..bb41c1d --- /dev/null +++ b/SOURCES/0100-tc-add-a-man-page-for-flower-filter.patch @@ -0,0 +1,143 @@ +From 980b5be50cff93260780d41435e2e92e9de02744 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:18:52 +0100 +Subject: [PATCH] tc: add a man page for flower filter + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit b3aa12a401d27 + +commit b3aa12a401d27911ebd48fe13f77783d471c07d2 +Author: Phil Sutter +Date: Fri Oct 23 19:47:11 2015 +0200 + + tc: add a man page for flower filter + + Cc: Jiri Pirko + Signed-off-by: Phil Sutter +--- + man/man8/tc-flower.8 | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 113 insertions(+) + create mode 100644 man/man8/tc-flower.8 + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +new file mode 100644 +index 0000000..df4d8e1 +--- /dev/null ++++ b/man/man8/tc-flower.8 +@@ -0,0 +1,113 @@ ++.TH "Flower filter in tc" 8 "22 Oct 2015" "iproute2" "Linux" ++ ++.SH NAME ++flower \- flow based traffic control filter ++.SH SYNOPSIS ++.in +8 ++.ti -8 ++.BR tc " " filter " ... " flower " [ " ++.IR MATCH_LIST " ] [ " ++.B action ++.IR ACTION_SPEC " ] [ " ++.B classid ++.IR CLASSID " ]" ++ ++.ti -8 ++.IR MATCH_LIST " := [ " MATCH_LIST " ] " MATCH ++ ++.ti -8 ++.IR MATCH " := { " ++.B indev ++.IR ifname " | { " ++.BR dst_mac " | " src_mac " } " ++.IR mac_address " | " ++.BR eth_type " { " ipv4 " | " ipv6 " | " ++.IR ETH_TYPE " } | " ++.BR ip_proto " { " tcp " | " udp " | " ++.IR IP_PROTO " } | { " ++.BR dst_ip " | " src_ip " } { " ++.IR ipv4_address " | " ipv6_address " } | { " ++.BR dst_port " | " src_port " } " ++.IR port_number " }" ++.SH DESCRIPTION ++The ++.B flower ++filter matches flows to the set of keys specified and assigns an arbitrarily ++chosen class ID to packets belonging to them. Additionally (or alternatively) an ++action from the generic action framework may be called. ++.SH OPTIONS ++.TP ++.BI action " ACTION_SPEC" ++Apply an action from the generic actions framework on matching packets. ++.TP ++.BI classid " CLASSID" ++Specify a class to pass matching packets on to. ++.I CLASSID ++is in the form ++.BR X : Y ", while " X " and " Y ++are interpreted as numbers in hexadecimal format. ++.TP ++.BI indev " ifname" ++Match on incoming interface name. Obviously this makes sense only for forwarded ++flows. ++.I ifname ++is the name of an interface which must exist at the time of ++.B tc ++invocation. ++.TP ++.BI dst_mac " mac_address" ++.TQ ++.BI src_mac " mac_address" ++Match on source or destination MAC address. ++.TP ++.BI eth_type " ETH_TYPE" ++Match on layer three protocol. ++.I ETH_TYPE ++may be either ++.BR ipv4 , ipv6 ++or an unsigned 16bit value in hexadecimal format. ++.TP ++.BI ip_proto " IP_PROTO" ++Match on layer four protocol. ++.I IP_PROTO ++may be either ++.BR tcp , udp ++or an unsigned 8bit value in hexadecimal format. ++.TP ++.BI dst_ip " ADDRESS" ++.TQ ++.BI src_ip " ADDRESS" ++Match on source or destination IP address. ++.I ADDRESS ++must be a valid IPv4 or IPv6 address, depending on ++.BR ether_type , ++which has to be specified in beforehand. ++.TP ++.BI dst_port " NUMBER" ++.TQ ++.BI src_port " NUMBER" ++Match on layer 4 protocol source or destination port number. Only available for ++.BR ip_proto " values " udp " and " tcp , ++which has to be specified in beforehand. ++.SH NOTES ++As stated above where applicable, matches of a certain layer implicitly depend ++on the matches of the next lower layer. Precisely, layer one and two matches ( ++.BR indev , dst_mac , src_mac " and " eth_type ) ++have no dependency, layer three matches ( ++.BR ip_proto , dst_ip " and " src_ip ) ++require ++.B eth_type ++being set to either ++.BR ipv4 " or " ipv6 , ++and finally layer four matches ( ++.BR dst_port " and " src_port ) ++depend on ++.B ip_proto ++being set to either ++.BR tcp " or " udp . ++.P ++There can be only used one mask per one prio. If user needs to specify different ++mask, he has to use different prio. ++.SH SEE ALSO ++.BR tc (8), ++.BR tc-flow (8) +-- +1.8.3.1 + diff --git a/SOURCES/0101-man-ip-neighbour-Fix-for-missing-NUD_STATE-descripti.patch b/SOURCES/0101-man-ip-neighbour-Fix-for-missing-NUD_STATE-descripti.patch deleted file mode 100644 index b5d6b4a..0000000 --- a/SOURCES/0101-man-ip-neighbour-Fix-for-missing-NUD_STATE-descripti.patch +++ /dev/null @@ -1,65 +0,0 @@ -From bd8b3c3337511956fd6a34e7f0071a717f238ab9 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:41:49 +0100 -Subject: [PATCH] man: ip-neighbour: Fix for missing NUD_STATE description - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 03cb9d58bc828 - -commit 03cb9d58bc8282d156ff644ad5af15217855af54 -Author: Phil Sutter -Date: Wed Mar 2 19:19:59 2016 +0100 - - man: ip-neighbour: Fix for missing NUD_STATE description - - Signed-off-by: Phil Sutter ---- - man/man8/ip-neighbour.8 | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/man/man8/ip-neighbour.8 b/man/man8/ip-neighbour.8 -index 631b4c0..f3068f4 100644 ---- a/man/man8/ip-neighbour.8 -+++ b/man/man8/ip-neighbour.8 -@@ -18,7 +18,9 @@ ip-neighbour \- neighbour/arp tables management. - .IR ADDR " [ " - .B lladdr - .IR LLADDR " ] [ " --.BR nud " { " permanent " | " noarp " | " stale " | " reachable " } ] | " proxy -+.B nud -+.IR STATE " ] |" -+.B proxy - .IR ADDR " } [ " - .B dev - .IR DEV " ]" -@@ -31,6 +33,9 @@ ip-neighbour \- neighbour/arp tables management. - .B nud - .IR STATE " ]" - -+.ti -8 -+.IR STATE " := {" -+.BR permanent " | " noarp " | " stale " | " reachable " }" - - .SH DESCRIPTION - The -@@ -75,7 +80,7 @@ can also be - .BR "null" . - - .TP --.BI nud " NUD_STATE" -+.BI nud " STATE" - the state of the neighbour entry. - .B nud - is an abbreviation for 'Neighbour Unreachability Detection'. -@@ -147,7 +152,7 @@ list neighbour proxies. - only list neighbours which are not currently in use. - - .TP --.BI nud " NUD_STATE" -+.BI nud " STATE" - only list neighbour entries in this state. - .I NUD_STATE - takes values listed below or the special value --- -1.8.3.1 - diff --git a/SOURCES/0101-tc-ship-filter-man-pages-and-refer-to-them-in-tc.8.patch b/SOURCES/0101-tc-ship-filter-man-pages-and-refer-to-them-in-tc.8.patch new file mode 100644 index 0000000..43c1681 --- /dev/null +++ b/SOURCES/0101-tc-ship-filter-man-pages-and-refer-to-them-in-tc.8.patch @@ -0,0 +1,69 @@ +From 86ccfa5ca33949fa5a53d423a8b352cc243bf1b5 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:18:52 +0100 +Subject: [PATCH] tc: ship filter man pages and refer to them in tc.8 + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit a257bc7b4c481 +Conflicts: Just reapplying missing bits about flower from already + backported commit. + +commit a257bc7b4c481d4b2871508edfccc198d1e56c8a +Author: Phil Sutter +Date: Fri Oct 23 19:47:16 2015 +0200 + + tc: ship filter man pages and refer to them in tc.8 + + Cc: Thomas Graf + Cc: Alexey Kuznetsov + Cc: Jiri Pirko + Cc: Patrick McHardy + Cc: Werner Almesberger + Signed-off-by: Phil Sutter +--- + man/man8/Makefile | 2 +- + man/man8/tc.8 | 8 +++++--- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/man/man8/Makefile b/man/man8/Makefile +index f3a3fa5..8d73f1e 100644 +--- a/man/man8/Makefile ++++ b/man/man8/Makefile +@@ -11,7 +11,7 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss. + ip-maddress.8 ip-monitor.8 ip-mroute.8 ip-neighbour.8 \ + ip-netns.8 ip-ntable.8 ip-rule.8 ip-tunnel.8 ip-xfrm.8 \ + ip-tcp_metrics.8 ip-netconf.8 ip-token.8 \ +- tc-basic.8 tc-cgroup.8 tc-flow.8 tc-fw.8 tc-route.8 \ ++ tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 \ + tc-tcindex.8 tc-u32.8 \ + tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 \ + tc-simple.8 tc-skbedit.8 tc-xt.8 +diff --git a/man/man8/tc.8 b/man/man8/tc.8 +index 391d7c7..ee3479e 100644 +--- a/man/man8/tc.8 ++++ b/man/man8/tc.8 +@@ -158,9 +158,10 @@ Filter packets based on the control group of their process. See + . BR tc-cgroup (8) + for details. + .TP +-flow +-Flow-based classifier, filtering packets based on their flow (identified by selectable keys). See +-.BR tc-flow (8) ++flow, flower ++Flow-based classifiers, filtering packets based on their flow (identified by selectable keys). See ++.BR tc-flow "(8) and" ++.BR tc-flower (8) + for details. + .TP + fw +@@ -635,6 +636,7 @@ was written by Alexey N. Kuznetsov and added in Linux 2.2. + .BR tc-drr (8), + .BR tc-ematch (8), + .BR tc-flow (8), ++.BR tc-flower (8), + .BR tc-fq (8), + .BR tc-fq_codel (8), + .BR tc-fw (8), +-- +1.8.3.1 + diff --git a/SOURCES/0102-ip6tunnel-print-local-remote-addresses-like-iptunnel.patch b/SOURCES/0102-ip6tunnel-print-local-remote-addresses-like-iptunnel.patch new file mode 100644 index 0000000..54d175f --- /dev/null +++ b/SOURCES/0102-ip6tunnel-print-local-remote-addresses-like-iptunnel.patch @@ -0,0 +1,53 @@ +From 719beca22da7196c78202302d57e67d1c0ffc2cb Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:19:41 +0100 +Subject: [PATCH] ip6tunnel: print local/remote addresses like iptunnel does + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 9af72f819e3fa + +commit 9af72f819e3fa288fd56e74d14a1253bd49adb9d +Author: Phil Sutter +Date: Fri Nov 13 18:08:59 2015 +0100 + + ip6tunnel: print local/remote addresses like iptunnel does + + This makes output consistent with iptunnel, also supporting reverse DNS + lookup for remote address if requested. + + Signed-off-by: Phil Sutter +--- + ip/ip6tunnel.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/ip/ip6tunnel.c b/ip/ip6tunnel.c +index f37042e..97c99e2 100644 +--- a/ip/ip6tunnel.c ++++ b/ip/ip6tunnel.c +@@ -69,14 +69,17 @@ static void usage(void) + + static void print_tunnel(struct ip6_tnl_parm2 *p) + { +- char remote[64]; +- char local[64]; +- +- inet_ntop(AF_INET6, &p->raddr, remote, sizeof(remote)); +- inet_ntop(AF_INET6, &p->laddr, local, sizeof(local)); ++ char s1[1024]; ++ char s2[1024]; + ++ /* Do not use format_host() for local addr, ++ * symbolic name will not be useful. ++ */ + printf("%s: %s/ipv6 remote %s local %s", +- p->name, tnl_strproto(p->proto), remote, local); ++ p->name, ++ tnl_strproto(p->proto), ++ format_host(AF_INET6, 16, &p->raddr, s1, sizeof(s1)), ++ rt_addr_n2a(AF_INET6, 16, &p->laddr, s2, sizeof(s2))); + if (p->link) { + const char *n = ll_index_to_name(p->link); + if (n) +-- +1.8.3.1 + diff --git a/SOURCES/0102-man-ip-netns.8-Clarify-synopsis-a-bit.patch b/SOURCES/0102-man-ip-netns.8-Clarify-synopsis-a-bit.patch deleted file mode 100644 index b9e840b..0000000 --- a/SOURCES/0102-man-ip-netns.8-Clarify-synopsis-a-bit.patch +++ /dev/null @@ -1,47 +0,0 @@ -From ade70fd224787a92c881156d9f097876558e9523 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:41:49 +0100 -Subject: [PATCH] man: ip-netns.8: Clarify synopsis a bit - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 57e1ace02a3e3 - -commit 57e1ace02a3e3d212c2d8809d63b729ea59d7427 -Author: Phil Sutter -Date: Wed Mar 2 19:20:00 2016 +0100 - - man: ip-netns.8: Clarify synopsis a bit - - Use brackets to show that 'ip netns' defaults to action 'list', drop - superfluous curly braces around 'set' action keyword. - - Signed-off-by: Phil Sutter ---- - man/man8/ip-netns.8 | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/man/man8/ip-netns.8 b/man/man8/ip-netns.8 -index c9b0fbc..c5310e2 100644 ---- a/man/man8/ip-netns.8 -+++ b/man/man8/ip-netns.8 -@@ -13,7 +13,7 @@ ip-netns \- process network namespace management - .BR help " }" - .sp - .ti -8 --.BR "ip netns" " { " list " } " -+.BR "ip netns" " [ " list " ]" - - .ti -8 - .B ip netns add -@@ -24,7 +24,7 @@ ip-netns \- process network namespace management - .RI "[ " NETNSNAME " ]" - - .ti -8 --.BR "ip netns" " { " set " } " -+.B ip netns set - .I NETNSNAME NETNSID - - .ti -8 --- -1.8.3.1 - diff --git a/SOURCES/0103-man-ip-ntable.8-Review-synopsis-section.patch b/SOURCES/0103-man-ip-ntable.8-Review-synopsis-section.patch deleted file mode 100644 index cb3533e..0000000 --- a/SOURCES/0103-man-ip-ntable.8-Review-synopsis-section.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 3482c7efe9f08c25761d27aa94a5acba69090c91 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:41:49 +0100 -Subject: [PATCH] man: ip-ntable.8: Review synopsis section - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 54beacc33464d - -commit 54beacc33464d51db6c44f606d1be6cd75591c0d -Author: Phil Sutter -Date: Wed Mar 2 19:20:01 2016 +0100 - - man: ip-ntable.8: Review synopsis section - - The first line contained a c'n'p error, incorrectly listing 'ip address' - syntax. Since PARAMS is used just once and there are not many other - parameters to 'ip ntable change', state them inline and in addition to - that clarify the possibility to pass multiple parameters at once. - - Signed-off-by: Phil Sutter ---- - man/man8/ip-ntable.8 | 39 ++++++++++++++++++++++----------------- - 1 file changed, 22 insertions(+), 17 deletions(-) - -diff --git a/man/man8/ip-ntable.8 b/man/man8/ip-ntable.8 -index d903a17..2b95632 100644 ---- a/man/man8/ip-ntable.8 -+++ b/man/man8/ip-ntable.8 -@@ -8,7 +8,7 @@ ip-ntable - neighbour table configuration - .ti -8 - .B ip - .RI "[ " OPTIONS " ]" --.B address -+.B ntable - .RI " { " COMMAND " | " - .BR help " }" - .sp -@@ -17,34 +17,39 @@ ip-ntable - neighbour table configuration - .BR "ip ntable change name" - .IR NAME " [ " - .B dev --.IR DEV " ] " PARMS -- --.ti -8 --.IR PARMS " := { " -+.IR DEV " ] [" - .B thresh1 --.IR VAL " | " -+.IR VAL " ] [" - .B thresh2 --.IR VAL " | " -+.IR VAL " ] [" - .B thresh3 --.IR VAL " | " -+.IR VAL " ] [" - .B gc_int --.IR MSEC " | " -+.IR MSEC " ] [" - .B base_reachable --.IR MSEC " | " -+.IR MSEC " ] [" - .B retrans --.IR MSEC " | " "gc_stale MSEC " " | " -+.IR MSEC " ] [" -+.B gc_stale -+.IR MSEC " ] [" - .B delay_probe --.IR MSEC " | " "queue LEN " " | " -+.IR MSEC " ] [" -+.B queue -+.IR LEN " ] [" - .B app_probs --.IR VAL " | " -+.IR VAL " ] [" - .B ucast_probes --.IR VAL " | " "mcast_probes VAL " " | " -+.IR VAL " ] [" -+.B mcast_probes -+.IR VAL " ] [" - .B anycast_delay --.IR MSEC " | " -+.IR MSEC " ] [" - .B proxy_delay --.IR MSEC " | " "proxy_queue LEN " " | " -+.IR MSEC " ] [" -+.B proxy_queue -+.IR LEN " ] [" - .B locktime --.IR MSEC " }" -+.IR MSEC " ]" - - .ti -8 - .BR "ip ntable show" " [ " --- -1.8.3.1 - diff --git a/SOURCES/0103-tc-flower-no-need-to-specify-the-ethertype.patch b/SOURCES/0103-tc-flower-no-need-to-specify-the-ethertype.patch new file mode 100644 index 0000000..edeccec --- /dev/null +++ b/SOURCES/0103-tc-flower-no-need-to-specify-the-ethertype.patch @@ -0,0 +1,138 @@ +From ba3f3f0bb68ad2057d303324ca382e29c9abdd5b Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:19:41 +0100 +Subject: [PATCH] tc: flower no need to specify the ethertype + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 488b41d020fb0 + +commit 488b41d020fb06428b90289f70a41210718f52b7 +Author: Jamal Hadi Salim +Date: Sun Jan 10 14:56:31 2016 -0500 + + tc: flower no need to specify the ethertype + + since all tc classifiers are required to specify ethertype as part of grammar + By not allowing eth_type to be specified we remove contradiction for + example when a user specifies: + tc filter add ... priority xxx protocol ip flower eth_type ipv6 + This patch removes that contradiction + + Signed-off-by: Jamal Hadi Salim +--- + tc/f_flower.c | 55 +++++++++++++++++-------------------------------------- + 1 file changed, 17 insertions(+), 38 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index a9b2c4d..db9cc29 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -31,7 +31,7 @@ static void explain(void) + fprintf(stderr, " MATCH := { indev DEV-NAME | \n"); + fprintf(stderr, " dst_mac MAC-ADDR | \n"); + fprintf(stderr, " src_mac MAC-ADDR | \n"); +- fprintf(stderr, " eth_type [ipv4 | ipv6 | ETH-TYPE ] | \n"); ++ fprintf(stderr, " [ipv4 | ipv6 ] | \n"); + fprintf(stderr, " ip_proto [tcp | udp | IP-PROTO ] | \n"); + fprintf(stderr, " dst_ip [ IPV4-ADDR | IPV6-ADDR ] | \n"); + fprintf(stderr, " src_ip [ IPV4-ADDR | IPV6-ADDR ] | \n"); +@@ -60,29 +60,6 @@ static int flower_parse_eth_addr(char *str, int addr_type, int mask_type, + return 0; + } + +-static int flower_parse_eth_type(char *str, int type, __be16 *p_eth_type, +- struct nlmsghdr *n) +-{ +- int ret; +- __be16 eth_type; +- +- if (matches(str, "ipv4") == 0) { +- eth_type = htons(ETH_P_IP); +- } else if (matches(str, "ipv6") == 0) { +- eth_type = htons(ETH_P_IPV6); +- } else { +- __u16 tmp; +- +- ret = get_u16(&tmp, str, 16); +- if (ret) +- return -1; +- eth_type = htons(tmp); +- } +- addattr16(n, MAX_MSG, type, eth_type); +- *p_eth_type = eth_type; +- return 0; +-} +- + static int flower_parse_ip_proto(char *str, __be16 eth_type, int type, + __u8 *p_ip_proto, struct nlmsghdr *n) + { +@@ -188,12 +165,9 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + int ret; + struct tcmsg *t = NLMSG_DATA(n); + struct rtattr *tail; +- __be16 eth_type = 0; ++ __be16 eth_type = TC_H_MIN(t->tcm_info); + __u8 ip_proto = 0xff; + +- if (argc == 0) +- return 0; +- + if (handle) { + ret = get_u32(&t->tcm_handle, handle, 0); + if (ret) { +@@ -205,6 +179,11 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + tail = (struct rtattr *) (((void *) n) + NLMSG_ALIGN(n->nlmsg_len)); + addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0); + ++ if (argc == 0) { ++ /*at minimal we will match all ethertype packets */ ++ goto parse_done; ++ } ++ + while (argc > 0) { + if (matches(*argv, "classid") == 0 || + matches(*argv, "flowid") == 0) { +@@ -244,15 +223,6 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + fprintf(stderr, "Illegal \"src_mac\"\n"); + return -1; + } +- } else if (matches(*argv, "eth_type") == 0) { +- NEXT_ARG(); +- ret = flower_parse_eth_type(*argv, +- TCA_FLOWER_KEY_ETH_TYPE, +- ð_type, n); +- if (ret < 0) { +- fprintf(stderr, "Illegal \"eth_type\"\n"); +- return -1; +- } + } else if (matches(*argv, "ip_proto") == 0) { + NEXT_ARG(); + ret = flower_parse_ip_proto(*argv, eth_type, +@@ -323,6 +293,14 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + argc--; argv++; + } + ++parse_done: ++ ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type); ++ if (ret) { ++ fprintf(stderr, "Illegal \"eth_type\"(0x%x)\n", ++ ntohs(eth_type)); ++ return -1; ++ } ++ + tail->rta_len = (((void*)n)+n->nlmsg_len) - (void*)tail; + + return 0; +@@ -489,7 +467,8 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + if (tb[TCA_FLOWER_CLASSID]) { + SPRINT_BUF(b1); + fprintf(f, "classid %s ", +- sprint_tc_classid(rta_getattr_u32(tb[TCA_FLOWER_CLASSID]), b1)); ++ sprint_tc_classid(rta_getattr_u32(tb[TCA_FLOWER_CLASSID]), ++ b1)); + } + + if (tb[TCA_FLOWER_INDEV]) { +-- +1.8.3.1 + diff --git a/SOURCES/0104-make-format_host-non-reentrant-by-default.patch b/SOURCES/0104-make-format_host-non-reentrant-by-default.patch new file mode 100644 index 0000000..ad2b740 --- /dev/null +++ b/SOURCES/0104-make-format_host-non-reentrant-by-default.patch @@ -0,0 +1,689 @@ +From 75d1640b9a77c2d5843a18774880aabf38d1062b Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:19:41 +0100 +Subject: [PATCH] make format_host non-reentrant by default + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit a418e451643e7 +Conflicts: +* Parts applied manually due to big differences in changed code + between upstream and RHEL. +* Two calls in misc/ss.c converted manually. +* Drop iproute_lwtunnel hunks as we don't support it + +commit a418e451643e77fe36861e53359587ba8aa41873 +Author: Phil Sutter +Date: Tue Mar 22 19:35:15 2016 +0100 + + make format_host non-reentrant by default + + There are only three users which require it to be reentrant, the rest is + fine without. Instead, provide a reentrant format_host_r() for users + which need it. + + Signed-off-by: Phil Sutter +--- + bridge/fdb.c | 4 +--- + include/utils.h | 3 ++- + ip/ip6tunnel.c | 2 +- + ip/ipaddress.c | 13 ++++--------- + ip/ipaddrlabel.c | 4 +--- + ip/iplink_geneve.c | 5 ++--- + ip/iplink_vxlan.c | 13 ++++++------- + ip/ipmaddr.c | 5 +---- + ip/ipneigh.c | 4 +--- + ip/iproute.c | 12 ++++-------- + ip/iprule.c | 9 +++------ + ip/iptoken.c | 4 +--- + ip/iptunnel.c | 6 +++--- + ip/link_gre.c | 5 ++--- + ip/link_gre6.c | 5 ++--- + ip/link_iptnl.c | 7 +++---- + ip/link_vti.c | 5 ++--- + ip/link_vti6.c | 5 ++--- + ip/tcp_metrics.c | 4 +--- + lib/utils.c | 9 ++++++++- + misc/ss.c | 11 ++++------- + tc/m_nat.c | 4 ++-- + 23 files changed, 57 insertions(+), 86 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index d184f7e..4b536f9 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -110,7 +110,6 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "dev %s ", ll_index_to_name(r->ndm_ifindex)); + + if (tb[NDA_DST]) { +- SPRINT_BUF(abuf); + int family = AF_INET; + + if (RTA_PAYLOAD(tb[NDA_DST]) == sizeof(struct in6_addr)) +@@ -119,8 +118,7 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "dst %s ", + format_host(family, + RTA_PAYLOAD(tb[NDA_DST]), +- RTA_DATA(tb[NDA_DST]), +- abuf, sizeof(abuf))); ++ RTA_DATA(tb[NDA_DST]))); + } + + if (vid) +diff --git a/include/utils.h b/include/utils.h +index 9839d9d..df6ce04 100644 +--- a/include/utils.h ++++ b/include/utils.h +@@ -109,8 +109,9 @@ int get_be16(__be16 *val, const char *arg, int base); + char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen); + __u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len); + +-const char *format_host(int af, int len, const void *addr, ++const char *format_host_r(int af, int len, const void *addr, + char *buf, int buflen); ++const char *format_host(int af, int lne, const void *addr); + const char *rt_addr_n2a(int af, int len, const void *addr, + char *buf, int buflen); + +diff --git a/ip/ip6tunnel.c b/ip/ip6tunnel.c +index 97c99e2..ab8603d 100644 +--- a/ip/ip6tunnel.c ++++ b/ip/ip6tunnel.c +@@ -78,7 +78,7 @@ static void print_tunnel(struct ip6_tnl_parm2 *p) + printf("%s: %s/ipv6 remote %s local %s", + p->name, + tnl_strproto(p->proto), +- format_host(AF_INET6, 16, &p->raddr, s1, sizeof(s1)), ++ format_host_r(AF_INET6, 16, &p->raddr, s1, sizeof(s1)), + rt_addr_n2a(AF_INET6, 16, &p->laddr, s2, sizeof(s2))); + if (p->link) { + const char *n = ll_index_to_name(p->link); +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index 147bcca..5f08cde 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -776,7 +776,6 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, + /* Use local copy of ifa_flags to not interfere with filtering code */ + unsigned int ifa_flags; + struct rtattr * rta_tb[IFA_MAX+1]; +- char abuf[256]; + SPRINT_BUF(b1); + + if (n->nlmsg_type != RTM_NEWADDR && n->nlmsg_type != RTM_DELADDR) +@@ -866,8 +865,7 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, + if (rta_tb[IFA_LOCAL]) { + fprintf(fp, "%s", format_host(ifa->ifa_family, + RTA_PAYLOAD(rta_tb[IFA_LOCAL]), +- RTA_DATA(rta_tb[IFA_LOCAL]), +- abuf, sizeof(abuf))); ++ RTA_DATA(rta_tb[IFA_LOCAL]))); + + if (rta_tb[IFA_ADDRESS] == NULL || + memcmp(RTA_DATA(rta_tb[IFA_ADDRESS]), RTA_DATA(rta_tb[IFA_LOCAL]), +@@ -877,8 +875,7 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, + fprintf(fp, " peer %s/%d ", + format_host(ifa->ifa_family, + RTA_PAYLOAD(rta_tb[IFA_ADDRESS]), +- RTA_DATA(rta_tb[IFA_ADDRESS]), +- abuf, sizeof(abuf)), ++ RTA_DATA(rta_tb[IFA_ADDRESS])), + ifa->ifa_prefixlen); + } + } +@@ -887,15 +884,13 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, + fprintf(fp, "brd %s ", + format_host(ifa->ifa_family, + RTA_PAYLOAD(rta_tb[IFA_BROADCAST]), +- RTA_DATA(rta_tb[IFA_BROADCAST]), +- abuf, sizeof(abuf))); ++ RTA_DATA(rta_tb[IFA_BROADCAST]))); + } + if (rta_tb[IFA_ANYCAST]) { + fprintf(fp, "any %s ", + format_host(ifa->ifa_family, + RTA_PAYLOAD(rta_tb[IFA_ANYCAST]), +- RTA_DATA(rta_tb[IFA_ANYCAST]), +- abuf, sizeof(abuf))); ++ RTA_DATA(rta_tb[IFA_ANYCAST]))); + } + fprintf(fp, "scope %s ", rtnl_rtscope_n2a(ifa->ifa_scope, b1, sizeof(b1))); + if (ifa_flags & IFA_F_SECONDARY) { +diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c +index a0b6e6f..e834a87 100644 +--- a/ip/ipaddrlabel.c ++++ b/ip/ipaddrlabel.c +@@ -61,7 +61,6 @@ int print_addrlabel(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg + struct ifaddrlblmsg *ifal = NLMSG_DATA(n); + int len = n->nlmsg_len; + struct rtattr *tb[IFAL_MAX+1]; +- char abuf[256]; + + if (n->nlmsg_type != RTM_NEWADDRLABEL && n->nlmsg_type != RTM_DELADDRLABEL) + return 0; +@@ -79,8 +78,7 @@ int print_addrlabel(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg + fprintf(fp, "prefix %s/%u ", + format_host(ifal->ifal_family, + RTA_PAYLOAD(tb[IFAL_ADDRESS]), +- RTA_DATA(tb[IFAL_ADDRESS]), +- abuf, sizeof(abuf)), ++ RTA_DATA(tb[IFAL_ADDRESS])), + ifal->ifal_prefixlen); + } + +diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c +index 905c537..2e15a1d 100644 +--- a/ip/iplink_geneve.c ++++ b/ip/iplink_geneve.c +@@ -181,7 +181,6 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, + static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + { + __u32 vni; +- char s1[1024]; + __u8 tos; + + if (!tb) +@@ -198,14 +197,14 @@ static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + __be32 addr = rta_getattr_u32(tb[IFLA_GENEVE_REMOTE]); + if (addr) + fprintf(f, "remote %s ", +- format_host(AF_INET, 4, &addr, s1, sizeof(s1))); ++ format_host(AF_INET, 4, &addr)); + } else if (tb[IFLA_GENEVE_REMOTE6]) { + struct in6_addr addr; + memcpy(&addr, RTA_DATA(tb[IFLA_GENEVE_REMOTE6]), sizeof(struct in6_addr)); + if (memcmp(&addr, &in6addr_any, sizeof(addr)) != 0) { + if (!IN6_IS_ADDR_MULTICAST(&addr)) + fprintf(f, "remote %s ", +- format_host(AF_INET6, sizeof(struct in6_addr), &addr, s1, sizeof(s1))); ++ format_host(AF_INET6, sizeof(struct in6_addr), &addr)); + } + } + +diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c +index 015d7d9..6cae35b 100644 +--- a/ip/iplink_vxlan.c ++++ b/ip/iplink_vxlan.c +@@ -282,7 +282,6 @@ static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + unsigned link; + __u8 tos; + __u32 maxaddr; +- char s1[1024]; + char s2[64]; + + if (!tb) +@@ -300,10 +299,10 @@ static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (addr) { + if (IN_MULTICAST(ntohl(addr))) + fprintf(f, "group %s ", +- format_host(AF_INET, 4, &addr, s1, sizeof(s1))); ++ format_host(AF_INET, 4, &addr)); + else + fprintf(f, "remote %s ", +- format_host(AF_INET, 4, &addr, s1, sizeof(s1))); ++ format_host(AF_INET, 4, &addr)); + } + } else if (tb[IFLA_VXLAN_GROUP6]) { + struct in6_addr addr; +@@ -311,10 +310,10 @@ static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (memcmp(&addr, &in6addr_any, sizeof(addr)) != 0) { + if (IN6_IS_ADDR_MULTICAST(&addr)) + fprintf(f, "group %s ", +- format_host(AF_INET6, sizeof(struct in6_addr), &addr, s1, sizeof(s1))); ++ format_host(AF_INET6, sizeof(struct in6_addr), &addr)); + else + fprintf(f, "remote %s ", +- format_host(AF_INET6, sizeof(struct in6_addr), &addr, s1, sizeof(s1))); ++ format_host(AF_INET6, sizeof(struct in6_addr), &addr)); + } + } + +@@ -322,13 +321,13 @@ static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + __be32 addr = rta_getattr_u32(tb[IFLA_VXLAN_LOCAL]); + if (addr) + fprintf(f, "local %s ", +- format_host(AF_INET, 4, &addr, s1, sizeof(s1))); ++ format_host(AF_INET, 4, &addr)); + } else if (tb[IFLA_VXLAN_LOCAL6]) { + struct in6_addr addr; + memcpy(&addr, RTA_DATA(tb[IFLA_VXLAN_LOCAL6]), sizeof(struct in6_addr)); + if (memcmp(&addr, &in6addr_any, sizeof(addr)) != 0) + fprintf(f, "local %s ", +- format_host(AF_INET6, sizeof(struct in6_addr), &addr, s1, sizeof(s1))); ++ format_host(AF_INET6, sizeof(struct in6_addr), &addr)); + } + + if (tb[IFLA_VXLAN_LINK] && +diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c +index a77a18f..5c3dc28 100644 +--- a/ip/ipmaddr.c ++++ b/ip/ipmaddr.c +@@ -204,7 +204,6 @@ static void print_maddr(FILE *fp, struct ma_info *list) + list->addr.bytelen, 0, + b1, sizeof(b1))); + } else { +- char abuf[256]; + switch(list->addr.family) { + case AF_INET: + fprintf(fp, "inet "); +@@ -218,9 +217,7 @@ static void print_maddr(FILE *fp, struct ma_info *list) + } + fprintf(fp, "%s", + format_host(list->addr.family, +- -1, +- list->addr.data, +- abuf, sizeof(abuf))); ++ -1, list->addr.data)); + } + if (list->users != 1) + fprintf(fp, " users %d", list->users); +diff --git a/ip/ipneigh.c b/ip/ipneigh.c +index 472555d..b99a120 100644 +--- a/ip/ipneigh.c ++++ b/ip/ipneigh.c +@@ -193,7 +193,6 @@ int print_neigh(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + struct ndmsg *r = NLMSG_DATA(n); + int len = n->nlmsg_len; + struct rtattr * tb[NDA_MAX+1]; +- char abuf[256]; + + if (n->nlmsg_type != RTM_NEWNEIGH && n->nlmsg_type != RTM_DELNEIGH && + n->nlmsg_type != RTM_GETNEIGH) { +@@ -264,8 +263,7 @@ int print_neigh(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "%s ", + format_host(r->ndm_family, + RTA_PAYLOAD(tb[NDA_DST]), +- RTA_DATA(tb[NDA_DST]), +- abuf, sizeof(abuf))); ++ RTA_DATA(tb[NDA_DST]))); + } + if (!filter.index && r->ndm_ifindex) + fprintf(fp, "dev %s ", ll_index_to_name(r->ndm_ifindex)); +diff --git a/ip/iproute.c b/ip/iproute.c +index eb5d145..2bc2041 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -366,8 +366,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + } else { + fprintf(fp, "%s ", format_host(r->rtm_family, + RTA_PAYLOAD(tb[RTA_DST]), +- RTA_DATA(tb[RTA_DST]), +- abuf, sizeof(abuf)) ++ RTA_DATA(tb[RTA_DST])) + ); + } + } else if (r->rtm_dst_len) { +@@ -386,8 +385,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + } else { + fprintf(fp, "from %s ", format_host(r->rtm_family, + RTA_PAYLOAD(tb[RTA_SRC]), +- RTA_DATA(tb[RTA_SRC]), +- abuf, sizeof(abuf)) ++ RTA_DATA(tb[RTA_SRC])) + ); + } + } else if (r->rtm_src_len) { +@@ -406,8 +404,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "via %s ", + format_host(r->rtm_family, + RTA_PAYLOAD(tb[RTA_GATEWAY]), +- RTA_DATA(tb[RTA_GATEWAY]), +- abuf, sizeof(abuf))); ++ RTA_DATA(tb[RTA_GATEWAY]))); + } + if (tb[RTA_OIF] && filter.oifmask != -1) + fprintf(fp, "dev %s ", ll_index_to_name(*(int*)RTA_DATA(tb[RTA_OIF]))); +@@ -629,8 +626,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, " via %s ", + format_host(r->rtm_family, + RTA_PAYLOAD(tb[RTA_GATEWAY]), +- RTA_DATA(tb[RTA_GATEWAY]), +- abuf, sizeof(abuf))); ++ RTA_DATA(tb[RTA_GATEWAY]))); + } + if (tb[RTA_FLOW]) { + __u32 to = rta_getattr_u32(tb[RTA_FLOW]); +diff --git a/ip/iprule.c b/ip/iprule.c +index 63d7fcc..14eb852 100644 +--- a/ip/iprule.c ++++ b/ip/iprule.c +@@ -96,8 +96,7 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + } else { + fprintf(fp, "from %s ", format_host(r->rtm_family, + RTA_PAYLOAD(tb[FRA_SRC]), +- RTA_DATA(tb[FRA_SRC]), +- abuf, sizeof(abuf)) ++ RTA_DATA(tb[FRA_SRC])) + ); + } + } else if (r->rtm_src_len) { +@@ -117,8 +116,7 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + } else { + fprintf(fp, "to %s ", format_host(r->rtm_family, + RTA_PAYLOAD(tb[FRA_DST]), +- RTA_DATA(tb[FRA_DST]), +- abuf, sizeof(abuf))); ++ RTA_DATA(tb[FRA_DST]))); + } + } else if (r->rtm_dst_len) { + fprintf(fp, "to 0/%d ", r->rtm_dst_len); +@@ -175,8 +173,7 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "map-to %s ", + format_host(r->rtm_family, + RTA_PAYLOAD(tb[RTA_GATEWAY]), +- RTA_DATA(tb[RTA_GATEWAY]), +- abuf, sizeof(abuf))); ++ RTA_DATA(tb[RTA_GATEWAY]))); + } else + fprintf(fp, "masquerade"); + } else if (r->rtm_type == FR_ACT_GOTO) { +diff --git a/ip/iptoken.c b/ip/iptoken.c +index 0d265e6..b8b0df0 100644 +--- a/ip/iptoken.c ++++ b/ip/iptoken.c +@@ -51,7 +51,6 @@ static int print_token(const struct sockaddr_nl *who, struct nlmsghdr *n, void * + int len = n->nlmsg_len; + struct rtattr *tb[IFLA_MAX + 1]; + struct rtattr *ltb[IFLA_INET6_MAX + 1]; +- char abuf[256]; + + if (n->nlmsg_type != RTM_NEWLINK) + return -1; +@@ -82,8 +81,7 @@ static int print_token(const struct sockaddr_nl *who, struct nlmsghdr *n, void * + fprintf(fp, "token %s ", + format_host(ifi->ifi_family, + RTA_PAYLOAD(ltb[IFLA_INET6_TOKEN]), +- RTA_DATA(ltb[IFLA_INET6_TOKEN]), +- abuf, sizeof(abuf))); ++ RTA_DATA(ltb[IFLA_INET6_TOKEN]))); + fprintf(fp, "dev %s ", ll_index_to_name(ifi->ifi_index)); + fprintf(fp, "\n"); + fflush(fp); +diff --git a/ip/iptunnel.c b/ip/iptunnel.c +index b9b24e8..17b377c 100644 +--- a/ip/iptunnel.c ++++ b/ip/iptunnel.c +@@ -346,7 +346,7 @@ static void print_tunnel(struct ip_tunnel_parm *p) + printf("%s: %s/ip remote %s local %s ", + p->name, + tnl_strproto(p->iph.protocol), +- p->iph.daddr ? format_host(AF_INET, 4, &p->iph.daddr, s1, sizeof(s1)) : "any", ++ p->iph.daddr ? format_host_r(AF_INET, 4, &p->iph.daddr, s1, sizeof(s1)) : "any", + p->iph.saddr ? rt_addr_n2a(AF_INET, 4, &p->iph.saddr, s2, sizeof(s2)) : "any"); + + if (p->iph.protocol == IPPROTO_IPV6 && (p->i_flags & SIT_ISATAP)) { +@@ -363,7 +363,7 @@ static void print_tunnel(struct ip_tunnel_parm *p) + if (prl[i].addr != htonl(INADDR_ANY)) { + printf(" %s %s ", + (prl[i].flags & PRL_DEFAULT) ? "pdr" : "pr", +- format_host(AF_INET, 4, &prl[i].addr, s1, sizeof(s1))); ++ format_host(AF_INET, 4, &prl[i].addr)); + } + } + } +@@ -398,7 +398,7 @@ static void print_tunnel(struct ip_tunnel_parm *p) + ip6rd.prefixlen); + if (ip6rd.relay_prefix) { + printf("6rd-relay_prefix %s/%u ", +- format_host(AF_INET, 4, &ip6rd.relay_prefix, s1, sizeof(s1)), ++ format_host(AF_INET, 4, &ip6rd.relay_prefix), + ip6rd.relay_prefixlen); + } + } +diff --git a/ip/link_gre.c b/ip/link_gre.c +index 62acf46..25a4047 100644 +--- a/ip/link_gre.c ++++ b/ip/link_gre.c +@@ -276,7 +276,6 @@ get_failed: + + static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + { +- char s1[1024]; + char s2[64]; + const char *local = "any"; + const char *remote = "any"; +@@ -290,7 +289,7 @@ static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + unsigned addr = rta_getattr_u32(tb[IFLA_GRE_REMOTE]); + + if (addr) +- remote = format_host(AF_INET, 4, &addr, s1, sizeof(s1)); ++ remote = format_host(AF_INET, 4, &addr); + } + + fprintf(f, "remote %s ", remote); +@@ -299,7 +298,7 @@ static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + unsigned addr = rta_getattr_u32(tb[IFLA_GRE_LOCAL]); + + if (addr) +- local = format_host(AF_INET, 4, &addr, s1, sizeof(s1)); ++ local = format_host(AF_INET, 4, &addr); + } + + fprintf(f, "local %s ", local); +diff --git a/ip/link_gre6.c b/ip/link_gre6.c +index e00ea09..e07a0ad 100644 +--- a/ip/link_gre6.c ++++ b/ip/link_gre6.c +@@ -297,7 +297,6 @@ get_failed: + + static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + { +- char s1[1024]; + char s2[64]; + const char *local = "any"; + const char *remote = "any"; +@@ -321,7 +320,7 @@ static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + memcpy(&addr, RTA_DATA(tb[IFLA_GRE_REMOTE]), sizeof(addr)); + + if (memcmp(&addr, &in6_addr_any, sizeof(addr))) +- remote = format_host(AF_INET6, sizeof(addr), &addr, s1, sizeof(s1)); ++ remote = format_host(AF_INET6, sizeof(addr), &addr); + } + + fprintf(f, "remote %s ", remote); +@@ -331,7 +330,7 @@ static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + memcpy(&addr, RTA_DATA(tb[IFLA_GRE_LOCAL]), sizeof(addr)); + + if (memcmp(&addr, &in6_addr_any, sizeof(addr))) +- local = format_host(AF_INET6, sizeof(addr), &addr, s1, sizeof(s1)); ++ local = format_host(AF_INET6, sizeof(addr), &addr); + } + + fprintf(f, "local %s ", local); +diff --git a/ip/link_iptnl.c b/ip/link_iptnl.c +index 4d5422b..0d83310 100644 +--- a/ip/link_iptnl.c ++++ b/ip/link_iptnl.c +@@ -258,7 +258,7 @@ static void iptunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[ + unsigned addr = rta_getattr_u32(tb[IFLA_IPTUN_REMOTE]); + + if (addr) +- remote = format_host(AF_INET, 4, &addr, s1, sizeof(s1)); ++ remote = format_host(AF_INET, 4, &addr); + } + + fprintf(f, "remote %s ", remote); +@@ -267,7 +267,7 @@ static void iptunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[ + unsigned addr = rta_getattr_u32(tb[IFLA_IPTUN_LOCAL]); + + if (addr) +- local = format_host(AF_INET, 4, &addr, s1, sizeof(s1)); ++ local = format_host(AF_INET, 4, &addr); + } + + fprintf(f, "local %s ", local); +@@ -323,8 +323,7 @@ static void iptunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[ + prefixlen); + if (relayprefix) { + printf("6rd-relay_prefix %s/%u ", +- format_host(AF_INET, 4, &relayprefix, s1, +- sizeof(s1)), ++ format_host(AF_INET, 4, &relayprefix), + relayprefixlen); + } + } +diff --git a/ip/link_vti.c b/ip/link_vti.c +index f3fea33..83d6187 100644 +--- a/ip/link_vti.c ++++ b/ip/link_vti.c +@@ -198,7 +198,6 @@ get_failed: + + static void vti_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + { +- char s1[1024]; + char s2[64]; + const char *local = "any"; + const char *remote = "any"; +@@ -210,7 +209,7 @@ static void vti_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + unsigned addr = *(__u32 *)RTA_DATA(tb[IFLA_VTI_REMOTE]); + + if (addr) +- remote = format_host(AF_INET, 4, &addr, s1, sizeof(s1)); ++ remote = format_host(AF_INET, 4, &addr); + } + + fprintf(f, "remote %s ", remote); +@@ -219,7 +218,7 @@ static void vti_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + unsigned addr = *(__u32 *)RTA_DATA(tb[IFLA_VTI_LOCAL]); + + if (addr) +- local = format_host(AF_INET, 4, &addr, s1, sizeof(s1)); ++ local = format_host(AF_INET, 4, &addr); + } + + fprintf(f, "local %s ", local); +diff --git a/ip/link_vti6.c b/ip/link_vti6.c +index c146f79..699a6ab 100644 +--- a/ip/link_vti6.c ++++ b/ip/link_vti6.c +@@ -195,7 +195,6 @@ get_failed: + + static void vti6_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + { +- char s1[1024]; + char s2[64]; + const char *local = "any"; + const char *remote = "any"; +@@ -208,7 +207,7 @@ static void vti6_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_VTI_REMOTE]) { + memcpy(&daddr, RTA_DATA(tb[IFLA_VTI_REMOTE]), sizeof(daddr)); + +- remote = format_host(AF_INET6, 16, &daddr, s1, sizeof(s1)); ++ remote = format_host(AF_INET6, 16, &daddr); + } + + fprintf(f, "remote %s ", remote); +@@ -216,7 +215,7 @@ static void vti6_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + if (tb[IFLA_VTI_LOCAL]) { + memcpy(&saddr, RTA_DATA(tb[IFLA_VTI_LOCAL]), sizeof(saddr)); + +- local = format_host(AF_INET6, 16, &saddr, s1, sizeof(s1)); ++ local = format_host(AF_INET6, 16, &saddr); + } + + fprintf(f, "local %s ", local); +diff --git a/ip/tcp_metrics.c b/ip/tcp_metrics.c +index 7e7cf27..c55d9ad 100644 +--- a/ip/tcp_metrics.c ++++ b/ip/tcp_metrics.c +@@ -94,7 +94,6 @@ static int process_msg(const struct sockaddr_nl *who, struct nlmsghdr *n, + struct genlmsghdr *ghdr; + struct rtattr *attrs[TCP_METRICS_ATTR_MAX + 1], *a; + int len = n->nlmsg_len; +- char abuf[256]; + inet_prefix addr; + int family, i, atype; + +@@ -161,8 +160,7 @@ static int process_msg(const struct sockaddr_nl *who, struct nlmsghdr *n, + fprintf(fp, "Deleted "); + + fprintf(fp, "%s", +- format_host(family, RTA_PAYLOAD(a), &addr.data, +- abuf, sizeof(abuf))); ++ format_host(family, RTA_PAYLOAD(a), &addr.data)); + + a = attrs[TCP_METRICS_ATTR_AGE]; + if (a) { +diff --git a/lib/utils.c b/lib/utils.c +index d3ed875..9764d75 100644 +--- a/lib/utils.c ++++ b/lib/utils.c +@@ -780,7 +780,7 @@ static const char *resolve_address(const void *addr, int len, int af) + #endif + + +-const char *format_host(int af, int len, const void *addr, ++const char *format_host_r(int af, int len, const void *addr, + char *buf, int buflen) + { + #ifdef RESOLVE_HOSTNAMES +@@ -816,6 +816,13 @@ const char *format_host(int af, int len, const void *addr, + return rt_addr_n2a(af, len, addr, buf, buflen); + } + ++const char *format_host(int af, int len, const void *addr) ++{ ++ static char buf[256]; ++ ++ return format_host_r(af, len, addr, buf, 256); ++} ++ + + char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen) + { +diff --git a/misc/ss.c b/misc/ss.c +index d438428..46b0925 100644 +--- a/misc/ss.c ++++ b/misc/ss.c +@@ -1074,10 +1074,10 @@ static void inet_addr_print(const inet_prefix *a, int port, unsigned int ifindex + buf[0] = '*'; + buf[1] = 0; + } else { +- ap = format_host(AF_INET, 4, a->data, buf, sizeof(buf)); ++ ap = format_host(AF_INET, 4, a->data); + } + } else { +- ap = format_host(a->family, 16, a->data, buf, sizeof(buf)); ++ ap = format_host(a->family, 16, a->data); + est_len = strlen(ap); + if (est_len <= addr_width) + est_len = addr_width; +@@ -2119,7 +2119,6 @@ static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r, + + static const char *format_host_sa(struct sockaddr_storage *sa) + { +- char buf[1024]; + union { + struct sockaddr_in sin; + struct sockaddr_in6 sin6; +@@ -2127,11 +2126,9 @@ static const char *format_host_sa(struct sockaddr_storage *sa) + + switch (sa->ss_family) { + case AF_INET: +- return format_host(AF_INET, 4, &saddr->sin.sin_addr, +- buf, sizeof(buf)); ++ return format_host(AF_INET, 4, &saddr->sin.sin_addr); + case AF_INET6: +- return format_host(AF_INET6, 16, &saddr->sin6.sin6_addr, +- buf, sizeof(buf)); ++ return format_host(AF_INET6, 16, &saddr->sin6.sin6_addr); + default: + return ""; + } +diff --git a/tc/m_nat.c b/tc/m_nat.c +index 01ec032..df5c911 100644 +--- a/tc/m_nat.c ++++ b/tc/m_nat.c +@@ -190,9 +190,9 @@ print_nat(struct action_util *au,FILE * f, struct rtattr *arg) + + fprintf(f, " nat %s %s/%d %s %s", sel->flags & TCA_NAT_FLAG_EGRESS ? + "egress" : "ingress", +- format_host(AF_INET, 4, &sel->old_addr, buf1, sizeof(buf1)), ++ format_host_r(AF_INET, 4, &sel->old_addr, buf1, sizeof(buf1)), + len, +- format_host(AF_INET, 4, &sel->new_addr, buf2, sizeof(buf2)), ++ format_host_r(AF_INET, 4, &sel->new_addr, buf2, sizeof(buf2)), + action_n2a(sel->action, buf3, sizeof (buf3))); + + if (show_stats) { +-- +1.8.3.1 + diff --git a/SOURCES/0104-man-ip-rule.8-Review-synopsis-section.patch b/SOURCES/0104-man-ip-rule.8-Review-synopsis-section.patch deleted file mode 100644 index adb245b..0000000 --- a/SOURCES/0104-man-ip-rule.8-Review-synopsis-section.patch +++ /dev/null @@ -1,81 +0,0 @@ -From f50767955c0f8e45fc13b5756bed7bb5bce12bca Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:41:49 +0100 -Subject: [PATCH] man: ip-rule.8: Review synopsis section - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 582b0fc6cb443 -Conflicts: Adjusted to missing save/restore feature and suppressor flag. - -commit 582b0fc6cb443ebe71b82654aa6307d55cd1fc1a -Author: Phil Sutter -Date: Wed Mar 2 19:20:02 2016 +0100 - - man: ip-rule.8: Review synopsis section - - Clarify that 'ip rule' defaults to action 'list', that 'flush' and - 'save' actions don't accept additional parameters, add missing 'not' and - 'goto' keywords and finally fix fonts used in 'fwmark' and 'realms' - parameters. - - Signed-off-by: Phil Sutter ---- - man/man8/ip-rule.8 | 19 +++++++++++++++---- - 1 file changed, 15 insertions(+), 4 deletions(-) - -diff --git a/man/man8/ip-rule.8 b/man/man8/ip-rule.8 -index 16414c5..2594ff3 100644 ---- a/man/man8/ip-rule.8 -+++ b/man/man8/ip-rule.8 -@@ -9,17 +9,26 @@ ip-rule \- routing policy database management - .B ip - .RI "[ " OPTIONS " ]" - .B rule --.RI " { " COMMAND " | " -+.RI "{ " COMMAND " | " - .BR help " }" - .sp - - .ti -8 - .B ip rule --.RB " [ " list " | " add " | " del " | " flush " ]" -+.RB "[ " list " ]" -+ -+.ti -8 -+.B ip rule -+.RB "{ " add " | " del " }" - .I SELECTOR ACTION - - .ti -8 -+.B ip rule -+.RB "{ " flush " }" -+ -+.ti -8 - .IR SELECTOR " := [ " -+.BR not " ] [" - .B from - .IR PREFIX " ] [ " - .B to -@@ -27,7 +36,7 @@ ip-rule \- routing policy database management - .B tos - .IR TOS " ] [ " - .B fwmark --.IR FWMARK[/MASK] " ] [ " -+.IR FWMARK\fR[\fB/\fIMASK "] ] [ " - .B iif - .IR STRING " ] [ " - .B oif -@@ -42,7 +51,9 @@ ip-rule \- routing policy database management - .B nat - .IR ADDRESS " ] [ " - .B realms --.RI "[" SRCREALM "/]" DSTREALM " ]" -+.RI "[" SRCREALM "\fB/\fR]" DSTREALM " ] [" -+.B goto -+.IR NUMBER " ]" - - .ti -8 - .IR TABLE_ID " := [ " --- -1.8.3.1 - diff --git a/SOURCES/0105-man-ip-token.8-Review-synopsis-section.patch b/SOURCES/0105-man-ip-token.8-Review-synopsis-section.patch deleted file mode 100644 index 5365fef..0000000 --- a/SOURCES/0105-man-ip-token.8-Review-synopsis-section.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 4ec32c42f38a0df94e138fff65eb292cc5e31b4b Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:44:16 +0100 -Subject: [PATCH] man: ip-token.8: Review synopsis section - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 16a124ea2dac1 - -commit 16a124ea2dac186d4c54f3bc166a7be4882855ba -Author: Phil Sutter -Date: Wed Mar 2 19:20:03 2016 +0100 - - man: ip-token.8: Review synopsis section - - Drop unnecessary curly braces around single action keywords, point out - that 'dev' parameter to 'ip token get' is optional and clarify that 'ip - token' defaults to 'list' action. - - Signed-off-by: Phil Sutter ---- - man/man8/ip-token.8 | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/man/man8/ip-token.8 b/man/man8/ip-token.8 -index 521596f..1303bbb 100644 ---- a/man/man8/ip-token.8 -+++ b/man/man8/ip-token.8 -@@ -7,23 +7,23 @@ ip-token \- tokenized interface identifer support - .in +8 - .ti -8 - .B ip token --.RI " { " COMMAND " | " -+.RI "{ " COMMAND " | " - .BR help " }" - .sp - - .ti -8 --.BR "ip token" " { " set " } " -+.B ip token set - .IR TOKEN - .B dev - .IR DEV - - .ti -8 --.BR "ip token" " { " get " } " --.B dev --.IR DEV -+.B ip token get -+.RB "[ " dev -+.IR DEV " ]" - - .ti -8 --.BR "ip token" " { " list " }" -+.BR "ip token" " [ " list " ]" - - .SH "DESCRIPTION" - IPv6 tokenized interface identifer support is used for assigning well-known --- -1.8.3.1 - diff --git a/SOURCES/0105-utils-make-rt_addr_n2a-non-reentrant-by-default.patch b/SOURCES/0105-utils-make-rt_addr_n2a-non-reentrant-by-default.patch new file mode 100644 index 0000000..152e472 --- /dev/null +++ b/SOURCES/0105-utils-make-rt_addr_n2a-non-reentrant-by-default.patch @@ -0,0 +1,466 @@ +From 397fcc28438965bdd9c175ebe230c47a9564527e Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:20:23 +0100 +Subject: [PATCH] utils: make rt_addr_n2a() non-reentrant by default + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 2e96d2ccd03a2 +Conflicts: Context changes due to not backported whitespace cleanup from + upstream. +* Drop iproute_lwtunnel hunks as we don't support it + +commit 2e96d2ccd03a29896fc8a2c6ee6b769c512501df +Author: Phil Sutter +Date: Tue Mar 22 19:35:16 2016 +0100 + + utils: make rt_addr_n2a() non-reentrant by default + + There is only a single user who needs it to be reentrant (not really, + but it's safer like this), add rt_addr_n2a_r() for it to use. + + Signed-off-by: Phil Sutter +--- + include/utils.h | 3 ++- + ip/ip6tunnel.c | 2 +- + ip/iplink_bond.c | 5 +---- + ip/ipmroute.c | 7 ++----- + ip/ipprefix.c | 5 +---- + ip/iproute.c | 10 +++------- + ip/iprule.c | 7 ++----- + ip/iptunnel.c | 2 +- + ip/ipxfrm.c | 29 ++++++----------------------- + ip/link_ip6tnl.c | 7 ++----- + ip/xfrm_monitor.c | 16 +++------------- + lib/utils.c | 11 +++++++++-- + tc/f_flower.c | 7 ++----- + 14 files changed, 37 insertions(+), 81 deletions(-) + +diff --git a/include/utils.h b/include/utils.h +index df6ce04..28684c5 100644 +--- a/include/utils.h ++++ b/include/utils.h +@@ -112,8 +112,9 @@ __u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len); + const char *format_host_r(int af, int len, const void *addr, + char *buf, int buflen); + const char *format_host(int af, int lne, const void *addr); +-const char *rt_addr_n2a(int af, int len, const void *addr, ++const char *rt_addr_n2a_r(int af, int len, const void *addr, + char *buf, int buflen); ++const char *rt_addr_n2a(int af, int len, const void *addr); + + int read_family(const char *name); + const char *family_name(int family); +diff --git a/ip/ip6tunnel.c b/ip/ip6tunnel.c +index ab8603d..e99a851 100644 +--- a/ip/ip6tunnel.c ++++ b/ip/ip6tunnel.c +@@ -79,7 +79,7 @@ static void print_tunnel(struct ip6_tnl_parm2 *p) + p->name, + tnl_strproto(p->proto), + format_host_r(AF_INET6, 16, &p->raddr, s1, sizeof(s1)), +- rt_addr_n2a(AF_INET6, 16, &p->laddr, s2, sizeof(s2))); ++ rt_addr_n2a_r(AF_INET6, 16, &p->laddr, s2, sizeof(s2))); + if (p->link) { + const char *n = ll_index_to_name(p->link); + if (n) +diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c +index cb2f045..6881eda 100644 +--- a/ip/iplink_bond.c ++++ b/ip/iplink_bond.c +@@ -410,7 +410,6 @@ static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + + if (tb[IFLA_BOND_ARP_IP_TARGET]) { + struct rtattr *iptb[BOND_MAX_ARP_TARGETS + 1]; +- char buf[INET_ADDRSTRLEN]; + int i; + + parse_rtattr_nested(iptb, BOND_MAX_ARP_TARGETS, +@@ -424,9 +423,7 @@ static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + fprintf(f, "%s", + rt_addr_n2a(AF_INET, + RTA_PAYLOAD(iptb[i]), +- RTA_DATA(iptb[i]), +- buf, +- INET_ADDRSTRLEN)); ++ RTA_DATA(iptb[i]))); + if (i < BOND_MAX_ARP_TARGETS-1 && iptb[i+1]) + fprintf(f, ","); + } +diff --git a/ip/ipmroute.c b/ip/ipmroute.c +index 2c08fee..2daecc0 100644 +--- a/ip/ipmroute.c ++++ b/ip/ipmroute.c +@@ -59,7 +59,6 @@ int print_mroute(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + struct rtmsg *r = NLMSG_DATA(n); + int len = n->nlmsg_len; + struct rtattr * tb[RTA_MAX+1]; +- char abuf[256]; + char obuf[256]; + SPRINT_BUF(b1); + __u32 table; +@@ -117,16 +116,14 @@ int print_mroute(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + len = snprintf(obuf, sizeof(obuf), + "(%s, ", rt_addr_n2a(family, + RTA_PAYLOAD(tb[RTA_SRC]), +- RTA_DATA(tb[RTA_SRC]), +- abuf, sizeof(abuf))); ++ RTA_DATA(tb[RTA_SRC]))); + else + len = sprintf(obuf, "(unknown, "); + if (tb[RTA_DST]) + snprintf(obuf + len, sizeof(obuf) - len, + "%s)", rt_addr_n2a(family, + RTA_PAYLOAD(tb[RTA_DST]), +- RTA_DATA(tb[RTA_DST]), +- abuf, sizeof(abuf))); ++ RTA_DATA(tb[RTA_DST]))); + else + snprintf(obuf + len, sizeof(obuf) - len, "unknown) "); + +diff --git a/ip/ipprefix.c b/ip/ipprefix.c +index 286c09b..7b0a762 100644 +--- a/ip/ipprefix.c ++++ b/ip/ipprefix.c +@@ -76,15 +76,12 @@ int print_prefix(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + if (tb[PREFIX_ADDRESS]) { + struct in6_addr *pfx; +- char abuf[256]; + + pfx = (struct in6_addr *)RTA_DATA(tb[PREFIX_ADDRESS]); + +- memset(abuf, '\0', sizeof(abuf)); + fprintf(fp, "%s", rt_addr_n2a(family, + RTA_PAYLOAD(tb[PREFIX_ADDRESS]), +- pfx, +- abuf, sizeof(abuf))); ++ pfx)); + } + fprintf(fp, "/%u ", prefix->prefix_len); + +diff --git a/ip/iproute.c b/ip/iproute.c +index 2bc2041..c3006e4 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -306,7 +306,6 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + struct rtmsg *r = NLMSG_DATA(n); + int len = n->nlmsg_len; + struct rtattr * tb[RTA_MAX+1]; +- char abuf[256]; + int host_len = -1; + __u32 table; + SPRINT_BUF(b1); +@@ -359,8 +358,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + if (r->rtm_dst_len != host_len) { + fprintf(fp, "%s/%u ", rt_addr_n2a(r->rtm_family, + RTA_PAYLOAD(tb[RTA_DST]), +- RTA_DATA(tb[RTA_DST]), +- abuf, sizeof(abuf)), ++ RTA_DATA(tb[RTA_DST])), + r->rtm_dst_len + ); + } else { +@@ -378,8 +376,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + if (r->rtm_src_len != host_len) { + fprintf(fp, "from %s/%u ", rt_addr_n2a(r->rtm_family, + RTA_PAYLOAD(tb[RTA_SRC]), +- RTA_DATA(tb[RTA_SRC]), +- abuf, sizeof(abuf)), ++ RTA_DATA(tb[RTA_SRC])), + r->rtm_src_len + ); + } else { +@@ -424,8 +421,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "src %s ", + rt_addr_n2a(r->rtm_family, + RTA_PAYLOAD(tb[RTA_PREFSRC]), +- RTA_DATA(tb[RTA_PREFSRC]), +- abuf, sizeof(abuf))); ++ RTA_DATA(tb[RTA_PREFSRC]))); + } + if (tb[RTA_PRIORITY]) + fprintf(fp, "metric %u ", rta_getattr_u32(tb[RTA_PRIORITY])); +diff --git a/ip/iprule.c b/ip/iprule.c +index 14eb852..87adb3b 100644 +--- a/ip/iprule.c ++++ b/ip/iprule.c +@@ -53,7 +53,6 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + int host_len = -1; + __u32 table; + struct rtattr * tb[FRA_MAX+1]; +- char abuf[256]; + SPRINT_BUF(b1); + + if (n->nlmsg_type != RTM_NEWRULE && n->nlmsg_type != RTM_DELRULE) +@@ -89,8 +88,7 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + if (r->rtm_src_len != host_len) { + fprintf(fp, "from %s/%u ", rt_addr_n2a(r->rtm_family, + RTA_PAYLOAD(tb[FRA_SRC]), +- RTA_DATA(tb[FRA_SRC]), +- abuf, sizeof(abuf)), ++ RTA_DATA(tb[FRA_SRC])), + r->rtm_src_len + ); + } else { +@@ -109,8 +107,7 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + if (r->rtm_dst_len != host_len) { + fprintf(fp, "to %s/%u ", rt_addr_n2a(r->rtm_family, + RTA_PAYLOAD(tb[FRA_DST]), +- RTA_DATA(tb[FRA_DST]), +- abuf, sizeof(abuf)), ++ RTA_DATA(tb[FRA_DST])), + r->rtm_dst_len + ); + } else { +diff --git a/ip/iptunnel.c b/ip/iptunnel.c +index 17b377c..c78c7f5 100644 +--- a/ip/iptunnel.c ++++ b/ip/iptunnel.c +@@ -347,7 +347,7 @@ static void print_tunnel(struct ip_tunnel_parm *p) + p->name, + tnl_strproto(p->iph.protocol), + p->iph.daddr ? format_host_r(AF_INET, 4, &p->iph.daddr, s1, sizeof(s1)) : "any", +- p->iph.saddr ? rt_addr_n2a(AF_INET, 4, &p->iph.saddr, s2, sizeof(s2)) : "any"); ++ p->iph.saddr ? rt_addr_n2a_r(AF_INET, 4, &p->iph.saddr, s2, sizeof(s2)) : "any"); + + if (p->iph.protocol == IPPROTO_IPV6 && (p->i_flags & SIT_ISATAP)) { + struct ip_tunnel_prl prl[16]; +diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c +index 0344355..899ec9d 100644 +--- a/ip/ipxfrm.c ++++ b/ip/ipxfrm.c +@@ -283,17 +283,11 @@ void xfrm_id_info_print(xfrm_address_t *saddr, struct xfrm_id *id, + __u8 mode, __u32 reqid, __u16 family, int force_spi, + FILE *fp, const char *prefix, const char *title) + { +- char abuf[256]; +- + if (title) + fputs(title, fp); + +- memset(abuf, '\0', sizeof(abuf)); +- fprintf(fp, "src %s ", rt_addr_n2a(family, sizeof(*saddr), +- saddr, abuf, sizeof(abuf))); +- memset(abuf, '\0', sizeof(abuf)); +- fprintf(fp, "dst %s", rt_addr_n2a(family, sizeof(id->daddr), +- &id->daddr, abuf, sizeof(abuf))); ++ fprintf(fp, "src %s ", rt_addr_n2a(family, sizeof(*saddr), saddr)); ++ fprintf(fp, "dst %s", rt_addr_n2a(family, sizeof(id->daddr), &id->daddr)); + fprintf(fp, "%s", _SL_); + + if (prefix) +@@ -443,7 +437,6 @@ void xfrm_lifetime_print(struct xfrm_lifetime_cfg *cfg, + void xfrm_selector_print(struct xfrm_selector *sel, __u16 family, + FILE *fp, const char *prefix) + { +- char abuf[256]; + __u16 f; + + f = sel->family; +@@ -455,16 +448,12 @@ void xfrm_selector_print(struct xfrm_selector *sel, __u16 family, + if (prefix) + fputs(prefix, fp); + +- memset(abuf, '\0', sizeof(abuf)); + fprintf(fp, "src %s/%u ", +- rt_addr_n2a(f, sizeof(sel->saddr), &sel->saddr, +- abuf, sizeof(abuf)), ++ rt_addr_n2a(f, sizeof(sel->saddr), &sel->saddr), + sel->prefixlen_s); + +- memset(abuf, '\0', sizeof(abuf)); + fprintf(fp, "dst %s/%u ", +- rt_addr_n2a(f, sizeof(sel->daddr), &sel->daddr, +- abuf, sizeof(abuf)), ++ rt_addr_n2a(f, sizeof(sel->daddr), &sel->daddr), + sel->prefixlen_d); + + if (sel->proto) +@@ -729,7 +718,6 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, + + if (tb[XFRMA_ENCAP]) { + struct xfrm_encap_tmpl *e; +- char abuf[256]; + + if (prefix) + fputs(prefix, fp); +@@ -757,10 +745,8 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, + fprintf(fp, "sport %u ", ntohs(e->encap_sport)); + fprintf(fp, "dport %u ", ntohs(e->encap_dport)); + +- memset(abuf, '\0', sizeof(abuf)); + fprintf(fp, "addr %s", +- rt_addr_n2a(family, sizeof(e->encap_oa), &e->encap_oa, +- abuf, sizeof(abuf))); ++ rt_addr_n2a(family, sizeof(e->encap_oa), &e->encap_oa)); + fprintf(fp, "%s", _SL_); + } + +@@ -771,7 +757,6 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, + } + + if (tb[XFRMA_COADDR]) { +- char abuf[256]; + xfrm_address_t *coa; + + if (prefix) +@@ -786,10 +771,8 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, + return; + } + +- memset(abuf, '\0', sizeof(abuf)); + fprintf(fp, "%s", +- rt_addr_n2a(family, sizeof(*coa), coa, +- abuf, sizeof(abuf))); ++ rt_addr_n2a(family, sizeof(*coa), coa)); + fprintf(fp, "%s", _SL_); + } + +diff --git a/ip/link_ip6tnl.c b/ip/link_ip6tnl.c +index f771c75..8cd9095 100644 +--- a/ip/link_ip6tnl.c ++++ b/ip/link_ip6tnl.c +@@ -254,7 +254,6 @@ get_failed: + + static void ip6tunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + { +- char s1[256]; + char s2[64]; + int flags = 0; + __u32 flowinfo = 0; +@@ -286,16 +285,14 @@ static void ip6tunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb + fprintf(f, "remote %s ", + rt_addr_n2a(AF_INET6, + RTA_PAYLOAD(tb[IFLA_IPTUN_REMOTE]), +- RTA_DATA(tb[IFLA_IPTUN_REMOTE]), +- s1, sizeof(s1))); ++ RTA_DATA(tb[IFLA_IPTUN_REMOTE]))); + } + + if (tb[IFLA_IPTUN_LOCAL]) { + fprintf(f, "local %s ", + rt_addr_n2a(AF_INET6, + RTA_PAYLOAD(tb[IFLA_IPTUN_LOCAL]), +- RTA_DATA(tb[IFLA_IPTUN_LOCAL]), +- s1, sizeof(s1))); ++ RTA_DATA(tb[IFLA_IPTUN_LOCAL]))); + } + + if (tb[IFLA_IPTUN_LINK] && rta_getattr_u32(tb[IFLA_IPTUN_LINK])) { +diff --git a/ip/xfrm_monitor.c b/ip/xfrm_monitor.c +index 34bd9f4..9c588f6 100644 +--- a/ip/xfrm_monitor.c ++++ b/ip/xfrm_monitor.c +@@ -227,12 +227,8 @@ static void xfrm_ae_flags_print(__u32 flags, void *arg) + + static void xfrm_usersa_print(const struct xfrm_usersa_id *sa_id, __u32 reqid, FILE *fp) + { +- char buf[256]; +- +- buf[0] = 0; + fprintf(fp, "dst %s ", +- rt_addr_n2a(sa_id->family, sizeof(sa_id->daddr), &sa_id->daddr, +- buf, sizeof(buf))); ++ rt_addr_n2a(sa_id->family, sizeof(sa_id->daddr), &sa_id->daddr)); + + fprintf(fp, " reqid 0x%x", reqid); + +@@ -245,15 +241,12 @@ static int xfrm_ae_print(const struct sockaddr_nl *who, + { + FILE *fp = (FILE*)arg; + struct xfrm_aevent_id *id = NLMSG_DATA(n); +- char abuf[256]; + + fprintf(fp, "Async event "); + xfrm_ae_flags_print(id->flags, arg); + fprintf(fp,"\n\t"); +- memset(abuf, '\0', sizeof(abuf)); + fprintf(fp, "src %s ", rt_addr_n2a(id->sa_id.family, +- sizeof(id->saddr), &id->saddr, +- abuf, sizeof(abuf))); ++ sizeof(id->saddr), &id->saddr)); + + xfrm_usersa_print(&id->sa_id, id->reqid, fp); + +@@ -265,10 +258,7 @@ static int xfrm_ae_print(const struct sockaddr_nl *who, + + static void xfrm_print_addr(FILE *fp, int family, xfrm_address_t *a) + { +- char buf[256]; +- +- buf[0] = 0; +- fprintf(fp, "%s", rt_addr_n2a(family, sizeof(*a), a, buf, sizeof(buf))); ++ fprintf(fp, "%s", rt_addr_n2a(family, sizeof(*a), a)); + } + + static int xfrm_mapping_print(const struct sockaddr_nl *who, +diff --git a/lib/utils.c b/lib/utils.c +index 9764d75..465f254 100644 +--- a/lib/utils.c ++++ b/lib/utils.c +@@ -671,7 +671,7 @@ int __get_user_hz(void) + return sysconf(_SC_CLK_TCK); + } + +-const char *rt_addr_n2a(int af, int len, const void *addr, char *buf, int buflen) ++const char *rt_addr_n2a_r(int af, int len, const void *addr, char *buf, int buflen) + { + switch (af) { + case AF_INET: +@@ -690,6 +690,13 @@ const char *rt_addr_n2a(int af, int len, const void *addr, char *buf, int buflen + } + } + ++const char *rt_addr_n2a(int af, int len, const void *addr) ++{ ++ static char buf[256]; ++ ++ return rt_addr_n2a_r(af, len, addr, buf, 256); ++} ++ + int read_family(const char *name) + { + int family = AF_UNSPEC; +@@ -813,7 +820,7 @@ const char *format_host_r(int af, int len, const void *addr, + return n; + } + #endif +- return rt_addr_n2a(af, len, addr, buf, buflen); ++ return rt_addr_n2a_r(af, len, addr, buf, buflen); + } + + const char *format_host(int af, int len, const void *addr) +diff --git a/tc/f_flower.c b/tc/f_flower.c +index db9cc29..5e2dc0d 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -394,7 +394,6 @@ static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type, + struct rtattr *addr6_attr, + struct rtattr *mask6_attr) + { +- SPRINT_BUF(b1); + struct rtattr *addr_attr; + struct rtattr *mask_attr; + int family; +@@ -418,16 +417,14 @@ static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type, + return; + fprintf(f, "\n %s %s", name, rt_addr_n2a(family, + RTA_PAYLOAD(addr_attr), +- RTA_DATA(addr_attr), +- b1, sizeof(b1))); ++ RTA_DATA(addr_attr))); + if (!mask_attr || RTA_PAYLOAD(mask_attr) != len) + return; + bits = __mask_bits(RTA_DATA(mask_attr), len); + if (bits < 0) + fprintf(f, "/%s", rt_addr_n2a(family, + RTA_PAYLOAD(mask_attr), +- RTA_DATA(mask_attr), +- b1, sizeof(b1))); ++ RTA_DATA(mask_attr))); + else if (bits < len * 8) + fprintf(f, "/%d", bits); + } +-- +1.8.3.1 + diff --git a/SOURCES/0106-add-vti-vti6-tunnel-modes-to-ip-tunnel-manual-page.patch b/SOURCES/0106-add-vti-vti6-tunnel-modes-to-ip-tunnel-manual-page.patch deleted file mode 100644 index 1fe147b..0000000 --- a/SOURCES/0106-add-vti-vti6-tunnel-modes-to-ip-tunnel-manual-page.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 8db75397532ab61150a4c889337cdbacd0072d58 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:44:16 +0100 -Subject: [PATCH] add 'vti'/'vti6' tunnel modes to ip-tunnel manual page - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 6eca32ec6fa68 - -commit 6eca32ec6fa682491bece81b91fd44de3de4afc4 -Author: Konstantin Shemyak -Date: Sat Aug 29 21:36:32 2015 +0300 - - add 'vti'/'vti6' tunnel modes to ip-tunnel manual page - - * "vti" and "vti6" tunnel modes added to ip-tunnel.8 manual page - * Added "hoplimit" terminology for IPv6 - * Corrected usage line - * Minor language fix ---- - man/man8/ip-tunnel.8 | 24 ++++++++++++------------ - 1 file changed, 12 insertions(+), 12 deletions(-) - -diff --git a/man/man8/ip-tunnel.8 b/man/man8/ip-tunnel.8 -index c97c28c..8b746cb 100644 ---- a/man/man8/ip-tunnel.8 -+++ b/man/man8/ip-tunnel.8 -@@ -6,14 +6,12 @@ ip-tunnel - tunnel configuration - .ad l - .in +8 - .ti -8 --.B ip --.RI "[ " OPTIONS " ]" --.B tunnel --.RI " { " COMMAND " | " --.BR help " }" -+.B ip tunnel help - .sp - .ti -8 --.BR "ip tunnel" " { " add " | " change " | " del " | " show " | " prl " }" -+.BR "ip " -+.RI "[ " OPTIONS " ]" -+.BR "tunnel" " { " add " | " change " | " del " | " show " | " prl " }" - .RI "[ " NAME " ]" - .br - .RB "[ " mode -@@ -29,7 +27,7 @@ ip-tunnel - tunnel configuration - .br - .RB "[ " encaplimit - .IR ELIM " ]" --.RB "[ " ttl -+.RB "[ " ttl "|" hoplimit - .IR TTL " ]" - .br - .RB "[ " tos -@@ -50,7 +48,7 @@ ip-tunnel - tunnel configuration - - .ti -8 - .IR MODE " := " --.RB " { " ipip " | " gre " | " sit " | " isatap " | " ip6ip6 " | " ipip6 " | " ip6gre " | " any " }" -+.RB " { " ipip " | " gre " | " sit " | " isatap " | " vti " | " ip6ip6 " | " ipip6 " | " ip6gre " | " vti6 " | " any " }" - - .ti -8 - .IR ADDR " := { " IP_ADDRESS " |" -@@ -107,10 +105,10 @@ select the tunnel device name. - set the tunnel mode. Available modes depend on the encapsulating address family. - .br - Modes for IPv4 encapsulation available: --.BR ipip ", " sit ", " isatap " and " gre "." -+.BR ipip ", " sit ", " isatap ", " vti ", and " gre "." - .br - Modes for IPv6 encapsulation available: --.BR ip6ip6 ", " ipip6 ", " ip6gre ", and " any "." -+.BR ip6ip6 ", " ipip6 ", " ip6gre ", " vti6 ", and " any "." - - .TP - .BI remote " ADDRESS" -@@ -123,7 +121,9 @@ It must be an address on another interface of this host. - - .TP - .BI ttl " N" --set a fixed TTL -+.TP -+.BI hoplimit " N" -+set a fixed TTL (IPv4) or hoplimit (IPv6) - .I N - on tunneled packets. - .I N -@@ -218,7 +218,7 @@ The - .B seq - flag is equivalent to the combination - .BR "iseq oseq" . --.B It isn't work. Don't use it. -+.B It doesn't work. Don't use it. - - .TP - .BI encaplim " ELIM" --- -1.8.3.1 - diff --git a/SOURCES/0106-lib-utils-introduce-rt_addr_n2a_rta.patch b/SOURCES/0106-lib-utils-introduce-rt_addr_n2a_rta.patch new file mode 100644 index 0000000..f7fe5c5 --- /dev/null +++ b/SOURCES/0106-lib-utils-introduce-rt_addr_n2a_rta.patch @@ -0,0 +1,239 @@ +From bf7031233e6db15ed6e76b0f7efcae8355ce4cd4 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:20:47 +0100 +Subject: [PATCH] lib/utils: introduce rt_addr_n2a_rta() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 7faf1588a755e +Conflicts: Context changed due to already backported commit + 7cc7cb8a888bf ("ip-route: Prevent some double spaces in + output"). +* Drop iproute_lwtunnel hunks as we don't support it + +commit 7faf1588a755edb9c9cabbe1d3211265e9826d28 +Author: Phil Sutter +Date: Tue Mar 22 19:35:18 2016 +0100 + + lib/utils: introduce rt_addr_n2a_rta() + + This simple macro eases calling rt_addr_n2a() with data from an rt_attr + pointer. + + Signed-off-by: Phil Sutter +--- + include/utils.h | 2 ++ + ip/iplink_bond.c | 4 +--- + ip/ipmroute.c | 8 ++------ + ip/ipprefix.c | 14 +++----------- + ip/iproute.c | 20 +++++++------------- + ip/iprule.c | 16 ++++++---------- + ip/link_ip6tnl.c | 8 ++------ + tc/f_flower.c | 8 ++------ + 9 files changed, 29 insertions(+), 70 deletions(-) + +diff --git a/include/utils.h b/include/utils.h +index 28684c5..53a631f 100644 +--- a/include/utils.h ++++ b/include/utils.h +@@ -115,6 +115,8 @@ const char *format_host(int af, int lne, const void *addr); + const char *rt_addr_n2a_r(int af, int len, const void *addr, + char *buf, int buflen); + const char *rt_addr_n2a(int af, int len, const void *addr); ++#define rt_addr_n2a_rta(af, rta) \ ++ rt_addr_n2a(af, RTA_PAYLOAD(rta), RTA_DATA(rta)) + + int read_family(const char *name); + const char *family_name(int family); +diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c +index 6881eda..d4e970d 100644 +--- a/ip/iplink_bond.c ++++ b/ip/iplink_bond.c +@@ -421,9 +421,7 @@ static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + for (i = 0; i < BOND_MAX_ARP_TARGETS; i++) { + if (iptb[i]) + fprintf(f, "%s", +- rt_addr_n2a(AF_INET, +- RTA_PAYLOAD(iptb[i]), +- RTA_DATA(iptb[i]))); ++ rt_addr_n2a_rta(AF_INET, iptb[i])); + if (i < BOND_MAX_ARP_TARGETS-1 && iptb[i+1]) + fprintf(f, ","); + } +diff --git a/ip/ipmroute.c b/ip/ipmroute.c +index 2daecc0..eb480f0 100644 +--- a/ip/ipmroute.c ++++ b/ip/ipmroute.c +@@ -114,16 +114,12 @@ int print_mroute(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + if (tb[RTA_SRC]) + len = snprintf(obuf, sizeof(obuf), +- "(%s, ", rt_addr_n2a(family, +- RTA_PAYLOAD(tb[RTA_SRC]), +- RTA_DATA(tb[RTA_SRC]))); ++ "(%s, ", rt_addr_n2a_rta(family, tb[RTA_SRC])); + else + len = sprintf(obuf, "(unknown, "); + if (tb[RTA_DST]) + snprintf(obuf + len, sizeof(obuf) - len, +- "%s)", rt_addr_n2a(family, +- RTA_PAYLOAD(tb[RTA_DST]), +- RTA_DATA(tb[RTA_DST]))); ++ "%s)", rt_addr_n2a_rta(family, tb[RTA_DST])); + else + snprintf(obuf + len, sizeof(obuf) - len, "unknown) "); + +diff --git a/ip/ipprefix.c b/ip/ipprefix.c +index 7b0a762..a1558d2 100644 +--- a/ip/ipprefix.c ++++ b/ip/ipprefix.c +@@ -72,19 +72,11 @@ int print_prefix(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + parse_rtattr(tb, RTA_MAX, RTM_RTA(prefix), len); + +- fprintf(fp, "prefix "); +- + if (tb[PREFIX_ADDRESS]) { +- struct in6_addr *pfx; +- +- pfx = (struct in6_addr *)RTA_DATA(tb[PREFIX_ADDRESS]); +- +- fprintf(fp, "%s", rt_addr_n2a(family, +- RTA_PAYLOAD(tb[PREFIX_ADDRESS]), +- pfx)); ++ fprintf(fp, "prefix %s/%u", ++ rt_addr_n2a_rta(family, tb[PREFIX_ADDRESS]), ++ prefix->prefix_len); + } +- fprintf(fp, "/%u ", prefix->prefix_len); +- + fprintf(fp, "dev %s ", ll_index_to_name(prefix->prefix_ifindex)); + + if (prefix->prefix_flags & IF_PREFIX_ONLINK) +diff --git a/ip/iproute.c b/ip/iproute.c +index c3006e4..134b146 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -356,11 +356,9 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + if (tb[RTA_DST]) { + if (r->rtm_dst_len != host_len) { +- fprintf(fp, "%s/%u ", rt_addr_n2a(r->rtm_family, +- RTA_PAYLOAD(tb[RTA_DST]), +- RTA_DATA(tb[RTA_DST])), +- r->rtm_dst_len +- ); ++ fprintf(fp, "%s/%u ", ++ rt_addr_n2a_rta(r->rtm_family, tb[RTA_DST]), ++ r->rtm_dst_len); + } else { + fprintf(fp, "%s ", format_host(r->rtm_family, + RTA_PAYLOAD(tb[RTA_DST]), +@@ -374,11 +372,9 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + } + if (tb[RTA_SRC]) { + if (r->rtm_src_len != host_len) { +- fprintf(fp, "from %s/%u ", rt_addr_n2a(r->rtm_family, +- RTA_PAYLOAD(tb[RTA_SRC]), +- RTA_DATA(tb[RTA_SRC])), +- r->rtm_src_len +- ); ++ fprintf(fp, "from %s/%u ", ++ rt_addr_n2a_rta(r->rtm_family, tb[RTA_SRC]), ++ r->rtm_src_len); + } else { + fprintf(fp, "from %s ", format_host(r->rtm_family, + RTA_PAYLOAD(tb[RTA_SRC]), +@@ -419,9 +415,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + and symbolic name will not be useful. + */ + fprintf(fp, "src %s ", +- rt_addr_n2a(r->rtm_family, +- RTA_PAYLOAD(tb[RTA_PREFSRC]), +- RTA_DATA(tb[RTA_PREFSRC]))); ++ rt_addr_n2a_rta(r->rtm_family, tb[RTA_PREFSRC])); + } + if (tb[RTA_PRIORITY]) + fprintf(fp, "metric %u ", rta_getattr_u32(tb[RTA_PRIORITY])); +diff --git a/ip/iprule.c b/ip/iprule.c +index 87adb3b..4b7de4a 100644 +--- a/ip/iprule.c ++++ b/ip/iprule.c +@@ -86,11 +86,9 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + if (tb[FRA_SRC]) { + if (r->rtm_src_len != host_len) { +- fprintf(fp, "from %s/%u ", rt_addr_n2a(r->rtm_family, +- RTA_PAYLOAD(tb[FRA_SRC]), +- RTA_DATA(tb[FRA_SRC])), +- r->rtm_src_len +- ); ++ fprintf(fp, "from %s/%u ", ++ rt_addr_n2a_rta(r->rtm_family, tb[FRA_SRC]), ++ r->rtm_src_len); + } else { + fprintf(fp, "from %s ", format_host(r->rtm_family, + RTA_PAYLOAD(tb[FRA_SRC]), +@@ -105,11 +103,9 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + + if (tb[FRA_DST]) { + if (r->rtm_dst_len != host_len) { +- fprintf(fp, "to %s/%u ", rt_addr_n2a(r->rtm_family, +- RTA_PAYLOAD(tb[FRA_DST]), +- RTA_DATA(tb[FRA_DST])), +- r->rtm_dst_len +- ); ++ fprintf(fp, "to %s/%u ", ++ rt_addr_n2a_rta(r->rtm_family, tb[FRA_DST]), ++ r->rtm_dst_len); + } else { + fprintf(fp, "to %s ", format_host(r->rtm_family, + RTA_PAYLOAD(tb[FRA_DST]), +diff --git a/ip/link_ip6tnl.c b/ip/link_ip6tnl.c +index 8cd9095..79b5cd1 100644 +--- a/ip/link_ip6tnl.c ++++ b/ip/link_ip6tnl.c +@@ -283,16 +283,12 @@ static void ip6tunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb + + if (tb[IFLA_IPTUN_REMOTE]) { + fprintf(f, "remote %s ", +- rt_addr_n2a(AF_INET6, +- RTA_PAYLOAD(tb[IFLA_IPTUN_REMOTE]), +- RTA_DATA(tb[IFLA_IPTUN_REMOTE]))); ++ rt_addr_n2a_rta(AF_INET6, tb[IFLA_IPTUN_REMOTE])); + } + + if (tb[IFLA_IPTUN_LOCAL]) { + fprintf(f, "local %s ", +- rt_addr_n2a(AF_INET6, +- RTA_PAYLOAD(tb[IFLA_IPTUN_LOCAL]), +- RTA_DATA(tb[IFLA_IPTUN_LOCAL]))); ++ rt_addr_n2a_rta(AF_INET6, tb[IFLA_IPTUN_LOCAL])); + } + + if (tb[IFLA_IPTUN_LINK] && rta_getattr_u32(tb[IFLA_IPTUN_LINK])) { +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 5e2dc0d..f0d146f 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -415,16 +415,12 @@ static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type, + } + if (!addr_attr || RTA_PAYLOAD(addr_attr) != len) + return; +- fprintf(f, "\n %s %s", name, rt_addr_n2a(family, +- RTA_PAYLOAD(addr_attr), +- RTA_DATA(addr_attr))); ++ fprintf(f, "\n %s %s", name, rt_addr_n2a_rta(family, addr_attr)); + if (!mask_attr || RTA_PAYLOAD(mask_attr) != len) + return; + bits = __mask_bits(RTA_DATA(mask_attr), len); + if (bits < 0) +- fprintf(f, "/%s", rt_addr_n2a(family, +- RTA_PAYLOAD(mask_attr), +- RTA_DATA(mask_attr))); ++ fprintf(f, "/%s", rt_addr_n2a_rta(family, mask_attr)); + else if (bits < len * 8) + fprintf(f, "/%d", bits); + } +-- +1.8.3.1 + diff --git a/SOURCES/0107-man-ip-tunnel.8-Document-missing-6rd-action.patch b/SOURCES/0107-man-ip-tunnel.8-Document-missing-6rd-action.patch deleted file mode 100644 index 8d129e2..0000000 --- a/SOURCES/0107-man-ip-tunnel.8-Document-missing-6rd-action.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 369be35cccd7c3cfba8bd76f06b98936a0ec6ffb Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:44:25 +0100 -Subject: [PATCH] man: ip-tunnel.8: Document missing 6rd action - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 5d8cb0900e9fd - -commit 5d8cb0900e9fd927a81a91c79434cbf847463078 -Author: Phil Sutter -Date: Wed Mar 2 19:20:04 2016 +0100 - - man: ip-tunnel.8: Document missing 6rd action - - Also drop the non-terminal 'TIME' description as it is not referenced - anywhere. - - Signed-off-by: Phil Sutter ---- - man/man8/ip-tunnel.8 | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/man/man8/ip-tunnel.8 b/man/man8/ip-tunnel.8 -index 8b746cb..4938c74 100644 ---- a/man/man8/ip-tunnel.8 -+++ b/man/man8/ip-tunnel.8 -@@ -11,7 +11,7 @@ ip-tunnel - tunnel configuration - .ti -8 - .BR "ip " - .RI "[ " OPTIONS " ]" --.BR "tunnel" " { " add " | " change " | " del " | " show " | " prl " }" -+.BR "tunnel" " { " add " | " change " | " del " | " show " | " prl " | " 6rd " }" - .RI "[ " NAME " ]" - .br - .RB "[ " mode -@@ -42,6 +42,12 @@ ip-tunnel - tunnel configuration - .B prl-delete - .IR ADDR " ]" - .br -+.RB "[ " 6rd-prefix -+.IR ADDR " ] [" -+.B 6rd-relay_prefix -+.IR ADDR " ] [ -+.BR 6rd-reset " ]" -+.br - .RB "[ [" no "]" pmtudisc " ]" - .RB "[ " dev - .IR PHYS_DEV " ]" -@@ -75,9 +81,6 @@ ip-tunnel - tunnel configuration - .ti -8 - .IR KEY " := { " DOTTED_QUAD " | " NUMBER " }" - --.ti -8 --.IR TIME " := " NUMBER "[s|ms]" -- - .SH DESCRIPTION - .B tunnel - objects are tunnels, encapsulating packets in IP packets and then --- -1.8.3.1 - diff --git a/SOURCES/0107-utils-add-get_be-16-32-64-use-them-where-possible.patch b/SOURCES/0107-utils-add-get_be-16-32-64-use-them-where-possible.patch new file mode 100644 index 0000000..d5d24d8 --- /dev/null +++ b/SOURCES/0107-utils-add-get_be-16-32-64-use-them-where-possible.patch @@ -0,0 +1,43 @@ +From cd5fd1c1b943da08c683ee9bc22eed32624d2130 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:21:10 +0100 +Subject: [PATCH] utils: add get_be{16, 32, 64}, use them where possible + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 9f7401fa49671 +Conflicts: Just reapplying an already backported commit to get formerly + left out chunks in flower sources. + +commit 9f7401fa4967178a071c53498f6bdc460c7cc4ea +Author: Sabrina Dubroca +Date: Fri Jun 3 16:45:46 2016 +0200 + + utils: add get_be{16, 32, 64}, use them where possible + + Signed-off-by: Sabrina Dubroca + Acked-by: Phil Sutter +--- + tc/f_flower.c | 4 ++-- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index f0d146f..11e6242 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -150,11 +150,11 @@ static int flower_parse_port(char *str, __u8 ip_port, + return -1; + } + +- ret = get_u16(&port, str, 10); ++ ret = get_be16(&port, str, 10); + if (ret) + return -1; + +- addattr16(n, MAX_MSG, type, htons(port)); ++ addattr16(n, MAX_MSG, type, port); + + return 0; + } +-- +1.8.3.1 + diff --git a/SOURCES/0108-man-ip-xfrm.8-Document-missing-parameters.patch b/SOURCES/0108-man-ip-xfrm.8-Document-missing-parameters.patch deleted file mode 100644 index 6bc8c34..0000000 --- a/SOURCES/0108-man-ip-xfrm.8-Document-missing-parameters.patch +++ /dev/null @@ -1,60 +0,0 @@ -From f163e1dede72014608226a718ade142634e28458 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:44:25 +0100 -Subject: [PATCH] man: ip-xfrm.8: Document missing parameters - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit a7eef7aa70b2d - -commit a7eef7aa70b2d7ea2a78841e1cc188fa416e0f7f -Author: Phil Sutter -Date: Wed Mar 2 19:20:05 2016 +0100 - - man: ip-xfrm.8: Document missing parameters - - Namely, 'extra-flag' of 'ip xfrm state' and 'flag' of 'ip xfrm policy'. - - Signed-off-by: Phil Sutter ---- - man/man8/ip-xfrm.8 | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 -index aea4fda..a9c5890 100644 ---- a/man/man8/ip-xfrm.8 -+++ b/man/man8/ip-xfrm.8 -@@ -53,6 +53,8 @@ ip-xfrm \- transform configuration - .IR ADDR "[/" PLEN "] ]" - .RB "[ " ctx - .IR CTX " ]" -+.RB "[ " extra-flag -+.IR EXTRA-FLAG-LIST " ]" - - .ti -8 - .B "ip xfrm state allocspi" -@@ -191,6 +193,13 @@ ip-xfrm \- transform configuration - .IR SPORT " " DPORT " " OADDR - - .ti -8 -+.IR EXTRA-FLAG-LIST " := [ " EXTRA-FLAG-LIST " ] " EXTRA-FLAG -+ -+.ti -8 -+.IR EXTRA-FLAG " := " -+.B dont-encap-dscp -+ -+.ti -8 - .BR "ip xfrm policy" " { " add " | " update " }" - .I SELECTOR - .B dir -@@ -242,6 +251,8 @@ ip-xfrm \- transform configuration - .IR ACTION " ]" - .RB "[ " priority - .IR PRIORITY " ]" -+.RB "[ " flag -+.IR FLAG-LIST "]" - - .ti -8 - .B "ip xfrm policy flush" --- -1.8.3.1 - diff --git a/SOURCES/0108-tc-flower-Add-skip_-hw-sw-support.patch b/SOURCES/0108-tc-flower-Add-skip_-hw-sw-support.patch new file mode 100644 index 0000000..72c009f --- /dev/null +++ b/SOURCES/0108-tc-flower-Add-skip_-hw-sw-support.patch @@ -0,0 +1,134 @@ +From 080a2a99ff48cb30a5efb105dba3d1040dac6e21 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:21:33 +0100 +Subject: [PATCH] tc: flower: Add skip_{hw|sw} support + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit cfcabf18d84a2 + +commit cfcabf18d84a2f4908cb5b4489f67c2cd3f70426 +Author: Amir Vadai +Date: Mon Jul 4 10:34:11 2016 +0300 + + tc: flower: Add skip_{hw|sw} support + + On devices that support TC flower offloads, these flags enable a filter to be + added only to HW or only to SW. skip_sw and skip_hw are mutually exclusive + flags. By default without any flags, the filter is added to both HW and SW, + but no error checks are done in case of failure to add to HW. + With skip-sw, failure to add to HW is treated as an error. + + Here is a sample script that adds 2 filters, one with skip_sw and the other + with skip_hw flag. + + # add ingress qdisc + tc qdisc add dev enp0s9 ingress + + # enable hw tc offload. + ethtool -K enp0s9 hw-tc-offload on + + # add a flower filter with skip-sw flag. + tc filter add dev enp0s9 protocol ip parent ffff: flower \ + ip_proto 1 indev enp0s9 skip_sw \ + action drop + + # add a flower filter with skip-hw flag. + tc filter add dev enp0s9 protocol ip parent ffff: flower \ + ip_proto 3 indev enp0s9 skip_hw \ + action drop + + Signed-off-by: Amir Vadai + Acked-by: Jiri Pirko +--- + man/man8/tc-flower.8 | 11 ++++++++++- + tc/f_flower.c | 17 +++++++++++++++++ + 2 files changed, 27 insertions(+), 1 deletion(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index df4d8e1..9ae10e6 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -18,7 +18,9 @@ flower \- flow based traffic control filter + .ti -8 + .IR MATCH " := { " + .B indev +-.IR ifname " | { " ++.IR ifname " | " ++.BR skip_sw " | " skip_hw ++.R " | { " + .BR dst_mac " | " src_mac " } " + .IR mac_address " | " + .BR eth_type " { " ipv4 " | " ipv6 " | " +@@ -55,6 +57,13 @@ is the name of an interface which must exist at the time of + .B tc + invocation. + .TP ++.BI skip_sw ++Do not process filter by software. If hardware has no offload support for this ++filter, or TC offload is not enabled for the interface, operation will fail. ++.TP ++.BI skip_hw ++Do not process filter by hardware. ++.TP + .BI dst_mac " mac_address" + .TQ + .BI src_mac " mac_address" +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 11e6242..01527c8 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -25,6 +25,7 @@ + static void explain(void) + { + fprintf(stderr, "Usage: ... flower [ MATCH-LIST ]\n"); ++ fprintf(stderr, " [ skip_sw | skip_hw ]\n"); + fprintf(stderr, " [ action ACTION-SPEC ] [ classid CLASSID ]\n"); + fprintf(stderr, "\n"); + fprintf(stderr, "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"); +@@ -167,6 +168,7 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + struct rtattr *tail; + __be16 eth_type = TC_H_MIN(t->tcm_info); + __u8 ip_proto = 0xff; ++ __u32 flags = 0; + + if (handle) { + ret = get_u32(&t->tcm_handle, handle, 0); +@@ -196,6 +198,10 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + return -1; + } + addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4); ++ } else if (matches(*argv, "skip_hw") == 0) { ++ flags |= TCA_CLS_FLAGS_SKIP_HW; ++ } else if (matches(*argv, "skip_sw") == 0) { ++ flags |= TCA_CLS_FLAGS_SKIP_SW; + } else if (matches(*argv, "indev") == 0) { + char ifname[IFNAMSIZ]; + +@@ -294,6 +300,8 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + } + + parse_done: ++ addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags); ++ + ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type); + if (ret) { + fprintf(stderr, "Illegal \"eth_type\"(0x%x)\n", +@@ -498,6 +506,15 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + tb[TCA_FLOWER_KEY_TCP_SRC], + tb[TCA_FLOWER_KEY_UDP_SRC]); + ++ if (tb[TCA_FLOWER_FLAGS]) { ++ __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]); ++ ++ if (flags & TCA_CLS_FLAGS_SKIP_HW) ++ fprintf(f, "\n skip_hw"); ++ if (flags & TCA_CLS_FLAGS_SKIP_SW) ++ fprintf(f, "\n skip_sw"); ++ } ++ + if (tb[TCA_FLOWER_ACT]) { + tc_print_action(f, tb[TCA_FLOWER_ACT]); + } +-- +1.8.3.1 + diff --git a/SOURCES/0109-man-ip-add-h-uman-readable-option.patch b/SOURCES/0109-man-ip-add-h-uman-readable-option.patch deleted file mode 100644 index 2706dc2..0000000 --- a/SOURCES/0109-man-ip-add-h-uman-readable-option.patch +++ /dev/null @@ -1,47 +0,0 @@ -From af27a9b48061501e033de4f28b66f3dadcbddfd7 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:44:25 +0100 -Subject: [PATCH] man: ip: add -h[uman-readable] option - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 9b2e9f4a8c4bf - -commit 9b2e9f4a8c4bf802b20a37ddb4d07f04c2e8e770 -Author: Phil Sutter -Date: Fri Sep 18 20:17:01 2015 +0200 - - man: ip: add -h[uman-readable] option - - Since 'ip help' lists it, it should be described in ip.8 as well. - - Signed-off-by: Phil Sutter ---- - man/man8/ip.8 | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/man/man8/ip.8 b/man/man8/ip.8 -index b772c4c..0b30d4a 100644 ---- a/man/man8/ip.8 -+++ b/man/man8/ip.8 -@@ -27,6 +27,7 @@ ip \- show / manipulate routing, devices, policy routing and tunnels - .ti -8 - .IR OPTIONS " := { " - \fB\-V\fR[\fIersion\fR] | -+\fB\-h\fR[\fIuman-readable\fR] | - \fB\-s\fR[\fItatistics\fR] | - \fB\-r\fR[\fIesolve\fR] | - \fB\-f\fR[\fIamily\fR] { -@@ -45,6 +46,10 @@ Print the version of the - utility and exit. - - .TP -+.BR "\-h", " \-human", " \-human-readable" -+output statistics with human readable values followed by suffix. -+ -+.TP - .BR "\-b", " \-batch " - Read commands from provided file or standard input and invoke them. - First failure will cause termination of ip. --- -1.8.3.1 - diff --git a/SOURCES/0109-tc-flower-Introduce-vlan-support.patch b/SOURCES/0109-tc-flower-Introduce-vlan-support.patch new file mode 100644 index 0000000..05c8075 --- /dev/null +++ b/SOURCES/0109-tc-flower-Introduce-vlan-support.patch @@ -0,0 +1,230 @@ +From 54549fa07c9ad748ffa9ecf6865c12641cd71329 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:21:33 +0100 +Subject: [PATCH] tc: flower: Introduce vlan support + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 745d91726006f +Conflicts: Context changes due to missing commit 32a121cba2579 + ("tc: code cleanup"). + +commit 745d91726006fcaa9006f491f9a596c4025cecf7 +Author: Hadar Hen Zion +Date: Thu Sep 1 09:45:47 2016 +0300 + + tc: flower: Introduce vlan support + + Classification according to vlan id and vlan priority. + + Example script that adds vlan filter: + + # add ingress qdisc + tc qdisc add dev ens4f0 ingress + + # add a flower filter with vlan id and priority classification + tc filter add dev ens4f0 protocol 802.1Q parent ffff: \ + flower \ + indev ens4f0 \ + vlan_ethtype ipv4 \ + vlan_id 100 \ + vlan_prio 3 \ + action vlan pop + + Signed-off-by: Hadar Hen Zion + Acked-by: Jiri Pirko +--- + man/man8/tc-flower.8 | 25 ++++++++++++++++- + tc/f_flower.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 99 insertions(+), 4 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 9ae10e6..74f7664 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -23,7 +23,13 @@ flower \- flow based traffic control filter + .R " | { " + .BR dst_mac " | " src_mac " } " + .IR mac_address " | " +-.BR eth_type " { " ipv4 " | " ipv6 " | " ++.BR eth_type " { " ipv4 " | " ipv6 " | " 802.1Q " | " ++.IR ETH_TYPE " } | " ++.B vlan_id ++.IR VID " | " ++.B vlan_prio ++.IR PRIORITY " | " ++.BR vlan_eth_type " { " ipv4 " | " ipv6 " | " + .IR ETH_TYPE " } | " + .BR ip_proto " { " tcp " | " udp " | " + .IR IP_PROTO " } | { " +@@ -70,6 +76,23 @@ Do not process filter by hardware. + Match on source or destination MAC address. + .TP + .BI eth_type " ETH_TYPE" ++Match on the next protocol. ++.I ETH_TYPE ++may be either ++.BR ipv4 , ipv6 , 802.1Q , ++or an unsigned 16bit value in hexadecimal format. ++.TP ++.BI vlan_id " VID" ++Match on vlan tag id. ++.I VID ++is an unsigned 12bit value in decimal format. ++.TP ++.BI vlan_prio " priority" ++Match on vlan tag priority. ++.I PRIORITY ++is an unsigned 3bit value in decimal format. ++.TP ++.BI vlan_eth_type " VLAN_ETH_TYPE" + Match on layer three protocol. + .I ETH_TYPE + may be either +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 01527c8..dec7d9d 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + + #include "utils.h" + #include "tc_util.h" +@@ -30,6 +31,9 @@ static void explain(void) + fprintf(stderr, "\n"); + fprintf(stderr, "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"); + fprintf(stderr, " MATCH := { indev DEV-NAME | \n"); ++ fprintf(stderr, " vlan_id VID |\n"); ++ fprintf(stderr, " vlan_prio PRIORITY |\n"); ++ fprintf(stderr, " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"); + fprintf(stderr, " dst_mac MAC-ADDR | \n"); + fprintf(stderr, " src_mac MAC-ADDR | \n"); + fprintf(stderr, " [ipv4 | ipv6 ] | \n"); +@@ -61,6 +65,23 @@ static int flower_parse_eth_addr(char *str, int addr_type, int mask_type, + return 0; + } + ++static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type, ++ __be16 *p_vlan_eth_type, struct nlmsghdr *n) ++{ ++ __be16 vlan_eth_type; ++ ++ if (eth_type != htons(ETH_P_8021Q)) { ++ fprintf(stderr, "Can't set \"vlan_ethtype\" if ethertype isn't 802.1Q\n"); ++ return -1; ++ } ++ ++ if (ll_proto_a2n(&vlan_eth_type, str)) ++ invarg("invalid vlan_ethtype", str); ++ addattr16(n, MAX_MSG, type, vlan_eth_type); ++ *p_vlan_eth_type = vlan_eth_type; ++ return 0; ++} ++ + static int flower_parse_ip_proto(char *str, __be16 eth_type, int type, + __u8 *p_ip_proto, struct nlmsghdr *n) + { +@@ -167,6 +188,7 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + struct tcmsg *t = NLMSG_DATA(n); + struct rtattr *tail; + __be16 eth_type = TC_H_MIN(t->tcm_info); ++ __be16 vlan_ethtype = 0; + __u8 ip_proto = 0xff; + __u32 flags = 0; + +@@ -209,6 +231,41 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + memset(ifname, 0, sizeof(ifname)); + strncpy(ifname, *argv, sizeof(ifname) - 1); + addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, ifname); ++ } else if (matches(*argv, "vlan_id") == 0) { ++ __u16 vid; ++ ++ NEXT_ARG(); ++ if (eth_type != htons(ETH_P_8021Q)) { ++ fprintf(stderr, "Can't set \"vlan_id\" if ethertype isn't 802.1Q\n"); ++ return -1; ++ } ++ ret = get_u16(&vid, *argv, 10); ++ if (ret < 0 || vid & ~0xfff) { ++ fprintf(stderr, "Illegal \"vlan_id\"\n"); ++ return -1; ++ } ++ addattr16(n, MAX_MSG, TCA_FLOWER_KEY_VLAN_ID, vid); ++ } else if (matches(*argv, "vlan_prio") == 0) { ++ __u8 vlan_prio; ++ ++ NEXT_ARG(); ++ if (eth_type != htons(ETH_P_8021Q)) { ++ fprintf(stderr, "Can't set \"vlan_prio\" if ethertype isn't 802.1Q\n"); ++ return -1; ++ } ++ ret = get_u8(&vlan_prio, *argv, 10); ++ if (ret < 0 || vlan_prio & ~0x7) { ++ fprintf(stderr, "Illegal \"vlan_prio\"\n"); ++ return -1; ++ } ++ addattr8(n, MAX_MSG, TCA_FLOWER_KEY_VLAN_PRIO, vlan_prio); ++ } else if (matches(*argv, "vlan_ethtype") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_vlan_eth_type(*argv, eth_type, ++ TCA_FLOWER_KEY_VLAN_ETH_TYPE, ++ &vlan_ethtype, n); ++ if (ret < 0) ++ return -1; + } else if (matches(*argv, "dst_mac") == 0) { + NEXT_ARG(); + ret = flower_parse_eth_addr(*argv, +@@ -231,7 +288,8 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + } + } else if (matches(*argv, "ip_proto") == 0) { + NEXT_ARG(); +- ret = flower_parse_ip_proto(*argv, eth_type, ++ ret = flower_parse_ip_proto(*argv, vlan_ethtype ? ++ vlan_ethtype : eth_type, + TCA_FLOWER_KEY_IP_PROTO, + &ip_proto, n); + if (ret < 0) { +@@ -240,7 +298,8 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + } + } else if (matches(*argv, "dst_ip") == 0) { + NEXT_ARG(); +- ret = flower_parse_ip_addr(*argv, eth_type, ++ ret = flower_parse_ip_addr(*argv, vlan_ethtype ? ++ vlan_ethtype : eth_type, + TCA_FLOWER_KEY_IPV4_DST, + TCA_FLOWER_KEY_IPV4_DST_MASK, + TCA_FLOWER_KEY_IPV6_DST, +@@ -252,7 +311,8 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + } + } else if (matches(*argv, "src_ip") == 0) { + NEXT_ARG(); +- ret = flower_parse_ip_addr(*argv, eth_type, ++ ret = flower_parse_ip_addr(*argv, vlan_ethtype ? ++ vlan_ethtype : eth_type, + TCA_FLOWER_KEY_IPV4_SRC, + TCA_FLOWER_KEY_IPV4_SRC_MASK, + TCA_FLOWER_KEY_IPV6_SRC, +@@ -478,6 +538,18 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + fprintf(f, "\n indev %s", rta_getattr_str(attr)); + } + ++ if (tb[TCA_FLOWER_KEY_VLAN_ID]) { ++ struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ID]; ++ ++ fprintf(f, "\n vlan_id %d", rta_getattr_u16(attr)); ++ } ++ ++ if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) { ++ struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_PRIO]; ++ ++ fprintf(f, "\n vlan_prio %d", rta_getattr_u8(attr)); ++ } ++ + flower_print_eth_addr(f, "dst_mac", tb[TCA_FLOWER_KEY_ETH_DST], + tb[TCA_FLOWER_KEY_ETH_DST_MASK]); + flower_print_eth_addr(f, "src_mac", tb[TCA_FLOWER_KEY_ETH_SRC], +-- +1.8.3.1 + diff --git a/SOURCES/0110-man-ip.8-Add-missing-flags-and-token-subcommand-desc.patch b/SOURCES/0110-man-ip.8-Add-missing-flags-and-token-subcommand-desc.patch deleted file mode 100644 index 4539a9d..0000000 --- a/SOURCES/0110-man-ip.8-Add-missing-flags-and-token-subcommand-desc.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 06a16be3a229f7c37d9fd03d2e6108bf39840fcc Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:44:25 +0100 -Subject: [PATCH] man: ip.8: Add missing flags and token subcommand description - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit ac0eff58fd826 -Conflicts: Missing color output support. - -commit ac0eff58fd826683107e47c9df085b4b4e92ec66 -Author: Phil Sutter -Date: Wed Mar 2 19:20:06 2016 +0100 - - man: ip.8: Add missing flags and token subcommand description - - Signed-off-by: Phil Sutter ---- - man/man8/ip.8 | 33 ++++++++++++++++++++++++++++++++- - 1 file changed, 32 insertions(+), 1 deletion(-) - -diff --git a/man/man8/ip.8 b/man/man8/ip.8 -index 0b30d4a..c28cee0 100644 ---- a/man/man8/ip.8 -+++ b/man/man8/ip.8 -@@ -21,7 +21,7 @@ ip \- show / manipulate routing, devices, policy routing and tunnels - .IR OBJECT " := { " - .BR link " | " address " | " addrlabel " | " route " | " rule " | " neigh " | "\ - ntable " | " tunnel " | " tuntap " | " maddress " | " mroute " | " mrule " | "\ -- monitor " | " xfrm " | " netns " | " l2tp " | " tcp_metrics " }" -+ monitor " | " xfrm " | " netns " | " l2tp " | " tcp_metrics " | " token " }" - .sp - - .ti -8 -@@ -29,10 +29,22 @@ ip \- show / manipulate routing, devices, policy routing and tunnels - \fB\-V\fR[\fIersion\fR] | - \fB\-h\fR[\fIuman-readable\fR] | - \fB\-s\fR[\fItatistics\fR] | -+\fB\-d\fR[\fIetails\fR] | - \fB\-r\fR[\fIesolve\fR] | -+\fB\-iec\fR | - \fB\-f\fR[\fIamily\fR] { - .BR inet " | " inet6 " | " ipx " | " dnet " | " link " } | " -+\fB-4\fR | -+\fB-6\fR | -+\fB-I\fR | -+\fB-D\fR | -+\fB-B\fR | -+\fB-0\fR | -+\fB-l\fR[\fIoops\fR] { \fBmaximum-addr-flush-attempts\fR } | - \fB\-o\fR[\fIneline\fR] | -+\fB\-rc\fR[\fIvbuf\fR] [\fBsize\fR] | -+\fB\-t\fR[\fIimestamp\fR] | -+\fB\-ts\fR[\fIhort\fR] | - \fB\-n\fR[\fIetns\fR] name | - \fB\-a\fR[\fIll\fR] } - -@@ -165,6 +177,20 @@ to - .BR "\-a" , " \-all" - executes specified command over all objects, it depends if command supports this option. - -+.TP -+.BR "\-t" , " \-timestamp" -+display current time when using monitor option. -+ -+.TP -+.BR "\-ts" , " \-tshort" -+Like -+.BR \-timestamp , -+but use shorter format. -+ -+.TP -+.BR "\-rc" , " \-rcvbuf" -+Set the netlink socket receive buffer size, defaults to 1MB. -+ - .SH IP - COMMAND SYNTAX - - .SS -@@ -227,6 +253,10 @@ executes specified command over all objects, it depends if command supports this - - manage TCP Metrics - - .TP -+.B token -+- manage tokenized interface identifiers. -+ -+.TP - .B tunnel - - tunnel over IP. - -@@ -287,6 +317,7 @@ was written by Alexey N. Kuznetsov and added in Linux 2.2. - .BR ip-route (8), - .BR ip-rule (8), - .BR ip-tcp_metrics (8), -+.BR ip-token (8), - .BR ip-tunnel (8), - .BR ip-xfrm (8) - .br --- -1.8.3.1 - diff --git a/SOURCES/0110-tc-flower-checkpatch-cleanups.patch b/SOURCES/0110-tc-flower-checkpatch-cleanups.patch new file mode 100644 index 0000000..9f3023c --- /dev/null +++ b/SOURCES/0110-tc-flower-checkpatch-cleanups.patch @@ -0,0 +1,155 @@ +From a3ad974e186f36ac599e99ad324ae1790f6fdf4a Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:22:19 +0100 +Subject: [PATCH] tc: flower checkpatch cleanups + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 512caeb2737f1 +Conflicts: Whitespace changes in removed code. + +commit 512caeb2737f1657d941945cc770a95882e1c1bb +Author: Stephen Hemminger +Date: Tue Nov 29 11:48:52 2016 -0800 + + tc: flower checkpatch cleanups + + break long lines and minor whitespace changes. +--- + tc/f_flower.c | 71 ++++++++++++++++++++++++++++++++--------------------------- + 1 file changed, 38 insertions(+), 33 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index dec7d9d..874a7bd 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -25,29 +25,30 @@ + + static void explain(void) + { +- fprintf(stderr, "Usage: ... flower [ MATCH-LIST ]\n"); +- fprintf(stderr, " [ skip_sw | skip_hw ]\n"); +- fprintf(stderr, " [ action ACTION-SPEC ] [ classid CLASSID ]\n"); +- fprintf(stderr, "\n"); +- fprintf(stderr, "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"); +- fprintf(stderr, " MATCH := { indev DEV-NAME | \n"); +- fprintf(stderr, " vlan_id VID |\n"); +- fprintf(stderr, " vlan_prio PRIORITY |\n"); +- fprintf(stderr, " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"); +- fprintf(stderr, " dst_mac MAC-ADDR | \n"); +- fprintf(stderr, " src_mac MAC-ADDR | \n"); +- fprintf(stderr, " [ipv4 | ipv6 ] | \n"); +- fprintf(stderr, " ip_proto [tcp | udp | IP-PROTO ] | \n"); +- fprintf(stderr, " dst_ip [ IPV4-ADDR | IPV6-ADDR ] | \n"); +- fprintf(stderr, " src_ip [ IPV4-ADDR | IPV6-ADDR ] | \n"); +- fprintf(stderr, " dst_port PORT-NUMBER | \n"); +- fprintf(stderr, " src_port PORT-NUMBER }\n"); +- fprintf(stderr, " FILTERID := X:Y:Z\n"); +- fprintf(stderr, " ACTION-SPEC := ... look at individual actions\n"); +- fprintf(stderr, "\n"); +- fprintf(stderr, "NOTE: CLASSID, ETH-TYPE, IP-PROTO are parsed as hexadecimal input.\n"); +- fprintf(stderr, "NOTE: There can be only used one mask per one prio. If user needs\n"); +- fprintf(stderr, " to specify different mask, he has to use different prio.\n"); ++ fprintf(stderr, ++ "Usage: ... flower [ MATCH-LIST ]\n" ++ " [ skip_sw | skip_hw ]\n" ++ " [ action ACTION-SPEC ] [ classid CLASSID ]\n" ++ "\n" ++ "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n" ++ " MATCH := { indev DEV-NAME |\n" ++ " vlan_id VID |\n" ++ " vlan_prio PRIORITY |\n" ++ " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n" ++ " dst_mac MAC-ADDR |\n" ++ " src_mac MAC-ADDR |\n" ++ " [ipv4 | ipv6 ] |\n" ++ " ip_proto [tcp | udp | IP-PROTO ] |\n" ++ " dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" ++ " src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" ++ " dst_port PORT-NUMBER |\n" ++ " src_port PORT-NUMBER }\n" ++ " FILTERID := X:Y:Z\n" ++ " ACTION-SPEC := ... look at individual actions\n" ++ "\n" ++ "NOTE: CLASSID, ETH-TYPE, IP-PROTO are parsed as hexadecimal input.\n" ++ "NOTE: There can be only used one mask per one prio. If user needs\n" ++ " to specify different mask, he has to use different prio.\n"); + } + + static int flower_parse_eth_addr(char *str, int addr_type, int mask_type, +@@ -66,12 +67,14 @@ static int flower_parse_eth_addr(char *str, int addr_type, int mask_type, + } + + static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type, +- __be16 *p_vlan_eth_type, struct nlmsghdr *n) ++ __be16 *p_vlan_eth_type, ++ struct nlmsghdr *n) + { + __be16 vlan_eth_type; + + if (eth_type != htons(ETH_P_8021Q)) { +- fprintf(stderr, "Can't set \"vlan_ethtype\" if ethertype isn't 802.1Q\n"); ++ fprintf(stderr, ++ "Can't set \"vlan_ethtype\" if ethertype isn't 802.1Q\n"); + return -1; + } + +@@ -236,7 +239,8 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + + NEXT_ARG(); + if (eth_type != htons(ETH_P_8021Q)) { +- fprintf(stderr, "Can't set \"vlan_id\" if ethertype isn't 802.1Q\n"); ++ fprintf(stderr, ++ "Can't set \"vlan_id\" if ethertype isn't 802.1Q\n"); + return -1; + } + ret = get_u16(&vid, *argv, 10); +@@ -250,7 +254,8 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + + NEXT_ARG(); + if (eth_type != htons(ETH_P_8021Q)) { +- fprintf(stderr, "Can't set \"vlan_prio\" if ethertype isn't 802.1Q\n"); ++ fprintf(stderr, ++ "Can't set \"vlan_prio\" if ethertype isn't 802.1Q\n"); + return -1; + } + ret = get_u8(&vlan_prio, *argv, 10); +@@ -258,12 +263,13 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + fprintf(stderr, "Illegal \"vlan_prio\"\n"); + return -1; + } +- addattr8(n, MAX_MSG, TCA_FLOWER_KEY_VLAN_PRIO, vlan_prio); ++ addattr8(n, MAX_MSG, ++ TCA_FLOWER_KEY_VLAN_PRIO, vlan_prio); + } else if (matches(*argv, "vlan_ethtype") == 0) { + NEXT_ARG(); + ret = flower_parse_vlan_eth_type(*argv, eth_type, +- TCA_FLOWER_KEY_VLAN_ETH_TYPE, +- &vlan_ethtype, n); ++ TCA_FLOWER_KEY_VLAN_ETH_TYPE, ++ &vlan_ethtype, n); + if (ret < 0) + return -1; + } else if (matches(*argv, "dst_mac") == 0) { +@@ -578,7 +584,7 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + tb[TCA_FLOWER_KEY_TCP_SRC], + tb[TCA_FLOWER_KEY_UDP_SRC]); + +- if (tb[TCA_FLOWER_FLAGS]) { ++ if (tb[TCA_FLOWER_FLAGS]) { + __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]); + + if (flags & TCA_CLS_FLAGS_SKIP_HW) +@@ -587,9 +593,8 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + fprintf(f, "\n skip_sw"); + } + +- if (tb[TCA_FLOWER_ACT]) { ++ if (tb[TCA_FLOWER_ACT]) + tc_print_action(f, tb[TCA_FLOWER_ACT]); +- } + + return 0; + } +-- +1.8.3.1 + diff --git a/SOURCES/0111-man-ip-l2tp.8-Fix-BNF-syntax.patch b/SOURCES/0111-man-ip-l2tp.8-Fix-BNF-syntax.patch deleted file mode 100644 index 4025b41..0000000 --- a/SOURCES/0111-man-ip-l2tp.8-Fix-BNF-syntax.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 0fc679a36a881de486a86d16b847c8ded58ca765 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:44:42 +0100 -Subject: [PATCH] man: ip-l2tp.8: Fix BNF syntax - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 2227f2a5a28fa - -commit 2227f2a5a28fa0fc3cc4257ccc9528cdc81996ac -Author: Phil Sutter -Date: Wed Mar 2 19:20:07 2016 +0100 - - man: ip-l2tp.8: Fix BNF syntax - - The 'ADDR' part of 'local' and 'remote' parameters is not optional, but - may also consist of the word 'any'. While at it, add missing whitespace - and fix fonts. - - Signed-off-by: Phil Sutter ---- - man/man8/ip-l2tp.8 | 24 +++++++++--------------- - 1 file changed, 9 insertions(+), 15 deletions(-) - -diff --git a/man/man8/ip-l2tp.8 b/man/man8/ip-l2tp.8 -index 2efda9f..9bc9116 100644 ---- a/man/man8/ip-l2tp.8 -+++ b/man/man8/ip-l2tp.8 -@@ -15,10 +15,7 @@ ip-l2tp - L2TPv3 static unmanaged tunnel configuration - .ti -8 - .BR "ip l2tp add tunnel" - .br --.B remote --.RI "[ " ADDR " ]" --.B local --.RI "[ " ADDR " ]" -+.BI remote " ADDR " local " ADDR " - .br - .B tunnel_id - .IR ID -@@ -73,24 +70,21 @@ ip-l2tp - L2TPv3 static unmanaged tunnel configuration - .IR ID - .br - .ti -8 --.BR "ip l2tp show tunnel" --.B "[" tunnel_id --.IR ID --.B "]" -+.BR "ip l2tp show tunnel" " [ " tunnel_id -+.IR ID " ]" - .br - .ti -8 --.BR "ip l2tp show session" --.B "[" tunnel_id --.IR ID --.B "] [" session_id --.IR ID --.B "]" -+.BR "ip l2tp show session" " [ " tunnel_id -+.IR ID .B " ] [" -+.B session_id -+.IR ID " ]" - .br - .ti -8 - .IR NAME " := " - .IR STRING - .ti -8 --.IR ADDR " := { " IP_ADDRESS " }" -+.IR ADDR " := { " IP_ADDRESS " |" -+.BR any " }" - .ti -8 - .IR PORT " := { " NUMBER " }" - .ti -8 --- -1.8.3.1 - diff --git a/SOURCES/0111-tc-flower-Fix-usage-message.patch b/SOURCES/0111-tc-flower-Fix-usage-message.patch new file mode 100644 index 0000000..1a2b2bf --- /dev/null +++ b/SOURCES/0111-tc-flower-Fix-usage-message.patch @@ -0,0 +1,78 @@ +From 7bc7e80a81a32170cf1c24e6fb667d75ac6d55c7 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 17 Mar 2017 13:22:39 +0100 +Subject: [PATCH] tc: flower: Fix usage message + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit d9c3995ab7ce7 +Conflicts: Changes to flower help text applied manually as per upstream + merge commit 328374dcfea96 ("Merge branch 'master' into + net-next"). + +commit d9c3995ab7ce7fb523d50ca513283393066219ca +Author: Paul Blakey +Date: Wed Nov 2 17:09:58 2016 +0200 + + tc: flower: Fix usage message + + Remove left over usage from removal of eth_type argument. + + Fixes: 488b41d020fb ('tc: flower no need to specify the ethertype') + Signed-off-by: Paul Blakey + Reviewed-by: Simon Horman +--- + man/man8/tc-flower.8 | 9 --------- + tc/f_flower.c | 3 +-- + 2 files changed, 1 insertion(+), 11 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 74f7664..16ef261 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -23,8 +23,6 @@ flower \- flow based traffic control filter + .R " | { " + .BR dst_mac " | " src_mac " } " + .IR mac_address " | " +-.BR eth_type " { " ipv4 " | " ipv6 " | " 802.1Q " | " +-.IR ETH_TYPE " } | " + .B vlan_id + .IR VID " | " + .B vlan_prio +@@ -75,13 +73,6 @@ Do not process filter by hardware. + .BI src_mac " mac_address" + Match on source or destination MAC address. + .TP +-.BI eth_type " ETH_TYPE" +-Match on the next protocol. +-.I ETH_TYPE +-may be either +-.BR ipv4 , ipv6 , 802.1Q , +-or an unsigned 16bit value in hexadecimal format. +-.TP + .BI vlan_id " VID" + Match on vlan tag id. + .I VID +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 874a7bd..6c9bea6 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -37,7 +37,6 @@ static void explain(void) + " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n" + " dst_mac MAC-ADDR |\n" + " src_mac MAC-ADDR |\n" +- " [ipv4 | ipv6 ] |\n" + " ip_proto [tcp | udp | IP-PROTO ] |\n" + " dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" +@@ -46,7 +45,7 @@ static void explain(void) + " FILTERID := X:Y:Z\n" + " ACTION-SPEC := ... look at individual actions\n" + "\n" +- "NOTE: CLASSID, ETH-TYPE, IP-PROTO are parsed as hexadecimal input.\n" ++ "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n" + "NOTE: There can be only used one mask per one prio. If user needs\n" + " to specify different mask, he has to use different prio.\n"); + } +-- +1.8.3.1 + diff --git a/SOURCES/0112-fix-spelling-of-Kuznetsov.patch b/SOURCES/0112-fix-spelling-of-Kuznetsov.patch deleted file mode 100644 index 1322e04..0000000 --- a/SOURCES/0112-fix-spelling-of-Kuznetsov.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 0fe5b27ea6bfc6b17404940a5730fe5107c72d74 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 7 Mar 2016 20:44:43 +0100 -Subject: [PATCH] fix spelling of Kuznetsov - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit dd8fac8cee409 - -commit dd8fac8cee4093f766eb0e53a00bafb156ec71db -Author: Stephen Hemminger -Date: Sat Jan 3 09:58:41 2015 -0800 - - fix spelling of Kuznetsov - - Suggested by Vadim Kochan ---- - doc/nstat.sgml | 2 +- - doc/ss.sgml | 2 +- - man/man8/ss.8 | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/doc/nstat.sgml b/doc/nstat.sgml -index be9d8bc..48cacc6 100644 ---- a/doc/nstat.sgml -+++ b/doc/nstat.sgml -@@ -3,7 +3,7 @@ -
- - NSTAT, IFSTAT and RTACCT Utilities --<author>Alexey Kuznetosv, <tt/kuznet@ms2.inr.ac.ru/ -+<author>Alexey Kuznetsov, <tt/kuznet@ms2.inr.ac.ru/ - <date>some_negative_number, 20 Sep 2001 - <abstract> - <tt/nstat/, <tt/ifstat/ and <tt/rtacct/ are simple tools helping -diff --git a/doc/ss.sgml b/doc/ss.sgml -index 0b1b533..3024b57 100644 ---- a/doc/ss.sgml -+++ b/doc/ss.sgml -@@ -3,7 +3,7 @@ - <article> - - <title>SS Utility: Quick Intro --<author>Alexey Kuznetosv, <tt/kuznet@ms2.inr.ac.ru/ -+<author>Alexey Kuznetsov, <tt/kuznet@ms2.inr.ac.ru/ - <date>some_negative_number, 20 Sep 2001 - <abstract> - <tt/ss/ is one another utility to investigate sockets. -diff --git a/man/man8/ss.8 b/man/man8/ss.8 -index 62c6ad8..6afbabb 100644 ---- a/man/man8/ss.8 -+++ b/man/man8/ss.8 -@@ -193,7 +193,7 @@ List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7 - - .SH AUTHOR - .I ss --was written by Alexey Kuznetosv, <kuznet@ms2.inr.ac.ru>. -+was written by Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>. - .PP - This manual page was written by Michael Prokop <mika@grml.org> - for the Debian project (but may be used by others). --- -1.8.3.1 - diff --git a/SOURCES/0112-tc-flower-Support-matching-on-SCTP-ports.patch b/SOURCES/0112-tc-flower-Support-matching-on-SCTP-ports.patch new file mode 100644 index 0000000..43c45da --- /dev/null +++ b/SOURCES/0112-tc-flower-Support-matching-on-SCTP-ports.patch @@ -0,0 +1,158 @@ +From 9c00f1da75c407be7638e5dc84ce02448f3832cd Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:10 +0100 +Subject: [PATCH] tc: flower: Support matching on SCTP ports + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit a1fb0d484237b + +commit a1fb0d484237b41f92ee17634880be80a0dcf51a +Author: Simon Horman <simon.horman@netronome.com> +Date: Thu Nov 3 13:26:41 2016 +0100 + + tc: flower: Support matching on SCTP ports + + Support matching on SCTP ports in the same way that matching + on TCP and UDP ports is already supported. + + Example usage: + + tc qdisc add dev eth0 ingress + + tc filter add dev eth0 protocol ip parent ffff: \ + flower indev eth0 ip_proto sctp dst_port 80 \ + action drop + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + tc/f_flower.c | 65 ++++++++++++++++++++++++++++------------------------------- + 1 file changed, 31 insertions(+), 34 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 6c9bea6..805e841 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -98,6 +98,8 @@ static int flower_parse_ip_proto(char *str, __be16 eth_type, int type, + ip_proto = IPPROTO_TCP; + } else if (matches(str, "udp") == 0) { + ip_proto = IPPROTO_UDP; ++ } else if (matches(str, "sctp") == 0) { ++ ip_proto = IPPROTO_SCTP; + } else { + ret = get_u8(&ip_proto, str, 16); + if (ret) +@@ -158,21 +160,33 @@ static int flower_parse_ip_addr(char *str, __be16 eth_type, + return 0; + } + +-static int flower_parse_port(char *str, __u8 ip_port, +- int tcp_type, int udp_type, struct nlmsghdr *n) ++static int flower_port_attr_type(__u8 ip_port, bool is_src) + { +- int ret; +- int type; +- __be16 port; +- + if (ip_port == IPPROTO_TCP) { +- type = tcp_type; ++ return is_src ? TCA_FLOWER_KEY_TCP_SRC : ++ TCA_FLOWER_KEY_TCP_DST; + } else if (ip_port == IPPROTO_UDP) { +- type = udp_type; ++ return is_src ? TCA_FLOWER_KEY_UDP_SRC : ++ TCA_FLOWER_KEY_UDP_DST; ++ } else if (ip_port == IPPROTO_SCTP) { ++ return is_src ? TCA_FLOWER_KEY_SCTP_SRC : ++ TCA_FLOWER_KEY_SCTP_DST; + } else { + fprintf(stderr, "Illegal \"ip_proto\" for port\n"); + return -1; + } ++} ++ ++static int flower_parse_port(char *str, __u8 ip_port, bool is_src, ++ struct nlmsghdr *n) ++{ ++ int ret; ++ int type; ++ __be16 port; ++ ++ type = flower_port_attr_type(ip_port, is_src); ++ if (type < 0) ++ return -1; + + ret = get_be16(&port, str, 10); + if (ret) +@@ -329,18 +343,14 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + } + } else if (matches(*argv, "dst_port") == 0) { + NEXT_ARG(); +- ret = flower_parse_port(*argv, ip_proto, +- TCA_FLOWER_KEY_TCP_DST, +- TCA_FLOWER_KEY_UDP_DST, n); ++ ret = flower_parse_port(*argv, ip_proto, false, n); + if (ret < 0) { + fprintf(stderr, "Illegal \"dst_port\"\n"); + return -1; + } + } else if (matches(*argv, "src_port") == 0) { + NEXT_ARG(); +- ret = flower_parse_port(*argv, ip_proto, +- TCA_FLOWER_KEY_TCP_SRC, +- TCA_FLOWER_KEY_UDP_SRC, n); ++ ret = flower_parse_port(*argv, ip_proto, true, n); + if (ret < 0) { + fprintf(stderr, "Illegal \"src_port\"\n"); + return -1; +@@ -456,6 +466,8 @@ static void flower_print_ip_proto(FILE *f, __u8 *p_ip_proto, + fprintf(f, "tcp"); + else if (ip_proto == IPPROTO_UDP) + fprintf(f, "udp"); ++ else if (ip_proto == IPPROTO_SCTP) ++ fprintf(f, "sctp"); + else + fprintf(f, "%02x", ip_proto); + *p_ip_proto = ip_proto; +@@ -498,20 +510,8 @@ static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type, + fprintf(f, "/%d", bits); + } + +-static void flower_print_port(FILE *f, char *name, __u8 ip_proto, +- struct rtattr *tcp_attr, +- struct rtattr *udp_attr) ++static void flower_print_port(FILE *f, char *name, struct rtattr *attr) + { +- struct rtattr *attr; +- +- if (ip_proto == IPPROTO_TCP) +- attr = tcp_attr; +- else if (ip_proto == IPPROTO_UDP) +- attr = udp_attr; +- else +- return; +- if (!attr) +- return; + fprintf(f, "\n %s %d", name, ntohs(rta_getattr_u16(attr))); + } + +@@ -575,13 +575,10 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + tb[TCA_FLOWER_KEY_IPV6_SRC], + tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]); + +- flower_print_port(f, "dst_port", ip_proto, +- tb[TCA_FLOWER_KEY_TCP_DST], +- tb[TCA_FLOWER_KEY_UDP_DST]); +- +- flower_print_port(f, "src_port", ip_proto, +- tb[TCA_FLOWER_KEY_TCP_SRC], +- tb[TCA_FLOWER_KEY_UDP_SRC]); ++ flower_print_port(f, "dst_port", ++ tb[flower_port_attr_type(ip_proto, false)]); ++ flower_print_port(f, "src_port", ++ tb[flower_port_attr_type(ip_proto, true)]); + + if (tb[TCA_FLOWER_FLAGS]) { + __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]); +-- +1.8.3.1 + diff --git a/SOURCES/0113-libnetlink-Introduce-rta_getattr_be.patch b/SOURCES/0113-libnetlink-Introduce-rta_getattr_be.patch new file mode 100644 index 0000000..09f8c33 --- /dev/null +++ b/SOURCES/0113-libnetlink-Introduce-rta_getattr_be.patch @@ -0,0 +1,114 @@ +From e369a7590be342ed32b5fa241dd76f242d0f54ca Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:10 +0100 +Subject: [PATCH] libnetlink: Introduce rta_getattr_be*() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit aab0f61043098 +Conflicts: Changes to bridge code applied manually due to missing json + output support. + +commit aab0f61043098e1384b5161ba78f583599a87e12 +Author: Amir Vadai <amir@vadai.me> +Date: Fri Dec 2 13:25:13 2016 +0200 + + libnetlink: Introduce rta_getattr_be*() + + Add the utility functions rta_getattr_be16() and rta_getattr_be32(), and + change existing code to use it. + + Signed-off-by: Amir Vadai <amir@vadai.me> +--- + bridge/fdb.c | 2 +- + include/libnetlink.h | 9 +++++++++ + ip/iplink_geneve.c | 2 +- + ip/iplink_vxlan.c | 2 +- + tc/f_flower.c | 2 +- + 5 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 4b536f9..a1bc45f 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -125,7 +125,7 @@ int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + fprintf(fp, "vlan %hu ", vid); + + if (tb[NDA_PORT]) +- fprintf(fp, "port %d ", ntohs(rta_getattr_u16(tb[NDA_PORT]))); ++ fprintf(fp, "port %d ", rta_getattr_be16(tb[NDA_PORT])); + if (tb[NDA_VNI]) + fprintf(fp, "vni %d ", rta_getattr_u32(tb[NDA_VNI])); + if (tb[NDA_IFINDEX]) { +diff --git a/include/libnetlink.h b/include/libnetlink.h +index 7ea3f4a..9a25ec4 100644 +--- a/include/libnetlink.h ++++ b/include/libnetlink.h +@@ -10,6 +10,7 @@ + #include <linux/if_addr.h> + #include <linux/neighbour.h> + #include <linux/netconf.h> ++#include <arpa/inet.h> + + struct rtnl_handle + { +@@ -131,10 +132,18 @@ static inline __u16 rta_getattr_u16(const struct rtattr *rta) + { + return *(__u16 *)RTA_DATA(rta); + } ++static inline __be16 rta_getattr_be16(const struct rtattr *rta) ++{ ++ return ntohs(rta_getattr_u16(rta)); ++} + static inline __u32 rta_getattr_u32(const struct rtattr *rta) + { + return *(__u32 *)RTA_DATA(rta); + } ++static inline __be32 rta_getattr_be32(const struct rtattr *rta) ++{ ++ return ntohl(rta_getattr_u32(rta)); ++} + static inline __u64 rta_getattr_u64(const struct rtattr *rta) + { + __u64 tmp; +diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c +index 2e15a1d..8f130a3 100644 +--- a/ip/iplink_geneve.c ++++ b/ip/iplink_geneve.c +@@ -231,7 +231,7 @@ static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + + if (tb[IFLA_GENEVE_PORT]) + fprintf(f, "dstport %u ", +- ntohs(rta_getattr_u16(tb[IFLA_GENEVE_PORT]))); ++ rta_getattr_be16(tb[IFLA_GENEVE_PORT])); + + if (tb[IFLA_GENEVE_COLLECT_METADATA]) + fputs("external ", f); +diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c +index 6cae35b..bf56864 100644 +--- a/ip/iplink_vxlan.c ++++ b/ip/iplink_vxlan.c +@@ -348,7 +348,7 @@ static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + + if (tb[IFLA_VXLAN_PORT]) + fprintf(f, "dstport %u ", +- ntohs(rta_getattr_u16(tb[IFLA_VXLAN_PORT]))); ++ rta_getattr_be16(tb[IFLA_VXLAN_PORT])); + + if (tb[IFLA_VXLAN_LEARNING] && + !rta_getattr_u8(tb[IFLA_VXLAN_LEARNING])) +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 805e841..75e64ae 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -512,7 +512,7 @@ static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type, + + static void flower_print_port(FILE *f, char *name, struct rtattr *attr) + { +- fprintf(f, "\n %s %d", name, ntohs(rta_getattr_u16(attr))); ++ fprintf(f, "\n %s %d", name, rta_getattr_be16(attr)); + } + + static int flower_print_opt(struct filter_util *qu, FILE *f, +-- +1.8.3.1 + diff --git a/SOURCES/0113-man-Spelling-fixes.patch b/SOURCES/0113-man-Spelling-fixes.patch deleted file mode 100644 index d5a7c20..0000000 --- a/SOURCES/0113-man-Spelling-fixes.patch +++ /dev/null @@ -1,82 +0,0 @@ -From b05a7002c77459b8f4b20966404f36b2a52a0307 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Mon, 7 Mar 2016 20:44:54 +0100 -Subject: [PATCH] man: Spelling fixes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit ac0817ef6612a -Conflicts: - * Missing man pages in RHEL7 (tc-bpf.8 and tc-mqprio.8). - * Missing support for -conf option in tc. - -commit ac0817ef6612a0ffb7d2b99891d6f7db48d33a72 -Author: Ville Skyttä <ville.skytta@iki.fi> -Date: Sat Nov 7 11:53:00 2015 +0200 - - man: Spelling fixes - - Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> ---- - man/man8/bridge.8 | 2 +- - man/man8/ifcfg.8 | 2 +- - man/man8/lnstat.8 | 2 +- - man/man8/tc-cbq-details.8 | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 -index 2c9f90c..4fcf2e8 100644 ---- a/man/man8/bridge.8 -+++ b/man/man8/bridge.8 -@@ -220,7 +220,7 @@ state the port for list for STP BPDUs and drop all other traffic. - .B 2 - - STP LEARNING state. Only valid if STP is enabled on the bridge. In this - state the port will accept traffic only for the purpose of updating MAC --adress tables. -+address tables. - .sp - - .B 3 -diff --git a/man/man8/ifcfg.8 b/man/man8/ifcfg.8 -index 79033bd..1a3786c 100644 ---- a/man/man8/ifcfg.8 -+++ b/man/man8/ifcfg.8 -@@ -1,6 +1,6 @@ - .TH IFCFG 8 "September 24 2009" "iproute2" "Linux" - .SH NAME --ifcfg \- simplistic script which replaces ifconfig IP managment -+ifcfg \- simplistic script which replaces ifconfig IP management - .SH SYNOPSIS - .ad l - .in +8 -diff --git a/man/man8/lnstat.8 b/man/man8/lnstat.8 -index b817bcf..d509649 100644 ---- a/man/man8/lnstat.8 -+++ b/man/man8/lnstat.8 -@@ -169,7 +169,7 @@ Number of dropped conntrack entries to make room for new ones, if maximum table - size was reached. - .sp - .B icmp_error --Number of packets wich could not be tracked due to error situation. This is a -+Number of packets which could not be tracked due to error situation. This is a - subset of \fBinvalid\fP. - .sp - .B expect_new -diff --git a/man/man8/tc-cbq-details.8 b/man/man8/tc-cbq-details.8 -index ddaf3ca..86353b5 100644 ---- a/man/man8/tc-cbq-details.8 -+++ b/man/man8/tc-cbq-details.8 -@@ -197,7 +197,7 @@ priority yielded a class, enter the fallback algorithm. - The fallback algorithm resides outside of the loop and is as follows. - .TP - (i) --Consult the defmap of the class at which the jump to fallback occured. If -+Consult the defmap of the class at which the jump to fallback occurred. If - the defmap contains a class for the - .B - priority --- -1.8.3.1 - diff --git a/SOURCES/0114-man-tc-htb-Fix-HRB-HTB-typo.patch b/SOURCES/0114-man-tc-htb-Fix-HRB-HTB-typo.patch deleted file mode 100644 index 4806e5e..0000000 --- a/SOURCES/0114-man-tc-htb-Fix-HRB-HTB-typo.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 7ebb76a1066a17bb7dcd06c685e9751032c47d9a Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Mon, 7 Mar 2016 20:45:51 +0100 -Subject: [PATCH] man tc-htb: Fix HRB -> HTB typo - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 6c19ff10b5bdf - -commit 6c19ff10b5bdf2f2f20e340d2cba4115da4eb7ef -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Tue Sep 22 20:01:13 2015 +0300 - - man tc-htb: Fix HRB -> HTB typo - - Changed HRB -> HTB. - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> ---- - man/man8/tc-htb.8 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/man8/tc-htb.8 b/man/man8/tc-htb.8 -index d196ecd..95f25de 100644 ---- a/man/man8/tc-htb.8 -+++ b/man/man8/tc-htb.8 -@@ -48,7 +48,7 @@ Shaping works as documented in - .B tc-tbf (8). - - .SH CLASSIFICATION --Within the one HRB instance many classes may exist. Each of these classes -+Within the one HTB instance many classes may exist. Each of these classes - contains another qdisc, by default - .BR tc-pfifo (8). - --- -1.8.3.1 - diff --git a/SOURCES/0114-tc-cls_flower-Classify-packet-in-ip-tunnels.patch b/SOURCES/0114-tc-cls_flower-Classify-packet-in-ip-tunnels.patch new file mode 100644 index 0000000..dfc1e18 --- /dev/null +++ b/SOURCES/0114-tc-cls_flower-Classify-packet-in-ip-tunnels.patch @@ -0,0 +1,212 @@ +From 0263aa84af6519d1dc057329e895275d34a0f595 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:32 +0100 +Subject: [PATCH] tc/cls_flower: Classify packet in ip tunnels + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit bb9b63b18e85f + +commit bb9b63b18e85f17e618469ecb139e78ca5a4a4fc +Author: Amir Vadai <amir@vadai.me> +Date: Fri Dec 2 13:25:14 2016 +0200 + + tc/cls_flower: Classify packet in ip tunnels + + Introduce classifying by metadata extracted by the tunnel device. + Outer header fields - source/dest ip and tunnel id, are extracted from + the metadata when classifying. + + For example, the following will add a filter on the ingress Qdisc of shared + vxlan device named 'vxlan0'. To forward packets with outer src ip + 11.11.0.2, dst ip 11.11.0.1 and tunnel id 11. The packets will be + forwarded to tap device 'vnet0': + + $ tc filter add dev vxlan0 protocol ip parent ffff: \ + flower \ + enc_src_ip 11.11.0.2 \ + enc_dst_ip 11.11.0.1 \ + enc_key_id 11 \ + dst_ip 11.11.11.1 \ + action mirred egress redirect dev vnet0 + + Signed-off-by: Amir Vadai <amir@vadai.me> +--- + man/man8/tc-flower.8 | 17 ++++++++++- + tc/f_flower.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 95 insertions(+), 4 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 16ef261..dd35649 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -34,7 +34,11 @@ flower \- flow based traffic control filter + .BR dst_ip " | " src_ip " } { " + .IR ipv4_address " | " ipv6_address " } | { " + .BR dst_port " | " src_port " } " +-.IR port_number " }" ++.IR port_number " } | " ++.B enc_key_id ++.IR KEY-ID " | {" ++.BR enc_dst_ip " | " enc_src_ip " } { " ++.IR ipv4_address " | " ipv6_address " } | " + .SH DESCRIPTION + The + .B flower +@@ -112,6 +116,17 @@ which has to be specified in beforehand. + Match on layer 4 protocol source or destination port number. Only available for + .BR ip_proto " values " udp " and " tcp , + which has to be specified in beforehand. ++.TP ++.BI enc_key_id " NUMBER" ++.TQ ++.BI enc_dst_ip " ADDRESS" ++.TQ ++.BI enc_src_ip " ADDRESS" ++Match on IP tunnel metadata. Key id ++.I NUMBER ++is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel). ++.I ADDRESS ++must be a valid IPv4 or IPv6 address. + .SH NOTES + As stated above where applicable, matches of a certain layer implicitly depend + on the matches of the next lower layer. Precisely, layer one and two matches ( +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 75e64ae..36963c5 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -41,7 +41,10 @@ static void explain(void) + " dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " dst_port PORT-NUMBER |\n" +- " src_port PORT-NUMBER }\n" ++ " src_port PORT-NUMBER |\n" ++ " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" ++ " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" ++ " enc_key_id [ KEY-ID ] }\n" + " FILTERID := X:Y:Z\n" + " ACTION-SPEC := ... look at individual actions\n" + "\n" +@@ -125,8 +128,9 @@ static int flower_parse_ip_addr(char *str, __be16 eth_type, + family = AF_INET; + } else if (eth_type == htons(ETH_P_IPV6)) { + family = AF_INET6; ++ } else if (!eth_type) { ++ family = AF_UNSPEC; + } else { +- fprintf(stderr, "Illegal \"eth_type\" for ip address\n"); + return -1; + } + +@@ -134,8 +138,10 @@ static int flower_parse_ip_addr(char *str, __be16 eth_type, + if (ret) + return -1; + +- if (addr.family != family) ++ if (family && (addr.family != family)) { ++ fprintf(stderr, "Illegal \"eth_type\" for ip address\n"); + return -1; ++ } + + addattr_l(n, MAX_MSG, addr.family == AF_INET ? addr4_type : addr6_type, + addr.data, addr.bytelen); +@@ -197,6 +203,18 @@ static int flower_parse_port(char *str, __u8 ip_port, bool is_src, + return 0; + } + ++static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n) ++{ ++ int ret; ++ __be32 key_id; ++ ++ ret = get_be32(&key_id, str, 10); ++ if (!ret) ++ addattr32(n, MAX_MSG, type, key_id); ++ ++ return ret; ++} ++ + static int flower_parse_opt(struct filter_util *qu, char *handle, + int argc, char **argv, struct nlmsghdr *n) + { +@@ -355,6 +373,38 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + fprintf(stderr, "Illegal \"src_port\"\n"); + return -1; + } ++ } else if (matches(*argv, "enc_dst_ip") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_ip_addr(*argv, 0, ++ TCA_FLOWER_KEY_ENC_IPV4_DST, ++ TCA_FLOWER_KEY_ENC_IPV4_DST_MASK, ++ TCA_FLOWER_KEY_ENC_IPV6_DST, ++ TCA_FLOWER_KEY_ENC_IPV6_DST_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"enc_dst_ip\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "enc_src_ip") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_ip_addr(*argv, 0, ++ TCA_FLOWER_KEY_ENC_IPV4_SRC, ++ TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK, ++ TCA_FLOWER_KEY_ENC_IPV6_SRC, ++ TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"enc_src_ip\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "enc_key_id") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_key_id(*argv, ++ TCA_FLOWER_KEY_ENC_KEY_ID, n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"enc_key_id\"\n"); ++ return -1; ++ } + } else if (matches(*argv, "action") == 0) { + NEXT_ARG(); + ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n); +@@ -515,6 +565,13 @@ static void flower_print_port(FILE *f, char *name, struct rtattr *attr) + fprintf(f, "\n %s %d", name, rta_getattr_be16(attr)); + } + ++static void flower_print_key_id(FILE *f, const char *name, ++ struct rtattr *attr) ++{ ++ if (attr) ++ fprintf(f, "\n %s %d", name, rta_getattr_be32(attr)); ++} ++ + static int flower_print_opt(struct filter_util *qu, FILE *f, + struct rtattr *opt, __u32 handle) + { +@@ -580,6 +637,25 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + flower_print_port(f, "src_port", + tb[flower_port_attr_type(ip_proto, true)]); + ++ flower_print_ip_addr(f, "enc_dst_ip", ++ tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ? ++ htons(ETH_P_IP) : htons(ETH_P_IPV6), ++ tb[TCA_FLOWER_KEY_ENC_IPV4_DST], ++ tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK], ++ tb[TCA_FLOWER_KEY_ENC_IPV6_DST], ++ tb[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]); ++ ++ flower_print_ip_addr(f, "enc_src_ip", ++ tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] ? ++ htons(ETH_P_IP) : htons(ETH_P_IPV6), ++ tb[TCA_FLOWER_KEY_ENC_IPV4_SRC], ++ tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK], ++ tb[TCA_FLOWER_KEY_ENC_IPV6_SRC], ++ tb[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]); ++ ++ flower_print_key_id(f, "enc_key_id", ++ tb[TCA_FLOWER_KEY_ENC_KEY_ID]); ++ + if (tb[TCA_FLOWER_FLAGS]) { + __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]); + +-- +1.8.3.1 + diff --git a/SOURCES/0115-TBF-man-page-fix-tbf-is-not-classless.patch b/SOURCES/0115-TBF-man-page-fix-tbf-is-not-classless.patch deleted file mode 100644 index 799d1e4..0000000 --- a/SOURCES/0115-TBF-man-page-fix-tbf-is-not-classless.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 9d1e99695d9c39432a66ec20f36928bf053410a4 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Mon, 7 Mar 2016 20:45:51 +0100 -Subject: [PATCH] TBF man page fix (tbf is not classless) - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 7bc7fcaadbd2d - -commit 7bc7fcaadbd2db1aef1f9b15216a97f63d826493 -Author: Sergey V. Lobanov <sergey@lobanov.in> -Date: Fri May 9 22:12:54 2014 +0400 - - TBF man page fix (tbf is not classless) - - TBF is not classless qdisc. man page corrected, added example - describing the use of inner qdisc - - Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> ---- - man/man8/tc-tbf.8 | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/man/man8/tc-tbf.8 b/man/man8/tc-tbf.8 -index 51310f1..fc2c837 100644 ---- a/man/man8/tc-tbf.8 -+++ b/man/man8/tc-tbf.8 -@@ -21,7 +21,7 @@ bytes/cell - burst is also known as buffer and maxburst. mtu is also known as minburst. - .SH DESCRIPTION - --The Token Bucket Filter is a classless queueing discipline available for -+The Token Bucket Filter is a classful queueing discipline available for - traffic control with the - .BR tc (8) - command. -@@ -121,9 +121,17 @@ To attach a TBF with a sustained maximum rate of 0.5mbit/s, a peakrate of 1.0mbi - a 5kilobyte buffer, with a pre-bucket queue size limit calculated so the TBF causes - at most 70ms of latency, with perfect peakrate behaviour, issue: - .P --# tc qdisc add dev eth0 root tbf rate 0.5mbit \\ -+# tc qdisc add dev eth0 handle 10: root tbf rate 0.5mbit \\ - burst 5kb latency 70ms peakrate 1mbit \\ - minburst 1540 -+.P -+To attach an inner qdisc, for example sfq, issue: -+.P -+# tc qdisc add dev eth0 parent 10:1 handle 100: sfq -+.P -+Without inner qdisc TBF queue acts as bfifo. If the inner qdisc is changed -+the limit/latency is not effective anymore. -+.P - - .SH SEE ALSO - .BR tc (8) --- -1.8.3.1 - diff --git a/SOURCES/0115-tc-flower-remove-references-to-eth_type-in-manpage.patch b/SOURCES/0115-tc-flower-remove-references-to-eth_type-in-manpage.patch new file mode 100644 index 0000000..17fadb0 --- /dev/null +++ b/SOURCES/0115-tc-flower-remove-references-to-eth_type-in-manpage.patch @@ -0,0 +1,70 @@ +From ee52b931335fdcdf32283482558008d865bdd4b5 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:33 +0100 +Subject: [PATCH] tc: flower: remove references to eth_type in manpage + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 730381fede498 + +commit 730381fede4989901911bc981a99079a1d84ca6a +Author: Simon Horman <simon.horman@netronome.com> +Date: Fri Dec 2 14:59:43 2016 -0800 + + tc: flower: remove references to eth_type in manpage + + Remove references to eth_type and ether_type (spelling error) in + the tc flower manpage. + + Also correct formatting of boldface text with whitespace. + + Cc: Paul Blakey <paulb@mellanox.com> + Signed-off-by: Simon Horman <simon.horman@netronome.com> + Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> +--- + man/man8/tc-flower.8 | 23 +++++++++++------------ + 1 file changed, 11 insertions(+), 12 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index dd35649..11cf774 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -107,8 +107,8 @@ or an unsigned 8bit value in hexadecimal format. + Match on source or destination IP address. + .I ADDRESS + must be a valid IPv4 or IPv6 address, depending on +-.BR ether_type , +-which has to be specified in beforehand. ++.BR protocol ++option of tc filter. + .TP + .BI dst_port " NUMBER" + .TQ +@@ -129,16 +129,15 @@ is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel). + must be a valid IPv4 or IPv6 address. + .SH NOTES + As stated above where applicable, matches of a certain layer implicitly depend +-on the matches of the next lower layer. Precisely, layer one and two matches ( +-.BR indev , dst_mac , src_mac " and " eth_type ) +-have no dependency, layer three matches ( +-.BR ip_proto , dst_ip " and " src_ip ) +-require +-.B eth_type +-being set to either +-.BR ipv4 " or " ipv6 , +-and finally layer four matches ( +-.BR dst_port " and " src_port ) ++on the matches of the next lower layer. Precisely, layer one and two matches ++(\fBindev\fR, \fBdst_mac\fR and \fBsrc_mac\fR) ++have no dependency, layer three matches ++(\fBip_proto\fR, \fBdst_ip\fR and \fBsrc_ip\fR) ++depend on the ++.B protocol ++option of tc filter ++and finally layer four matches ++(\fBdst_port\fR and \fBsrc_port\fR) + depend on + .B ip_proto + being set to either +-- +1.8.3.1 + diff --git a/SOURCES/0116-man8-scrub-trailing-whitespace.patch b/SOURCES/0116-man8-scrub-trailing-whitespace.patch deleted file mode 100644 index d11b7c6..0000000 --- a/SOURCES/0116-man8-scrub-trailing-whitespace.patch +++ /dev/null @@ -1,2022 +0,0 @@ -From ec65031c65c10110cbbefbeb222984813782ebb3 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Mon, 7 Mar 2016 20:45:51 +0100 -Subject: [PATCH] man8: scrub trailing whitespace - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 5699275b424c6 - -commit 5699275b424c637edc60f46c89071d4e8f4edde3 -Author: Stephen Hemminger <shemming@brocade.com> -Date: Mon Nov 23 15:41:37 2015 -0800 - - man8: scrub trailing whitespace - - Remove extraneous whitespace ---- - man/man8/bridge.8 | 6 +- - man/man8/ip-addrlabel.8 | 5 +- - man/man8/ip-neighbour.8 | 4 +- - man/man8/ip-ntable.8 | 4 +- - man/man8/ip-rule.8 | 2 +- - man/man8/ip-xfrm.8 | 2 +- - man/man8/ip.8 | 2 +- - man/man8/routel.8 | 20 +++--- - man/man8/rtacct.8 | 1 - - man/man8/rtmon.8 | 8 +-- - man/man8/ss.8 | 6 +- - man/man8/tc-bfifo.8 | 32 ++++----- - man/man8/tc-cbq-details.8 | 178 +++++++++++++++++++++++----------------------- - man/man8/tc-cbq.8 | 158 ++++++++++++++++++++-------------------- - man/man8/tc-drr.8 | 1 - - man/man8/tc-htb.8 | 80 ++++++++++----------- - man/man8/tc-netem.8 | 22 +++--- - man/man8/tc-pfifo_fast.8 | 14 ++-- - man/man8/tc-prio.8 | 28 ++++---- - man/man8/tc-red.8 | 62 ++++++++-------- - man/man8/tc-sfq.8 | 40 +++++------ - man/man8/tc-tbf.8 | 48 ++++++------- - man/man8/tc.8 | 1 - - 23 files changed, 351 insertions(+), 373 deletions(-) - -diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 -index 4fcf2e8..3cda7d6 100644 ---- a/man/man8/bridge.8 -+++ b/man/man8/bridge.8 -@@ -84,7 +84,7 @@ bridge \- show / manipulate bridge addresses and devices - .BR "bridge vlan" " { " add " | " del " } " - .B dev - .IR DEV --.B vid -+.B vid - .IR VID " [ " - .BR pvid " ] [ " untagged " ] [ " - .BR self " ] [ " master " ] " -@@ -142,7 +142,7 @@ to - - Bridge port. - - .TP --.B fdb -+.B fdb - - Forwarding Database entry. - - .TP -@@ -340,7 +340,7 @@ If omitted the default value is used. - .BI via " DEVICE" - device name of the outgoing interface for the - VXLAN device driver to reach the --remote VXLAN tunnel endpoint. -+remote VXLAN tunnel endpoint. - - .SS bridge fdb append - append a forwarding database entry - This command adds a new fdb entry with an already known -diff --git a/man/man8/ip-addrlabel.8 b/man/man8/ip-addrlabel.8 -index 5fc18fe..51ef572 100644 ---- a/man/man8/ip-addrlabel.8 -+++ b/man/man8/ip-addrlabel.8 -@@ -7,8 +7,8 @@ ip-addrlabel \- protocol address label management - .in +8 - .ti -8 - .B ip --.RI "[ " OPTIONS " ]" --.B addrlabel -+.RI "[ " OPTIONS " ]" -+.B addrlabel - .RI " { " COMMAND " | " - .BR help " }" - .sp -@@ -66,4 +66,3 @@ flush all address labels in the kernel. This does not restore any default settin - - .SH AUTHOR - Manpage by Yoshifuji Hideaki / 吉藤英明 -- -diff --git a/man/man8/ip-neighbour.8 b/man/man8/ip-neighbour.8 -index f3068f4..c94c654 100644 ---- a/man/man8/ip-neighbour.8 -+++ b/man/man8/ip-neighbour.8 -@@ -38,9 +38,9 @@ ip-neighbour \- neighbour/arp tables management. - .BR permanent " | " noarp " | " stale " | " reachable " }" - - .SH DESCRIPTION --The -+The - .B ip neigh --command manipulates -+command manipulates - .I neighbour - objects that establish bindings between protocol addresses and - link layer addresses for hosts sharing the same link. -diff --git a/man/man8/ip-ntable.8 b/man/man8/ip-ntable.8 -index 2b95632..4f0f2e5 100644 ---- a/man/man8/ip-ntable.8 -+++ b/man/man8/ip-ntable.8 -@@ -60,7 +60,7 @@ ip-ntable - neighbour table configuration - - .SH DESCRIPTION - .I ip ntable --controls the parameters for the neighbour tables. -+controls the parameters for the neighbour tables. - - .SS ip ntable show - list the ip neighbour tables - -@@ -103,4 +103,4 @@ default value (3) to 8 packets. - .BR ip (8) - - .SH AUTHOR --Manpage by Stephen Hemminger -+Manpage by Stephen Hemminger -diff --git a/man/man8/ip-rule.8 b/man/man8/ip-rule.8 -index 2594ff3..0661061 100644 ---- a/man/man8/ip-rule.8 -+++ b/man/man8/ip-rule.8 -@@ -62,7 +62,7 @@ ip-rule \- routing policy database management - - .SH DESCRIPTION - .I ip rule --manipulates rules -+manipulates rules - in the routing policy database control the route selection algorithm. - - .P -diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 -index a9c5890..aa04804 100644 ---- a/man/man8/ip-xfrm.8 -+++ b/man/man8/ip-xfrm.8 -@@ -119,7 +119,7 @@ ip-xfrm \- transform configuration - - .ti -8 - .IR ALGO " :=" --.RB "{ " enc " | " auth " } " -+.RB "{ " enc " | " auth " } " - .IR ALGO-NAME " " ALGO-KEYMAT " |" - .br - .B auth-trunc -diff --git a/man/man8/ip.8 b/man/man8/ip.8 -index c28cee0..a95264d 100644 ---- a/man/man8/ip.8 -+++ b/man/man8/ip.8 -@@ -12,7 +12,7 @@ ip \- show / manipulate routing, devices, policy routing and tunnels - .sp - - .ti -8 --.B ip -+.B ip - .RB "[ " -force " ] " - .BI "-batch " filename - .sp -diff --git a/man/man8/routel.8 b/man/man8/routel.8 -index cdf8f55..82d580f 100644 ---- a/man/man8/routel.8 -+++ b/man/man8/routel.8 -@@ -1,16 +1,16 @@ - .TH "ROUTEL" "8" "3 Jan, 2008" "iproute2" "Linux" - .SH "NAME" --.LP -+.LP - routel \- list routes with pretty output format - .br - routef \- flush routes - .SH "SYNTAX" --.LP -+.LP - routel [\fItablenr\fP [\fIraw ip args...\fP]] --.br -+.br - routef - .SH "DESCRIPTION" --.LP -+.LP - These programs are a set of helper scripts you can use instead of raw iproute2 commands. - .br - The routel script will list routes in a format that some might consider easier to interpret then the ip route list equivalent. -@@ -18,15 +18,15 @@ The routel script will list routes in a format that some might consider easier t - The routef script does not take any arguments and will simply flush the routing table down the drain. Beware! This means deleting all routes which will make your network unusable! - - .SH "FILES" --.LP --\fI/usr/bin/routef\fP --.br --\fI/usr/bin/routel\fP -+.LP -+\fI/usr/bin/routef\fP -+.br -+\fI/usr/bin/routel\fP - .SH "AUTHORS" --.LP -+.LP - The routel script was written by Stephen R. van den Berg <srb@cuci.nl>, 1999/04/18 and donated to the public domain. - .br - This manual page was written by Andreas Henriksson <andreas@fatal.se>, for the Debian GNU/Linux system. - .SH "SEE ALSO" --.LP -+.LP - ip(8) -diff --git a/man/man8/rtacct.8 b/man/man8/rtacct.8 -index fb9afe8..b10839f 100644 ---- a/man/man8/rtacct.8 -+++ b/man/man8/rtacct.8 -@@ -45,4 +45,3 @@ Time interval to average rates. Default value is 60 seconds. - - .SH SEE ALSO - lnstat(8) -- -diff --git a/man/man8/rtmon.8 b/man/man8/rtmon.8 -index 0538752..38a2b77 100644 ---- a/man/man8/rtmon.8 -+++ b/man/man8/rtmon.8 -@@ -10,11 +10,11 @@ This manual page documents briefly the - command. - .PP - .B rtmon --listens on --.I netlink -+listens on -+.I netlink - socket and monitors routing table changes. - --.I rtmon -+.I rtmon - can be started before the first network configuration command is issued. - For example if you insert: - -@@ -61,7 +61,7 @@ to display logged output from file. - .SH SEE ALSO - .BR ip (8) - .SH AUTHOR --.B rtmon -+.B rtmon - was written by Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>. - .PP - This manual page was written by Michael Prokop <mika@grml.org>, -diff --git a/man/man8/ss.8 b/man/man8/ss.8 -index 6afbabb..f4d5264 100644 ---- a/man/man8/ss.8 -+++ b/man/man8/ss.8 -@@ -12,7 +12,7 @@ to - It can display more TCP and state informations than other tools. - - .SH OPTIONS --When no option is used ss displays a list of -+When no option is used ss displays a list of - open non-listening sockets (e.g. TCP/UNIX/UDP) that have established connection. - .TP - .B \-h, \-\-help -@@ -189,10 +189,10 @@ List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7 - .BR /usr/share/doc/iproute-doc/ss.html " (package iproute�doc)", - .br - .BR RFC " 793 " --- https://tools.ietf.org/rfc/rfc793.txt (TCP states) -+- https://tools.ietf.org/rfc/rfc793.txt (TCP states) - - .SH AUTHOR --.I ss -+.I ss - was written by Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>. - .PP - This manual page was written by Michael Prokop <mika@grml.org> -diff --git a/man/man8/tc-bfifo.8 b/man/man8/tc-bfifo.8 -index f04090c..3e29032 100644 ---- a/man/man8/tc-bfifo.8 -+++ b/man/man8/tc-bfifo.8 -@@ -6,37 +6,37 @@ bfifo \- Byte limited First In, First Out queue - - .SH SYNOPSIS - .B tc qdisc ... add pfifo --.B [ limit -+.B [ limit - packets - .B ] - .P - .B tc qdisc ... add bfifo --.B [ limit -+.B [ limit - bytes - .B ] - - .SH DESCRIPTION - The pfifo and bfifo qdiscs are unadorned First In, First Out queues. They are the --simplest queues possible and therefore have no overhead. -+simplest queues possible and therefore have no overhead. - .B pfifo --constrains the queue size as measured in packets. -+constrains the queue size as measured in packets. - .B bfifo - does so as measured in bytes. - --Like all non-default qdiscs, they maintain statistics. This might be a reason to prefer -+Like all non-default qdiscs, they maintain statistics. This might be a reason to prefer - pfifo or bfifo over the default. - - .SH ALGORITHM - A list of packets is maintained, when a packet is enqueued it gets inserted at the tail of --a list. When a packet needs to be sent out to the network, it is taken from the head of the list. -+a list. When a packet needs to be sent out to the network, it is taken from the head of the list. - - If the list is too long, no further packets are allowed on. This is called 'tail drop'. - - .SH PARAMETERS --.TP -+.TP - limit --Maximum queue size. Specified in bytes for bfifo, in packets for pfifo. For pfifo, defaults --to the interface txqueuelen, as specified with -+Maximum queue size. Specified in bytes for bfifo, in packets for pfifo. For pfifo, defaults -+to the interface txqueuelen, as specified with - .BR ifconfig (8) - or - .BR ip (8). -@@ -48,20 +48,20 @@ The range for this parameter is [0, UINT32_MAX] bytes. - Note: The link layer header was considered when counting packets length. - - .SH OUTPUT --The output of -+The output of - .B tc -s qdisc ls --contains the limit, either in packets or in bytes, and the number of bytes --and packets actually sent. An unsent and dropped packet only appears between braces -+contains the limit, either in packets or in bytes, and the number of bytes -+and packets actually sent. An unsent and dropped packet only appears between braces - and is not counted as 'Sent'. - --In this example, the queue length is 100 packets, 45894 bytes were sent over 681 packets. -+In this example, the queue length is 100 packets, 45894 bytes were sent over 681 packets. - No packets were dropped, and as the pfifo queue does not slow down packets, there were also no - overlimits: - .P - .nf --# tc -s qdisc ls dev eth0 -+# tc -s qdisc ls dev eth0 - qdisc pfifo 8001: dev eth0 limit 100p -- Sent 45894 bytes 681 pkts (dropped 0, overlimits 0) -+ Sent 45894 bytes 681 pkts (dropped 0, overlimits 0) - .fi - - If a backlog occurs, this is displayed as well. -@@ -72,5 +72,3 @@ If a backlog occurs, this is displayed as well. - Alexey N. Kuznetsov, <kuznet@ms2.inr.ac.ru> - - This manpage maintained by bert hubert <ahu@ds9a.nl> -- -- -diff --git a/man/man8/tc-cbq-details.8 b/man/man8/tc-cbq-details.8 -index 86353b5..9368103 100644 ---- a/man/man8/tc-cbq-details.8 -+++ b/man/man8/tc-cbq-details.8 -@@ -5,54 +5,54 @@ CBQ \- Class Based Queueing - .B tc qdisc ... dev - dev - .B ( parent --classid --.B | root) [ handle --major: -+classid -+.B | root) [ handle -+major: - .B ] cbq avpkt - bytes - .B bandwidth - rate --.B [ cell -+.B [ cell - bytes - .B ] [ ewma - log - .B ] [ mpu - bytes --.B ] -+.B ] - - .B tc class ... dev - dev --.B parent -+.B parent - major:[minor] --.B [ classid -+.B [ classid - major:minor - .B ] cbq allot - bytes --.B [ bandwidth --rate --.B ] [ rate -+.B [ bandwidth -+rate -+.B ] [ rate - rate - .B ] prio - priority - .B [ weight - weight --.B ] [ minburst -+.B ] [ minburst -+packets -+.B ] [ maxburst - packets --.B ] [ maxburst --packets --.B ] [ ewma -+.B ] [ ewma - log - .B ] [ cell - bytes - .B ] avpkt - bytes - .B [ mpu --bytes -+bytes - .B ] [ bounded isolated ] [ split - handle - .B & defmap - defmap --.B ] [ estimator -+.B ] [ estimator - interval timeconstant - .B ] - -@@ -60,7 +60,7 @@ interval timeconstant - Class Based Queueing is a classful qdisc that implements a rich - linksharing hierarchy of classes. It contains shaping elements as - well as prioritizing capabilities. Shaping is performed using link --idle time calculations based on the timing of dequeue events and -+idle time calculations based on the timing of dequeue events and - underlying link bandwidth. - - .SH SHAPING ALGORITHM -@@ -71,10 +71,10 @@ When shaping a 10mbit/s connection to 1mbit/s, the link will - be idle 90% of the time. If it isn't, it needs to be throttled so that it - IS idle 90% of the time. - --From the kernel's perspective, this is hard to measure, so CBQ instead --derives the idle time from the number of microseconds (in fact, jiffies) --that elapse between requests from the device driver for more data. Combined --with the knowledge of packet sizes, this is used to approximate how full or -+From the kernel's perspective, this is hard to measure, so CBQ instead -+derives the idle time from the number of microseconds (in fact, jiffies) -+that elapse between requests from the device driver for more data. Combined -+with the knowledge of packet sizes, this is used to approximate how full or - empty the link is. - - This is rather circumspect and doesn't always arrive at proper -@@ -84,9 +84,9 @@ perhaps because of a badly implemented driver? A PCMCIA network card - will also never achieve 100mbit/s because of the way the bus is - designed - again, how do we calculate the idle time? - --The physical link bandwidth may be ill defined in case of not-quite-real --network devices like PPP over Ethernet or PPTP over TCP/IP. The effective --bandwidth in that case is probably determined by the efficiency of pipes -+The physical link bandwidth may be ill defined in case of not-quite-real -+network devices like PPP over Ethernet or PPTP over TCP/IP. The effective -+bandwidth in that case is probably determined by the efficiency of pipes - to userspace - which not defined. - - During operations, the effective idletime is measured using an -@@ -104,59 +104,59 @@ CBQ throttles and is then 'overlimit'. - - Conversely, an idle link might amass a huge avgidle, which would then - allow infinite bandwidths after a few hours of silence. To prevent --this, avgidle is capped at -+this, avgidle is capped at - .B maxidle. - - If overlimit, in theory, the CBQ could throttle itself for exactly the - amount of time that was calculated to pass between packets, and then - pass one packet, and throttle again. Due to timer resolution constraints, --this may not be feasible, see the -+this may not be feasible, see the - .B minburst - parameter below. - - .SH CLASSIFICATION - Within the one CBQ instance many classes may exist. Each of these classes --contains another qdisc, by default -+contains another qdisc, by default - .BR tc-pfifo (8). - --When enqueueing a packet, CBQ starts at the root and uses various methods to -+When enqueueing a packet, CBQ starts at the root and uses various methods to - determine which class should receive the data. If a verdict is reached, this - process is repeated for the recipient class which might have further - means of classifying traffic to its children, if any. - --CBQ has the following methods available to classify a packet to any child -+CBQ has the following methods available to classify a packet to any child - classes. - .TP - (i) - .B skb->priority class encoding. --Can be set from userspace by an application with the -+Can be set from userspace by an application with the - .B SO_PRIORITY - setsockopt. --The -+The - .B skb->priority class encoding --only applies if the skb->priority holds a major:minor handle of an existing -+only applies if the skb->priority holds a major:minor handle of an existing - class within this qdisc. - .TP - (ii) - tc filters attached to the class. - .TP - (iii) --The defmap of a class, as set with the -+The defmap of a class, as set with the - .B split & defmap - parameters. The defmap may contain instructions for each possible Linux packet - priority. - - .P --Each class also has a -+Each class also has a - .B level. - Leaf nodes, attached to the bottom of the class hierarchy, have a level of 0. - .SH CLASSIFICATION ALGORITHM - --Classification is a loop, which terminates when a leaf class is found. At any -+Classification is a loop, which terminates when a leaf class is found. At any - point the loop may jump to the fallback algorithm. - - The loop consists of the following steps: --.TP -+.TP - (i) - If the packet is generated locally and has a valid classid encoded within its - .B skb->priority, -@@ -169,40 +169,40 @@ a class which is not a leaf class, restart loop from the class returned. - If it is a leaf, choose it and terminate. - .TP - (iii) --If the tc filters did not return a class, but did return a classid, --try to find a class with that id within this qdisc. -+If the tc filters did not return a class, but did return a classid, -+try to find a class with that id within this qdisc. - Check if the found class is of a lower - .B level - than the current class. If so, and the returned class is not a leaf node, - restart the loop at the found class. If it is a leaf node, terminate. --If we found an upward reference to a higher level, enter the fallback -+If we found an upward reference to a higher level, enter the fallback - algorithm. - .TP - (iv) - If the tc filters did not return a class, nor a valid reference to one, - consider the minor number of the reference to be the priority. Retrieve - a class from the defmap of this class for the priority. If this did not --contain a class, consult the defmap of this class for the -+contain a class, consult the defmap of this class for the -+.B BEST_EFFORT -+class. If this is an upward reference, or no - .B BEST_EFFORT --class. If this is an upward reference, or no --.B BEST_EFFORT - class was defined, - enter the fallback algorithm. If a valid class was found, and it is not a --leaf node, restart the loop at this class. If it is a leaf, choose it and -+leaf node, restart the loop at this class. If it is a leaf, choose it and - terminate. If --neither the priority distilled from the classid, nor the --.B BEST_EFFORT -+neither the priority distilled from the classid, nor the -+.B BEST_EFFORT - priority yielded a class, enter the fallback algorithm. - .P - The fallback algorithm resides outside of the loop and is as follows. - .TP - (i) --Consult the defmap of the class at which the jump to fallback occurred. If --the defmap contains a class for the -+Consult the defmap of the class at which the jump to fallback occurred. If -+the defmap contains a class for the - .B - priority --of the class (which is related to the TOS field), choose this class and --terminate. -+of the class (which is related to the TOS field), choose this class and -+terminate. - .TP - (ii) - Consult the map for a class for the -@@ -212,28 +212,28 @@ priority. If found, choose it, and terminate. - (iii) - Choose the class at which break out to the fallback algorithm occurred. Terminate. - .P --The packet is enqueued to the class which was chosen when either algorithm -+The packet is enqueued to the class which was chosen when either algorithm - terminated. It is therefore possible for a packet to be enqueued *not* at a - leaf node, but in the middle of the hierarchy. - - .SH LINK SHARING ALGORITHM --When dequeuing for sending to the network device, CBQ decides which of its -+When dequeuing for sending to the network device, CBQ decides which of its - classes will be allowed to send. It does so with a Weighted Round Robin process - in which each class with packets gets a chance to send in turn. The WRR process --starts by asking the highest priority classes (lowest numerically - -+starts by asking the highest priority classes (lowest numerically - - highest semantically) for packets, and will continue to do so until they --have no more data to offer, in which case the process repeats for lower -+have no more data to offer, in which case the process repeats for lower - priorities. - - .B CERTAINTY ENDS HERE, ANK PLEASE HELP - - Each class is not allowed to send at length though - they can only dequeue a --configurable amount of data during each round. -+configurable amount of data during each round. - - If a class is about to go overlimit, and it is not - .B bounded - it will try to borrow avgidle from siblings that are not --.B isolated. -+.B isolated. - This process is repeated from the bottom upwards. If a class is unable - to borrow enough avgidle to send a packet, it is throttled and not asked - for a packet for enough time for the avgidle to increase above zero. -@@ -244,7 +244,7 @@ for a packet for enough time for the avgidle to increase above zero. - .SH QDISC - The root qdisc of a CBQ class tree has the following parameters: - --.TP -+.TP - parent major:minor | root - This mandatory parameter determines the place of the CBQ instance, either at the - .B root -@@ -259,22 +259,22 @@ For calculations, the average packet size must be known. It is silently capped - at a minimum of 2/3 of the interface MTU. Mandatory. - .TP - bandwidth rate --To determine the idle time, CBQ must know the bandwidth of your underlying -+To determine the idle time, CBQ must know the bandwidth of your underlying - physical interface, or parent qdisc. This is a vital parameter, more about it - later. Mandatory. - .TP - cell - The cell size determines he granularity of packet transmission time calculations. Has a sensible default. --.TP -+.TP - mpu - A zero sized packet may still take time to transmit. This value is the lower - cap for packet transmission time calculations - packets smaller than this value - are still deemed to have this size. Defaults to zero. - .TP - ewma log --When CBQ needs to measure the average idle time, it does so using an -+When CBQ needs to measure the average idle time, it does so using an - Exponentially Weighted Moving Average which smooths out measurements into --a moving average. The EWMA LOG determines how much smoothing occurs. Defaults -+a moving average. The EWMA LOG determines how much smoothing occurs. Defaults - to 5. Lower values imply greater sensitivity. Must be between 0 and 31. - .P - A CBQ qdisc does not shape out of its own accord. It only needs to know certain -@@ -283,35 +283,35 @@ parameters about the underlying link. Actual shaping is done in classes. - .SH CLASSES - Classes have a host of parameters to configure their operation. - --.TP -+.TP - parent major:minor --Place of this class within the hierarchy. If attached directly to a qdisc -+Place of this class within the hierarchy. If attached directly to a qdisc - and not to another class, minor can be omitted. Mandatory. --.TP -+.TP - classid major:minor - Like qdiscs, classes can be named. The major number must be equal to the --major number of the qdisc to which it belongs. Optional, but needed if this -+major number of the qdisc to which it belongs. Optional, but needed if this - class is going to have children. --.TP -+.TP - weight weight --When dequeuing to the interface, classes are tried for traffic in a -+When dequeuing to the interface, classes are tried for traffic in a - round-robin fashion. Classes with a higher configured qdisc will generally - have more traffic to offer during each round, so it makes sense to allow - it to dequeue more traffic. All weights under a class are normalized, so --only the ratios matter. Defaults to the configured rate, unless the priority -+only the ratios matter. Defaults to the configured rate, unless the priority - of this class is maximal, in which case it is set to 1. --.TP -+.TP - allot bytes - Allot specifies how many bytes a qdisc can dequeue --during each round of the process. This parameter is weighted using the -+during each round of the process. This parameter is weighted using the - renormalized class weight described above. - --.TP -+.TP - priority priority --In the round-robin process, classes with the lowest priority field are tried -+In the round-robin process, classes with the lowest priority field are tried - for packets first. Mandatory. - --.TP -+.TP - rate rate - Maximum rate this class and all its children combined can send at. Mandatory. - -@@ -321,7 +321,7 @@ This is different from the bandwidth specified when creating a CBQ disc. Only - used to determine maxidle and offtime, which are only calculated when - specifying maxburst or minburst. Mandatory if specifying maxburst or minburst. - --.TP -+.TP - maxburst - This number of packets is used to calculate maxidle so that when - avgidle is at maxidle, this number of average packets can be burst -@@ -329,7 +329,7 @@ before avgidle drops to 0. Set it higher to be more tolerant of - bursts. You can't set maxidle directly, only via this parameter. - - .TP --minburst -+minburst - As mentioned before, CBQ needs to throttle in case of - overlimit. The ideal solution is to do so for exactly the calculated - idle time, and pass 1 packet. However, Unix kernels generally have a -@@ -352,21 +352,21 @@ Minidle is specified in negative microseconds, so 10 means that - avgidle is capped at -10us. - - .TP --bounded -+bounded - Signifies that this class will not borrow bandwidth from its siblings. --.TP -+.TP - isolated - Means that this class will not borrow bandwidth to its siblings - --.TP -+.TP - split major:minor & defmap bitmap[/bitmap] --If consulting filters attached to a class did not give a verdict, -+If consulting filters attached to a class did not give a verdict, - CBQ can also classify based on the packet's priority. There are 16 --priorities available, numbered from 0 to 15. -+priorities available, numbered from 0 to 15. - --The defmap specifies which priorities this class wants to receive, --specified as a bitmap. The Least Significant Bit corresponds to priority --zero. The -+The defmap specifies which priorities this class wants to receive, -+specified as a bitmap. The Least Significant Bit corresponds to priority -+zero. The - .B split - parameter tells CBQ at which class the decision must be made, which should - be a (grand)parent of the class you are adding. -@@ -374,7 +374,7 @@ be a (grand)parent of the class you are adding. - As an example, 'tc class add ... classid 10:1 cbq .. split 10:0 defmap c0' - configures class 10:0 to send packets with priorities 6 and 7 to 10:1. - --The complimentary configuration would then -+The complimentary configuration would then - be: 'tc class add ... classid 10:2 cbq ... split 10:0 defmap 3f' - Which would send all packets 0, 1, 2, 3, 4 and 5 to 10:1. - .TP -@@ -384,11 +384,11 @@ can use to classify packets with. In order to determine the bandwidth - it uses a very simple estimator that measures once every - .B interval - microseconds how much traffic has passed. This again is a EWMA, for which --the time constant can be specified, also in microseconds. The -+the time constant can be specified, also in microseconds. The - .B time constant --corresponds to the sluggishness of the measurement or, conversely, to the -+corresponds to the sluggishness of the measurement or, conversely, to the - sensitivity of the average to short bursts. Higher values mean less --sensitivity. -+sensitivity. - - - -@@ -399,7 +399,7 @@ Sally Floyd and Van Jacobson, "Link-sharing and Resource - Management Models for Packet Networks", - IEEE/ACM Transactions on Networking, Vol.3, No.4, 1995 - --.TP -+.TP - o - Sally Floyd, "Notes on CBQ and Guarantee Service", 1995 - -@@ -408,7 +408,7 @@ o - Sally Floyd, "Notes on Class-Based Queueing: Setting - Parameters", 1996 - --.TP -+.TP - o - Sally Floyd and Michael Speer, "Experimental Results - for Class-Based Queueing", 1998, not published. -@@ -421,5 +421,3 @@ for Class-Based Queueing", 1998, not published. - .SH AUTHOR - Alexey N. Kuznetsov, <kuznet@ms2.inr.ac.ru>. This manpage maintained by - bert hubert <ahu@ds9a.nl> -- -- -diff --git a/man/man8/tc-cbq.8 b/man/man8/tc-cbq.8 -index b900e1c..301265d 100644 ---- a/man/man8/tc-cbq.8 -+++ b/man/man8/tc-cbq.8 -@@ -5,56 +5,56 @@ CBQ \- Class Based Queueing - .B tc qdisc ... dev - dev - .B ( parent --classid --.B | root) [ handle --major: --.B ] cbq [ allot -+classid -+.B | root) [ handle -+major: -+.B ] cbq [ allot - bytes - .B ] avpkt - bytes - .B bandwidth - rate --.B [ cell -+.B [ cell - bytes - .B ] [ ewma - log - .B ] [ mpu - bytes --.B ] -+.B ] - - .B tc class ... dev - dev --.B parent -+.B parent - major:[minor] --.B [ classid -+.B [ classid - major:minor - .B ] cbq allot - bytes --.B [ bandwidth --rate --.B ] [ rate -+.B [ bandwidth -+rate -+.B ] [ rate - rate - .B ] prio - priority - .B [ weight - weight --.B ] [ minburst -+.B ] [ minburst -+packets -+.B ] [ maxburst - packets --.B ] [ maxburst --packets --.B ] [ ewma -+.B ] [ ewma - log - .B ] [ cell - bytes - .B ] avpkt - bytes - .B [ mpu --bytes -+bytes - .B ] [ bounded isolated ] [ split - handle - .B & defmap - defmap --.B ] [ estimator -+.B ] [ estimator - interval timeconstant - .B ] - -@@ -62,7 +62,7 @@ interval timeconstant - Class Based Queueing is a classful qdisc that implements a rich - linksharing hierarchy of classes. It contains shaping elements as - well as prioritizing capabilities. Shaping is performed using link --idle time calculations based on the timing of dequeue events and -+idle time calculations based on the timing of dequeue events and - underlying link bandwidth. - - .SH SHAPING ALGORITHM -@@ -85,71 +85,71 @@ CBQ throttles and is then 'overlimit'. - - Conversely, an idle link might amass a huge avgidle, which would then - allow infinite bandwidths after a few hours of silence. To prevent --this, avgidle is capped at -+this, avgidle is capped at - .B maxidle. - - If overlimit, in theory, the CBQ could throttle itself for exactly the - amount of time that was calculated to pass between packets, and then - pass one packet, and throttle again. Due to timer resolution constraints, --this may not be feasible, see the -+this may not be feasible, see the - .B minburst - parameter below. - - .SH CLASSIFICATION - Within the one CBQ instance many classes may exist. Each of these classes --contains another qdisc, by default -+contains another qdisc, by default - .BR tc-pfifo (8). - --When enqueueing a packet, CBQ starts at the root and uses various methods to --determine which class should receive the data. -+When enqueueing a packet, CBQ starts at the root and uses various methods to -+determine which class should receive the data. - --In the absence of uncommon configuration options, the process is rather easy. --At each node we look for an instruction, and then go to the class the --instruction refers us to. If the class found is a barren leaf-node (without --children), we enqueue the packet there. If it is not yet a leaf node, we do --the whole thing over again starting from that node. -+In the absence of uncommon configuration options, the process is rather easy. -+At each node we look for an instruction, and then go to the class the -+instruction refers us to. If the class found is a barren leaf-node (without -+children), we enqueue the packet there. If it is not yet a leaf node, we do -+the whole thing over again starting from that node. - --The following actions are performed, in order at each node we visit, until one -+The following actions are performed, in order at each node we visit, until one - sends us to another node, or terminates the process. - .TP - (i) --Consult filters attached to the class. If sent to a leafnode, we are done. -+Consult filters attached to the class. If sent to a leafnode, we are done. - Otherwise, restart. - .TP - (ii) --Consult the defmap for the priority assigned to this packet, which depends -+Consult the defmap for the priority assigned to this packet, which depends - on the TOS bits. Check if the referral is leafless, otherwise restart. - .TP - (iii) --Ask the defmap for instructions for the 'best effort' priority. Check the -+Ask the defmap for instructions for the 'best effort' priority. Check the - answer for leafness, otherwise restart. - .TP - (iv) - If none of the above returned with an instruction, enqueue at this node. - .P - This algorithm makes sure that a packet always ends up somewhere, even while --you are busy building your configuration. -+you are busy building your configuration. - - For more details, see - .BR tc-cbq-details(8). - - .SH LINK SHARING ALGORITHM --When dequeuing for sending to the network device, CBQ decides which of its -+When dequeuing for sending to the network device, CBQ decides which of its - classes will be allowed to send. It does so with a Weighted Round Robin process - in which each class with packets gets a chance to send in turn. The WRR process --starts by asking the highest priority classes (lowest numerically - -+starts by asking the highest priority classes (lowest numerically - - highest semantically) for packets, and will continue to do so until they --have no more data to offer, in which case the process repeats for lower -+have no more data to offer, in which case the process repeats for lower - priorities. - --Classes by default borrow bandwidth from their siblings. A class can be --prevented from doing so by declaring it 'bounded'. A class can also indicate -+Classes by default borrow bandwidth from their siblings. A class can be -+prevented from doing so by declaring it 'bounded'. A class can also indicate - its unwillingness to lend out bandwidth by being 'isolated'. - - .SH QDISC - The root of a CBQ qdisc class tree has the following parameters: - --.TP -+.TP - parent major:minor | root - This mandatory parameter determines the place of the CBQ instance, either at the - .B root -@@ -159,7 +159,7 @@ handle major: - Like all other qdiscs, the CBQ can be assigned a handle. Should consist only - of a major number, followed by a colon. Optional, but very useful if classes - will be generated within this qdisc. --.TP -+.TP - allot bytes - This allotment is the 'chunkiness' of link sharing and is used for determining packet - transmission time tables. The qdisc allot differs slightly from the class allot discussed -@@ -170,23 +170,23 @@ The average size of a packet is needed for calculating maxidle, and is also used - for making sure 'allot' has a safe value. Mandatory. - .TP - bandwidth rate --To determine the idle time, CBQ must know the bandwidth of your underlying -+To determine the idle time, CBQ must know the bandwidth of your underlying - physical interface, or parent qdisc. This is a vital parameter, more about it - later. Mandatory. - .TP - cell - The cell size determines he granularity of packet transmission time calculations. Has a sensible default. --.TP -+.TP - mpu - A zero sized packet may still take time to transmit. This value is the lower - cap for packet transmission time calculations - packets smaller than this value - are still deemed to have this size. Defaults to zero. - .TP - ewma log --When CBQ needs to measure the average idle time, it does so using an -+When CBQ needs to measure the average idle time, it does so using an - Exponentially Weighted Moving Average which smooths out measurements into --a moving average. The EWMA LOG determines how much smoothing occurs. Lower --values imply greater sensitivity. Must be between 0 and 31. Defaults -+a moving average. The EWMA LOG determines how much smoothing occurs. Lower -+values imply greater sensitivity. Must be between 0 and 31. Defaults - to 5. - .P - A CBQ qdisc does not shape out of its own accord. It only needs to know certain -@@ -195,40 +195,40 @@ parameters about the underlying link. Actual shaping is done in classes. - .SH CLASSES - Classes have a host of parameters to configure their operation. - --.TP -+.TP - parent major:minor --Place of this class within the hierarchy. If attached directly to a qdisc -+Place of this class within the hierarchy. If attached directly to a qdisc - and not to another class, minor can be omitted. Mandatory. --.TP -+.TP - classid major:minor - Like qdiscs, classes can be named. The major number must be equal to the --major number of the qdisc to which it belongs. Optional, but needed if this -+major number of the qdisc to which it belongs. Optional, but needed if this - class is going to have children. --.TP -+.TP - weight weight --When dequeuing to the interface, classes are tried for traffic in a -+When dequeuing to the interface, classes are tried for traffic in a - round-robin fashion. Classes with a higher configured qdisc will generally - have more traffic to offer during each round, so it makes sense to allow - it to dequeue more traffic. All weights under a class are normalized, so --only the ratios matter. Defaults to the configured rate, unless the priority -+only the ratios matter. Defaults to the configured rate, unless the priority - of this class is maximal, in which case it is set to 1. --.TP -+.TP - allot bytes - Allot specifies how many bytes a qdisc can dequeue --during each round of the process. This parameter is weighted using the -+during each round of the process. This parameter is weighted using the - renormalized class weight described above. Silently capped at a minimum of - 3/2 avpkt. Mandatory. - --.TP -+.TP - prio priority --In the round-robin process, classes with the lowest priority field are tried -+In the round-robin process, classes with the lowest priority field are tried - for packets first. Mandatory. - --.TP -+.TP - avpkt - See the QDISC section. - --.TP -+.TP - rate rate - Maximum rate this class and all its children combined can send at. Mandatory. - -@@ -238,7 +238,7 @@ This is different from the bandwidth specified when creating a CBQ disc! Only - used to determine maxidle and offtime, which are only calculated when - specifying maxburst or minburst. Mandatory if specifying maxburst or minburst. - --.TP -+.TP - maxburst - This number of packets is used to calculate maxidle so that when - avgidle is at maxidle, this number of average packets can be burst -@@ -246,7 +246,7 @@ before avgidle drops to 0. Set it higher to be more tolerant of - bursts. You can't set maxidle directly, only via this parameter. - - .TP --minburst -+minburst - As mentioned before, CBQ needs to throttle in case of - overlimit. The ideal solution is to do so for exactly the calculated - idle time, and pass 1 packet. However, Unix kernels generally have a -@@ -269,21 +269,21 @@ Minidle is specified in negative microseconds, so 10 means that - avgidle is capped at -10us. Optional. - - .TP --bounded -+bounded - Signifies that this class will not borrow bandwidth from its siblings. --.TP -+.TP - isolated - Means that this class will not borrow bandwidth to its siblings - --.TP -+.TP - split major:minor & defmap bitmap[/bitmap] --If consulting filters attached to a class did not give a verdict, -+If consulting filters attached to a class did not give a verdict, - CBQ can also classify based on the packet's priority. There are 16 --priorities available, numbered from 0 to 15. -+priorities available, numbered from 0 to 15. - --The defmap specifies which priorities this class wants to receive, --specified as a bitmap. The Least Significant Bit corresponds to priority --zero. The -+The defmap specifies which priorities this class wants to receive, -+specified as a bitmap. The Least Significant Bit corresponds to priority -+zero. The - .B split - parameter tells CBQ at which class the decision must be made, which should - be a (grand)parent of the class you are adding. -@@ -291,7 +291,7 @@ be a (grand)parent of the class you are adding. - As an example, 'tc class add ... classid 10:1 cbq .. split 10:0 defmap c0' - configures class 10:0 to send packets with priorities 6 and 7 to 10:1. - --The complimentary configuration would then -+The complimentary configuration would then - be: 'tc class add ... classid 10:2 cbq ... split 10:0 defmap 3f' - Which would send all packets 0, 1, 2, 3, 4 and 5 to 10:1. - .TP -@@ -301,22 +301,22 @@ can use to classify packets with. In order to determine the bandwidth - it uses a very simple estimator that measures once every - .B interval - microseconds how much traffic has passed. This again is a EWMA, for which --the time constant can be specified, also in microseconds. The -+the time constant can be specified, also in microseconds. The - .B time constant --corresponds to the sluggishness of the measurement or, conversely, to the -+corresponds to the sluggishness of the measurement or, conversely, to the - sensitivity of the average to short bursts. Higher values mean less --sensitivity. -+sensitivity. - - .SH BUGS --The actual bandwidth of the underlying link may not be known, for example --in the case of PPoE or PPTP connections which in fact may send over a -+The actual bandwidth of the underlying link may not be known, for example -+in the case of PPoE or PPTP connections which in fact may send over a - pipe, instead of over a physical device. CBQ is quite resilient to major - errors in the configured bandwidth, probably a the cost of coarser shaping. - --Default kernels rely on coarse timing information for making decisions. These -+Default kernels rely on coarse timing information for making decisions. These - may make shaping precise in the long term, but inaccurate on second long scales. - --See -+See - .BR tc-cbq-details(8) - for hints on how to improve this. - -@@ -327,7 +327,7 @@ Sally Floyd and Van Jacobson, "Link-sharing and Resource - Management Models for Packet Networks", - IEEE/ACM Transactions on Networking, Vol.3, No.4, 1995 - --.TP -+.TP - o - Sally Floyd, "Notes on CBQ and Guaranteed Service", 1995 - -@@ -336,7 +336,7 @@ o - Sally Floyd, "Notes on Class-Based Queueing: Setting - Parameters", 1996 - --.TP -+.TP - o - Sally Floyd and Michael Speer, "Experimental Results - for Class-Based Queueing", 1998, not published. -@@ -349,5 +349,3 @@ for Class-Based Queueing", 1998, not published. - .SH AUTHOR - Alexey N. Kuznetsov, <kuznet@ms2.inr.ac.ru>. This manpage maintained by - bert hubert <ahu@ds9a.nl> -- -- -diff --git a/man/man8/tc-drr.8 b/man/man8/tc-drr.8 -index f550a35..2fea4ee 100644 ---- a/man/man8/tc-drr.8 -+++ b/man/man8/tc-drr.8 -@@ -92,4 +92,3 @@ as limits are handled by the individual child qdiscs. - - .SH AUTHOR - sched_drr was written by Patrick McHardy. -- -diff --git a/man/man8/tc-htb.8 b/man/man8/tc-htb.8 -index 95f25de..ae310f4 100644 ---- a/man/man8/tc-htb.8 -+++ b/man/man8/tc-htb.8 -@@ -5,30 +5,30 @@ HTB \- Hierarchy Token Bucket - .B tc qdisc ... dev - dev - .B ( parent --classid --.B | root) [ handle --major: --.B ] htb [ default -+classid -+.B | root) [ handle -+major: -+.B ] htb [ default - minor-id --.B ] -+.B ] - - .B tc class ... dev - dev --.B parent -+.B parent - major:[minor] --.B [ classid -+.B [ classid - major:minor - .B ] htb rate - rate - .B [ ceil --rate --.B ] burst -+rate -+.B ] burst - bytes - .B [ cburst - bytes - .B ] [ prio - priority --.B ] -+.B ] - - .SH DESCRIPTION - HTB is meant as a more understandable and intuitive replacement for -@@ -37,9 +37,9 @@ of the outbound bandwidth on a given link. Both allow you to use one - physical link to simulate several slower links and to send different - kinds of traffic on different simulated links. In both cases, you have - to specify how to divide the physical link into simulated links and --how to decide which simulated link to use for a given packet to be sent. -+how to decide which simulated link to use for a given packet to be sent. - --Unlike CBQ, HTB shapes traffic based on the Token Bucket Filter algorithm -+Unlike CBQ, HTB shapes traffic based on the Token Bucket Filter algorithm - which does not depend on interface characteristics and so does not need to - know the underlying bandwidth of the outgoing interface. - -@@ -49,30 +49,30 @@ Shaping works as documented in - - .SH CLASSIFICATION - Within the one HTB instance many classes may exist. Each of these classes --contains another qdisc, by default -+contains another qdisc, by default - .BR tc-pfifo (8). - --When enqueueing a packet, HTB starts at the root and uses various methods to --determine which class should receive the data. -+When enqueueing a packet, HTB starts at the root and uses various methods to -+determine which class should receive the data. - --In the absence of uncommon configuration options, the process is rather easy. --At each node we look for an instruction, and then go to the class the --instruction refers us to. If the class found is a barren leaf-node (without --children), we enqueue the packet there. If it is not yet a leaf node, we do --the whole thing over again starting from that node. -+In the absence of uncommon configuration options, the process is rather easy. -+At each node we look for an instruction, and then go to the class the -+instruction refers us to. If the class found is a barren leaf-node (without -+children), we enqueue the packet there. If it is not yet a leaf node, we do -+the whole thing over again starting from that node. - --The following actions are performed, in order at each node we visit, until one -+The following actions are performed, in order at each node we visit, until one - sends us to another node, or terminates the process. - .TP - (i) --Consult filters attached to the class. If sent to a leafnode, we are done. -+Consult filters attached to the class. If sent to a leafnode, we are done. - Otherwise, restart. - .TP - (ii) - If none of the above returned with an instruction, enqueue at this node. - .P - This algorithm makes sure that a packet always ends up somewhere, even while --you are busy building your configuration. -+you are busy building your configuration. - - .SH LINK SHARING ALGORITHM - FIXME -@@ -80,7 +80,7 @@ FIXME - .SH QDISC - The root of a HTB qdisc class tree has the following parameters: - --.TP -+.TP - parent major:minor | root - This mandatory parameter determines the place of the HTB instance, either at the - .B root -@@ -90,54 +90,54 @@ handle major: - Like all other qdiscs, the HTB can be assigned a handle. Should consist only - of a major number, followed by a colon. Optional, but very useful if classes - will be generated within this qdisc. --.TP -+.TP - default minor-id - Unclassified traffic gets sent to the class with this minor-id. - - .SH CLASSES - Classes have a host of parameters to configure their operation. - --.TP -+.TP - parent major:minor --Place of this class within the hierarchy. If attached directly to a qdisc -+Place of this class within the hierarchy. If attached directly to a qdisc - and not to another class, minor can be omitted. Mandatory. --.TP -+.TP - classid major:minor - Like qdiscs, classes can be named. The major number must be equal to the --major number of the qdisc to which it belongs. Optional, but needed if this -+major number of the qdisc to which it belongs. Optional, but needed if this - class is going to have children. --.TP -+.TP - prio priority --In the round-robin process, classes with the lowest priority field are tried -+In the round-robin process, classes with the lowest priority field are tried - for packets first. Mandatory. - --.TP -+.TP - rate rate - Maximum rate this class and all its children are guaranteed. Mandatory. - - .TP - ceil rate --Maximum rate at which a class can send, if its parent has bandwidth to spare. -+Maximum rate at which a class can send, if its parent has bandwidth to spare. - Defaults to the configured rate, which implies no borrowing - --.TP -+.TP - burst bytes --Amount of bytes that can be burst at -+Amount of bytes that can be burst at - .B ceil - speed, in excess of the configured --.B rate. -+.B rate. - Should be at least as high as the highest burst of all children. - --.TP -+.TP - cburst bytes - Amount of bytes that can be burst at 'infinite' speed, in other words, as fast - as the interface can transmit them. For perfect evening out, should be equal to at most one average - packet. Should be at least as high as the highest cburst of all children. - - .SH NOTES --Due to Unix timing constraints, the maximum ceil rate is not infinite and may in fact be quite low. On Intel, -+Due to Unix timing constraints, the maximum ceil rate is not infinite and may in fact be quite low. On Intel, - there are 100 timer events per second, the maximum rate is that rate at which 'burst' bytes are sent each timer tick. --From this, the minimum burst size for a specified rate can be calculated. For i386, a 10mbit rate requires a 12 kilobyte -+From this, the minimum burst size for a specified rate can be calculated. For i386, a 10mbit rate requires a 12 kilobyte - burst as 100*12kb*8 equals 10mbit. - - .SH SEE ALSO -@@ -146,5 +146,3 @@ burst as 100*12kb*8 equals 10mbit. - HTB website: http://luxik.cdi.cz/~devik/qos/htb/ - .SH AUTHOR - Martin Devera <devik@cdi.cz>. This manpage maintained by bert hubert <ahu@ds9a.nl> -- -- -diff --git a/man/man8/tc-netem.8 b/man/man8/tc-netem.8 -index 53c4de9..b31384f 100644 ---- a/man/man8/tc-netem.8 -+++ b/man/man8/tc-netem.8 -@@ -2,9 +2,9 @@ - .SH NAME - NetEm \- Network Emulator - .SH SYNOPSIS --.B "tc qdisc ... dev" -+.B "tc qdisc ... dev" - .IR DEVICE " ] " --.BR "add netem" -+.BR "add netem" - .I OPTIONS - - .IR OPTIONS " := [ " LIMIT " ] [ " DELAY " ] [ " LOSS \ -@@ -15,15 +15,15 @@ NetEm \- Network Emulator - .I packets - - .IR DELAY " := " --.BI delay -+.BI delay - .IR TIME " [ " JITTER " [ " CORRELATION " ]]]" - .br -- [ -+ [ - .BR distribution " { "uniform " | " normal " | " pareto " | " paretonormal " } ]" - - .IR LOSS " := " - .BR loss " { " --.BI random -+.BI random - .IR PERCENT " [ " CORRELATION " ] |" - .br - .RB " " state -@@ -44,13 +44,13 @@ NetEm \- Network Emulator - .IR REORDERING " := " - .B reorder - .IR PERCENT " [ " CORRELATION " ] [ " --.B gap -+.B gap - .IR DISTANCE " ]" - - .IR RATE " := " - .B rate - .IR RATE " [ " PACKETOVERHEAD " [ " CELLSIZE " [ " CELLOVERHEAD " ]]]]" -- -+ - - .SH DESCRIPTION - NetEm is an enhancement of the Linux traffic control facilities -@@ -139,11 +139,11 @@ in this second example 25% of packets are sent immediately (with correlation of - 50%) while the others are delayed by 10 ms. - - .SS rate --delay packets based on packet size and is a replacement for -+delay packets based on packet size and is a replacement for - .IR TBF . - Rate can be --specified in common units (e.g. 100kbit). Optional --.I PACKETOVERHEAD -+specified in common units (e.g. 100kbit). Optional -+.I PACKETOVERHEAD - (in bytes) specify an per packet overhead and can be negative. A positive value can be - used to simulate additional link layer headers. A negative value can be used to - artificial strip the Ethernet header (e.g. -14) and/or simulate a link layer -@@ -152,7 +152,7 @@ the cellsize. Cellsize can be used to simulate link layer schemes. ATM for - example has an payload cellsize of 48 bytes and 5 byte per cell header. If a - packet is 50 byte then ATM must use two cells: 2 * 48 bytes payload including 2 - * 5 byte header, thus consume 106 byte on the wire. The last optional value --.I CELLOVERHEAD -+.I CELLOVERHEAD - can be used to specify per cell overhead - for our ATM example 5. - .I CELLOVERHEAD - can be negative, but use negative values with caution. -diff --git a/man/man8/tc-pfifo_fast.8 b/man/man8/tc-pfifo_fast.8 -index 43ab166..baf34b1 100644 ---- a/man/man8/tc-pfifo_fast.8 -+++ b/man/man8/tc-pfifo_fast.8 -@@ -13,14 +13,14 @@ is detached. - In this sense this qdisc is magic, and unlike other qdiscs. - - .SH ALGORITHM --The algorithm is very similar to that of the classful -+The algorithm is very similar to that of the classful - .BR tc-prio (8) --qdisc. -+qdisc. - .B pfifo_fast - is like three - .BR tc-pfifo (8) - queues side by side, where packets can be enqueued in any of the three bands --based on their Type of Service bits or assigned priority. -+based on their Type of Service bits or assigned priority. - - Not all three bands are dequeued simultaneously - as long as lower bands - have traffic, higher bands are never dequeued. This can be used to -@@ -28,7 +28,7 @@ prioritize interactive traffic or penalize 'lowest cost' traffic. - - Each band can be txqueuelen packets long, as configured with - .BR ifconfig (8) --or -+or - .BR ip (8). - Additional packets coming in are not enqueued but are instead dropped. - -@@ -36,7 +36,7 @@ See - .BR tc-prio (8) - for complete details on how TOS bits are translated into bands. - .SH PARAMETERS --.TP -+.TP - txqueuelen - The length of the three bands depends on the interface txqueuelen, as - specified with -@@ -46,7 +46,7 @@ or - - .SH BUGS - Does not maintain statistics and does not show up in tc qdisc ls. This is because --it is the automatic default in the absence of a configured qdisc. -+it is the automatic default in the absence of a configured qdisc. - - .SH SEE ALSO - .BR tc (8) -@@ -55,5 +55,3 @@ it is the automatic default in the absence of a configured qdisc. - Alexey N. Kuznetsov, <kuznet@ms2.inr.ac.ru> - - This manpage maintained by bert hubert <ahu@ds9a.nl> -- -- -diff --git a/man/man8/tc-prio.8 b/man/man8/tc-prio.8 -index 8c8cb54..0b4ba8b 100644 ---- a/man/man8/tc-prio.8 -+++ b/man/man8/tc-prio.8 -@@ -5,21 +5,21 @@ PRIO \- Priority qdisc - .B tc qdisc ... dev - dev - .B ( parent --classid --.B | root) [ handle --major: --.B ] prio [ bands -+classid -+.B | root) [ handle -+major: -+.B ] prio [ bands - bands - .B ] [ priomap - band band band... --.B ] [ estimator -+.B ] [ estimator - interval timeconstant - .B ] - - .SH DESCRIPTION - The PRIO qdisc is a simple classful queueing discipline that contains - an arbitrary number of classes of differing priority. The classes are --dequeued in numerical descending order of priority. PRIO is a scheduler -+dequeued in numerical descending order of priority. PRIO is a scheduler - and never delays packets - it is a work-conserving qdisc, though the qdiscs - contained in the classes may not be. - -@@ -51,22 +51,22 @@ From userspace - A process with sufficient privileges can encode the destination class - directly with SO_PRIORITY, see - .BR socket(7). --.TP -+.TP - with a tc filter - A tc filter attached to the root qdisc can point traffic directly to a class --.TP -+.TP - with the priomap - Based on the packet priority, which in turn is derived from the Type of - Service assigned to the packet. - .P --Only the priomap is specific to this qdisc. -+Only the priomap is specific to this qdisc. - .SH QDISC PARAMETERS - .TP - bands - Number of bands. If changed from the default of 3, - .B priomap - must be updated as well. --.TP -+.TP - priomap - The priomap maps the priority of - a packet to a class. The priority can either be set directly from userspace, -@@ -126,7 +126,7 @@ TOS Bits Means Linux Priority Band - The second column contains the value of the relevant - four TOS bits, followed by their translated meaning. For example, 15 stands - for a packet wanting Minimal Monetary Cost, Maximum Reliability, Maximum --Throughput AND Minimum Delay. -+Throughput AND Minimum Delay. - - The fourth column lists the way the Linux kernel interprets the TOS bits, by - showing to which Priority they are mapped. -@@ -151,7 +151,7 @@ FTP - - TFTP 1000 (minimize delay) - --SMTP -+SMTP - Command phase 1000 (minimize delay) - DATA phase 0100 (maximize throughput) - -@@ -176,12 +176,10 @@ further qdisc. - - .SH BUGS - Large amounts of traffic in the lower bands can cause starvation of higher --bands. Can be prevented by attaching a shaper (for example, -+bands. Can be prevented by attaching a shaper (for example, - .BR tc-tbf(8) - to these bands to make sure they cannot dominate the link. - - .SH AUTHORS - Alexey N. Kuznetsov, <kuznet@ms2.inr.ac.ru>, J Hadi Salim - <hadi@cyberus.ca>. This manpage maintained by bert hubert <ahu@ds9a.nl> -- -- -diff --git a/man/man8/tc-red.8 b/man/man8/tc-red.8 -index d001c49..dd1ab74 100644 ---- a/man/man8/tc-red.8 -+++ b/man/man8/tc-red.8 -@@ -1,17 +1,17 @@ - .TH RED 8 "13 December 2001" "iproute2" "Linux" - .SH NAME --red \- Random Early Detection -+red \- Random Early Detection - .SH SYNOPSIS - .B tc qdisc ... red --.B limit -+.B limit -+bytes -+.B [ min -+bytes -+.B ] [ max - bytes --.B [ min --bytes --.B ] [ max --bytes - .B ] avpkt - bytes --.B [ burst -+.B [ burst - packets - .B ] [ ecn ] [ harddrop] [ bandwidth - rate -@@ -46,51 +46,51 @@ The average queue size is used for determining the marking - probability. This is calculated using an Exponential Weighted Moving - Average, which can be more or less sensitive to bursts. - --When the average queue size is below -+When the average queue size is below - .B min --bytes, no packet will ever be marked. When it exceeds --.B min, -+bytes, no packet will ever be marked. When it exceeds -+.B min, - the probability of doing so climbs linearly up --to --.B probability, -+to -+.B probability, - until the average queue size hits - .B max --bytes. Because --.B probability -+bytes. Because -+.B probability - is normally not set to 100%, the queue size might --conceivably rise above -+conceivably rise above - .B max --bytes, so the -+bytes, so the - .B limit - parameter is provided to set a hard maximum for the size of the queue. - - .SH PARAMETERS --.TP -+.TP - min - Average queue size at which marking becomes a possibility. Defaults to - .B max - /3 - --.TP -+.TP - max - At this average queue size, the marking probability is maximal. Should be at - least twice - .B min --to prevent synchronous retransmits, higher for low -+to prevent synchronous retransmits, higher for low - .B min. --Default to -+Default to - .B limit - /4 --.TP -+.TP - probability - Maximum probability for marking, specified as a floating point - number from 0.0 to 1.0. Suggested values are 0.01 or 0.02 (1 or 2%, - respectively). Default : 0.02 --.TP -+.TP - limit - Hard limit on the real (not average) queue size in bytes. Further packets - are dropped. Should be set higher than max+burst. It is advised to set this --a few times higher than -+a few times higher than - .B max. - .TP - burst -@@ -98,7 +98,7 @@ Used for determining how fast the average queue size is influenced by the - real queue size. Larger values make the calculation more sluggish, allowing - longer bursts of traffic before marking starts. Real life experiments - support the following guideline: (min+min+max)/(3*avpkt). --.TP -+.TP - avpkt - Specified in bytes. Used with burst to determine the time constant for - average queue size calculations. 1000 is a good value. -@@ -126,15 +126,15 @@ bytes, this parameter forces a drop instead of ecn marking. - adaptive - (Added in linux-3.3) Sets RED in adaptive mode as described in http://icir.org/floyd/papers/adaptiveRed.pdf - .nf --Goal of Adaptive RED is to make 'probability' dynamic value between 1% and 50% to reach the target average queue : -+Goal of Adaptive RED is to make 'probability' dynamic value between 1% and 50% to reach the target average queue : - .B (max - min) / 2 - .fi - - .SH EXAMPLE - - .P --# tc qdisc add dev eth0 parent 1:1 handle 10: red -- limit 400000 min 30000 max 90000 avpkt 1000 -+# tc qdisc add dev eth0 parent 1:1 handle 10: red -+ limit 400000 min 30000 max 90000 avpkt 1000 - burst 55 ecn adaptive bandwidth 10Mbit - - .SH SEE ALSO -@@ -142,11 +142,11 @@ Goal of Adaptive RED is to make 'probability' dynamic value between 1% and 50% t - .BR tc-choke (8) - - .SH SOURCES --.TP -+.TP - o - Floyd, S., and Jacobson, V., Random Early Detection gateways for - Congestion Avoidance. http://www.aciri.org/floyd/papers/red/red.html --.TP -+.TP - o - Some changes to the algorithm by Alexey N. Kuznetsov. - .TP -@@ -156,7 +156,5 @@ Adaptive RED : http://icir.org/floyd/papers/adaptiveRed.pdf - .SH AUTHORS - Alexey N. Kuznetsov, <kuznet@ms2.inr.ac.ru>, Alexey Makarenko - <makar@phoenix.kharkov.ua>, J Hadi Salim <hadi@nortelnetworks.com>, --Eric Dumazet <eric.dumazet@gmail.com>. -+Eric Dumazet <eric.dumazet@gmail.com>. - This manpage maintained by bert hubert <ahu@ds9a.nl> -- -- -diff --git a/man/man8/tc-sfq.8 b/man/man8/tc-sfq.8 -index 9afb5b2..ec4d8b8 100644 ---- a/man/man8/tc-sfq.8 -+++ b/man/man8/tc-sfq.8 -@@ -33,11 +33,11 @@ P - .SH DESCRIPTION - - Stochastic Fairness Queueing is a classless queueing discipline available for --traffic control with the -+traffic control with the - .BR tc (8) - command. - --SFQ does not shape traffic but only schedules the transmission of packets, based on 'flows'. -+SFQ does not shape traffic but only schedules the transmission of packets, based on 'flows'. - The goal is to ensure fairness so that each flow is able to send data in turn, thus preventing - any single flow from drowning out the rest. - -@@ -62,13 +62,13 @@ Destination address - (iii) - Source and Destination port - .P --If these are available. SFQ knows about ipv4 and ipv6 and also UDP, TCP and ESP. --Packets with other protocols are hashed based on the 32bits representation of their -+If these are available. SFQ knows about ipv4 and ipv6 and also UDP, TCP and ESP. -+Packets with other protocols are hashed based on the 32bits representation of their - destination and source. A flow corresponds mostly to a TCP/IP connection. - - Each of these buckets should represent a unique flow. Because multiple flows may --get hashed to the same bucket, sfqs internal hashing algorithm may be perturbed at configurable --intervals so that the unfairness lasts only for a short while. Perturbation may -+get hashed to the same bucket, sfqs internal hashing algorithm may be perturbed at configurable -+intervals so that the unfairness lasts only for a short while. Perturbation may - however cause some inadvertent packet reordering to occur. After linux-3.3, there is - no packet reordering problem, but possible packet drops if rehashing hits one limit - (number of flows or packets per flow) -@@ -88,7 +88,7 @@ divisor - Can be used to set a different hash table size, available from kernel 2.6.39 onwards. - The specified divisor must be a power of two and cannot be larger than 65536. - Default value: 1024. --.TP -+.TP - limit - Upper limit of the SFQ. Can be used to reduce the default length of 127 packets. - After linux-3.3, it can be raised. -@@ -97,12 +97,12 @@ depth - Limit of packets per flow (after linux-3.3). Default to 127 and can be lowered. - .TP - perturb --Interval in seconds for queue algorithm perturbation. Defaults to 0, which means that -+Interval in seconds for queue algorithm perturbation. Defaults to 0, which means that - no perturbation occurs. Do not set too low for each perturbation may cause some packet - reordering or losses. Advised value: 60 - This value has no effect when external flow classification is used. - Its better to increase divisor value to lower risk of hash collisions. --.TP -+.TP - quantum - Amount of bytes a flow is allowed to dequeue during a round of the round robin process. - Defaults to the MTU of the interface which is also the advised value and the minimum value. -@@ -142,7 +142,7 @@ Specified in bytes. Used with burst to determine the time constant for average q - burst - Used for determining how fast the average queue size is influenced by the real queue size. - .nf --Default value is : -+Default value is : - .B (2 * min + max) / (3 * avpkt) - .fi - .TP -@@ -166,16 +166,16 @@ To attach to device ppp0: - .P - # tc qdisc add dev ppp0 root sfq - .P --Please note that SFQ, like all non-shaping (work-conserving) qdiscs, is only useful -+Please note that SFQ, like all non-shaping (work-conserving) qdiscs, is only useful - if it owns the queue. --This is the case when the link speed equals the actually available bandwidth. This holds --for regular phone modems, ISDN connections and direct non-switched ethernet links. -+This is the case when the link speed equals the actually available bandwidth. This holds -+for regular phone modems, ISDN connections and direct non-switched ethernet links. - .P --Most often, cable modems and DSL devices do not fall into this category. The same holds --for when connected to a switch and trying to send data to a congested segment also -+Most often, cable modems and DSL devices do not fall into this category. The same holds -+for when connected to a switch and trying to send data to a congested segment also - connected to the switch. - .P --In this case, the effective queue does not reside within Linux and is therefore not -+In this case, the effective queue does not reside within Linux and is therefore not - available for scheduling. - .P - Embed SFQ in a classful qdisc to make sure it owns the queue. -@@ -191,11 +191,11 @@ changed the sfq default of 1024, use the same value for the flow hash filter, to - .P - Example of sfq with optional RED mode : - .P --# tc qdisc add dev eth0 parent 1:1 handle 10: sfq limit 3000 flows 512 divisor 16384 -+# tc qdisc add dev eth0 parent 1:1 handle 10: sfq limit 3000 flows 512 divisor 16384 - redflowlimit 100000 min 8000 max 60000 probability 0.20 ecn headdrop - - .SH SOURCE --.TP -+.TP - o - Paul E. McKenney "Stochastic Fairness Queuing", - IEEE INFOCOMM'90 Proceedings, San Francisco, 1990. -@@ -205,7 +205,7 @@ o - Paul E. McKenney "Stochastic Fairness Queuing", - "Interworking: Research and Experience", v.2, 1991, p.113-131. - --.TP -+.TP - o - See also: - M. Shreedhar and George Varghese "Efficient Fair -@@ -220,5 +220,3 @@ Alexey N. Kuznetsov, <kuznet@ms2.inr.ac.ru>, - Eric Dumazet <eric.dumazet@gmail.com>. - .P - This manpage maintained by bert hubert <ahu@ds9a.nl> -- -- -diff --git a/man/man8/tc-tbf.8 b/man/man8/tc-tbf.8 -index fc2c837..d721b5d 100644 ---- a/man/man8/tc-tbf.8 -+++ b/man/man8/tc-tbf.8 -@@ -6,11 +6,11 @@ tbf \- Token Bucket Filter - rate - .B burst - bytes/cell --.B ( latency --ms -+.B ( latency -+ms - .B | limit - bytes --.B ) [ mpu -+.B ) [ mpu - bytes - .B [ peakrate - rate -@@ -22,46 +22,46 @@ burst is also known as buffer and maxburst. mtu is also known as minburst. - .SH DESCRIPTION - - The Token Bucket Filter is a classful queueing discipline available for --traffic control with the -+traffic control with the - .BR tc (8) - command. - - TBF is a pure shaper and never schedules traffic. It is non-work-conserving and may throttle --itself, although packets are available, to ensure that the configured rate is not exceeded. --It is able to shape up to 1mbit/s of normal traffic with ideal minimal burstiness, -+itself, although packets are available, to ensure that the configured rate is not exceeded. -+It is able to shape up to 1mbit/s of normal traffic with ideal minimal burstiness, - sending out data exactly at the configured rates. - - Much higher rates are possible but at the cost of losing the minimal burstiness. In that --case, data is on average dequeued at the configured rate but may be sent much faster at millisecond -+case, data is on average dequeued at the configured rate but may be sent much faster at millisecond - timescales. Because of further queues living in network adaptors, this is often not a problem. - - .SH ALGORITHM --As the name implies, traffic is filtered based on the expenditure of -+As the name implies, traffic is filtered based on the expenditure of - .B tokens. - Tokens roughly correspond to bytes, with the additional constraint - that each packet consumes some tokens, no matter how small it is. This - reflects the fact that even a zero-sized packet occupies the link for - some time. - --On creation, the TBF is stocked with tokens which correspond to the amount of traffic that can be burst -+On creation, the TBF is stocked with tokens which correspond to the amount of traffic that can be burst - in one go. Tokens arrive at a steady rate, until the bucket is full. - --If no tokens are available, packets are queued, up to a configured limit. The TBF now -+If no tokens are available, packets are queued, up to a configured limit. The TBF now - calculates the token deficit, and throttles until the first packet in the queue can be sent. - --If it is not acceptable to burst out packets at maximum speed, a peakrate can be configured -+If it is not acceptable to burst out packets at maximum speed, a peakrate can be configured - to limit the speed at which the bucket empties. This peakrate is implemented as a second TBF - with a very small bucket, so that it doesn't burst. - --To achieve perfection, the second bucket may contain only a single packet, which leads to --the earlier mentioned 1mbit/s limit. -+To achieve perfection, the second bucket may contain only a single packet, which leads to -+the earlier mentioned 1mbit/s limit. - - This limit is caused by the fact that the kernel can only throttle for at minimum 1 'jiffy', which depends --on HZ as 1/HZ. For perfect shaping, only a single packet can get sent per jiffy - for HZ=100, this means 100 -+on HZ as 1/HZ. For perfect shaping, only a single packet can get sent per jiffy - for HZ=100, this means 100 - packets of on average 1000 bytes each, which roughly corresponds to 1mbit/s. - - .SH PARAMETERS --See -+See - .BR tc (8) - for how to specify the units of these values. - .TP -@@ -71,30 +71,30 @@ available. You can also specify this the other way around by setting the - latency parameter, which specifies the maximum amount of time a packet can - sit in the TBF. The latter calculation takes into account the size of the - bucket, the rate and possibly the peakrate (if set). These two parameters --are mutually exclusive. -+are mutually exclusive. - .TP - burst - Also known as buffer or maxburst. --Size of the bucket, in bytes. This is the maximum amount of bytes that tokens can be available for instantaneously. --In general, larger shaping rates require a larger buffer. For 10mbit/s on Intel, you need at least 10kbyte buffer -+Size of the bucket, in bytes. This is the maximum amount of bytes that tokens can be available for instantaneously. -+In general, larger shaping rates require a larger buffer. For 10mbit/s on Intel, you need at least 10kbyte buffer - if you want to reach your configured rate! - - If your buffer is too small, packets may be dropped because more tokens arrive per timer tick than fit in your bucket. - The minimum buffer size can be calculated by dividing the rate by HZ. - --Token usage calculations are performed using a table which by default has a resolution of 8 packets. --This resolution can be changed by specifying the -+Token usage calculations are performed using a table which by default has a resolution of 8 packets. -+This resolution can be changed by specifying the - .B cell - size with the burst. For example, to specify a 6000 byte buffer with a 16 - byte cell size, set a burst of 6000/16. You will probably never have to set - this. Must be an integral power of 2. - .TP - mpu --A zero-sized packet does not use zero bandwidth. For ethernet, no packet uses less than 64 bytes. The Minimum Packet Unit -+A zero-sized packet does not use zero bandwidth. For ethernet, no packet uses less than 64 bytes. The Minimum Packet Unit - determines the minimal token usage (specified in bytes) for a packet. Defaults to zero. - .TP - rate --The speed knob. See remarks above about limits! See -+The speed knob. See remarks above about limits! See - .BR tc (8) - for units. - .PP -@@ -112,7 +112,7 @@ Specifies the size of the peakrate bucket. For perfect accuracy, should be set t - If a peakrate is needed, but some burstiness is acceptable, this size can be raised. A 3000 byte minburst - allows around 3mbit/s of peakrate, given 1000 byte packets. - --Like the regular burstsize you can also specify a -+Like the regular burstsize you can also specify a - .B cell - size. - .SH EXAMPLE & USAGE -@@ -139,5 +139,3 @@ the limit/latency is not effective anymore. - .SH AUTHOR - Alexey N. Kuznetsov, <kuznet@ms2.inr.ac.ru>. This manpage maintained by - bert hubert <ahu@ds9a.nl> -- -- -diff --git a/man/man8/tc.8 b/man/man8/tc.8 -index fb4efd9..391d7c7 100644 ---- a/man/man8/tc.8 -+++ b/man/man8/tc.8 -@@ -656,4 +656,3 @@ was written by Alexey N. Kuznetsov and added in Linux 2.2. - - .SH AUTHOR - Manpage maintained by bert hubert (ahu@ds9a.nl) -- --- -1.8.3.1 - diff --git a/SOURCES/0116-tc-flower-document-SCTP-ip_proto.patch b/SOURCES/0116-tc-flower-document-SCTP-ip_proto.patch new file mode 100644 index 0000000..4092619 --- /dev/null +++ b/SOURCES/0116-tc-flower-document-SCTP-ip_proto.patch @@ -0,0 +1,84 @@ +From c18577d8237ae746c4c7fa26f9be62e125248dd6 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:33 +0100 +Subject: [PATCH] tc: flower: document SCTP ip_proto + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 6ad7e60c1f476 + +commit 6ad7e60c1f4760580e9b2a144556315318a8f0ff +Author: Simon Horman <simon.horman@netronome.com> +Date: Sat Dec 3 09:52:38 2016 +0100 + + tc: flower: document SCTP ip_proto + + Add SCTP ip_proto to help text and man page. + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + man/man8/tc-flower.8 | 14 +++++++------- + tc/f_flower.c | 2 +- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 11cf774..744c450 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -29,7 +29,7 @@ flower \- flow based traffic control filter + .IR PRIORITY " | " + .BR vlan_eth_type " { " ipv4 " | " ipv6 " | " + .IR ETH_TYPE " } | " +-.BR ip_proto " { " tcp " | " udp " | " ++.BR ip_proto " { " tcp " | " udp " | " sctp " | " + .IR IP_PROTO " } | { " + .BR dst_ip " | " src_ip " } { " + .IR ipv4_address " | " ipv6_address " } | { " +@@ -97,8 +97,8 @@ or an unsigned 16bit value in hexadecimal format. + .BI ip_proto " IP_PROTO" + Match on layer four protocol. + .I IP_PROTO +-may be either +-.BR tcp , udp ++may be ++.BR tcp ", " udp ", " sctp + or an unsigned 8bit value in hexadecimal format. + .TP + .BI dst_ip " ADDRESS" +@@ -114,8 +114,8 @@ option of tc filter. + .TQ + .BI src_port " NUMBER" + Match on layer 4 protocol source or destination port number. Only available for +-.BR ip_proto " values " udp " and " tcp , +-which has to be specified in beforehand. ++.BR ip_proto " values " udp ", " tcp " and " sctp ++which have to be specified in beforehand. + .TP + .BI enc_key_id " NUMBER" + .TQ +@@ -140,8 +140,8 @@ and finally layer four matches + (\fBdst_port\fR and \fBsrc_port\fR) + depend on + .B ip_proto +-being set to either +-.BR tcp " or " udp . ++being set to ++.BR tcp ", " udp " or " sctp. + .P + There can be only used one mask per one prio. If user needs to specify different + mask, he has to use different prio. +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 36963c5..26afe73 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -37,7 +37,7 @@ static void explain(void) + " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n" + " dst_mac MAC-ADDR |\n" + " src_mac MAC-ADDR |\n" +- " ip_proto [tcp | udp | IP-PROTO ] |\n" ++ " ip_proto [tcp | udp | sctp | IP-PROTO ] |\n" + " dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " dst_port PORT-NUMBER |\n" +-- +1.8.3.1 + diff --git a/SOURCES/0117-man-ip-.8-drop-any-reference-to-generic-ip-options.patch b/SOURCES/0117-man-ip-.8-drop-any-reference-to-generic-ip-options.patch deleted file mode 100644 index c73e0b3..0000000 --- a/SOURCES/0117-man-ip-.8-drop-any-reference-to-generic-ip-options.patch +++ /dev/null @@ -1,116 +0,0 @@ -From b8c5594d2702d7df9dd291b6e06253ad5f4fc17e Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Mon, 7 Mar 2016 20:46:03 +0100 -Subject: [PATCH] man: ip-*.8: drop any reference to generic ip options - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit e895ae0b31864 -Conflicts: Missing support for -brief option. - -commit e895ae0b31864df9f7dc16254d6dd2084f7bd523 -Author: Phil Sutter <phil@nwl.cc> -Date: Wed Mar 2 19:20:08 2016 +0100 - - man: ip-*.8: drop any reference to generic ip options - - Listing generic 'ip' options in subcommand man pages is redundant and - error-prone, as they won't be kept in sync anyway. Since many other man - pages don't list them either, drop references to them in the remaining - ones. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-addrlabel.8 | 14 +------------- - man/man8/ip-link.8.in | 14 +------------- - man/man8/ip-monitor.8 | 4 +--- - man/man8/ip-mroute.8 | 2 +- - 4 files changed, 4 insertions(+), 30 deletions(-) - -diff --git a/man/man8/ip-addrlabel.8 b/man/man8/ip-addrlabel.8 -index 51ef572..233d606 100644 ---- a/man/man8/ip-addrlabel.8 -+++ b/man/man8/ip-addrlabel.8 -@@ -6,21 +6,9 @@ ip-addrlabel \- protocol address label management - .ad l - .in +8 - .ti -8 --.B ip --.RI "[ " OPTIONS " ]" --.B addrlabel -+.B ip addrlabel - .RI " { " COMMAND " | " - .BR help " }" --.sp -- --.ti -8 --.IR OPTIONS " := { " --\fB\-V\fR[\fIersion\fR] | --\fB\-s\fR[\fItatistics\fR] | --\fB\-r\fR[\fIesolve\fR] | --\fB\-f\fR[\fIamily\fR] { --.BR inet " | " inet6 " | " ipx " | " dnet " | " link " } | " --\fB\-o\fR[\fIneline\fR] } - - .ti -8 - .BR "ip addrlabel" " { " add " | " del " } " prefix -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 6ce2cc8..62fc340 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -6,24 +6,12 @@ ip-link \- network device configuration - .ad l - .in +8 - .ti -8 --.B ip --.RI "[ " OPTIONS " ]" --.B link -+.B ip link - .RI " { " COMMAND " | " - .BR help " }" - .sp - - .ti -8 --.IR OPTIONS " := { " --\fB\-V\fR[\fIersion\fR] | --\fB\-h\fR[\fIuman-readable\fR] | --\fB\-s\fR[\fItatistics\fR] | --\fB\-r\fR[\fIesolve\fR] | --\fB\-f\fR[\fIamily\fR] { --.BR inet " | " inet6 " | " ipx " | " dnet " | " link " } | " --\fB\-o\fR[\fIneline\fR] } -- --.ti -8 - .BI "ip link add" - .RB "[ " link - .IR DEVICE " ]" -diff --git a/man/man8/ip-monitor.8 b/man/man8/ip-monitor.8 -index 2d4fd4f..5d99a09 100644 ---- a/man/man8/ip-monitor.8 -+++ b/man/man8/ip-monitor.8 -@@ -6,9 +6,7 @@ ip-monitor, rtmon \- state monitoring - .ad l - .in +8 - .ti -8 --.BR "ip " " [ " --.IR ip-OPTIONS " ]" --.BR "monitor" " [ " all " |" -+.BR "ip monitor" " [ " all " |" - .IR OBJECT-LIST " ] [" - .BI file " FILENAME " - ] [ -diff --git a/man/man8/ip-mroute.8 b/man/man8/ip-mroute.8 -index e89b6b2..b64e30d 100644 ---- a/man/man8/ip-mroute.8 -+++ b/man/man8/ip-mroute.8 -@@ -6,7 +6,7 @@ ip-mroute \- multicast routing cache management - .ad l - .in +8 - .ti -8 --.BR "ip " " [ ip-OPTIONS ] " "mroute show" " [ [ " -+.BR "ip mroute show" " [ [ " - .BR " to " " ] " - .IR PREFIX " ] [ " - .B from --- -1.8.3.1 - diff --git a/SOURCES/0117-tc-flower-correct-name-of-ip_proto-parameter-to-flow.patch b/SOURCES/0117-tc-flower-correct-name-of-ip_proto-parameter-to-flow.patch new file mode 100644 index 0000000..886bb2d --- /dev/null +++ b/SOURCES/0117-tc-flower-correct-name-of-ip_proto-parameter-to-flow.patch @@ -0,0 +1,67 @@ +From cca1d8a85219947ad8c0a202f41278b582c63daa Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:33 +0100 +Subject: [PATCH] tc: flower: correct name of ip_proto parameter to + flower_parse_port() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 61dff9ac10cb5 + +commit 61dff9ac10cb55c4f66b7df7a003c420f6f1d430 +Author: Simon Horman <simon.horman@netronome.com> +Date: Sat Dec 3 09:52:39 2016 +0100 + + tc: flower: correct name of ip_proto parameter to flower_parse_port() + + This corrects a typo. + + Fixes: a1fb0d484237 ("tc: flower: Support matching on SCTP ports") + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + tc/f_flower.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 26afe73..cac2802 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -166,15 +166,15 @@ static int flower_parse_ip_addr(char *str, __be16 eth_type, + return 0; + } + +-static int flower_port_attr_type(__u8 ip_port, bool is_src) ++static int flower_port_attr_type(__u8 ip_proto, bool is_src) + { +- if (ip_port == IPPROTO_TCP) { ++ if (ip_proto == IPPROTO_TCP) { + return is_src ? TCA_FLOWER_KEY_TCP_SRC : + TCA_FLOWER_KEY_TCP_DST; +- } else if (ip_port == IPPROTO_UDP) { ++ } else if (ip_proto == IPPROTO_UDP) { + return is_src ? TCA_FLOWER_KEY_UDP_SRC : + TCA_FLOWER_KEY_UDP_DST; +- } else if (ip_port == IPPROTO_SCTP) { ++ } else if (ip_proto == IPPROTO_SCTP) { + return is_src ? TCA_FLOWER_KEY_SCTP_SRC : + TCA_FLOWER_KEY_SCTP_DST; + } else { +@@ -183,14 +183,14 @@ static int flower_port_attr_type(__u8 ip_port, bool is_src) + } + } + +-static int flower_parse_port(char *str, __u8 ip_port, bool is_src, ++static int flower_parse_port(char *str, __u8 ip_proto, bool is_src, + struct nlmsghdr *n) + { + int ret; + int type; + __be16 port; + +- type = flower_port_attr_type(ip_port, is_src); ++ type = flower_port_attr_type(ip_proto, is_src); + if (type < 0) + return -1; + +-- +1.8.3.1 + diff --git a/SOURCES/0118-fix-indentation-of-ip-neighbour-man-page.patch b/SOURCES/0118-fix-indentation-of-ip-neighbour-man-page.patch deleted file mode 100644 index c895870..0000000 --- a/SOURCES/0118-fix-indentation-of-ip-neighbour-man-page.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 080e795a1ae29f78cbec9f18837a9b6f84fea55f Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 25 Feb 2016 12:53:31 +0100 -Subject: [PATCH] fix indentation of ip neighbour man page - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1276661 -Upstream Status: iproute2.git commit 882e754cd4b3f - -commit 882e754cd4b3f302714bae777ee674fe6c61d04b -Author: Stephen Hemminger <stephen@networkplumber.org> -Date: Mon Mar 31 20:23:40 2014 -0700 - - fix indentation of ip neighbour man page - - Formatting was awful and unclear on ip neighbour ---- - man/man8/ip-neighbour.8 | 30 ++++++++++++++---------------- - 1 file changed, 14 insertions(+), 16 deletions(-) - -diff --git a/man/man8/ip-neighbour.8 b/man/man8/ip-neighbour.8 -index c94c654..19c6d9d 100644 ---- a/man/man8/ip-neighbour.8 -+++ b/man/man8/ip-neighbour.8 -@@ -60,7 +60,7 @@ change an existing entry - .TP - ip neighbour replace - add a new entry or change an existing one -- -+.RS - .PP - These commands create new neighbour records or update existing ones. - -@@ -105,11 +105,12 @@ This option to - .B ip neigh - does not change the neighbour state if it was valid and the address - is not changed by this command. --.RS --ip neighbour delete - delete a neighbour entry - .RE --This command invalidates a neighbour entry. - -+.TP -+ip neighbour delete -+delete a neighbour entry -+.RS - .PP - The arguments are the same as with - .BR "ip neigh add" , -@@ -128,13 +129,12 @@ Particularly, the kernel may try to resolve this address even - on a - .B NOARP - interface or if the address is multicast or broadcast. -- --.RS --ip neighbour show - list neighbour entries - .RE - --This command displays neighbour tables. -- -+.TP -+ip neighbour show -+list neighbour entries -+.RS - .TP - .BI to " ADDRESS " (default) - the prefix selecting the neighbours to list. -@@ -164,15 +164,12 @@ lists all entries except for - .B none - and - .BR "noarp" . -- --.RS --ip neighbour flush - flush neighbour entries - .RE - --This command flushes neighbour tables, selecting --entries to flush by some criteria. -- --.PP -+.TP -+ip neighbour flush -+flush neighbour entries -+.RS - This command has the same arguments as - .B show. - The differences are that it does not run when no arguments are given, -@@ -190,6 +187,7 @@ neighbour table. If the option is given - twice, - .B ip neigh flush - also dumps all the deleted neighbours. -+.RE - - .SH EXAMPLES - .PP --- -1.8.3.1 - diff --git a/SOURCES/0118-tc-flower-make-use-of-flower_port_attr_type-safe-and.patch b/SOURCES/0118-tc-flower-make-use-of-flower_port_attr_type-safe-and.patch new file mode 100644 index 0000000..fc50110 --- /dev/null +++ b/SOURCES/0118-tc-flower-make-use-of-flower_port_attr_type-safe-and.patch @@ -0,0 +1,95 @@ +From f4fc39065e5b5f429f158744b4a4e43189b02930 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:33 +0100 +Subject: [PATCH] tc: flower: make use of flower_port_attr_type() safe and + silent + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 6bd5b80cdcfbe + +commit 6bd5b80cdcfbeb30b79c3ff07ce844f9e4f2c600 +Author: Simon Horman <simon.horman@netronome.com> +Date: Sat Dec 3 09:52:40 2016 +0100 + + tc: flower: make use of flower_port_attr_type() safe and silent + + Make use of flower_port_attr_type() safe: + * flower_port_attr_type() may return a valid index into tb[] or -1. + Only access tb[] in the case of the former. + * Do not access null entries in tb[] + + Also make usage silent - it is valid for ip_proto to be invalid, + for example if it is not specified as part of the filter. + + Fixes: a1fb0d484237 ("tc: flower: Support matching on SCTP ports") + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + tc/f_flower.c | 24 +++++++++++++----------- + 1 file changed, 13 insertions(+), 11 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index cac2802..3f0190f 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -168,19 +168,17 @@ static int flower_parse_ip_addr(char *str, __be16 eth_type, + + static int flower_port_attr_type(__u8 ip_proto, bool is_src) + { +- if (ip_proto == IPPROTO_TCP) { ++ if (ip_proto == IPPROTO_TCP) + return is_src ? TCA_FLOWER_KEY_TCP_SRC : + TCA_FLOWER_KEY_TCP_DST; +- } else if (ip_proto == IPPROTO_UDP) { ++ else if (ip_proto == IPPROTO_UDP) + return is_src ? TCA_FLOWER_KEY_UDP_SRC : + TCA_FLOWER_KEY_UDP_DST; +- } else if (ip_proto == IPPROTO_SCTP) { ++ else if (ip_proto == IPPROTO_SCTP) + return is_src ? TCA_FLOWER_KEY_SCTP_SRC : + TCA_FLOWER_KEY_SCTP_DST; +- } else { +- fprintf(stderr, "Illegal \"ip_proto\" for port\n"); ++ else + return -1; +- } + } + + static int flower_parse_port(char *str, __u8 ip_proto, bool is_src, +@@ -562,7 +560,8 @@ static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type, + + static void flower_print_port(FILE *f, char *name, struct rtattr *attr) + { +- fprintf(f, "\n %s %d", name, rta_getattr_be16(attr)); ++ if (attr) ++ fprintf(f, "\n %s %d", name, rta_getattr_be16(attr)); + } + + static void flower_print_key_id(FILE *f, const char *name, +@@ -578,6 +577,7 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + struct rtattr *tb[TCA_FLOWER_MAX + 1]; + __be16 eth_type = 0; + __u8 ip_proto = 0xff; ++ int nl_type; + + if (!opt) + return 0; +@@ -632,10 +632,12 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + tb[TCA_FLOWER_KEY_IPV6_SRC], + tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]); + +- flower_print_port(f, "dst_port", +- tb[flower_port_attr_type(ip_proto, false)]); +- flower_print_port(f, "src_port", +- tb[flower_port_attr_type(ip_proto, true)]); ++ nl_type = flower_port_attr_type(ip_proto, false); ++ if (nl_type >= 0) ++ flower_print_port(f, "dst_port", tb[nl_type]); ++ nl_type = flower_port_attr_type(ip_proto, true); ++ if (nl_type >= 0) ++ flower_print_port(f, "src_port", tb[nl_type]); + + flower_print_ip_addr(f, "enc_dst_ip", + tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ? +-- +1.8.3.1 + diff --git a/SOURCES/0119-man-ip-neighbour.8-Document-all-known-nud-states.patch b/SOURCES/0119-man-ip-neighbour.8-Document-all-known-nud-states.patch deleted file mode 100644 index 7e4ccd9..0000000 --- a/SOURCES/0119-man-ip-neighbour.8-Document-all-known-nud-states.patch +++ /dev/null @@ -1,75 +0,0 @@ -From c97c96a77b54729f31a5e7b0209d87f314d1d8fe Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Mon, 7 Mar 2016 20:56:07 +0100 -Subject: [PATCH] man: ip-neighbour.8: Document all known nud states - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1276661 -Upstream Status: iproute2.git commit 948acfed23e5e - -commit 948acfed23e5e314fe0f4f863da0368f56645d32 -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 20:07:20 2016 +0100 - - man: ip-neighbour.8: Document all known nud states - - Not sure how useful they are in practice, but as 'ip neigh' supports - setting them all, they deserve to be described as well. - - While at it, also add a missing layer of indentation to the subordinate - nud state list. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-neighbour.8 | 22 +++++++++++++++++++++- - 1 file changed, 21 insertions(+), 1 deletion(-) - -diff --git a/man/man8/ip-neighbour.8 b/man/man8/ip-neighbour.8 -index 19c6d9d..b292e18 100644 ---- a/man/man8/ip-neighbour.8 -+++ b/man/man8/ip-neighbour.8 -@@ -35,7 +35,8 @@ ip-neighbour \- neighbour/arp tables management. - - .ti -8 - .IR STATE " := {" --.BR permanent " | " noarp " | " stale " | " reachable " }" -+.BR permanent " | " noarp " | " stale " | " reachable " | " none " |" -+.BR incomplete " | " delay " | " probe " | " failed " }" - - .SH DESCRIPTION - The -@@ -86,6 +87,7 @@ the state of the neighbour entry. - is an abbreviation for 'Neighbour Unreachability Detection'. - The state can take one of the following values: - -+.RS - .TP - .B permanent - the neighbour entry is valid forever and can be only -@@ -105,6 +107,24 @@ This option to - .B ip neigh - does not change the neighbour state if it was valid and the address - is not changed by this command. -+.TP -+.B none -+this is a pseudo state used when initially creating a neighbour entry or after -+trying to remove it before it becomes free to do so. -+.TP -+.B incomplete -+the neighbour entry has not (yet) been validated/resolved. -+.TP -+.B delay -+neighbor entry validation is currently delayed. -+.TP -+.B probe -+neighbor is being probed. -+.TP -+.B failed -+max number of probes exceeded without success, neighbor validation has -+ultimately failed. -+.RE - .RE - - .TP --- -1.8.3.1 - diff --git a/SOURCES/0119-tc-flower-introduce-enum-flower_endpoint.patch b/SOURCES/0119-tc-flower-introduce-enum-flower_endpoint.patch new file mode 100644 index 0000000..15a5d4d --- /dev/null +++ b/SOURCES/0119-tc-flower-introduce-enum-flower_endpoint.patch @@ -0,0 +1,103 @@ +From 404b627b261aa76de7718fb481e6bbdacbd6d869 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:33 +0100 +Subject: [PATCH] tc: flower: introduce enum flower_endpoint + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 6910d65661a37 + +commit 6910d65661a3718ef4b944251a0dec170027f3d5 +Author: Simon Horman <simon.horman@netronome.com> +Date: Wed Dec 7 14:54:02 2016 +0100 + + tc: flower: introduce enum flower_endpoint + + Introduce enum flower_endpoint and use it instead of a bool + as the type for paramatising source and destination. + + This is intended to improve read-ability and provide some type + checking of endpoint parameters. + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + tc/f_flower.c | 27 +++++++++++++++++++-------- + 1 file changed, 19 insertions(+), 8 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 3f0190f..523b82b 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -23,6 +23,11 @@ + #include "tc_util.h" + #include "rt_names.h" + ++enum flower_endpoint { ++ FLOWER_ENDPOINT_SRC, ++ FLOWER_ENDPOINT_DST ++}; ++ + static void explain(void) + { + fprintf(stderr, +@@ -166,29 +171,33 @@ static int flower_parse_ip_addr(char *str, __be16 eth_type, + return 0; + } + +-static int flower_port_attr_type(__u8 ip_proto, bool is_src) ++static int flower_port_attr_type(__u8 ip_proto, enum flower_endpoint endpoint) + { + if (ip_proto == IPPROTO_TCP) +- return is_src ? TCA_FLOWER_KEY_TCP_SRC : ++ return endpoint == FLOWER_ENDPOINT_SRC ? ++ TCA_FLOWER_KEY_TCP_SRC : + TCA_FLOWER_KEY_TCP_DST; + else if (ip_proto == IPPROTO_UDP) +- return is_src ? TCA_FLOWER_KEY_UDP_SRC : ++ return endpoint == FLOWER_ENDPOINT_SRC ? ++ TCA_FLOWER_KEY_UDP_SRC : + TCA_FLOWER_KEY_UDP_DST; + else if (ip_proto == IPPROTO_SCTP) +- return is_src ? TCA_FLOWER_KEY_SCTP_SRC : ++ return endpoint == FLOWER_ENDPOINT_SRC ? ++ TCA_FLOWER_KEY_SCTP_SRC : + TCA_FLOWER_KEY_SCTP_DST; + else + return -1; + } + +-static int flower_parse_port(char *str, __u8 ip_proto, bool is_src, ++static int flower_parse_port(char *str, __u8 ip_proto, ++ enum flower_endpoint endpoint, + struct nlmsghdr *n) + { + int ret; + int type; + __be16 port; + +- type = flower_port_attr_type(ip_proto, is_src); ++ type = flower_port_attr_type(ip_proto, endpoint); + if (type < 0) + return -1; + +@@ -359,14 +368,16 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + } + } else if (matches(*argv, "dst_port") == 0) { + NEXT_ARG(); +- ret = flower_parse_port(*argv, ip_proto, false, n); ++ ret = flower_parse_port(*argv, ip_proto, ++ FLOWER_ENDPOINT_DST, n); + if (ret < 0) { + fprintf(stderr, "Illegal \"dst_port\"\n"); + return -1; + } + } else if (matches(*argv, "src_port") == 0) { + NEXT_ARG(); +- ret = flower_parse_port(*argv, ip_proto, true, n); ++ ret = flower_parse_port(*argv, ip_proto, ++ FLOWER_ENDPOINT_SRC, n); + if (ret < 0) { + fprintf(stderr, "Illegal \"src_port\"\n"); + return -1; +-- +1.8.3.1 + diff --git a/SOURCES/0120-libnetlink-Double-the-dump-buffer-size.patch b/SOURCES/0120-libnetlink-Double-the-dump-buffer-size.patch deleted file mode 100644 index 7df0dab..0000000 --- a/SOURCES/0120-libnetlink-Double-the-dump-buffer-size.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 3cfb170def0cfa4b4048ee1e153b29b460ff54f1 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Tue, 8 Mar 2016 18:35:16 +0100 -Subject: [PATCH] libnetlink: Double the dump buffer size - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1304840 -Upstream Status: iproute2.git commit 72b365e8e0fd5 - -commit 72b365e8e0fd5efe1d5c05d04c25950736635cfb -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 19:57:28 2016 +0100 - - libnetlink: Double the dump buffer size - - There have been reports about 'ip addr' printing "Message truncated" on - systems with large numbers of VFs. Although I haven't been able to get - my hands on hardware suitable to reproduce this, increasing the dump - buffer has been reported to resolve the issue. For want of a better - idea, just double the buffer size to 32k. - - Feels like this opportunistic buffer size selection is rather - workarounding a design flaw in libnetlink or maybe even the netlink - protocol itself. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - lib/libnetlink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/libnetlink.c b/lib/libnetlink.c -index b2a300e..96bde59 100644 ---- a/lib/libnetlink.c -+++ b/lib/libnetlink.c -@@ -202,7 +202,7 @@ int rtnl_dump_filter_l(struct rtnl_handle *rth, - .msg_iov = &iov, - .msg_iovlen = 1, - }; -- char buf[16384]; -+ char buf[32768]; - int dump_intr = 0; - - iov.iov_base = buf; --- -1.8.3.1 - diff --git a/SOURCES/0120-tc-flower-support-matching-on-ICMP-type-and-code.patch b/SOURCES/0120-tc-flower-support-matching-on-ICMP-type-and-code.patch new file mode 100644 index 0000000..de05d40 --- /dev/null +++ b/SOURCES/0120-tc-flower-support-matching-on-ICMP-type-and-code.patch @@ -0,0 +1,264 @@ +From e5ada6e0c92ee29337cec1117e1d6761ca6d4880 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:33 +0100 +Subject: [PATCH] tc: flower: support matching on ICMP type and code + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit eb3b5696f1633 + +commit eb3b5696f16334b4513ad42882ca6bc35b78144d +Author: Simon Horman <simon.horman@netronome.com> +Date: Wed Dec 7 14:54:03 2016 +0100 + + tc: flower: support matching on ICMP type and code + + Support matching on ICMP type and code. + + Example usage: + + tc qdisc add dev eth0 ingress + + tc filter add dev eth0 protocol ip parent ffff: flower \ + indev eth0 ip_proto icmp type 8 code 0 action drop + + tc filter add dev eth0 protocol ipv6 parent ffff: flower \ + indev eth0 ip_proto icmpv6 type 128 code 0 action drop + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + man/man8/tc-flower.8 | 20 ++++++++--- + tc/f_flower.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++++--- + 2 files changed, 106 insertions(+), 10 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 744c450..90fdfba 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -29,7 +29,7 @@ flower \- flow based traffic control filter + .IR PRIORITY " | " + .BR vlan_eth_type " { " ipv4 " | " ipv6 " | " + .IR ETH_TYPE " } | " +-.BR ip_proto " { " tcp " | " udp " | " sctp " | " ++.BR ip_proto " { " tcp " | " udp " | " sctp " | " icmp " | " icmpv6 " | " + .IR IP_PROTO " } | { " + .BR dst_ip " | " src_ip " } { " + .IR ipv4_address " | " ipv6_address " } | { " +@@ -98,7 +98,7 @@ or an unsigned 16bit value in hexadecimal format. + Match on layer four protocol. + .I IP_PROTO + may be +-.BR tcp ", " udp ", " sctp ++.BR tcp ", " udp ", " sctp ", " icmp ", " icmpv6 + or an unsigned 8bit value in hexadecimal format. + .TP + .BI dst_ip " ADDRESS" +@@ -117,6 +117,13 @@ Match on layer 4 protocol source or destination port number. Only available for + .BR ip_proto " values " udp ", " tcp " and " sctp + which have to be specified in beforehand. + .TP ++.BI type " NUMBER" ++.TQ ++.BI code " NUMBER" ++Match on ICMP type or code. Only available for ++.BR ip_proto " values " icmp " and " icmpv6 ++which have to be specified in beforehand. ++.TP + .BI enc_key_id " NUMBER" + .TQ + .BI enc_dst_ip " ADDRESS" +@@ -135,13 +142,16 @@ have no dependency, layer three matches + (\fBip_proto\fR, \fBdst_ip\fR and \fBsrc_ip\fR) + depend on the + .B protocol +-option of tc filter +-and finally layer four matches ++option of tc filter, layer four port matches + (\fBdst_port\fR and \fBsrc_port\fR) + depend on + .B ip_proto + being set to +-.BR tcp ", " udp " or " sctp. ++.BR tcp ", " udp " or " sctp, ++and finally ICMP matches (\fBcode\fR and \fBtype\fR) depend on ++.B ip_proto ++being set to ++.BR icmp " or " icmpv6. + .P + There can be only used one mask per one prio. If user needs to specify different + mask, he has to use different prio. +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 523b82b..adf7164 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -28,6 +28,11 @@ enum flower_endpoint { + FLOWER_ENDPOINT_DST + }; + ++enum flower_icmp_field { ++ FLOWER_ICMP_FIELD_TYPE, ++ FLOWER_ICMP_FIELD_CODE ++}; ++ + static void explain(void) + { + fprintf(stderr, +@@ -42,11 +47,13 @@ static void explain(void) + " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n" + " dst_mac MAC-ADDR |\n" + " src_mac MAC-ADDR |\n" +- " ip_proto [tcp | udp | sctp | IP-PROTO ] |\n" ++ " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n" + " dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " dst_port PORT-NUMBER |\n" + " src_port PORT-NUMBER |\n" ++ " type ICMP-TYPE |\n" ++ " code ICMP-CODE }\n" + " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_key_id [ KEY-ID ] }\n" +@@ -98,16 +105,23 @@ static int flower_parse_ip_proto(char *str, __be16 eth_type, int type, + int ret; + __u8 ip_proto; + +- if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6)) { +- fprintf(stderr, "Illegal \"eth_type\" for ip proto\n"); +- return -1; +- } ++ if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6)) ++ goto err; ++ + if (matches(str, "tcp") == 0) { + ip_proto = IPPROTO_TCP; + } else if (matches(str, "udp") == 0) { + ip_proto = IPPROTO_UDP; + } else if (matches(str, "sctp") == 0) { + ip_proto = IPPROTO_SCTP; ++ } else if (matches(str, "icmp") == 0) { ++ if (eth_type != htons(ETH_P_IP)) ++ goto err; ++ ip_proto = IPPROTO_ICMP; ++ } else if (matches(str, "icmpv6") == 0) { ++ if (eth_type != htons(ETH_P_IPV6)) ++ goto err; ++ ip_proto = IPPROTO_ICMPV6; + } else { + ret = get_u8(&ip_proto, str, 16); + if (ret) +@@ -116,6 +130,10 @@ static int flower_parse_ip_proto(char *str, __be16 eth_type, int type, + addattr8(n, MAX_MSG, type, ip_proto); + *p_ip_proto = ip_proto; + return 0; ++ ++err: ++ fprintf(stderr, "Illegal \"eth_type\" for ip proto\n"); ++ return -1; + } + + static int flower_parse_ip_addr(char *str, __be16 eth_type, +@@ -171,6 +189,41 @@ static int flower_parse_ip_addr(char *str, __be16 eth_type, + return 0; + } + ++static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto, ++ enum flower_icmp_field field) ++{ ++ if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP) ++ return field == FLOWER_ICMP_FIELD_CODE ? ++ TCA_FLOWER_KEY_ICMPV4_CODE : ++ TCA_FLOWER_KEY_ICMPV4_TYPE; ++ else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6) ++ return field == FLOWER_ICMP_FIELD_CODE ? ++ TCA_FLOWER_KEY_ICMPV6_CODE : ++ TCA_FLOWER_KEY_ICMPV6_TYPE; ++ ++ return -1; ++} ++ ++static int flower_parse_icmp(char *str, __u16 eth_type, __u8 ip_proto, ++ enum flower_icmp_field field, struct nlmsghdr *n) ++{ ++ int ret; ++ int type; ++ uint8_t value; ++ ++ type = flower_icmp_attr_type(eth_type, ip_proto, field); ++ if (type < 0) ++ return -1; ++ ++ ret = get_u8(&value, str, 10); ++ if (ret) ++ return -1; ++ ++ addattr8(n, MAX_MSG, type, value); ++ ++ return 0; ++} ++ + static int flower_port_attr_type(__u8 ip_proto, enum flower_endpoint endpoint) + { + if (ip_proto == IPPROTO_TCP) +@@ -382,6 +435,22 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + fprintf(stderr, "Illegal \"src_port\"\n"); + return -1; + } ++ } else if (matches(*argv, "type") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_icmp(*argv, eth_type, ip_proto, ++ FLOWER_ICMP_FIELD_TYPE, n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"icmp type\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "code") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_icmp(*argv, eth_type, ip_proto, ++ FLOWER_ICMP_FIELD_CODE, n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"icmp code\"\n"); ++ return -1; ++ } + } else if (matches(*argv, "enc_dst_ip") == 0) { + NEXT_ARG(); + ret = flower_parse_ip_addr(*argv, 0, +@@ -527,6 +596,10 @@ static void flower_print_ip_proto(FILE *f, __u8 *p_ip_proto, + fprintf(f, "udp"); + else if (ip_proto == IPPROTO_SCTP) + fprintf(f, "sctp"); ++ else if (ip_proto == IPPROTO_ICMP) ++ fprintf(f, "icmp"); ++ else if (ip_proto == IPPROTO_ICMPV6) ++ fprintf(f, "icmpv6"); + else + fprintf(f, "%02x", ip_proto); + *p_ip_proto = ip_proto; +@@ -582,6 +655,12 @@ static void flower_print_key_id(FILE *f, const char *name, + fprintf(f, "\n %s %d", name, rta_getattr_be32(attr)); + } + ++static void flower_print_icmp(FILE *f, char *name, struct rtattr *attr) ++{ ++ if (attr) ++ fprintf(f, "\n %s %d", name, rta_getattr_u8(attr)); ++} ++ + static int flower_print_opt(struct filter_util *qu, FILE *f, + struct rtattr *opt, __u32 handle) + { +@@ -650,6 +729,13 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + if (nl_type >= 0) + flower_print_port(f, "src_port", tb[nl_type]); + ++ nl_type = flower_icmp_attr_type(eth_type, ip_proto, false); ++ if (nl_type >= 0) ++ flower_print_icmp(f, "icmp_type", tb[nl_type]); ++ nl_type = flower_icmp_attr_type(eth_type, ip_proto, true); ++ if (nl_type >= 0) ++ flower_print_icmp(f, "icmp_code", tb[nl_type]); ++ + flower_print_ip_addr(f, "enc_dst_ip", + tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ? + htons(ETH_P_IP) : htons(ETH_P_IPV6), +-- +1.8.3.1 + diff --git a/SOURCES/0121-man-ip-link-Beef-up-VXLAN-csum-options-a-bit.patch b/SOURCES/0121-man-ip-link-Beef-up-VXLAN-csum-options-a-bit.patch deleted file mode 100644 index e26719d..0000000 --- a/SOURCES/0121-man-ip-link-Beef-up-VXLAN-csum-options-a-bit.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f49095ecb1b78ea7020e52cc53a0337d0b6df466 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Tue, 8 Mar 2016 18:36:08 +0100 -Subject: [PATCH] man: ip-link: Beef up VXLAN csum options a bit - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1254625 -Upstream Status: iproute2.git commit 4853ee528110f - -commit 4853ee528110f61f4d1c1606cfd5dd276bb39cbd -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 12:52:38 2016 +0100 - - man: ip-link: Beef up VXLAN csum options a bit - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-link.8.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 62fc340..e8dccbd 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -409,15 +409,15 @@ are entered into the VXLAN device forwarding database. - - .sp - .I [no]udpcsum --- specifies if UDP checksum is filled in -+- specifies if UDP checksum is calculated for transmitted packets over IPv4. - - .sp - .I [no]udp6zerocsumtx --- specifies if UDP checksum is filled in -+- skip UDP checksum calculation for transmitted packets over IPv6. - - .sp - .I [no]udp6zerocsumrx --- specifies if UDP checksum is received -+- allow incoming UDP packets over IPv6 with zero checksum field. - - .sp - .BI ageing " SECONDS" --- -1.8.3.1 - diff --git a/SOURCES/0121-tc-cls_flower-Add-dest-UDP-port-to-tunnel-params.patch b/SOURCES/0121-tc-cls_flower-Add-dest-UDP-port-to-tunnel-params.patch new file mode 100644 index 0000000..b75621b --- /dev/null +++ b/SOURCES/0121-tc-cls_flower-Add-dest-UDP-port-to-tunnel-params.patch @@ -0,0 +1,106 @@ +From 81c82d64697b25e8b2f7cae85cc4b931a1ad54a0 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:33 +0100 +Subject: [PATCH] tc/cls_flower: Add dest UDP port to tunnel params + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 41aa17ff4668c + +commit 41aa17ff4668ce97ec27e5f4cdc20db7169b549b +Author: Hadar Hen Zion <hadarh@mellanox.com> +Date: Tue Dec 13 10:07:46 2016 +0200 + + tc/cls_flower: Add dest UDP port to tunnel params + + Enhance IP tunnel parameters by adding destination UDP port. + + Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com> + Reviewed-by: Roi Dayan <roid@mellanox.com> +--- + man/man8/tc-flower.8 | 8 +++++++- + tc/f_flower.c | 25 +++++++++++++++++++++++++ + 2 files changed, 32 insertions(+), 1 deletion(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 90fdfba..88df833 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -39,6 +39,8 @@ flower \- flow based traffic control filter + .IR KEY-ID " | {" + .BR enc_dst_ip " | " enc_src_ip " } { " + .IR ipv4_address " | " ipv6_address " } | " ++.B enc_dst_port ++.IR UDP-PORT " | " + .SH DESCRIPTION + The + .B flower +@@ -129,11 +131,15 @@ which have to be specified in beforehand. + .BI enc_dst_ip " ADDRESS" + .TQ + .BI enc_src_ip " ADDRESS" ++.TQ ++.BI enc_dst_port " NUMBER" + Match on IP tunnel metadata. Key id + .I NUMBER + is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel). + .I ADDRESS +-must be a valid IPv4 or IPv6 address. ++must be a valid IPv4 or IPv6 address. Dst port ++.I NUMBER ++is a 16 bit UDP dst port. + .SH NOTES + As stated above where applicable, matches of a certain layer implicitly depend + on the matches of the next lower layer. Precisely, layer one and two matches +diff --git a/tc/f_flower.c b/tc/f_flower.c +index adf7164..00e3ea6 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -275,6 +275,20 @@ static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n) + return ret; + } + ++static int flower_parse_enc_port(char *str, int type, struct nlmsghdr *n) ++{ ++ int ret; ++ __be16 port; ++ ++ ret = get_be16(&port, str, 10); ++ if (ret) ++ return -1; ++ ++ addattr16(n, MAX_MSG, type, port); ++ ++ return 0; ++} ++ + static int flower_parse_opt(struct filter_util *qu, char *handle, + int argc, char **argv, struct nlmsghdr *n) + { +@@ -483,6 +497,14 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + fprintf(stderr, "Illegal \"enc_key_id\"\n"); + return -1; + } ++ } else if (matches(*argv, "enc_dst_port") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_enc_port(*argv, ++ TCA_FLOWER_KEY_ENC_UDP_DST_PORT, n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"enc_dst_port\"\n"); ++ return -1; ++ } + } else if (matches(*argv, "action") == 0) { + NEXT_ARG(); + ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n); +@@ -755,6 +777,9 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + flower_print_key_id(f, "enc_key_id", + tb[TCA_FLOWER_KEY_ENC_KEY_ID]); + ++ flower_print_port(f, "enc_dst_port", ++ tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]); ++ + if (tb[TCA_FLOWER_FLAGS]) { + __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]); + +-- +1.8.3.1 + diff --git a/SOURCES/0122-fix-print_ipt-segfault-if-more-then-one-filter-with-.patch b/SOURCES/0122-fix-print_ipt-segfault-if-more-then-one-filter-with-.patch deleted file mode 100644 index 42ded44..0000000 --- a/SOURCES/0122-fix-print_ipt-segfault-if-more-then-one-filter-with-.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 732cf95fe96f859d40afb1bd3251b2cada683220 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Tue, 8 Mar 2016 18:38:17 +0100 -Subject: [PATCH] fix print_ipt: segfault if more then one filter with action - -j MARK. - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1314403 -Upstream Status: iproute2.git commit 6e2e5ec28bad4 - -commit 6e2e5ec28bad4561c534adf4f22b2706e385c71d -Author: Andreas Greve <andreas.greve@a-greve.de> -Date: Sat May 10 11:19:18 2014 +0200 - - fix print_ipt: segfault if more then one filter with action -j MARK. - - BUG: tc filter show ... produce a segmentation fault if more than one - filter rule with action -j MARK exists. - - Reason: In print_ipt(...) xtables will be initialzed with a - pointer to the static struct tcipt_globals at xtables_init_all(). - Later on the fields .opts and .options_offset of tcipt_globals are - modified. The call of xtables_free_opts(1) at the end of print(...) - does not restore the original values of tcipt_globals for the - modified fields. It only frees some allocated memory and sets - .opts to NULL. This leads to a segmentation fault when print_ipt() - is called for the next filter rule with action -j MARK. - - Fix: Cloneing tcipt_globals on the stack as tmp_tcipt_globals and - use it instead of tcipt_globals, so tcipt_globals will be not - modified. - - Signed-off-by: Andreas Greve <andreas.greve@a-greve.de> ---- - tc/m_xt.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/tc/m_xt.c b/tc/m_xt.c -index dd5fd48..48aac90 100644 ---- a/tc/m_xt.c -+++ b/tc/m_xt.c -@@ -298,7 +298,10 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) - if (arg == NULL) - return -1; - -- xtables_init_all(&tcipt_globals, NFPROTO_IPV4); -+ /* copy tcipt_globals because .opts will be modified by iptables */ -+ struct xtables_globals tmp_tcipt_globals = tcipt_globals; -+ -+ xtables_init_all(&tmp_tcipt_globals, NFPROTO_IPV4); - set_lib_dir(); - - parse_rtattr_nested(tb, TCA_IPT_MAX, arg); -@@ -333,12 +336,12 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) - } - - #if (XTABLES_VERSION_CODE >= 6) -- opts = xtables_options_xfrm(tcipt_globals.orig_opts, -- tcipt_globals.opts, -+ opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts, -+ tmp_tcipt_globals.opts, - m->x6_options, - &m->option_offset); - #else -- opts = xtables_merge_options(tcipt_globals.opts, -+ opts = xtables_merge_options(tmp_tcipt_globals.opts, - m->extra_opts, - &m->option_offset); - #endif -@@ -346,7 +349,7 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) - fprintf(stderr, " failed to find aditional options for target %s\n\n", optarg); - return -1; - } else -- tcipt_globals.opts = opts; -+ tmp_tcipt_globals.opts = opts; - } else { - fprintf(stderr, " failed to find target %s\n\n", - t->u.user.name); --- -1.8.3.1 - diff --git a/SOURCES/0122-tc-flower-Fix-typo-and-style-in-flower-man-page.patch b/SOURCES/0122-tc-flower-Fix-typo-and-style-in-flower-man-page.patch new file mode 100644 index 0000000..0810cff --- /dev/null +++ b/SOURCES/0122-tc-flower-Fix-typo-and-style-in-flower-man-page.patch @@ -0,0 +1,60 @@ +From fb560db2ea31c64b2d78408b4a5568068038aa14 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:33 +0100 +Subject: [PATCH] tc: flower: Fix typo and style in flower man page + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 5c46a8fd618f2 + +commit 5c46a8fd618f2c1ae4c8454964144c3fcbd3739f +Author: Roi Dayan <roid@mellanox.com> +Date: Tue Dec 13 14:39:01 2016 +0200 + + tc: flower: Fix typo and style in flower man page + + Replace vlan_eth_type with vlan_ethtype. + + Fixes: 745d91726006 ("tc: flower: Introduce vlan support") + Signed-off-by: Roi Dayan <roid@mellanox.com> + Reviewed-by: Hadar Hen Zion <hadarh@mellanox.com> +--- + man/man8/tc-flower.8 | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 88df833..c5ddf3c 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -27,7 +27,7 @@ flower \- flow based traffic control filter + .IR VID " | " + .B vlan_prio + .IR PRIORITY " | " +-.BR vlan_eth_type " { " ipv4 " | " ipv6 " | " ++.BR vlan_ethtype " { " ipv4 " | " ipv6 " | " + .IR ETH_TYPE " } | " + .BR ip_proto " { " tcp " | " udp " | " sctp " | " icmp " | " icmpv6 " | " + .IR IP_PROTO " } | { " +@@ -84,16 +84,16 @@ Match on vlan tag id. + .I VID + is an unsigned 12bit value in decimal format. + .TP +-.BI vlan_prio " priority" ++.BI vlan_prio " PRIORITY" + Match on vlan tag priority. + .I PRIORITY + is an unsigned 3bit value in decimal format. + .TP +-.BI vlan_eth_type " VLAN_ETH_TYPE" ++.BI vlan_ethtype " VLAN_ETH_TYPE" + Match on layer three protocol. +-.I ETH_TYPE ++.I VLAN_ETH_TYPE + may be either +-.BR ipv4 , ipv6 ++.BR ipv4 ", " ipv6 + or an unsigned 16bit value in hexadecimal format. + .TP + .BI ip_proto " IP_PROTO" +-- +1.8.3.1 + diff --git a/SOURCES/0123-man-rtpr-add-minimal-manpage.patch b/SOURCES/0123-man-rtpr-add-minimal-manpage.patch deleted file mode 100644 index c2f23aa..0000000 --- a/SOURCES/0123-man-rtpr-add-minimal-manpage.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 6f97690bb3a37d701a67fdd8e0dbd4d8911c4d7c Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Fri, 11 Mar 2016 15:33:47 +0100 -Subject: [PATCH] man: rtpr: add minimal manpage - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1316059 -Upstream Status: iproute2.git commit e4ef49a465969 -Conflicts: Context changes in Makefile due to missing other man pages. - -commit e4ef49a465969a68704dbcfec43baa7f874f59ff -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Sep 18 20:17:05 2015 +0200 - - man: rtpr: add minimal manpage - - While there is not much to explain about this rather trivial shell - script, having a manpage for it serves as good point of reference for - users wondering what it might be for. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/Makefile | 2 +- - man/man8/rtpr.8 | 25 +++++++++++++++++++++++++ - 2 files changed, 26 insertions(+), 1 deletion(-) - create mode 100644 man/man8/rtpr.8 - -diff --git a/man/man8/Makefile b/man/man8/Makefile -index 248ecfd..c60c773 100644 ---- a/man/man8/Makefile -+++ b/man/man8/Makefile -@@ -1,6 +1,6 @@ - TARGETS = ip-address.8 ip-link.8 ip-route.8 - --MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 ss.8 \ -+MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss.8 \ - tc.8 tc-bfifo.8 tc-cbq.8 tc-cbq-details.8 tc-choke.8 tc-codel.8 \ - tc-fq.8 \ - tc-drr.8 tc-ematch.8 tc-fq_codel.8 tc-hfsc.8 tc-htb.8 \ -diff --git a/man/man8/rtpr.8 b/man/man8/rtpr.8 -new file mode 100644 -index 0000000..5e32b2e ---- /dev/null -+++ b/man/man8/rtpr.8 -@@ -0,0 +1,25 @@ -+.TH RTPR 8 "18 September, 2015" -+ -+.SH NAME -+rtpr \- replace backslashes with newlines. -+ -+.SH DESCRIPTION -+.B rtpr -+is a trivial bash script which converts backslashes in standard input to newlines. It's sole purpose is to be fed with input from -+.B ip -+when executed with it's -+.B --oneline -+flag. -+ -+.SH EXAMPLES -+.TP -+ip --onenline address show | rtpr -+Undo oneline converted -+.B ip-address -+output. -+ -+.SH SEE ALSO -+.BR ip (8) -+ -+.SH AUTHORS -+Stephen Hemminger <shemming@brocade.com> --- -1.8.3.1 - diff --git a/SOURCES/0123-tc-flower-document-that-_ip-parameters-take-a-PREFIX.patch b/SOURCES/0123-tc-flower-document-that-_ip-parameters-take-a-PREFIX.patch new file mode 100644 index 0000000..9286bda --- /dev/null +++ b/SOURCES/0123-tc-flower-document-that-_ip-parameters-take-a-PREFIX.patch @@ -0,0 +1,117 @@ +From 86bb5cf1e2dacf9c3710e272da719149e94fcfec Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:34 +0100 +Subject: [PATCH] tc: flower: document that *_ip parameters take a PREFIX as an + argument. + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit b2a1f740aa4d3 +Conflicts: Adjusted patch to include changes added by Stephen Hemminger + in a later merge commit. + +commit b2a1f740aa4d37b0a15a1a8ea866a29d5fab4591 +Author: Simon Horman <simon.horman@netronome.com> +Date: Fri Dec 16 14:54:36 2016 +0100 + + tc: flower: document that *_ip parameters take a PREFIX as an argument. + + * The argument to src_ip, dst_ip, enc_src_ip and enc_dst_ip take an + optional prefix length which is used to provide a mask to limit the scope + of matching. + * This is documented as a PREFIX in keeping with ip-route(8). + + Example of uses of IPv4 and IPv6 prefixes + + tc qdisc add dev eth0 ingress + tc filter add dev eth0 protocol ip parent ffff: flower \ + indev eth0 dst_ip 192.168.1.1 action drop + tc filter add dev eth0 protocol ip parent ffff: flower \ + indev eth0 src_ip 10.0.0.0/8 action drop + tc filter add dev eth0 protocol ipv6 parent ffff: flower \ + indev eth0 src_ip 2001:DB8:1::/48 action drop + tc filter add dev eth0 protocol ipv6 parent ffff: flower \ + indev eth0 dst_ip 2001:DB8::1 action drop + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + man/man8/tc-flower.8 | 28 ++++++++++++++-------------- + tc/f_flower.c | 4 ++-- + 2 files changed, 16 insertions(+), 16 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index c5ddf3c..3841ff2 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -31,8 +31,8 @@ flower \- flow based traffic control filter + .IR ETH_TYPE " } | " + .BR ip_proto " { " tcp " | " udp " | " sctp " | " icmp " | " icmpv6 " | " + .IR IP_PROTO " } | { " +-.BR dst_ip " | " src_ip " } { " +-.IR ipv4_address " | " ipv6_address " } | { " ++.BR dst_ip " | " src_ip " } " ++.IR PREFIX " | { " + .BR dst_port " | " src_port " } " + .IR port_number " } | " + .B enc_key_id +@@ -103,14 +103,14 @@ may be + .BR tcp ", " udp ", " sctp ", " icmp ", " icmpv6 + or an unsigned 8bit value in hexadecimal format. + .TP +-.BI dst_ip " ADDRESS" ++.BI dst_ip " PREFIX" + .TQ +-.BI src_ip " ADDRESS" ++.BI src_ip " PREFIX" + Match on source or destination IP address. +-.I ADDRESS +-must be a valid IPv4 or IPv6 address, depending on +-.BR protocol +-option of tc filter. ++.I PREFIX ++must be a valid IPv4 or IPv6 address, depending on the \fBprotocol\fR ++option to tc filter, optionally followed by a slash and the prefix length. ++If the prefix is missing, \fBtc\fR assumes a full-length host match. + .TP + .BI dst_port " NUMBER" + .TQ +@@ -128,16 +128,16 @@ which have to be specified in beforehand. + .TP + .BI enc_key_id " NUMBER" + .TQ +-.BI enc_dst_ip " ADDRESS" ++.BI enc_dst_ip " PREFIX" + .TQ +-.BI enc_src_ip " ADDRESS" +-.TQ +-.BI enc_dst_port " NUMBER" ++.BI enc_src_ip " PREFIX" + Match on IP tunnel metadata. Key id + .I NUMBER + is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel). +-.I ADDRESS +-must be a valid IPv4 or IPv6 address. Dst port ++.I PREFIX ++must be a valid IPv4 or IPv6 address optionally followed by a slash and the ++prefix length. If the prefix is missing, \fBtc\fR assumes a full-length ++host match. Dst port + .I NUMBER + is a 16 bit UDP dst port. + .SH NOTES +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 00e3ea6..5d93568 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -48,8 +48,8 @@ static void explain(void) + " dst_mac MAC-ADDR |\n" + " src_mac MAC-ADDR |\n" + " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n" +- " dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" +- " src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" ++ " dst_ip PREFIX |\n" ++ " src_ip PREFIX |\n" + " dst_port PORT-NUMBER |\n" + " src_port PORT-NUMBER |\n" + " type ICMP-TYPE |\n" +-- +1.8.3.1 + diff --git a/SOURCES/0124-tc-flower-Allow-_mac-options-to-accept-a-mask.patch b/SOURCES/0124-tc-flower-Allow-_mac-options-to-accept-a-mask.patch new file mode 100644 index 0000000..fcdeff5 --- /dev/null +++ b/SOURCES/0124-tc-flower-Allow-_mac-options-to-accept-a-mask.patch @@ -0,0 +1,144 @@ +From b4c8e306b3e226076d12128aae38ca94e9eb69be Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:54 +0100 +Subject: [PATCH] tc: flower: Allow *_mac options to accept a mask + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit c2078f8dc48c5 + +commit c2078f8dc48c572a5016c79c3a2a878b6e39e8ee +Author: Simon Horman <simon.horman@netronome.com> +Date: Fri Dec 16 14:54:37 2016 +0100 + + tc: flower: Allow *_mac options to accept a mask + + * The argument to src_mac and dst_mac may now take an optional mask + to limit the scope of matching. + * This address is is documented as a LLADDR in keeping with ip-link(8). + * The formats accepted match those already output when dumping flower + filters from the kernel. + + Example of use of LLADDR with and without a mask: + + tc qdisc add dev eth0 ingress + tc filter add dev eth0 protocol ip parent ffff: flower indev eth0 \ + src_mac 52:54:01:00:00:00/ff:ff:00:00:00:01 action drop + tc filter add dev eth0 protocol ip parent ffff: flower indev eth0 \ + src_mac 52:54:00:00:00:00/23 action drop + tc filter add dev eth0 protocol ip parent ffff: flower indev eth0 \ + src_mac 52:54:00:00:00:00 action drop + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + man/man8/tc-flower.8 | 13 +++++++++---- + tc/f_flower.c | 43 ++++++++++++++++++++++++++++++++++++------- + 2 files changed, 45 insertions(+), 11 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 3841ff2..3310496 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -22,7 +22,7 @@ flower \- flow based traffic control filter + .BR skip_sw " | " skip_hw + .R " | { " + .BR dst_mac " | " src_mac " } " +-.IR mac_address " | " ++.IR MASKED_LLADDR " | " + .B vlan_id + .IR VID " | " + .B vlan_prio +@@ -74,10 +74,15 @@ filter, or TC offload is not enabled for the interface, operation will fail. + .BI skip_hw + Do not process filter by hardware. + .TP +-.BI dst_mac " mac_address" ++.BI dst_mac " MASKED_LLADDR" + .TQ +-.BI src_mac " mac_address" +-Match on source or destination MAC address. ++.BI src_mac " MASKED_LLADDR" ++Match on source or destination MAC address. A mask may be optionally ++provided to limit the bits of the address which are matched. A mask is ++provided by following the address with a slash and then the mask. It may be ++provided in LLADDR format, in which case it is a bitwise mask, or as a ++number of high bits to match. If the mask is missing then a match on all ++bits is assumed. + .TP + .BI vlan_id " VID" + Match on vlan tag id. +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 5d93568..2774905 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -45,8 +45,8 @@ static void explain(void) + " vlan_id VID |\n" + " vlan_prio PRIORITY |\n" + " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n" +- " dst_mac MAC-ADDR |\n" +- " src_mac MAC-ADDR |\n" ++ " dst_mac MASKED-LLADDR |\n" ++ " src_mac MASKED-LLADDR |\n" + " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n" + " dst_ip PREFIX |\n" + " src_ip PREFIX |\n" +@@ -58,6 +58,7 @@ static void explain(void) + " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_key_id [ KEY-ID ] }\n" + " FILTERID := X:Y:Z\n" ++ " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n" + " ACTION-SPEC := ... look at individual actions\n" + "\n" + "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n" +@@ -68,16 +69,44 @@ static void explain(void) + static int flower_parse_eth_addr(char *str, int addr_type, int mask_type, + struct nlmsghdr *n) + { +- int ret; +- char addr[ETH_ALEN]; ++ int ret, err = -1; ++ char addr[ETH_ALEN], *slash; ++ ++ slash = strchr(str, '/'); ++ if (slash) ++ *slash = '\0'; + + ret = ll_addr_a2n(addr, sizeof(addr), str); + if (ret < 0) +- return -1; ++ goto err; + addattr_l(n, MAX_MSG, addr_type, addr, sizeof(addr)); +- memset(addr, 0xff, ETH_ALEN); ++ ++ if (slash) { ++ unsigned bits; ++ ++ if (!get_unsigned(&bits, slash + 1, 10)) { ++ uint64_t mask; ++ ++ /* Extra 16 bit shift to push mac address into ++ * high bits of uint64_t ++ */ ++ mask = htonll(0xffffffffffffULL << (16 + 48 - bits)); ++ memcpy(addr, &mask, ETH_ALEN); ++ } else { ++ ret = ll_addr_a2n(addr, sizeof(addr), slash + 1); ++ if (ret < 0) ++ goto err; ++ } ++ } else { ++ memset(addr, 0xff, ETH_ALEN); ++ } + addattr_l(n, MAX_MSG, mask_type, addr, sizeof(addr)); +- return 0; ++ ++ err = 0; ++err: ++ if (slash) ++ *slash = '/'; ++ return err; + } + + static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type, +-- +1.8.3.1 + diff --git a/SOURCES/0124-tc-introduce-simple-action.patch b/SOURCES/0124-tc-introduce-simple-action.patch deleted file mode 100644 index 354c3f1..0000000 --- a/SOURCES/0124-tc-introduce-simple-action.patch +++ /dev/null @@ -1,247 +0,0 @@ -From 1ce74bc27f9b766ed42fc23b3a3754bbef6a1a3c Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Fri, 11 Mar 2016 15:37:57 +0100 -Subject: [PATCH] tc: introduce simple action - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1315930 -Upstream Status: iproute2.git commit 087f46ee4ebd1 - -commit 087f46ee4ebd178a2a8562989fd9a4e02c93f406 -Author: Jamal Hadi Salim <jhs@mojatatu.com> -Date: Sun Sep 29 07:33:42 2013 -0400 - - tc: introduce simple action - - Simple action is already in the kernel for years now as an - example. This complements it with user space control. - - Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> ---- - tc/Makefile | 1 + - tc/m_simple.c | 202 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 203 insertions(+) - create mode 100644 tc/m_simple.c - -diff --git a/tc/Makefile b/tc/Makefile -index 79116f3..59ee1dd 100644 ---- a/tc/Makefile -+++ b/tc/Makefile -@@ -44,6 +44,7 @@ TCMODULES += m_nat.o - TCMODULES += m_pedit.o - TCMODULES += m_skbedit.o - TCMODULES += m_csum.o -+TCMODULES += m_simple.o - TCMODULES += p_ip.o - TCMODULES += p_icmp.o - TCMODULES += p_tcp.o -diff --git a/tc/m_simple.c b/tc/m_simple.c -new file mode 100644 -index 0000000..0224440 ---- /dev/null -+++ b/tc/m_simple.c -@@ -0,0 +1,202 @@ -+/* -+ * m_simple.c simple action -+ * -+ * This program is free software; you can distribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: J Hadi Salim <jhs@mojatatu.com> -+ * -+ * Pedagogical example. Adds a string that will be printed everytime -+ * the simple instance is hit. -+ * Use this as a skeleton action and keep modifying it to meet your needs. -+ * Look at linux/tc_act/tc_defact.h for the different components ids and -+ * definitions used in this actions -+ * -+ * example use, yell "Incoming ICMP!" every time you see an incoming ICMP on -+ * eth0. Steps are: -+ * 1) Add an ingress qdisc point to eth0 -+ * 2) Start a chain on ingress of eth0 that first matches ICMP then invokes -+ * the simple action to shout. -+ * 3) display stats and show that no packet has been seen by the action -+ * 4) Send one ping packet to google (expect to receive a response back) -+ * 5) grep the logs to see the logged message -+ * 6) display stats again and observe increment by 1 -+ * -+ hadi@noma1:$ tc qdisc add dev eth0 ingress -+ hadi@noma1:$tc filter add dev eth0 parent ffff: protocol ip prio 5 \ -+ u32 match ip protocol 1 0xff flowid 1:1 action simple "Incoming ICMP" -+ -+ hadi@noma1:$ sudo tc -s filter ls dev eth0 parent ffff: -+ filter protocol ip pref 5 u32 -+ filter protocol ip pref 5 u32 fh 800: ht divisor 1 -+ filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 -+ match 00010000/00ff0000 at 8 -+ action order 1: Simple <Incoming ICMP> -+ index 4 ref 1 bind 1 installed 29 sec used 29 sec -+ Action statistics: -+ Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) -+ backlog 0b 0p requeues 0 -+ -+ -+ hadi@noma1$ ping -c 1 www.google.ca -+ PING www.google.ca (74.125.225.120) 56(84) bytes of data. -+ 64 bytes from ord08s08-in-f24.1e100.net (74.125.225.120): icmp_req=1 ttl=53 time=31.3 ms -+ -+ --- www.google.ca ping statistics --- -+ 1 packets transmitted, 1 received, 0% packet loss, time 0ms -+ rtt min/avg/max/mdev = 31.316/31.316/31.316/0.000 ms -+ -+ hadi@noma1$ dmesg | grep simple -+ [135354.473951] simple: Incoming ICMP_1 -+ -+ hadi@noma1$ sudo tc/tc -s filter ls dev eth0 parent ffff: -+ filter protocol ip pref 5 u32 -+ filter protocol ip pref 5 u32 fh 800: ht divisor 1 -+ filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 -+ match 00010000/00ff0000 at 8 -+ action order 1: Simple <Incoming ICMP> -+ index 4 ref 1 bind 1 installed 206 sec used 67 sec -+ Action statistics: -+ Sent 84 bytes 1 pkt (dropped 0, overlimits 0 requeues 0) -+ backlog 0b 0p requeues 0 -+*/ -+ -+#include <stdio.h> -+#include <stdlib.h> -+#include <unistd.h> -+#include <syslog.h> -+#include <fcntl.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+#include <arpa/inet.h> -+#include <string.h> -+#include "utils.h" -+#include "tc_util.h" -+#include <linux/tc_act/tc_defact.h> -+ -+#ifndef SIMP_MAX_DATA -+#define SIMP_MAX_DATA 32 -+#endif -+static void explain(void) -+{ -+ fprintf(stderr, "Usage: ... simple STRING\n" -+ "STRING being an arbitrary string\n" -+ "example: \"simple blah\"\n"); -+} -+ -+static void usage(void) -+{ -+ explain(); -+ exit(-1); -+} -+ -+static int -+parse_simple(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, -+ struct nlmsghdr *n) -+{ -+ struct tc_defact sel = {}; -+ int argc = *argc_p; -+ char **argv = *argv_p; -+ int ok = 0; -+ struct rtattr *tail; -+ char *simpdata = NULL; -+ -+ -+ while (argc > 0) { -+ if (matches(*argv, "simple") == 0) { -+ NEXT_ARG(); -+ simpdata = *argv; -+ ok = 1; -+ argc--; -+ argv++; -+ break; -+ } else if (matches(*argv, "help") == 0) { -+ usage(); -+ } else { -+ break; -+ } -+ -+ } -+ -+ if (!ok) { -+ explain(); -+ return -1; -+ } -+ -+ if (argc) { -+ if (matches(*argv, "index") == 0) { -+ NEXT_ARG(); -+ if (get_u32(&sel.index, *argv, 10)) { -+ fprintf(stderr, "simple: Illegal \"index\"\n"); -+ return -1; -+ } -+ argc--; -+ argv++; -+ } -+ } -+ -+ if (strlen(simpdata) > (SIMP_MAX_DATA - 1)) { -+ fprintf(stderr, "simple: Illegal string len %ld <%s> \n", -+ strlen(simpdata), simpdata); -+ return -1; -+ } -+ -+ sel.action = TC_ACT_PIPE; -+ -+ tail = NLMSG_TAIL(n); -+ addattr_l(n, MAX_MSG, tca_id, NULL, 0); -+ addattr_l(n, MAX_MSG, TCA_DEF_PARMS, &sel, sizeof(sel)); -+ addattr_l(n, MAX_MSG, TCA_DEF_DATA, simpdata, SIMP_MAX_DATA); -+ tail->rta_len = (char *)NLMSG_TAIL(n) - (char *)tail; -+ -+ *argc_p = argc; -+ *argv_p = argv; -+ return 0; -+} -+ -+static int print_simple(struct action_util *au, FILE * f, struct rtattr *arg) -+{ -+ struct tc_defact *sel; -+ struct rtattr *tb[TCA_DEF_MAX + 1]; -+ char *simpdata; -+ -+ if (arg == NULL) -+ return -1; -+ -+ parse_rtattr_nested(tb, TCA_DEF_MAX, arg); -+ -+ if (tb[TCA_DEF_PARMS] == NULL) { -+ fprintf(f, "[NULL simple parameters]"); -+ return -1; -+ } -+ sel = RTA_DATA(tb[TCA_DEF_PARMS]); -+ -+ if (tb[TCA_DEF_DATA] == NULL) { -+ fprintf(f, "[missing simple string]"); -+ return -1; -+ } -+ -+ simpdata = RTA_DATA(tb[TCA_DEF_DATA]); -+ -+ fprintf(f, "Simple <%s>\n", simpdata); -+ fprintf(f, "\t index %d ref %d bind %d", sel->index, -+ sel->refcnt, sel->bindcnt); -+ -+ if (show_stats) { -+ if (tb[TCA_DEF_TM]) { -+ struct tcf_t *tm = RTA_DATA(tb[TCA_DEF_TM]); -+ print_tm(f, tm); -+ fprintf(f, "\n"); -+ } -+ } -+ -+ return 0; -+} -+ -+struct action_util simple_action_util = { -+ .id = "simple", -+ .parse_aopt = parse_simple, -+ .print_aopt = print_simple, -+}; --- -1.8.3.1 - diff --git a/SOURCES/0125-simple-print-newline.patch b/SOURCES/0125-simple-print-newline.patch deleted file mode 100644 index fd00636..0000000 --- a/SOURCES/0125-simple-print-newline.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 2928f0b53aa26bf304a5ecc0b0339213c0046f7f Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Fri, 11 Mar 2016 15:37:57 +0100 -Subject: [PATCH] simple print newline - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1315930 -Upstream Status: iproute2.git commit 352f6f97bef6b - -commit 352f6f97bef6baefa21d973b914a67e7feac3d8f -Author: Jamal Hadi Salim <jhs@mojatatu.com> -Date: Sun Dec 22 07:50:09 2013 -0500 - - simple print newline - - attached. - - cheers, - jamal - commit d7869e6167c3553e93e254940b0647032b40fed8 - Author: Jamal Hadi Salim <jhs@mojatatu.com> - Date: Sun Dec 22 07:46:28 2013 -0500 - - print new line at the end for aesthetics - - Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> ---- - tc/m_simple.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tc/m_simple.c b/tc/m_simple.c -index 0224440..a8e1d6b 100644 ---- a/tc/m_simple.c -+++ b/tc/m_simple.c -@@ -188,9 +188,9 @@ static int print_simple(struct action_util *au, FILE * f, struct rtattr *arg) - if (tb[TCA_DEF_TM]) { - struct tcf_t *tm = RTA_DATA(tb[TCA_DEF_TM]); - print_tm(f, tm); -- fprintf(f, "\n"); - } - } -+ fprintf(f, "\n"); - - return 0; - } --- -1.8.3.1 - diff --git a/SOURCES/0125-tc-cls_flower-Add-to-the-usage-encapsulation-dest-UD.patch b/SOURCES/0125-tc-cls_flower-Add-to-the-usage-encapsulation-dest-UD.patch new file mode 100644 index 0000000..92c7b0f --- /dev/null +++ b/SOURCES/0125-tc-cls_flower-Add-to-the-usage-encapsulation-dest-UD.patch @@ -0,0 +1,47 @@ +From dd5789f30937ba9161c0fe4726650a5db4226164 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:23:54 +0100 +Subject: [PATCH] tc/cls_flower: Add to the usage encapsulation dest UDP port + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit bf73c650ac93a +Conflicts: Changes applied manually due to context changes from previous + backports. + +commit bf73c650ac93ae673291c584fe592ea70686e37e +Author: Hadar Hen Zion <hadarh@mellanox.com> +Date: Thu Dec 22 10:14:40 2016 +0200 + + tc/cls_flower: Add to the usage encapsulation dest UDP port + + Encapsulation dest UDP port is part of the classifier matching + parameters, add it to the usage. + + Fixes: 41aa17ff4668 ("tc/cls_flower: Add dest UDP port to tunnel params") + Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com> + Reported-by: Simon Horman <simon.horman@netronome.com> +--- + tc/f_flower.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 2774905..c3e0249 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -53,10 +53,11 @@ static void explain(void) + " dst_port PORT-NUMBER |\n" + " src_port PORT-NUMBER |\n" + " type ICMP-TYPE |\n" +- " code ICMP-CODE }\n" ++ " code ICMP-CODE |\n" + " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" +- " enc_key_id [ KEY-ID ] }\n" ++ " enc_key_id [ KEY-ID ] |\n" ++ " enc_dst_port [ UDP-PORT ] }\n" + " FILTERID := X:Y:Z\n" + " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n" + " ACTION-SPEC := ... look at individual actions\n" +-- +1.8.3.1 + diff --git a/SOURCES/0126-tc-flower-support-matching-flags.patch b/SOURCES/0126-tc-flower-support-matching-flags.patch new file mode 100644 index 0000000..e236927 --- /dev/null +++ b/SOURCES/0126-tc-flower-support-matching-flags.patch @@ -0,0 +1,131 @@ +From 092cf1937a4fcd54d189e2d7d4984d2b1969d82e Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:24:16 +0100 +Subject: [PATCH] tc: flower: support matching flags + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 22a8f019891ca + +commit 22a8f019891ca73295298384612008ff538e48fa +Author: Paul Blakey <paulb@mellanox.com> +Date: Thu Dec 29 10:42:08 2016 -0800 + + tc: flower: support matching flags + + Enhance flower to support matching on flags. + + The 1st flag allows to match on whether the packet is + an IP fragment. + + Example: + + # add a flower filter that will drop fragmented packets + # (bit 0 of control flags) + tc filter add dev ens4f0 protocol ip parent ffff: \ + flower \ + src_mac e4:1d:2d:fd:8b:01 \ + dst_mac e4:1d:2d:fd:8b:02 \ + indev ens4f0 \ + matching_flags 0x1/0x1 \ + action drop + + Signed-off-by: Paul Blakey <paulb@mellanox.com> + Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> + Reviewed-by: Roi Dayan <roid@mellanox.com> +--- + tc/f_flower.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 51 insertions(+) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index c3e0249..41d4da7 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -57,6 +57,7 @@ static void explain(void) + " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_key_id [ KEY-ID ] |\n" ++ " matching_flags MATCHING-FLAGS | \n" + " enc_dst_port [ UDP-PORT ] }\n" + " FILTERID := X:Y:Z\n" + " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n" +@@ -129,6 +130,31 @@ static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type, + return 0; + } + ++static int flower_parse_matching_flags(char *str, int type, int mask_type, ++ struct nlmsghdr *n) ++{ ++ __u32 mtf, mtf_mask; ++ char *c; ++ ++ c = strchr(str, '/'); ++ if (c) ++ *c = '\0'; ++ ++ if (get_u32(&mtf, str, 0)) ++ return -1; ++ ++ if (c) { ++ if (get_u32(&mtf_mask, ++c, 0)) ++ return -1; ++ } else { ++ mtf_mask = 0xffffffff; ++ } ++ ++ addattr32(n, MAX_MSG, type, htonl(mtf)); ++ addattr32(n, MAX_MSG, mask_type, htonl(mtf_mask)); ++ return 0; ++} ++ + static int flower_parse_ip_proto(char *str, __be16 eth_type, int type, + __u8 *p_ip_proto, struct nlmsghdr *n) + { +@@ -358,6 +384,16 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + return -1; + } + addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4); ++ } else if (matches(*argv, "matching_flags") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_matching_flags(*argv, ++ TCA_FLOWER_KEY_FLAGS, ++ TCA_FLOWER_KEY_FLAGS_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"matching_flags\"\n"); ++ return -1; ++ } + } else if (matches(*argv, "skip_hw") == 0) { + flags |= TCA_CLS_FLAGS_SKIP_HW; + } else if (matches(*argv, "skip_sw") == 0) { +@@ -657,6 +693,17 @@ static void flower_print_ip_proto(FILE *f, __u8 *p_ip_proto, + *p_ip_proto = ip_proto; + } + ++static void flower_print_matching_flags(FILE *f, char *name, ++ struct rtattr *attr, ++ struct rtattr *mask_attr) ++{ ++ if (!mask_attr || RTA_PAYLOAD(mask_attr) != 4) ++ return; ++ ++ fprintf(f, "\n %s 0x%08x/0x%08x", name, ntohl(rta_getattr_u32(attr)), ++ mask_attr ? ntohl(rta_getattr_u32(mask_attr)) : 0xffffffff); ++} ++ + static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type, + struct rtattr *addr4_attr, + struct rtattr *mask4_attr, +@@ -810,6 +857,10 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + flower_print_port(f, "enc_dst_port", + tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]); + ++ flower_print_matching_flags(f, "matching_flags", ++ tb[TCA_FLOWER_KEY_FLAGS], ++ tb[TCA_FLOWER_KEY_FLAGS_MASK]); ++ + if (tb[TCA_FLOWER_FLAGS]) { + __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]); + +-- +1.8.3.1 + diff --git a/SOURCES/0126-tc-minor-spelling-fixes.patch b/SOURCES/0126-tc-minor-spelling-fixes.patch deleted file mode 100644 index f25c1d2..0000000 --- a/SOURCES/0126-tc-minor-spelling-fixes.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 360643aed5b1cc553dbcfb34276ef1ad5589e7bf Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Fri, 11 Mar 2016 15:38:09 +0100 -Subject: [PATCH] tc: minor spelling fixes - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1315930 -Upstream Status: iproute2.git commit b2e116d6c395a - -commit b2e116d6c395ad079c0c488f22a7be06efad0102 -Author: Stephen Hemminger <shemming@brocade.com> -Date: Wed Dec 3 19:28:34 2014 -0800 - - tc: minor spelling fixes ---- - tc/m_simple.c | 2 +- - tc/m_xt.c | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tc/m_simple.c b/tc/m_simple.c -index a8e1d6b..b61aca7 100644 ---- a/tc/m_simple.c -+++ b/tc/m_simple.c -@@ -8,7 +8,7 @@ - * - * Authors: J Hadi Salim <jhs@mojatatu.com> - * -- * Pedagogical example. Adds a string that will be printed everytime -+ * Pedagogical example. Adds a string that will be printed every time - * the simple instance is hit. - * Use this as a skeleton action and keep modifying it to meet your needs. - * Look at linux/tc_act/tc_defact.h for the different components ids and -diff --git a/tc/m_xt.c b/tc/m_xt.c -index 48aac90..537daf8 100644 ---- a/tc/m_xt.c -+++ b/tc/m_xt.c -@@ -175,7 +175,7 @@ static int parse_ipt(struct action_util *a,int *argc_p, - &m->option_offset); - #endif - if (opts == NULL) { -- fprintf(stderr, " failed to find aditional options for target %s\n\n", optarg); -+ fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); - return -1; - } else - tcipt_globals.opts = opts; -@@ -346,7 +346,7 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) - &m->option_offset); - #endif - if (opts == NULL) { -- fprintf(stderr, " failed to find aditional options for target %s\n\n", optarg); -+ fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); - return -1; - } else - tmp_tcipt_globals.opts = opts; --- -1.8.3.1 - diff --git a/SOURCES/0127-tc-flower-Update-dest-UDP-port-documentation.patch b/SOURCES/0127-tc-flower-Update-dest-UDP-port-documentation.patch new file mode 100644 index 0000000..39d5232 --- /dev/null +++ b/SOURCES/0127-tc-flower-Update-dest-UDP-port-documentation.patch @@ -0,0 +1,67 @@ +From 45860a775736ee18ebb791a1431392ea18324f24 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:24:16 +0100 +Subject: [PATCH] tc: flower: Update dest UDP port documentation + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit a5ae170ed87c6 + +commit a5ae170ed87c6a096451c7a7b94950e7befd8878 +Author: Simon Horman <simon.horman@netronome.com> +Date: Wed Jan 4 12:02:18 2017 +0100 + + tc: flower: Update dest UDP port documentation + + Since 41aa17ff4668 ("tc/cls_flower: Add dest UDP port to tunnel params") + tc flower supports setting the dest UDP port. + + * Use "port_number" to be consistent with other man-page text + * Re-add "enc_dst_port" documentation to manpage which was + accidently removed by b2a1f740aa4d ("tc: flower: document that *_ip + parameters take a PREFIX as an argument.") + + Cc: Hadar Hen Zion <hadarh@mellanox.com> + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + man/man8/tc-flower.8 | 4 +++- + tc/f_flower.c | 2 +- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 3310496..5904a9e 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -40,7 +40,7 @@ flower \- flow based traffic control filter + .BR enc_dst_ip " | " enc_src_ip " } { " + .IR ipv4_address " | " ipv6_address " } | " + .B enc_dst_port +-.IR UDP-PORT " | " ++.IR port_number + .SH DESCRIPTION + The + .B flower +@@ -136,6 +136,8 @@ which have to be specified in beforehand. + .BI enc_dst_ip " PREFIX" + .TQ + .BI enc_src_ip " PREFIX" ++.TQ ++.BI enc_dst_port " NUMBER" + Match on IP tunnel metadata. Key id + .I NUMBER + is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel). +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 41d4da7..0623ab6 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -58,7 +58,7 @@ static void explain(void) + " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_key_id [ KEY-ID ] |\n" + " matching_flags MATCHING-FLAGS | \n" +- " enc_dst_port [ UDP-PORT ] }\n" ++ " enc_dst_port [ port_number ] }\n" + " FILTERID := X:Y:Z\n" + " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n" + " ACTION-SPEC := ... look at individual actions\n" +-- +1.8.3.1 + diff --git a/SOURCES/0127-whitespace-cleanup.patch b/SOURCES/0127-whitespace-cleanup.patch deleted file mode 100644 index 5932007..0000000 --- a/SOURCES/0127-whitespace-cleanup.patch +++ /dev/null @@ -1,99 +0,0 @@ -From efa905c6b20db4486e9ee6ab991ecfcd7a04ce63 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Fri, 11 Mar 2016 15:38:15 +0100 -Subject: [PATCH] whitespace cleanup - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1315930 -Upstream Status: iproute2.git commit 3d0b7439dfac9 -Conflicts: Just picking changes to tc/m_simple.c - -commit 3d0b7439dfac96d93386295a4c961b89bd3d8463 -Author: Stephen Hemminger <shemming@brocade.com> -Date: Sat Dec 20 15:47:17 2014 -0800 - - whitespace cleanup - - Remove all trailing whitespace and space before tabs. ---- - tc/m_simple.c | 38 +++++++++++++++++++------------------- - 1 file changed, 19 insertions(+), 19 deletions(-) - -diff --git a/tc/m_simple.c b/tc/m_simple.c -index b61aca7..866552f 100644 ---- a/tc/m_simple.c -+++ b/tc/m_simple.c -@@ -9,7 +9,7 @@ - * Authors: J Hadi Salim <jhs@mojatatu.com> - * - * Pedagogical example. Adds a string that will be printed every time -- * the simple instance is hit. -+ * the simple instance is hit. - * Use this as a skeleton action and keep modifying it to meet your needs. - * Look at linux/tc_act/tc_defact.h for the different components ids and - * definitions used in this actions -@@ -26,20 +26,20 @@ - * - hadi@noma1:$ tc qdisc add dev eth0 ingress - hadi@noma1:$tc filter add dev eth0 parent ffff: protocol ip prio 5 \ -- u32 match ip protocol 1 0xff flowid 1:1 action simple "Incoming ICMP" -- -+ u32 match ip protocol 1 0xff flowid 1:1 action simple "Incoming ICMP" -+ - hadi@noma1:$ sudo tc -s filter ls dev eth0 parent ffff: -- filter protocol ip pref 5 u32 -- filter protocol ip pref 5 u32 fh 800: ht divisor 1 -- filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 -+ filter protocol ip pref 5 u32 -+ filter protocol ip pref 5 u32 fh 800: ht divisor 1 -+ filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 - match 00010000/00ff0000 at 8 -- action order 1: Simple <Incoming ICMP> -- index 4 ref 1 bind 1 installed 29 sec used 29 sec -- Action statistics: -- Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) -- backlog 0b 0p requeues 0 -- -- -+ action order 1: Simple <Incoming ICMP> -+ index 4 ref 1 bind 1 installed 29 sec used 29 sec -+ Action statistics: -+ Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) -+ backlog 0b 0p requeues 0 -+ -+ - hadi@noma1$ ping -c 1 www.google.ca - PING www.google.ca (74.125.225.120) 56(84) bytes of data. - 64 bytes from ord08s08-in-f24.1e100.net (74.125.225.120): icmp_req=1 ttl=53 time=31.3 ms -@@ -52,15 +52,15 @@ - [135354.473951] simple: Incoming ICMP_1 - - hadi@noma1$ sudo tc/tc -s filter ls dev eth0 parent ffff: -- filter protocol ip pref 5 u32 -- filter protocol ip pref 5 u32 fh 800: ht divisor 1 -- filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 -+ filter protocol ip pref 5 u32 -+ filter protocol ip pref 5 u32 fh 800: ht divisor 1 -+ filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 - match 00010000/00ff0000 at 8 - action order 1: Simple <Incoming ICMP> - index 4 ref 1 bind 1 installed 206 sec used 67 sec - Action statistics: -- Sent 84 bytes 1 pkt (dropped 0, overlimits 0 requeues 0) -- backlog 0b 0p requeues 0 -+ Sent 84 bytes 1 pkt (dropped 0, overlimits 0 requeues 0) -+ backlog 0b 0p requeues 0 - */ - - #include <stdio.h> -@@ -82,7 +82,7 @@ - static void explain(void) - { - fprintf(stderr, "Usage: ... simple STRING\n" -- "STRING being an arbitrary string\n" -+ "STRING being an arbitrary string\n" - "example: \"simple blah\"\n"); - } - --- -1.8.3.1 - diff --git a/SOURCES/0128-tc-fix-compilation-warning-on-32bits-arch.patch b/SOURCES/0128-tc-fix-compilation-warning-on-32bits-arch.patch deleted file mode 100644 index 9aa8553..0000000 --- a/SOURCES/0128-tc-fix-compilation-warning-on-32bits-arch.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 9733ef83d303d0bbc45b96fa22c4f22d990fdcd0 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Fri, 11 Mar 2016 15:38:41 +0100 -Subject: [PATCH] tc: fix compilation warning on 32bits arch -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1315930 -Upstream Status: iproute2.git commit afa5158f02024 - -commit afa5158f02024ea9ac71a4bb262670bba17aebcd -Author: Nicolas Dichtel <nicolas.dichtel@6wind.com> -Date: Wed Apr 22 10:27:05 2015 +0200 - - tc: fix compilation warning on 32bits arch - - The warning was: - m_simple.c: In function ‘parse_simple’: - m_simple.c:142:4: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘size_t’ [-Wformat] - - Useful to be able to compile with -Werror. - - Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> ---- - tc/m_simple.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tc/m_simple.c b/tc/m_simple.c -index 866552f..1ad5526 100644 ---- a/tc/m_simple.c -+++ b/tc/m_simple.c -@@ -138,7 +138,7 @@ parse_simple(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, - } - - if (strlen(simpdata) > (SIMP_MAX_DATA - 1)) { -- fprintf(stderr, "simple: Illegal string len %ld <%s> \n", -+ fprintf(stderr, "simple: Illegal string len %zu <%s> \n", - strlen(simpdata), simpdata); - return -1; - } --- -1.8.3.1 - diff --git a/SOURCES/0128-tc-flower-Fix-flower-output-for-src-and-dst-ports.patch b/SOURCES/0128-tc-flower-Fix-flower-output-for-src-and-dst-ports.patch new file mode 100644 index 0000000..8ac5707 --- /dev/null +++ b/SOURCES/0128-tc-flower-Fix-flower-output-for-src-and-dst-ports.patch @@ -0,0 +1,43 @@ +From 8d988174bf4f103837c0acda1ee7218b1debcbe6 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:24:16 +0100 +Subject: [PATCH] tc: flower: Fix flower output for src and dst ports + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit b2141de1ad985 + +commit b2141de1ad98517ffecc1feb99800cd36a26fd22 +Author: Roi Dayan <roid@mellanox.com> +Date: Sun Jan 15 16:23:49 2017 +0200 + + tc: flower: Fix flower output for src and dst ports + + This fix a missing use case after the introduction of enum flower_endpoint. + + Fixes: 6910d65661a3 ("tc: flower: introduce enum flower_endpoint") + Signed-off-by: Roi Dayan <roid@mellanox.com> + Signed-off-by: Paul Blakey <paulb@mellanox.com> +--- + tc/f_flower.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 0623ab6..a3178a0 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -821,10 +821,10 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + tb[TCA_FLOWER_KEY_IPV6_SRC], + tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]); + +- nl_type = flower_port_attr_type(ip_proto, false); ++ nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_DST); + if (nl_type >= 0) + flower_print_port(f, "dst_port", tb[nl_type]); +- nl_type = flower_port_attr_type(ip_proto, true); ++ nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_SRC); + if (nl_type >= 0) + flower_print_port(f, "src_port", tb[nl_type]); + +-- +1.8.3.1 + diff --git a/SOURCES/0129-man-Add-a-man-page-for-the-csum-action.patch b/SOURCES/0129-man-Add-a-man-page-for-the-csum-action.patch deleted file mode 100644 index 71e4cea..0000000 --- a/SOURCES/0129-man-Add-a-man-page-for-the-csum-action.patch +++ /dev/null @@ -1,84 +0,0 @@ -From e7ba7a30f2e02c4666d7d41366e6a2077df1938d Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:19 +0200 -Subject: [PATCH] man: Add a man page for the csum action. - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit 438dd1d49d71b - -commit 438dd1d49d71b5d19f51637c50005f11755558dc -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 13:11:37 2016 +0100 - - man: Add a man page for the csum action. - - Cc: Gregoire Baron <baronchon@n7mm.org> - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/tc-csum.8 | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 54 insertions(+) - create mode 100644 man/man8/tc-csum.8 - -diff --git a/man/man8/tc-csum.8 b/man/man8/tc-csum.8 -new file mode 100644 -index 0000000..9d00aae ---- /dev/null -+++ b/man/man8/tc-csum.8 -@@ -0,0 +1,54 @@ -+.TH "Checksum action in tc" 8 "11 Jan 2015" "iproute2" "Linux" -+ -+.SH NAME -+csum - checksum update action -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " ... " "action csum" -+.I UPDATE -+ -+.ti -8 -+.IR UPDATE " := " TARGET " [ " UPDATE " ]" -+ -+.ti -8 -+.IR TARGET " := { " -+.BR ip4h " |" -+.BR icmp " |" -+.BR igmp " |" -+.BR tcp " |" -+.BR udp " |" -+.BR udplite " |" -+.IR SWEETS " }" -+ -+.ti -8 -+.IR SWEETS " := { " -+.BR and " | " or " | " + " }" -+.SH DESCRIPTION -+The -+.B csum -+action triggers checksum recalculation of specified packet headers. It is -+commonly used after packet editing using the -+.B pedit -+action to fix for then incorrect checksums. -+.SH OPTIONS -+.TP -+.I TARGET -+Specify which headers to update: IPv4 header -+.RB ( ip4h ), -+ICMP header -+.RB ( icmp ), -+IGMP header -+.RB ( igmp ), -+TCP header -+.RB ( tcp ), -+UDP header -+.RB ( udp ") or" -+UDPLite header -+.RB ( udplite ). -+.TP -+.B SWEETS -+These are merely syntactic sugar and ignored internally. -+.SH SEE ALSO -+.BR tc (8), -+.BR tc-pedit (8) --- -1.8.3.1 - diff --git a/SOURCES/0129-tc-flower-Add-missing-err-check-when-parsing-flower-.patch b/SOURCES/0129-tc-flower-Add-missing-err-check-when-parsing-flower-.patch new file mode 100644 index 0000000..6411f99 --- /dev/null +++ b/SOURCES/0129-tc-flower-Add-missing-err-check-when-parsing-flower-.patch @@ -0,0 +1,41 @@ +From e22b364d6615a03fe4c21b8c5640cabf07aa81ca Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:24:16 +0100 +Subject: [PATCH] tc: flower: Add missing err check when parsing flower options + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit c85609b25faff + +commit c85609b25faff034d450b0106fac7932d6acf124 +Author: Roi Dayan <roid@mellanox.com> +Date: Thu Jan 19 14:31:19 2017 +0200 + + tc: flower: Add missing err check when parsing flower options + + addattr32 may return an error. + + Fixes: cfcabf18d84a ("tc: flower: Add skip_{hw|sw} support") + Signed-off-by: Roi Dayan <roid@mellanox.com> + Reviewed-by: Paul Blakey <paulb@mellanox.com> +--- + tc/f_flower.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index a3178a0..d210b67 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -591,7 +591,9 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + } + + parse_done: +- addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags); ++ ret = addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags); ++ if (ret) ++ return ret; + + ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type); + if (ret) { +-- +1.8.3.1 + diff --git a/SOURCES/0130-man-Add-a-man-page-for-the-mirred-action.patch b/SOURCES/0130-man-Add-a-man-page-for-the-mirred-action.patch deleted file mode 100644 index 4145351..0000000 --- a/SOURCES/0130-man-Add-a-man-page-for-the-mirred-action.patch +++ /dev/null @@ -1,118 +0,0 @@ -From c38162b8ca4f45f08a99d4aaa44a0e43eb5da54f Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:19 +0200 -Subject: [PATCH] man: Add a man page for the mirred action - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit 61d74eed701f8 - -commit 61d74eed701f8a54c9f0c549cbad0722e53482ff -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 13:11:38 2016 +0100 - - man: Add a man page for the mirred action - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/tc-mirred.8 | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 89 insertions(+) - create mode 100644 man/man8/tc-mirred.8 - -diff --git a/man/man8/tc-mirred.8 b/man/man8/tc-mirred.8 -new file mode 100644 -index 0000000..52d98bc ---- /dev/null -+++ b/man/man8/tc-mirred.8 -@@ -0,0 +1,89 @@ -+.TH "Mirror/redirect action in tc" 8 "11 Jan 2015" "iproute2" "Linux" -+ -+.SH NAME -+mirred - mirror/redirect action -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " ... " "action mirred" -+.I DIRECTION ACTION -+.RB "[ " index -+.IR INDEX " ] " -+.BI dev " DEVICENAME" -+ -+.ti -8 -+.IR DIRECTION " := { " -+.BR ingress " | " egress " }" -+ -+.ti -8 -+.IR ACTION " := { " -+.BR mirror " | " redirect " }" -+.SH DESCRIPTION -+The -+.B mirred -+action allows to redirect or mirror packets to another network interface on the -+same system. It is typically used in combination with the -+.B ifb -+pseudo device to create a shrared instance where QoS happens, but serves well -+for debugging or monitoring purposes, too. -+.SH OPTIONS -+.TP -+.B ingress -+.TQ -+.B egress -+Specify the direction in which the packet shall appear on the destination -+interface. Currently only -+.B egress -+is implemented. -+.TP -+.B mirror -+.TQ -+.B redirect -+Define whether the packet should be copied -+.RB ( mirror ) -+or moved -+.RB ( redirect ) -+to the destination interface. -+.TP -+.BI index " INDEX" -+Assign a unique ID to this action instead of letting the kernel choose one -+automatically. -+.I INDEX -+is a 32bit unsigned integer greater than zero. -+.TP -+.BI dev " DEVICENAME" -+Specify the network interface to redirect or mirror to. -+.SH EXAMPLES -+Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for -+debugging purposes: -+ -+.RS -+.EX -+# tc qdisc add dev eth0 handle ffff: ingress -+# tc filter add dev eth0 parent ffff: u32 \\ -+ match u32 0 0 \\ -+ action police rate 1mbit burst 100k conform-exceed pipe \\ -+ action mirred egress redirect dev lo -+.EE -+.RE -+ -+Use an -+.B ifb -+interface to send ingress traffic on eth0 through an instance of -+.BR sfq : -+ -+.RS -+.EX -+# modprobe ifb -+# ip link set ifb0 up -+# tc qdisc add dev ifb0 root sfq -+# tc qdisc add dev eth0 handle ffff: ingress -+# tc filter add dev eth0 parent ffff: u32 \\ -+ match u32 0 0 \\ -+ action mirred egress redirect dev ifb0 -+.EE -+.RE -+ -+.SH SEE ALSO -+.BR tc (8), -+.BR tc-u32 (8) --- -1.8.3.1 - diff --git a/SOURCES/0130-tc-flower-Fix-incorrect-error-msg-about-eth-type.patch b/SOURCES/0130-tc-flower-Fix-incorrect-error-msg-about-eth-type.patch new file mode 100644 index 0000000..0c8a783 --- /dev/null +++ b/SOURCES/0130-tc-flower-Fix-incorrect-error-msg-about-eth-type.patch @@ -0,0 +1,45 @@ +From ecc95046a60be0fa94e574fa41a17d01a7801516 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:24:16 +0100 +Subject: [PATCH] tc: flower: Fix incorrect error msg about eth type + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 00697ca19ae3e + +commit 00697ca19ae3e1118f2af82c3b41ac4335fe918b +Author: Roi Dayan <roid@mellanox.com> +Date: Thu Jan 19 14:31:20 2017 +0200 + + tc: flower: Fix incorrect error msg about eth type + + addattr16 may return an error about the nl msg size + but not about incorrect eth type. + + Fixes: 488b41d020fb ("tc: flower no need to specify the ethertype") + Signed-off-by: Roi Dayan <roid@mellanox.com> + Reviewed-by: Paul Blakey <paulb@mellanox.com> +--- + tc/f_flower.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index d210b67..20f9a85 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -596,11 +596,8 @@ parse_done: + return ret; + + ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type); +- if (ret) { +- fprintf(stderr, "Illegal \"eth_type\"(0x%x)\n", +- ntohs(eth_type)); +- return -1; +- } ++ if (ret) ++ return ret; + + tail->rta_len = (((void*)n)+n->nlmsg_len) - (void*)tail; + +-- +1.8.3.1 + diff --git a/SOURCES/0131-kernel-headers-update.patch b/SOURCES/0131-kernel-headers-update.patch new file mode 100644 index 0000000..2baefeb --- /dev/null +++ b/SOURCES/0131-kernel-headers-update.patch @@ -0,0 +1,74 @@ +From 12826e1deb34890a54e887c5fe3065b6386d4995 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:24:16 +0100 +Subject: [PATCH] kernel headers update + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit e2ade8cefb7ff + +commit e2ade8cefb7ffe7d53b21a73b88a627d555c0371 +Author: Stephen Hemminger <stephen@networkplumber.org> +Date: Thu Jan 12 17:45:30 2017 -0800 + + kernel headers update + + For flower, etc. + + Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> +--- + include/linux/netlink.h | 1 + + include/linux/pkt_cls.h | 11 +++++++++++ + include/linux/tc_act/tc_csum.h | 3 ++- + 3 files changed, 14 insertions(+), 1 deletion(-) + +diff --git a/include/linux/netlink.h b/include/linux/netlink.h +index 8a7ca5c..a982b3c 100644 +--- a/include/linux/netlink.h ++++ b/include/linux/netlink.h +@@ -27,6 +27,7 @@ + #define NETLINK_ECRYPTFS 19 + #define NETLINK_RDMA 20 + #define NETLINK_CRYPTO 21 /* Crypto layer */ ++#define NETLINK_SMC 22 /* SMC monitoring */ + + #define NETLINK_INET_DIAG NETLINK_SOCK_DIAG + +diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h +index af17f3c..faed2e6 100644 +--- a/include/linux/pkt_cls.h ++++ b/include/linux/pkt_cls.h +@@ -417,6 +417,17 @@ enum { + TCA_FLOWER_KEY_ICMPV6_TYPE, /* u8 */ + TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,/* u8 */ + ++ TCA_FLOWER_KEY_ARP_SIP, /* be32 */ ++ TCA_FLOWER_KEY_ARP_SIP_MASK, /* be32 */ ++ TCA_FLOWER_KEY_ARP_TIP, /* be32 */ ++ TCA_FLOWER_KEY_ARP_TIP_MASK, /* be32 */ ++ TCA_FLOWER_KEY_ARP_OP, /* u8 */ ++ TCA_FLOWER_KEY_ARP_OP_MASK, /* u8 */ ++ TCA_FLOWER_KEY_ARP_SHA, /* ETH_ALEN */ ++ TCA_FLOWER_KEY_ARP_SHA_MASK, /* ETH_ALEN */ ++ TCA_FLOWER_KEY_ARP_THA, /* ETH_ALEN */ ++ TCA_FLOWER_KEY_ARP_THA_MASK, /* ETH_ALEN */ ++ + __TCA_FLOWER_MAX, + }; + +diff --git a/include/linux/tc_act/tc_csum.h b/include/linux/tc_act/tc_csum.h +index 8ac8041..a11bb35 100644 +--- a/include/linux/tc_act/tc_csum.h ++++ b/include/linux/tc_act/tc_csum.h +@@ -21,7 +21,8 @@ enum { + TCA_CSUM_UPDATE_FLAG_IGMP = 4, + TCA_CSUM_UPDATE_FLAG_TCP = 8, + TCA_CSUM_UPDATE_FLAG_UDP = 16, +- TCA_CSUM_UPDATE_FLAG_UDPLITE = 32 ++ TCA_CSUM_UPDATE_FLAG_UDPLITE = 32, ++ TCA_CSUM_UPDATE_FLAG_SCTP = 64, + }; + + struct tc_csum { +-- +1.8.3.1 + diff --git a/SOURCES/0131-man-Add-a-man-page-for-the-nat-action.patch b/SOURCES/0131-man-Add-a-man-page-for-the-nat-action.patch deleted file mode 100644 index b9cccc1..0000000 --- a/SOURCES/0131-man-Add-a-man-page-for-the-nat-action.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 4670c581d7173b300d30eedfc6a4ddbf504011bd Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:19 +0200 -Subject: [PATCH] man: Add a man page for the nat action - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit ec0bab1e028a9 - -commit ec0bab1e028a9a8178ae18c4fa6ca600dcf167ba -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 13:11:39 2016 +0100 - - man: Add a man page for the nat action - - Cc: Herbert Xu <herbert@gondor.apana.org.au> - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/tc-nat.8 | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 78 insertions(+) - create mode 100644 man/man8/tc-nat.8 - -diff --git a/man/man8/tc-nat.8 b/man/man8/tc-nat.8 -new file mode 100644 -index 0000000..fdcc052 ---- /dev/null -+++ b/man/man8/tc-nat.8 -@@ -0,0 +1,78 @@ -+.TH "NAT action in tc" 8 "12 Jan 2015" "iproute2" "Linux" -+ -+.SH NAME -+nat - stateless native address translation action -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " ... " "action nat" -+.I DIRECTION OLD NEW -+ -+.ti -8 -+.IR DIRECTION " := { " -+.BR ingress " | " egress " }" -+ -+.ti -8 -+.IR OLD " := " IPV4_ADDR_SPEC -+ -+.ti -8 -+.IR NEW " := " IPV4_ADDR_SPEC -+ -+.ti -8 -+.IR IPV4_ADDR_SPEC " := { " -+.BR default " | " any " | " all " | " -+\fIin_addr\fR[\fB/\fR{\fIprefix\fR|\fInetmask\fR}] -+.SH DESCRIPTION -+The -+.B nat -+action allows to perform NAT without the overhead of conntrack, which is -+desirable if the number of flows or addresses to perform NAT on is large. This -+action is best used in combination with the -+.B u32 -+filter to allow for efficient lookups of a large number of stateless NAT rules -+in constant time. -+.SH OPTIONS -+.TP -+.B ingress -+Translate destination addresses, i.e. perform DNAT. -+.TP -+.B egress -+Translate source addresses, i.e. perform SNAT. -+.TP -+.I OLD -+Specifies addresses which should be translated. -+.TP -+.I NEW -+Specifies addresses which -+.I OLD -+should be translated into. -+.SH NOTES -+The accepted address format in -+.IR OLD " and " NEW -+is quite flexible. It may either consist of one of the keywords -+.BR default ", " any " or " all , -+representing the all-zero IP address or a combination of IP address and netmask -+or prefix length separated by a slash -+.RB ( / ) -+sign. In any case, the mask (or prefix length) value of -+.I OLD -+is used for -+.I NEW -+as well so that a one-to-one mapping of addresses is assured. -+ -+Address translation is done using a combination of binary operations. First, the -+original (source or destination) address is matched against the value of -+.IR OLD . -+If the original address fits, the new address is created by taking the leading -+bits from -+.I NEW -+(defined by the netmask of -+.IR OLD ) -+and taking the remaining bits from the original address. -+ -+There is rudimental support for upper layer protocols, namely TCP, UDP and ICMP. -+While for the first two only checksum recalculation is performed, the action -+also takes care of embedded IP headers in ICMP packets by translating the -+respective address therein, too. -+.SH SEE ALSO -+.BR tc (8) --- -1.8.3.1 - diff --git a/SOURCES/0132-man-Add-a-man-page-for-the-pedit-action.patch b/SOURCES/0132-man-Add-a-man-page-for-the-pedit-action.patch deleted file mode 100644 index ac4171f..0000000 --- a/SOURCES/0132-man-Add-a-man-page-for-the-pedit-action.patch +++ /dev/null @@ -1,259 +0,0 @@ -From be321a9a9608a4e9b85b5d1ab6606687a8a90cb0 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:19 +0200 -Subject: [PATCH] man: Add a man page for the pedit action - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit 448800026ff71 - -commit 448800026ff7189f297233c6588457a7e9770183 -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 13:11:40 2016 +0100 - - man: Add a man page for the pedit action - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/tc-pedit.8 | 230 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 230 insertions(+) - create mode 100644 man/man8/tc-pedit.8 - -diff --git a/man/man8/tc-pedit.8 b/man/man8/tc-pedit.8 -new file mode 100644 -index 0000000..c30927e ---- /dev/null -+++ b/man/man8/tc-pedit.8 -@@ -0,0 +1,230 @@ -+.TH "Generic packet editor action in tc" 8 "12 Jan 2015" "iproute2" "Linux" -+ -+.SH NAME -+pedit - generic packet editor action -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " ... " "action pedit munge " { -+.IR RAW_OP " | " LAYERED_OP " } [ " BRANCH " ]" -+ -+.ti -8 -+.IR RAW_OP " := " -+.BI offset " OFFSET" -+.RB "{ " u8 " | " u16 " | " u32 " } [" -+.IR AT_SPEC " ] " CMD_SPEC -+ -+.ti -8 -+.IR AT_SPEC " := " -+.BI at " AT " offmask " MASK " shift " SHIFT" -+ -+.ti -8 -+.IR LAYERED_OP " := { " -+.BI ip " IPHDR_FIELD" -+| -+.BI ip6 " IP6HDR_FIELD" -+| -+.BI udp " UDPHDR_FIELD" -+| -+.BI tcp " TCPHDR_FIELD" -+| -+.BI icmp " ICMPHDR_FIELD" -+.RI } " CMD_SPEC" -+ -+.ti -8 -+.IR IPHDR_FIELD " := { " -+.BR src " | " dst " | " tos " | " dsfield " | " ihl " | " protocol " |" -+.BR precedence " | " nofrag " | " firstfrag " | " ce " | " df " |" -+.BR mf " | " dport " | " sport " | " icmp_type " | " icmp_code " }" -+ -+.ti -8 -+.IR CMD_SPEC " := {" -+.BR clear " | " invert " | " set -+.IR VAL " | " -+.BR preserve " } [ " retain -+.IR RVAL " ]" -+ -+.ti -8 -+.IR BRANCH " := {" -+.BR reclassify " | " pipe " | " drop " | " shot " | " continue " | " pass " }" -+.SH DESCRIPTION -+The -+.B pedit -+action can be used to change arbitrary packet data. The location of data to -+change can either be specified by giving an offset and size as in -+.IR RAW_OP , -+or for header values by naming the header and field to edit the size is then -+chosen automatically based on the header field size. Currently this is supported -+only for IPv4 headers. -+.SH OPTIONS -+.TP -+.BI offset " OFFSET " "\fR{ \fBu32 \fR| \fBu16 \fR| \fBu8 \fR}" -+Specify the offset at which to change data. -+.I OFFSET -+is a signed integer, it's base is automatically chosen (e.g. hex if prefixed by -+.B 0x -+or octal if prefixed by -+.BR 0 ). -+The second argument specifies the length of data to change, that is four bytes -+.RB ( u32 ), -+two bytes -+.RB ( u16 ) -+or a single byte -+.RB ( u8 ). -+.TP -+.BI at " AT " offmask " MASK " shift " SHIFT" -+This is an optional part of -+.IR RAW_OP -+which allows to have a variable -+.I OFFSET -+depending on packet data at offset -+.IR AT , -+which is binary ANDed with -+.I MASK -+and right-shifted by -+.I SHIFT -+before adding it to -+.IR OFFSET . -+.TP -+.BI ip " IPHDR_FIELD" -+Change an IPv4 header field. The supported keywords for -+.I IPHDR_FIELD -+are: -+.RS -+.TP -+.B src -+.TQ -+.B dst -+Source or destination IP address, a four-byte value. -+.TP -+.B tos -+.TQ -+.B dsfield -+.TQ -+.B precedence -+Type Of Service field, an eight-bit value. -+.TP -+.B ihl -+Change the IP Header Length field, a four-bit value. -+.TP -+.B protocol -+Next-layer Protocol field, an eight-bit value. -+.TP -+.B nofrag -+.TQ -+.B firstfrag -+.TQ -+.B ce -+.TQ -+.B df -+.TQ -+.B mf -+Change IP header flags. Note that the value to pass to the -+.B set -+command is not just a bit value, but the full byte including the flags field. -+Though only the relevant bits of that value are respected, the rest ignored. -+.TP -+.B dport -+.TQ -+.B sport -+Destination or source port numbers, a 16-bit value. Indeed, IPv4 headers don't -+contain this information. Instead, this will set an offset which suits at least -+TCP and UDP if the IP header is of minimum size (20 bytes). If not, this will do -+unexpected things. -+.TP -+.B icmp_type -+.TQ -+.B icmp_code -+Again, this allows to change data past the actual IP header itself. It assumes -+an ICMP header is present immediately following the (minimal sized) IP header. -+If it is not or the latter is bigger than the minimum of 20 bytes, this will do -+unexpected things. These fields are eight-bit values. -+.RE -+.TP -+.B clear -+Clear the addressed data (i.e., set it to zero). -+.TP -+.B invert -+Swap every bit in the addressed data. -+.TP -+.BI set " VAL" -+Set the addressed data to a specific value. The size of -+.I VAL -+is defined by either one of the -+.BR u32 ", " u16 " or " u8 -+keywords in -+.IR RAW_OP , -+or the size of the addressed header field in -+.IR LAYERED_OP . -+.TP -+.B preserve -+Keep the addressed data as is. -+.TP -+.BI retain " RVAL" -+This optional extra part of -+.I CMD_SPEC -+allows to exclude bits from being changed. -+.TP -+.I BRANCH -+The following keywords allow to control how the tree of qdisc, classes, -+filters and actions is further traversed after this action. -+.RS -+.TP -+.B reclassify -+Restart with the first filter in the current list. -+.TP -+.B pipe -+Continue with the next action attached to the same filter. -+.TP -+.B drop -+.TQ -+.B shot -+Drop the packet. -+.TP -+.B continue -+Continue classification with the next filter in line. -+.TP -+.B pass -+Finish classification process and return to calling qdisc for further packet -+processing. This is the default. -+.RE -+.SH EXAMPLES -+Being able to edit packet data, one could do all kinds of things, such as e.g. -+implementing port redirection. Certainly not the most useful application, but -+as an example it should do: -+ -+First, qdiscs need to be set up to attach filters to. For the receive path, a simple -+.B ingress -+qdisc will do, for transmit path a classful qdisc -+.RB ( HTB -+in this case) is necessary: -+ -+.RS -+.EX -+tc qdisc replace dev eth0 root handle 1: htb -+tc qdisc add dev eth0 ingress handle ffff: -+.EE -+.RE -+ -+Finally, a filter with -+.B pedit -+action can be added for each direction. In this case, -+.B u32 -+is used matching on the port number to redirect from, while -+.B pedit -+then does the actual rewriting: -+ -+.RS -+.EX -+tc filter add dev eth0 parent 1: u32 \\ -+ match ip dport 23 0xffff \\ -+ action pedit pedit munge ip dport set 22 -+tc filter add dev eth0 parent ffff: u32 \\ -+ match ip sport 22 0xffff \\ -+ action pedit pedit munge ip sport set 23 -+.EE -+.RE -+.SH SEE ALSO -+.BR tc (8), -+.BR tc-htb (8), -+.BR tc-u32 (8) --- -1.8.3.1 - diff --git a/SOURCES/0132-tc-flower-Support-matching-ARP.patch b/SOURCES/0132-tc-flower-Support-matching-ARP.patch new file mode 100644 index 0000000..21767f8 --- /dev/null +++ b/SOURCES/0132-tc-flower-Support-matching-ARP.patch @@ -0,0 +1,381 @@ +From 8b5f12cb701561aea1e7ece9267719bde085d328 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:24:17 +0100 +Subject: [PATCH] tc: flower: Support matching ARP + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit f888f4e20534a +Conflicts: Context changes due to previously backported commits. + +commit f888f4e20534ae44ec4c5a2cfc5209b105645a04 +Author: Simon Horman <simon.horman@netronome.com> +Date: Thu Jan 12 09:11:59 2017 +0100 + + tc: flower: Support matching ARP + + Support matching on ARP operation, and hardware and protocol addresses + for Ethernet hardware and IPv4 protocol addresses. + + Example usage: + + tc qdisc add dev eth0 ingress + + tc filter add dev eth0 protocol arp parent ffff: flower indev eth0 \ arp_op request arp_sip 10.0.0.1 action drop + tc filter add dev eth0 protocol rarp parent ffff: flower indev eth0 \ arp_op reply arp_tha 52:54:3f:00:00:00/24 action drop + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + man/man8/tc-flower.8 | 41 +++++++++- + tc/f_flower.c | 208 +++++++++++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 232 insertions(+), 17 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 5904a9e..2dd2c5e 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -34,7 +34,13 @@ flower \- flow based traffic control filter + .BR dst_ip " | " src_ip " } " + .IR PREFIX " | { " + .BR dst_port " | " src_port " } " +-.IR port_number " } | " ++.IR port_number " } | { " ++.BR arp_tip " | " arp_sip " } " ++.IR PREFIX " | " ++.BR arp_op " { " request " | " reply " | " ++.IR OP " } | { " ++.BR arp_tha " | " arp_sha " } " ++.IR MASKED_LLADDR " | " + .B enc_key_id + .IR KEY-ID " | {" + .BR enc_dst_ip " | " enc_src_ip " } { " +@@ -131,6 +137,36 @@ Match on ICMP type or code. Only available for + .BR ip_proto " values " icmp " and " icmpv6 + which have to be specified in beforehand. + .TP ++.BI arp_tip " PREFIX" ++.TQ ++.BI arp_sip " PREFIX" ++Match on ARP or RARP sender or target IP address. ++.I PREFIX ++must be a valid IPv4 address optionally followed by a slash and the prefix ++length. If the prefix is missing, \fBtc\fR assumes a full-length host ++match. ++.TP ++.BI arp_op " ARP_OP" ++Match on ARP or RARP operation. ++.I ARP_OP ++may be ++.BR request ", " reply ++or an integer value 0, 1 or 2. A mask may be optionally provided to limit ++the bits of the operation which are matched. A mask is provided by ++following the address with a slash and then the mask. It may be provided as ++an unsigned 8 bit value representing a bitwise mask. If the mask is missing ++then a match on all bits is assumed. ++.TP ++.BI arp_sha " MASKED_LLADDR" ++.TQ ++.BI arp_tha " MASKED_LLADDR" ++Match on ARP or RARP sender or target MAC address. A mask may be optionally ++provided to limit the bits of the address which are matched. A mask is ++provided by following the address with a slash and then the mask. It may be ++provided in LLADDR format, in which case it is a bitwise mask, or as a ++number of high bits to match. If the mask is missing then a match on all ++bits is assumed. ++.TP + .BI enc_key_id " NUMBER" + .TQ + .BI enc_dst_ip " PREFIX" +@@ -152,7 +188,8 @@ As stated above where applicable, matches of a certain layer implicitly depend + on the matches of the next lower layer. Precisely, layer one and two matches + (\fBindev\fR, \fBdst_mac\fR and \fBsrc_mac\fR) + have no dependency, layer three matches +-(\fBip_proto\fR, \fBdst_ip\fR and \fBsrc_ip\fR) ++(\fBip_proto\fR, \fBdst_ip\fR, \fBsrc_ip\fR, \fBarp_tip\fR, \fBarp_sip\fR, ++\fBarp_op\fR, \fBarp_tha\fR and \fBarp_sha\fR) + depend on the + .B protocol + option of tc filter, layer four port matches +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 20f9a85..2473aea 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -15,6 +15,7 @@ + #include <syslog.h> + #include <string.h> + #include <net/if.h> ++#include <linux/if_arp.h> + #include <linux/if_ether.h> + #include <linux/ip.h> + #include <linux/tc_act/tc_vlan.h> +@@ -54,6 +55,11 @@ static void explain(void) + " src_port PORT-NUMBER |\n" + " type ICMP-TYPE |\n" + " code ICMP-CODE |\n" ++ " arp_tip PREFIX |\n" ++ " arp_sip PREFIX |\n" ++ " arp_op [ request | reply | OP ] |\n" ++ " arp_tha MASKED-LLADDR |\n" ++ " arp_sha MASKED-LLADDR |\n" + " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_key_id [ KEY-ID ] |\n" +@@ -192,27 +198,16 @@ err: + return -1; + } + +-static int flower_parse_ip_addr(char *str, __be16 eth_type, +- int addr4_type, int mask4_type, +- int addr6_type, int mask6_type, +- struct nlmsghdr *n) ++static int __flower_parse_ip_addr(char *str, int family, ++ int addr4_type, int mask4_type, ++ int addr6_type, int mask6_type, ++ struct nlmsghdr *n) + { + int ret; + inet_prefix addr; +- int family; + int bits; + int i; + +- if (eth_type == htons(ETH_P_IP)) { +- family = AF_INET; +- } else if (eth_type == htons(ETH_P_IPV6)) { +- family = AF_INET6; +- } else if (!eth_type) { +- family = AF_UNSPEC; +- } else { +- return -1; +- } +- + ret = get_prefix(&addr, str, family); + if (ret) + return -1; +@@ -245,6 +240,89 @@ static int flower_parse_ip_addr(char *str, __be16 eth_type, + return 0; + } + ++static int flower_parse_ip_addr(char *str, __be16 eth_type, ++ int addr4_type, int mask4_type, ++ int addr6_type, int mask6_type, ++ struct nlmsghdr *n) ++{ ++ int family; ++ ++ if (eth_type == htons(ETH_P_IP)) { ++ family = AF_INET; ++ } else if (eth_type == htons(ETH_P_IPV6)) { ++ family = AF_INET6; ++ } else if (!eth_type) { ++ family = AF_UNSPEC; ++ } else { ++ return -1; ++ } ++ ++ return __flower_parse_ip_addr(str, family, addr4_type, addr6_type, ++ mask4_type, mask6_type, n); ++} ++ ++static bool flower_eth_type_arp(__be16 eth_type) ++{ ++ return eth_type == htons(ETH_P_ARP) || eth_type == htons(ETH_P_RARP); ++} ++ ++static int flower_parse_arp_ip_addr(char *str, __be16 eth_type, ++ int addr_type, int mask_type, ++ struct nlmsghdr *n) ++{ ++ if (!flower_eth_type_arp(eth_type)) ++ return -1; ++ ++ return __flower_parse_ip_addr(str, AF_INET, addr_type, mask_type, ++ TCA_FLOWER_UNSPEC, TCA_FLOWER_UNSPEC, n); ++} ++ ++static int flower_parse_arp_op(char *str, __be16 eth_type, ++ int op_type, int mask_type, ++ struct nlmsghdr *n) ++{ ++ char *slash; ++ int ret, err = -1; ++ uint8_t value, mask; ++ ++ slash = strchr(str, '/'); ++ if (slash) ++ *slash = '\0'; ++ ++ if (!flower_eth_type_arp(eth_type)) ++ goto err; ++ ++ if (!strcmp(str, "request")) { ++ value = ARPOP_REQUEST; ++ } else if (!strcmp(str, "reply")) { ++ value = ARPOP_REPLY; ++ } else { ++ ret = get_u8(&value, str, 10); ++ if (ret) ++ goto err; ++ if (value && value != ARPOP_REQUEST && value != ARPOP_REPLY) ++ goto err; ++ } ++ ++ if (slash) { ++ ret = get_u8(&mask, slash + 1, 10); ++ if (ret) ++ goto err; ++ } ++ else { ++ mask = UINT8_MAX; ++ } ++ ++ addattr8(n, MAX_MSG, op_type, value); ++ addattr8(n, MAX_MSG, mask_type, mask); ++ ++ err = 0; ++err: ++ if (slash) ++ *slash = '/'; ++ return err; ++} ++ + static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto, + enum flower_icmp_field field) + { +@@ -531,6 +609,59 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + fprintf(stderr, "Illegal \"icmp code\"\n"); + return -1; + } ++ } else if (matches(*argv, "arp_tip") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ? ++ vlan_ethtype : eth_type, ++ TCA_FLOWER_KEY_ARP_TIP, ++ TCA_FLOWER_KEY_ARP_TIP_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"arp_tip\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "arp_sip") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ? ++ vlan_ethtype : eth_type, ++ TCA_FLOWER_KEY_ARP_SIP, ++ TCA_FLOWER_KEY_ARP_SIP_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"arp_sip\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "arp_op") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_arp_op(*argv, vlan_ethtype ? ++ vlan_ethtype : eth_type, ++ TCA_FLOWER_KEY_ARP_OP, ++ TCA_FLOWER_KEY_ARP_OP_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"arp_op\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "arp_tha") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_eth_addr(*argv, ++ TCA_FLOWER_KEY_ARP_THA, ++ TCA_FLOWER_KEY_ARP_THA_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"arp_tha\"\n"); ++ return -1; ++ } ++ } else if (matches(*argv, "arp_sha") == 0) { ++ NEXT_ARG(); ++ ret = flower_parse_eth_addr(*argv, ++ TCA_FLOWER_KEY_ARP_SHA, ++ TCA_FLOWER_KEY_ARP_SHA_MASK, ++ n); ++ if (ret < 0) { ++ fprintf(stderr, "Illegal \"arp_sha\"\n"); ++ return -1; ++ } + } else if (matches(*argv, "enc_dst_ip") == 0) { + NEXT_ARG(); + ret = flower_parse_ip_addr(*argv, 0, +@@ -662,6 +793,10 @@ static void flower_print_eth_type(FILE *f, __be16 *p_eth_type, + fprintf(f, "ipv4"); + else if (eth_type == htons(ETH_P_IPV6)) + fprintf(f, "ipv6"); ++ else if (eth_type == htons(ETH_P_ARP)) ++ fprintf(f, "arp"); ++ else if (eth_type == htons(ETH_P_RARP)) ++ fprintf(f, "rarp"); + else + fprintf(f, "%04x", ntohs(eth_type)); + *p_eth_type = eth_type; +@@ -739,6 +874,13 @@ static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type, + else if (bits < len * 8) + fprintf(f, "/%d", bits); + } ++static void flower_print_ip4_addr(FILE *f, char *name, ++ struct rtattr *addr_attr, ++ struct rtattr *mask_attr) ++{ ++ return flower_print_ip_addr(f, name, htons(ETH_P_IP), ++ addr_attr, mask_attr, 0, 0); ++} + + static void flower_print_port(FILE *f, char *name, struct rtattr *attr) + { +@@ -759,6 +901,31 @@ static void flower_print_icmp(FILE *f, char *name, struct rtattr *attr) + fprintf(f, "\n %s %d", name, rta_getattr_u8(attr)); + } + ++static void flower_print_arp_op(FILE *f, char *name, ++ struct rtattr *op_attr, ++ struct rtattr *mask_attr) ++{ ++ uint8_t op, mask; ++ ++ if (!op_attr) ++ return; ++ ++ op = rta_getattr_u8(op_attr); ++ mask = mask_attr ? rta_getattr_u8(mask_attr) : UINT8_MAX; ++ ++ fprintf(f, "\n %s ", name); ++ ++ if (mask == UINT8_MAX && op == ARPOP_REQUEST) ++ fprintf(f, "request"); ++ else if (mask == UINT8_MAX && op == ARPOP_REPLY) ++ fprintf(f, "reply"); ++ else ++ fprintf(f, "%d", op); ++ ++ if (mask != UINT8_MAX) ++ fprintf(f, "/%d", mask); ++} ++ + static int flower_print_opt(struct filter_util *qu, FILE *f, + struct rtattr *opt, __u32 handle) + { +@@ -834,6 +1001,17 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + if (nl_type >= 0) + flower_print_icmp(f, "icmp_code", tb[nl_type]); + ++ flower_print_ip4_addr(f, "arp_sip", tb[TCA_FLOWER_KEY_ARP_SIP], ++ tb[TCA_FLOWER_KEY_ARP_SIP_MASK]); ++ flower_print_ip4_addr(f, "arp_tip", tb[TCA_FLOWER_KEY_ARP_TIP], ++ tb[TCA_FLOWER_KEY_ARP_TIP_MASK]); ++ flower_print_arp_op(f, "arp_op", tb[TCA_FLOWER_KEY_ARP_OP], ++ tb[TCA_FLOWER_KEY_ARP_OP_MASK]); ++ flower_print_eth_addr(f, "arp_sha", tb[TCA_FLOWER_KEY_ARP_SHA], ++ tb[TCA_FLOWER_KEY_ARP_SHA_MASK]); ++ flower_print_eth_addr(f, "arp_tha", tb[TCA_FLOWER_KEY_ARP_THA], ++ tb[TCA_FLOWER_KEY_ARP_THA_MASK]); ++ + flower_print_ip_addr(f, "enc_dst_ip", + tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ? + htons(ETH_P_IP) : htons(ETH_P_IPV6), +-- +1.8.3.1 + diff --git a/SOURCES/0133-man-Add-a-man-page-for-the-police-action.patch b/SOURCES/0133-man-Add-a-man-page-for-the-police-action.patch deleted file mode 100644 index c441951..0000000 --- a/SOURCES/0133-man-Add-a-man-page-for-the-police-action.patch +++ /dev/null @@ -1,157 +0,0 @@ -From dbe2324f84ce589c8fbef01af614cfd80c650483 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:19 +0200 -Subject: [PATCH] man: Add a man page for the police action - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit d477eea5a6dcb - -commit d477eea5a6dcb1fe42f8106f2172eaced379eabc -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 13:11:41 2016 +0100 - - man: Add a man page for the police action - - Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/tc-police.8 | 127 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 127 insertions(+) - create mode 100644 man/man8/tc-police.8 - -diff --git a/man/man8/tc-police.8 b/man/man8/tc-police.8 -new file mode 100644 -index 0000000..2b1537e ---- /dev/null -+++ b/man/man8/tc-police.8 -@@ -0,0 +1,127 @@ -+.TH "Policing action in tc" 8 "20 Jan 2015" "iproute2" "Linux" -+ -+.SH NAME -+police - policing action -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " ... " "action police" -+.BI rate " RATE " burst -+.IR BYTES [\fB/ BYTES "] [" -+.B mtu -+.IR BYTES [\fB/ BYTES "] ] [" -+.BI peakrate " RATE" -+] [ -+.BI avrate " RATE" -+] [ -+.BI overhead " BYTES" -+] [ -+.BI linklayer " TYPE" -+] [ -+.BI conform-exceed " EXCEEDACT\fR[\fB/\fIEXCEEDACT\fR]" -+ -+.ti -8 -+.IR EXCEEDACT " := { " -+.BR pipe " | " ok " | " reclassify " | " drop " | " continue " }" -+.SH DESCRIPTION -+The -+.B police -+action allows to limit bandwidth of traffic matched by the filter it is -+attached to. -+.SH OPTIONS -+.TP -+.BI rate " RATE" -+The maximum traffic rate of packets passing this action. Those exceeding it will -+be treated as defined by the -+.B conform-exceed -+option. -+.TP -+.BI burst " BYTES\fR[\fB/\fIBYTES\fR]" -+Set the maximum allowed burst in bytes, optionally followed by a slash ('/') -+sign and cell size which must be a power of 2. -+.TP -+.BI mtu " BYTES\fR[\fB/\fIBYTES\fR]" -+This is the maximum packet size handled by the policer (larger ones will be -+handled like they exceeded the configured rate). Setting this value correctly -+will improve the scheduler's precision. -+Value formatting is identical to -+.B burst -+above. Defaults to unlimited. -+.TP -+.BI peakrate " RATE" -+Set the maximum bucket depletion rate, exceeding -+.BR rate . -+.TP -+.BI avrate " RATE" -+Make use of an in-kernel bandwidth rate estimator and match the given -+.I RATE -+against it. -+.TP -+.BI overhead " BYTES" -+Account for protocol overhead of encapsulating output devices when computing -+.BR rate " and " peakrate . -+.TP -+.BI linklayer " TYPE" -+Specify the link layer type. -+.I TYPE -+may be one of -+.B ethernet -+(the default), -+.BR atm " or " adsl -+(which are synonyms). It is used to align the precomputed rate tables to ATM -+cell sizes, for -+.B ethernet -+no action is taken. -+.TP -+.BI conform-exceed " EXCEEDACT\fR[\fB/\fIEXCEEDACT\fR]" -+Define how to handle packets which exceed (and, if the second -+.I EXCEEDACT -+is given, also those who don't), the configured bandwidth limit. Possible values -+are: -+.RS -+.IP continue -+Don't do anything, just continue with the next action in line. -+.IP drop -+Drop the packet immediately. -+.IP shot -+This is a synonym to -+.BR drop . -+.IP ok -+Accept the packet. This is the default for conforming packets. -+.IP pass -+This is a synonym to -+.BR ok . -+.IP reclassify -+Treat the packet as non-matching to the filter this action is attached to and -+continue with the next filter in line (if any). This is the default for -+exceeding packets. -+.IP pipe -+Pass the packet to the next action in line. -+.SH EXAMPLES -+A typical application of the police action is to enforce ingress traffic rate -+by dropping exceeding packets. Although better done on the sender's side, -+especially in scenarios with lack of peer control (e.g. with dial-up providers) -+this is often the best one can do in order to keep latencies low under high -+load. The following establishes input bandwidth policing to 1mbit/s using the -+.B ingress -+qdisc and -+.B u32 -+filter: -+ -+.RS -+.EX -+# tc qdisc add dev eth0 handle ffff: ingress -+# tc filter add dev eth0 parent ffff: u32 \\ -+ match u32 0 0 \\ -+ police rate 1mbit burst 100k -+.EE -+.RE -+ -+As an action can not live on it's own, there always has to be a filter involved as link between qdisc and action. The example above uses -+.B u32 -+for that, which is configured to effectively match any packet (passing it to the -+.B police -+action thereby). -+ -+.SH SEE ALSO -+.BR tc (8) --- -1.8.3.1 - diff --git a/SOURCES/0133-tc-flower-Refactor-matching-flags-to-be-more-user-fr.patch b/SOURCES/0133-tc-flower-Refactor-matching-flags-to-be-more-user-fr.patch new file mode 100644 index 0000000..70fc549 --- /dev/null +++ b/SOURCES/0133-tc-flower-Refactor-matching-flags-to-be-more-user-fr.patch @@ -0,0 +1,278 @@ +From c121d1c4937a0495e917dc637fac6aa6846e8ea6 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:24:35 +0100 +Subject: [PATCH] tc: flower: Refactor matching flags to be more user friendly + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 08f66c80c094e + +commit 08f66c80c094eaa5d71abc0395fd114ff919af7a +Author: Paul Blakey <paulb@mellanox.com> +Date: Fri Jan 20 10:36:45 2017 -0800 + + tc: flower: Refactor matching flags to be more user friendly + + Instead of "magic numbers" we can now specify each flag + by name. Prefix of "no" (e.g nofrag) unsets the flag, + otherwise it wil be set. + + Example: + # add a flower filter that will drop fragmented packets + tc filter add dev ens4f0 protocol ip parent ffff: \ + flower \ + src_mac e4:1d:2d:fd:8b:01 \ + dst_mac e4:1d:2d:fd:8b:02 \ + indev ens4f0 \ + ip_flags frag \ + action drop + + # add a flower filter that will drop non-fragmented packets + tc filter add dev ens4f0 protocol ip parent ffff: \ + flower \ + src_mac e4:1d:2d:fd:8b:01 \ + dst_mac e4:1d:2d:fd:8b:02 \ + indev ens4f0 \ + ip_flags nofrag \ + action drop + + Fixes: 22a8f019891c ('tc: flower: support matching flags') + Signed-off-by: Paul Blakey <paulb@mellanox.com> + Reviewed-by: Roi Dayan <roid@mellanox.com> + Reviewed-by: Jiri Benc <jbenc@redhat.com> + Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> +--- + man/man8/tc-flower.8 | 12 +++++- + tc/f_flower.c | 117 ++++++++++++++++++++++++++++++++++++++++----------- + 2 files changed, 102 insertions(+), 27 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 2dd2c5e..2bdd2ef 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -46,7 +46,9 @@ flower \- flow based traffic control filter + .BR enc_dst_ip " | " enc_src_ip " } { " + .IR ipv4_address " | " ipv6_address " } | " + .B enc_dst_port +-.IR port_number ++.IR port_number " | " ++.BR ip_flags ++.IR IP_FLAGS + .SH DESCRIPTION + The + .B flower +@@ -183,13 +185,19 @@ prefix length. If the prefix is missing, \fBtc\fR assumes a full-length + host match. Dst port + .I NUMBER + is a 16 bit UDP dst port. ++.TP ++.BI ip_flags " IP_FLAGS" ++.I IP_FLAGS ++may be either ++.BR frag " or " nofrag ++to match on fragmented packets or not respectively. + .SH NOTES + As stated above where applicable, matches of a certain layer implicitly depend + on the matches of the next lower layer. Precisely, layer one and two matches + (\fBindev\fR, \fBdst_mac\fR and \fBsrc_mac\fR) + have no dependency, layer three matches + (\fBip_proto\fR, \fBdst_ip\fR, \fBsrc_ip\fR, \fBarp_tip\fR, \fBarp_sip\fR, +-\fBarp_op\fR, \fBarp_tha\fR and \fBarp_sha\fR) ++\fBarp_op\fR, \fBarp_tha\fR, \fBarp_sha\fR and \fBip_flags\fR) + depend on the + .B protocol + option of tc filter, layer four port matches +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 2473aea..ddf64c2 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -24,6 +24,10 @@ + #include "tc_util.h" + #include "rt_names.h" + ++enum flower_matching_flags { ++ FLOWER_IP_FLAGS, ++}; ++ + enum flower_endpoint { + FLOWER_ENDPOINT_SRC, + FLOWER_ENDPOINT_DST +@@ -63,7 +67,7 @@ static void explain(void) + " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n" + " enc_key_id [ KEY-ID ] |\n" +- " matching_flags MATCHING-FLAGS | \n" ++ " ip_flags IP-FLAGS | \n" + " enc_dst_port [ port_number ] }\n" + " FILTERID := X:Y:Z\n" + " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n" +@@ -136,28 +140,56 @@ static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type, + return 0; + } + +-static int flower_parse_matching_flags(char *str, int type, int mask_type, +- struct nlmsghdr *n) +-{ +- __u32 mtf, mtf_mask; +- char *c; ++struct flag_to_string { ++ int flag; ++ enum flower_matching_flags type; ++ char *string; ++}; + +- c = strchr(str, '/'); +- if (c) +- *c = '\0'; ++static struct flag_to_string flags_str[] = { ++ { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" }, ++}; + +- if (get_u32(&mtf, str, 0)) +- return -1; ++static int flower_parse_matching_flags(char *str, ++ enum flower_matching_flags type, ++ __u32 *mtf, __u32 *mtf_mask) ++{ ++ char *token; ++ bool no; ++ bool found; ++ int i; + +- if (c) { +- if (get_u32(&mtf_mask, ++c, 0)) ++ token = strtok(str, "/"); ++ ++ while (token) { ++ if (!strncmp(token, "no", 2)) { ++ no = true; ++ token += 2; ++ } else ++ no = false; ++ ++ found = false; ++ for (i = 0; i < ARRAY_SIZE(flags_str); i++) { ++ if (type != flags_str[i].type) ++ continue; ++ ++ if (!strcmp(token, flags_str[i].string)) { ++ if (no) ++ *mtf &= ~flags_str[i].flag; ++ else ++ *mtf |= flags_str[i].flag; ++ ++ *mtf_mask |= flags_str[i].flag; ++ found = true; ++ break; ++ } ++ } ++ if (!found) + return -1; +- } else { +- mtf_mask = 0xffffffff; ++ ++ token = strtok(NULL, "/"); + } + +- addattr32(n, MAX_MSG, type, htonl(mtf)); +- addattr32(n, MAX_MSG, mask_type, htonl(mtf_mask)); + return 0; + } + +@@ -433,6 +465,8 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + __be16 vlan_ethtype = 0; + __u8 ip_proto = 0xff; + __u32 flags = 0; ++ __u32 mtf = 0; ++ __u32 mtf_mask = 0; + + if (handle) { + ret = get_u32(&t->tcm_handle, handle, 0); +@@ -462,14 +496,14 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, + return -1; + } + addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4); +- } else if (matches(*argv, "matching_flags") == 0) { ++ } else if (matches(*argv, "ip_flags") == 0) { + NEXT_ARG(); + ret = flower_parse_matching_flags(*argv, +- TCA_FLOWER_KEY_FLAGS, +- TCA_FLOWER_KEY_FLAGS_MASK, +- n); ++ FLOWER_IP_FLAGS, ++ &mtf, ++ &mtf_mask); + if (ret < 0) { +- fprintf(stderr, "Illegal \"matching_flags\"\n"); ++ fprintf(stderr, "Illegal \"ip_flags\"\n"); + return -1; + } + } else if (matches(*argv, "skip_hw") == 0) { +@@ -726,6 +760,16 @@ parse_done: + if (ret) + return ret; + ++ if (mtf_mask) { ++ ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS, htonl(mtf)); ++ if (ret) ++ return ret; ++ ++ ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS_MASK, htonl(mtf_mask)); ++ if (ret) ++ return ret; ++ } ++ + ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type); + if (ret) + return ret; +@@ -828,14 +872,36 @@ static void flower_print_ip_proto(FILE *f, __u8 *p_ip_proto, + } + + static void flower_print_matching_flags(FILE *f, char *name, ++ enum flower_matching_flags type, + struct rtattr *attr, + struct rtattr *mask_attr) + { ++ int i; ++ int count = 0; ++ __u32 mtf; ++ __u32 mtf_mask; ++ + if (!mask_attr || RTA_PAYLOAD(mask_attr) != 4) + return; + +- fprintf(f, "\n %s 0x%08x/0x%08x", name, ntohl(rta_getattr_u32(attr)), +- mask_attr ? ntohl(rta_getattr_u32(mask_attr)) : 0xffffffff); ++ mtf = ntohl(rta_getattr_u32(attr)); ++ mtf_mask = ntohl(rta_getattr_u32(mask_attr)); ++ ++ for (i = 0; i < ARRAY_SIZE(flags_str); i++) { ++ if (type != flags_str[i].type) ++ continue; ++ if (mtf_mask & flags_str[i].flag) { ++ if (++count == 1) ++ fprintf(f, "\n %s ", name); ++ else ++ fprintf(f, "/"); ++ ++ if (mtf & flags_str[i].flag) ++ fprintf(f, "%s", flags_str[i].string); ++ else ++ fprintf(f, "no%s", flags_str[i].string); ++ } ++ } + } + + static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type, +@@ -1034,7 +1100,8 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + flower_print_port(f, "enc_dst_port", + tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]); + +- flower_print_matching_flags(f, "matching_flags", ++ flower_print_matching_flags(f, "ip_flags", ++ FLOWER_IP_FLAGS, + tb[TCA_FLOWER_KEY_FLAGS], + tb[TCA_FLOWER_KEY_FLAGS_MASK]); + +-- +1.8.3.1 + diff --git a/SOURCES/0134-f_flower-don-t-set-TCA_FLOWER_KEY_ETH_TYPE-for-proto.patch b/SOURCES/0134-f_flower-don-t-set-TCA_FLOWER_KEY_ETH_TYPE-for-proto.patch new file mode 100644 index 0000000..411991d --- /dev/null +++ b/SOURCES/0134-f_flower-don-t-set-TCA_FLOWER_KEY_ETH_TYPE-for-proto.patch @@ -0,0 +1,57 @@ +From 7c616155a7a86024a60cc39e9b3e6981c4c9e7e2 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:24:36 +0100 +Subject: [PATCH] f_flower: don't set TCA_FLOWER_KEY_ETH_TYPE for "protocol + all" + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 4f7d406f5dc89 +Conflicts: Context change due to already backported commit 08f66c80c094e + ("tc: flower: Refactor matching flags to be more user + friendly"). + +commit 4f7d406f5dc89229d8aec8b723015c06db343e17 +Author: Benjamin LaHaise <benjamin.lahaise@netronome.com> +Date: Fri Jan 20 14:07:38 2017 -0500 + + f_flower: don't set TCA_FLOWER_KEY_ETH_TYPE for "protocol all" + + v2 - update to address changes in 00697ca19ae3e1118f2af82c3b41ac4335fe918b. + + When using the tc flower filter, rules marked with "protocol all" do not + actually match all packets. This is due to a bug in f_flower.c that passes + in ETH_P_ALL in the TCA_FLOWER_KEY_ETH_TYPE attribute when adding a rule. + Fix this by omitting TCA_FLOWER_KEY_ETH_TYPE if the protocol is set to + ETH_P_ALL. + + Fixes: 488b41d020fb ("tc: flower no need to specify the ethertype") + Cc: Jamal Hadi Salim <jhs@mojatatu.com> + Signed-off-by: Benjamin LaHaise <benjamin.lahaise@netronome.com> + Signed-off-by: Benjamin LaHaise <bcrl@kvack.org> + Reviewed-by: Roi Dayan <roid@mellanox.com> +--- + tc/f_flower.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index ddf64c2..58a34ce 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -770,9 +770,11 @@ parse_done: + return ret; + } + +- ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type); +- if (ret) +- return ret; ++ if (eth_type != htons(ETH_P_ALL)) { ++ ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type); ++ if (ret) ++ return ret; ++ } + + tail->rta_len = (((void*)n)+n->nlmsg_len) - (void*)tail; + +-- +1.8.3.1 + diff --git a/SOURCES/0134-man-Add-a-man-page-for-the-simple-action.patch b/SOURCES/0134-man-Add-a-man-page-for-the-simple-action.patch deleted file mode 100644 index 6bb931c..0000000 --- a/SOURCES/0134-man-Add-a-man-page-for-the-simple-action.patch +++ /dev/null @@ -1,105 +0,0 @@ -From a97f29e69b11276cc18793cd696614c367ffc806 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:19 +0200 -Subject: [PATCH] man: Add a man page for the simple action - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit ebf9933bb3d5c - -commit ebf9933bb3d5c6a869edb7405f7a4759862409ab -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 13:11:42 2016 +0100 - - man: Add a man page for the simple action - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/tc-simple.8 | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 76 insertions(+) - create mode 100644 man/man8/tc-simple.8 - -diff --git a/man/man8/tc-simple.8 b/man/man8/tc-simple.8 -new file mode 100644 -index 0000000..2206dc3 ---- /dev/null -+++ b/man/man8/tc-simple.8 -@@ -0,0 +1,76 @@ -+.TH "Simple action in tc" 8 "12 Jan 2015" "iproute2" "Linux" -+ -+.SH NAME -+simple - basic example action -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " ... " "action simple" -+.I STRING -+.SH DESCRIPTION -+This is a pedagogical example rather than an actually useful action. Upon every access, it prints the given -+.I STRING -+which may be of arbitrary length. -+.SH OPTIONS -+.TP -+.I STRING -+The actual string to print. -+.SH EXAMPLES -+The following example makes the kernel yell "Incoming ICMP!" every time it sees -+an incoming ICMP on eth0. Steps are: -+.IP 1) 4 -+Add an ingress qdisc point to eth0 -+.IP 2) 4 -+Start a chain on ingress of eth0 that first matches ICMP then invokes the -+simple action to shout. -+.IP 3) 4 -+display stats and show that no packet has been seen by the action -+.IP 4) 4 -+Send one ping packet to google (expect to receive a response back) -+.IP 5) 4 -+grep the logs to see the logged message -+.IP 6) 4 -+display stats again and observe increment by 1 -+ -+.RE -+.EX -+ hadi@noma1:$ tc qdisc add dev eth0 ingress -+ hadi@noma1:$tc filter add dev eth0 parent ffff: protocol ip prio 5 \\ -+ u32 match ip protocol 1 0xff flowid 1:1 action simple "Incoming ICMP" -+ -+ hadi@noma1:$ sudo tc -s filter ls dev eth0 parent ffff: -+ filter protocol ip pref 5 u32 -+ filter protocol ip pref 5 u32 fh 800: ht divisor 1 -+ filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 -+ match 00010000/00ff0000 at 8 -+ action order 1: Simple <Incoming ICMP> -+ index 4 ref 1 bind 1 installed 29 sec used 29 sec -+ Action statistics: -+ Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) -+ backlog 0b 0p requeues 0 -+ -+ -+ hadi@noma1$ ping -c 1 www.google.ca -+ PING www.google.ca (74.125.225.120) 56(84) bytes of data. -+ 64 bytes from ord08s08-in-f24.1e100.net (74.125.225.120): icmp_req=1 ttl=53 time=31.3 ms -+ -+ --- www.google.ca ping statistics --- -+ 1 packets transmitted, 1 received, 0% packet loss, time 0ms -+ rtt min/avg/max/mdev = 31.316/31.316/31.316/0.000 ms -+ -+ hadi@noma1$ dmesg | grep simple -+ [135354.473951] simple: Incoming ICMP_1 -+ -+ hadi@noma1$ sudo tc/tc -s filter ls dev eth0 parent ffff: -+ filter protocol ip pref 5 u32 -+ filter protocol ip pref 5 u32 fh 800: ht divisor 1 -+ filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 -+ match 00010000/00ff0000 at 8 -+ action order 1: Simple <Incoming ICMP> -+ index 4 ref 1 bind 1 installed 206 sec used 67 sec -+ Action statistics: -+ Sent 84 bytes 1 pkt (dropped 0, overlimits 0 requeues 0) -+ backlog 0b 0p requeues 0 -+.EE -+.SH SEE ALSO -+.BR tc (8) --- -1.8.3.1 - diff --git a/SOURCES/0135-man-Add-a-man-page-for-the-skbedit-action.patch b/SOURCES/0135-man-Add-a-man-page-for-the-skbedit-action.patch deleted file mode 100644 index 7982962..0000000 --- a/SOURCES/0135-man-Add-a-man-page-for-the-skbedit-action.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 8d3f6c504bcfe6483ab9fb78359b57fc41e0a4ee Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:19 +0200 -Subject: [PATCH] man: Add a man page for the skbedit action - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit ae6cf29be0dc6 - -commit ae6cf29be0dc6e1ce237bfe97c12329638c6edac -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 13:11:43 2016 +0100 - - man: Add a man page for the skbedit action - - Cc: Alexander Duyck <alexander.duyck@gmail.com> - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/tc-skbedit.8 | 45 +++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 45 insertions(+) - create mode 100644 man/man8/tc-skbedit.8 - -diff --git a/man/man8/tc-skbedit.8 b/man/man8/tc-skbedit.8 -new file mode 100644 -index 0000000..b585a4d ---- /dev/null -+++ b/man/man8/tc-skbedit.8 -@@ -0,0 +1,45 @@ -+.TH "SKB editing action in tc" 8 "12 Jan 2015" "iproute2" "Linux" -+ -+.SH NAME -+skbedit - SKB editing action -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " ... " "action skbedit " [ " queue_mapping -+.IR QUEUE_MAPPING " ] [" -+.B priority -+.IR PRIORITY " ] [" -+.B mark -+.IR MARK " ]" -+.SH DESCRIPTION -+The -+.B skbedit -+action allows to change a packet's associated meta data. It complements the -+.B pedit -+action, which in turn allows to change parts of the packet data itself. -+.SH OPTIONS -+.TP -+.BI queue_mapping " QUEUE_MAPPING" -+Override the packet's transmit queue. Useful when applied to packets transmitted -+over MQ-capable network interfaces. -+.I QUEUE_MAPPING -+is an unsigned 16bit value in decimal format. -+.TP -+.BI priority " PRIORITY" -+Override the packet classification decision. -+.I PRIORITY -+is either -+.BR root ", " none -+or a hexadecimal major class ID optionally followed by a colon -+.RB ( : ) -+and a hexadecimal minor class ID. -+.TP -+.BI mark " MARK" -+Change the packet's firewall mark value. -+.I MARK -+is an unsigned 32bit value in automatically detected format (i.e., prefix with -+.RB ' 0x ' -+for hexadecimal interpretation, etc.). -+.SH SEE ALSO -+.BR tc (8), -+.BR tc-pedit (8) --- -1.8.3.1 - diff --git a/SOURCES/0135-tc-flower-use-correct-type-when-calling-flower_icmp_.patch b/SOURCES/0135-tc-flower-use-correct-type-when-calling-flower_icmp_.patch new file mode 100644 index 0000000..54f59b8 --- /dev/null +++ b/SOURCES/0135-tc-flower-use-correct-type-when-calling-flower_icmp_.patch @@ -0,0 +1,46 @@ +From 16088fc85ab012a10eee1c855d2fd1318a5e2cb2 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:25:13 +0100 +Subject: [PATCH] tc: flower: use correct type when calling + flower_icmp_attr_type + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 81f6e5a7279ea + +commit 81f6e5a7279eaab826ba8b291b98fb2e89df0572 +Author: Simon Horman <simon.horman@netronome.com> +Date: Wed Feb 8 13:04:31 2017 +0100 + + tc: flower: use correct type when calling flower_icmp_attr_type + + Use enum flower_icmp_field rather than bool as type of third parameter + when calling flower_icmp_attr_type. + + Fixes: eb3b5696f163 ("tc: flower: support matching on ICMP type and code") + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + tc/f_flower.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 58a34ce..b4bf886 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -1062,10 +1062,12 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + if (nl_type >= 0) + flower_print_port(f, "src_port", tb[nl_type]); + +- nl_type = flower_icmp_attr_type(eth_type, ip_proto, false); ++ nl_type = flower_icmp_attr_type(eth_type, ip_proto, ++ FLOWER_ICMP_FIELD_TYPE); + if (nl_type >= 0) + flower_print_icmp(f, "icmp_type", tb[nl_type]); +- nl_type = flower_icmp_attr_type(eth_type, ip_proto, true); ++ nl_type = flower_icmp_attr_type(eth_type, ip_proto, ++ FLOWER_ICMP_FIELD_CODE); + if (nl_type >= 0) + flower_print_icmp(f, "icmp_code", tb[nl_type]); + +-- +1.8.3.1 + diff --git a/SOURCES/0136-man-Add-a-man-page-for-the-xt-action.patch b/SOURCES/0136-man-Add-a-man-page-for-the-xt-action.patch deleted file mode 100644 index 8520e23..0000000 --- a/SOURCES/0136-man-Add-a-man-page-for-the-xt-action.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 6d3c3c31c6dae72d87bf2e5a0138291cf4b787cd Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:19 +0200 -Subject: [PATCH] man: Add a man page for the xt action - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit fa2c34eff1b89 - -commit fa2c34eff1b89b55b1cdb3c0ed3b29bf8b3d5b40 -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 13:11:45 2016 +0100 - - man: Add a man page for the xt action - - Cc: Jiri Pirko <jiri@resnulli.us> - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/tc-xt.8 | 42 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 42 insertions(+) - create mode 100644 man/man8/tc-xt.8 - -diff --git a/man/man8/tc-xt.8 b/man/man8/tc-xt.8 -new file mode 100644 -index 0000000..4fd800c ---- /dev/null -+++ b/man/man8/tc-xt.8 -@@ -0,0 +1,42 @@ -+.TH "iptables action in tc" 8 "3 Mar 2016" "iproute2" "Linux" -+ -+.SH NAME -+xt - tc iptables action -+.SH SYNOPSIS -+.in +8 -+.ti -8 -+.BR tc " ... " "action xt \-j" -+.IR TARGET " [ " TARGET_OPTS " ]" -+.SH DESCRIPTION -+The -+.B xt -+action allows to call arbitrary iptables targets for packets matching the filter -+this action is attached to. -+.SH OPTIONS -+.TP -+.BI -j " TARGET \fR[\fI TARGET_OPTS \fR]" -+Perform a jump to the given iptables target, optionally passing any target -+specific options in -+.IR TARGET_OPTS . -+.SH EXAMPLES -+The following will attach a -+.B u32 -+filter to the -+.B ingress -+qdisc matching ICMP replies and using the -+.B xt -+action to make the kernel yell 'PONG' each time: -+ -+.RS -+.EX -+tc qdisc add dev eth0 ingress -+tc filter add dev eth0 parent ffff: proto ip u32 \\ -+ match ip protocol 1 0xff \\ -+ match ip icmp_type 0 0xff \\ -+ action xt -j LOG --log-prefix PONG -+.EE -+.RE -+.SH SEE ALSO -+.BR tc (8), -+.BR tc-u32 (8), -+.BR iptables-extensions (8) --- -1.8.3.1 - diff --git a/SOURCES/0136-tc-flower-Update-documentation-to-indicate-ARP-takes.patch b/SOURCES/0136-tc-flower-Update-documentation-to-indicate-ARP-takes.patch new file mode 100644 index 0000000..9989fe1 --- /dev/null +++ b/SOURCES/0136-tc-flower-Update-documentation-to-indicate-ARP-takes.patch @@ -0,0 +1,71 @@ +From 7a735e3018eff5df906c64bb242db236320a9583 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:25:13 +0100 +Subject: [PATCH] tc: flower: Update documentation to indicate ARP takes IPv4 + prefixes + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit c7ec052bb8682 + +commit c7ec052bb8682a9889d1e71e2cb2ec780c9d5e26 +Author: Simon Horman <simon.horman@netronome.com> +Date: Wed Feb 8 13:01:04 2017 +0100 + + tc: flower: Update documentation to indicate ARP takes IPv4 prefixes + + Unlike other PREFIXes documented in the usage for tc flower, which accept + both IPv4 and IPv6 prefixes, arp_sip and arp_tip only accepts IPv4 + prefixes. + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + man/man8/tc-flower.8 | 8 ++++---- + tc/f_flower.c | 4 ++-- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index 2bdd2ef..b1bef8b 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -36,7 +36,7 @@ flower \- flow based traffic control filter + .BR dst_port " | " src_port " } " + .IR port_number " } | { " + .BR arp_tip " | " arp_sip " } " +-.IR PREFIX " | " ++.IR IPV4_PREFIX " | " + .BR arp_op " { " request " | " reply " | " + .IR OP " } | { " + .BR arp_tha " | " arp_sha " } " +@@ -139,11 +139,11 @@ Match on ICMP type or code. Only available for + .BR ip_proto " values " icmp " and " icmpv6 + which have to be specified in beforehand. + .TP +-.BI arp_tip " PREFIX" ++.BI arp_tip " IPV4_PREFIX" + .TQ +-.BI arp_sip " PREFIX" ++.BI arp_sip " IPV4_PREFIX" + Match on ARP or RARP sender or target IP address. +-.I PREFIX ++.I IPV4_PREFIX + must be a valid IPv4 address optionally followed by a slash and the prefix + length. If the prefix is missing, \fBtc\fR assumes a full-length host + match. +diff --git a/tc/f_flower.c b/tc/f_flower.c +index b4bf886..a2b2132 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -59,8 +59,8 @@ static void explain(void) + " src_port PORT-NUMBER |\n" + " type ICMP-TYPE |\n" + " code ICMP-CODE |\n" +- " arp_tip PREFIX |\n" +- " arp_sip PREFIX |\n" ++ " arp_tip IPV4-PREFIX |\n" ++ " arp_sip IPV4-PREFIX |\n" + " arp_op [ request | reply | OP ] |\n" + " arp_tha MASKED-LLADDR |\n" + " arp_sha MASKED-LLADDR |\n" +-- +1.8.3.1 + diff --git a/SOURCES/0137-man-tc-u32-Minor-syntax-fix.patch b/SOURCES/0137-man-tc-u32-Minor-syntax-fix.patch deleted file mode 100644 index fd30806..0000000 --- a/SOURCES/0137-man-tc-u32-Minor-syntax-fix.patch +++ /dev/null @@ -1,34 +0,0 @@ -From e46aa21cf20f6ef05ebe3ef3d95b662a7973f8d6 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:19 +0200 -Subject: [PATCH] man: tc-u32: Minor syntax fix - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit b487954d5baf9 - -commit b487954d5baf95b4402456964eaad76dcb54db82 -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 12:52:39 2016 +0100 - - man: tc-u32: Minor syntax fix - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/tc-u32.8 | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/man/man8/tc-u32.8 b/man/man8/tc-u32.8 -index 47c8f2d..691f53c 100644 ---- a/man/man8/tc-u32.8 -+++ b/man/man8/tc-u32.8 -@@ -370,6 +370,7 @@ then allows to match various header fields: - .RS - .TP - .BI src " ADDR" -+.TQ - .BI dst " ADDR" - Compare Source or Destination Address fields against the value of - .IR ADDR . --- -1.8.3.1 - diff --git a/SOURCES/0137-tc-flower-provide-generic-masked-u8-parser-helper.patch b/SOURCES/0137-tc-flower-provide-generic-masked-u8-parser-helper.patch new file mode 100644 index 0000000..25bbcc8 --- /dev/null +++ b/SOURCES/0137-tc-flower-provide-generic-masked-u8-parser-helper.patch @@ -0,0 +1,120 @@ +From 468bed9790e23ca37ab4e1b52b012dd8b22df800 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:25:13 +0100 +Subject: [PATCH] tc: flower: provide generic masked u8 parser helper + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 180136e540ca1 + +commit 180136e540ca16826c0069644222878ea8236f93 +Author: Simon Horman <simon.horman@netronome.com> +Date: Thu Feb 9 14:48:59 2017 +0100 + + tc: flower: provide generic masked u8 parser helper + + Provide generic masked u8 paser helper and use it to parse arp operations. + + Also consistently use __u8 rather than uint8_t, in keeping with the + pervasive style in the file. + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + tc/f_flower.c | 55 ++++++++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 40 insertions(+), 15 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index a2b2132..b233ec1 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -309,33 +309,30 @@ static int flower_parse_arp_ip_addr(char *str, __be16 eth_type, + TCA_FLOWER_UNSPEC, TCA_FLOWER_UNSPEC, n); + } + +-static int flower_parse_arp_op(char *str, __be16 eth_type, +- int op_type, int mask_type, +- struct nlmsghdr *n) ++static int flower_parse_u8(char *str, int value_type, int mask_type, ++ int (*value_from_name)(const char *str, ++ __u8 *value), ++ bool (*value_validate)(__u8 value), ++ struct nlmsghdr *n) + { + char *slash; + int ret, err = -1; +- uint8_t value, mask; ++ __u8 value, mask; + + slash = strchr(str, '/'); + if (slash) + *slash = '\0'; + +- if (!flower_eth_type_arp(eth_type)) +- goto err; +- +- if (!strcmp(str, "request")) { +- value = ARPOP_REQUEST; +- } else if (!strcmp(str, "reply")) { +- value = ARPOP_REPLY; +- } else { ++ ret = value_from_name ? value_from_name(str, &value) : -1; ++ if (ret < 0) { + ret = get_u8(&value, str, 10); + if (ret) + goto err; +- if (value && value != ARPOP_REQUEST && value != ARPOP_REPLY) +- goto err; + } + ++ if (value_validate && !value_validate(value)) ++ goto err; ++ + if (slash) { + ret = get_u8(&mask, slash + 1, 10); + if (ret) +@@ -345,7 +342,7 @@ static int flower_parse_arp_op(char *str, __be16 eth_type, + mask = UINT8_MAX; + } + +- addattr8(n, MAX_MSG, op_type, value); ++ addattr8(n, MAX_MSG, value_type, value); + addattr8(n, MAX_MSG, mask_type, mask); + + err = 0; +@@ -355,6 +352,34 @@ err: + return err; + } + ++static int flower_arp_op_from_name(const char *name, __u8 *op) ++{ ++ if (!strcmp(name, "request")) ++ *op = ARPOP_REQUEST; ++ else if (!strcmp(name, "reply")) ++ *op = ARPOP_REPLY; ++ else ++ return -1; ++ ++ return 0; ++} ++ ++static bool flow_arp_op_validate(__u8 op) ++{ ++ return !op || op == ARPOP_REQUEST || op == ARPOP_REPLY; ++} ++ ++static int flower_parse_arp_op(char *str, __be16 eth_type, ++ int op_type, int mask_type, ++ struct nlmsghdr *n) ++{ ++ if (!flower_eth_type_arp(eth_type)) ++ return -1; ++ ++ return flower_parse_u8(str, op_type, mask_type, flower_arp_op_from_name, ++ flow_arp_op_validate, n); ++} ++ + static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto, + enum flower_icmp_field field) + { +-- +1.8.3.1 + diff --git a/SOURCES/0138-tc-flower-provide-generic-masked-u8-print-helper.patch b/SOURCES/0138-tc-flower-provide-generic-masked-u8-print-helper.patch new file mode 100644 index 0000000..0f02b92 --- /dev/null +++ b/SOURCES/0138-tc-flower-provide-generic-masked-u8-print-helper.patch @@ -0,0 +1,105 @@ +From bfbb2c88f986f3e6145cbdb213d8cd4129bb0e87 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:25:13 +0100 +Subject: [PATCH] tc: flower: provide generic masked u8 print helper + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 9d36e54f36b83 + +commit 9d36e54f36b8360766519bba79028aeb9ec3a762 +Author: Simon Horman <simon.horman@netronome.com> +Date: Thu Feb 9 14:49:00 2017 +0100 + + tc: flower: provide generic masked u8 print helper + + Provide generic masked u8 print helper and use it to print arp operations. + + Also: + * Make name parameter of arp op print helper const. + * Consistently use __u8 rather than uint8_t, in keeping with the + pervasive style in the file. + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + tc/f_flower.c | 44 +++++++++++++++++++++++++++++++++----------- + 1 file changed, 33 insertions(+), 11 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index b233ec1..9c13e53 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -352,6 +352,18 @@ err: + return err; + } + ++static const char *flower_print_arp_op_to_name(__u8 op) ++{ ++ switch (op) { ++ case ARPOP_REQUEST: ++ return "request"; ++ case ARPOP_REPLY: ++ return "reply"; ++ default: ++ return NULL; ++ } ++} ++ + static int flower_arp_op_from_name(const char *name, __u8 *op) + { + if (!strcmp(name, "request")) +@@ -994,31 +1006,41 @@ static void flower_print_icmp(FILE *f, char *name, struct rtattr *attr) + fprintf(f, "\n %s %d", name, rta_getattr_u8(attr)); + } + +-static void flower_print_arp_op(FILE *f, char *name, +- struct rtattr *op_attr, +- struct rtattr *mask_attr) ++static void flower_print_masked_u8(FILE *f, const char *name, ++ struct rtattr *attr, ++ struct rtattr *mask_attr, ++ const char *(*value_to_str)(__u8 value)) + { +- uint8_t op, mask; ++ const char *value_str = NULL; ++ __u8 value, mask; + +- if (!op_attr) ++ if (!attr) + return; + +- op = rta_getattr_u8(op_attr); ++ value = rta_getattr_u8(attr); + mask = mask_attr ? rta_getattr_u8(mask_attr) : UINT8_MAX; ++ if (mask == UINT8_MAX && value_to_str) ++ value_str = value_to_str(value); + + fprintf(f, "\n %s ", name); + +- if (mask == UINT8_MAX && op == ARPOP_REQUEST) +- fprintf(f, "request"); +- else if (mask == UINT8_MAX && op == ARPOP_REPLY) +- fprintf(f, "reply"); ++ if (value_str) ++ fputs(value_str, f); + else +- fprintf(f, "%d", op); ++ fprintf(f, "%d", value); + + if (mask != UINT8_MAX) + fprintf(f, "/%d", mask); + } + ++static void flower_print_arp_op(FILE *f, const char *name, ++ struct rtattr *op_attr, ++ struct rtattr *mask_attr) ++{ ++ flower_print_masked_u8(f, name, op_attr, mask_attr, ++ flower_print_arp_op_to_name); ++} ++ + static int flower_print_opt(struct filter_util *qu, FILE *f, + struct rtattr *opt, __u32 handle) + { +-- +1.8.3.1 + diff --git a/SOURCES/0138-tc-pedit-document-branch-control-in-help-output.patch b/SOURCES/0138-tc-pedit-document-branch-control-in-help-output.patch deleted file mode 100644 index e785035..0000000 --- a/SOURCES/0138-tc-pedit-document-branch-control-in-help-output.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 390c23937283fa848f867481ee60ea96899d4dc8 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:20 +0200 -Subject: [PATCH] tc: pedit: document branch control in help output - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit c024acc641428 - -commit c024acc6414285a09107648c9c21a377404b9d45 -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 12:52:37 2016 +0100 - - tc: pedit: document branch control in help output - - This seems to have been a hidden feature, though it's very useful and - necessary at least when combining multiple pedit actions. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - tc/m_pedit.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/tc/m_pedit.c b/tc/m_pedit.c -index e89d932..64a3eae 100644 ---- a/tc/m_pedit.c -+++ b/tc/m_pedit.c -@@ -35,7 +35,7 @@ int pedit_debug = 1; - static void - explain(void) - { -- fprintf(stderr, "Usage: ... pedit munge <MUNGE>\n"); -+ fprintf(stderr, "Usage: ... pedit munge <MUNGE> [<BRANCH>]\n"); - fprintf(stderr, - "Where: MUNGE := <RAW>|<LAYERED>\n" - "\t<RAW>:= <OFFSETC>[ATC]<CMD>\n " -@@ -47,6 +47,7 @@ explain(void) - "\t\tCMD:= clear | invert | set <setval>| retain\n " - "\t<LAYERED>:= ip <ipdata> | ip6 <ip6data> \n " - " \t\t| udp <udpdata> | tcp <tcpdata> | icmp <icmpdata> \n" -+ "\t<BRANCH>:= reclassify | pipe | drop | continue | pass\n" - "For Example usage look at the examples directory\n"); - - } --- -1.8.3.1 - diff --git a/SOURCES/0139-tc-connmark-pedit-Rename-BRANCH-to-CONTROL.patch b/SOURCES/0139-tc-connmark-pedit-Rename-BRANCH-to-CONTROL.patch deleted file mode 100644 index 0466933..0000000 --- a/SOURCES/0139-tc-connmark-pedit-Rename-BRANCH-to-CONTROL.patch +++ /dev/null @@ -1,86 +0,0 @@ -From edb4ae8d586a471c389d0a5e6a4b42cb5ce2f1a9 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:43:20 +0200 -Subject: [PATCH] tc: connmark, pedit: Rename BRANCH to CONTROL - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit 1672f42195406 -Conflicts: - - Connmark action does not exist in RHEL7. - - Missing commit 32a121cba2579 ("tc: code cleanup") which itself causes - many conflicts. - -commit 1672f42195406d2d4d8fb014b8ea2a59e59f2d6a -Author: Phil Sutter <phil@nwl.cc> -Date: Tue Mar 22 15:48:33 2016 +0100 - - tc: connmark, pedit: Rename BRANCH to CONTROL - - As Jamal suggested, BRANCH is the wrong name, as these keywords go - beyond simple branch control - e.g. loops are possible, too. Therefore - rename the non-terminal to CONTROL instead which should be more - appropriate. - - Signed-off-by: Phil Sutter <phil@nwl.cc> - Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> ---- - man/man8/tc-pedit.8 | 6 +++--- - tc/m_pedit.c | 4 ++-- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/man/man8/tc-pedit.8 b/man/man8/tc-pedit.8 -index c30927e..c34520c 100644 ---- a/man/man8/tc-pedit.8 -+++ b/man/man8/tc-pedit.8 -@@ -6,7 +6,7 @@ pedit - generic packet editor action - .in +8 - .ti -8 - .BR tc " ... " "action pedit munge " { --.IR RAW_OP " | " LAYERED_OP " } [ " BRANCH " ]" -+.IR RAW_OP " | " LAYERED_OP " } [ " CONTROL " ]" - - .ti -8 - .IR RAW_OP " := " -@@ -45,7 +45,7 @@ pedit - generic packet editor action - .IR RVAL " ]" - - .ti -8 --.IR BRANCH " := {" -+.IR CONTROL " := {" - .BR reclassify " | " pipe " | " drop " | " shot " | " continue " | " pass " }" - .SH DESCRIPTION - The -@@ -165,7 +165,7 @@ This optional extra part of - .I CMD_SPEC - allows to exclude bits from being changed. - .TP --.I BRANCH -+.I CONTROL - The following keywords allow to control how the tree of qdisc, classes, - filters and actions is further traversed after this action. - .RS -diff --git a/tc/m_pedit.c b/tc/m_pedit.c -index 64a3eae..c8c0264 100644 ---- a/tc/m_pedit.c -+++ b/tc/m_pedit.c -@@ -35,7 +35,7 @@ int pedit_debug = 1; - static void - explain(void) - { -- fprintf(stderr, "Usage: ... pedit munge <MUNGE> [<BRANCH>]\n"); -+ fprintf(stderr, "Usage: ... pedit munge <MUNGE> [CONTROL]\n"); - fprintf(stderr, - "Where: MUNGE := <RAW>|<LAYERED>\n" - "\t<RAW>:= <OFFSETC>[ATC]<CMD>\n " -@@ -47,7 +47,7 @@ explain(void) - "\t\tCMD:= clear | invert | set <setval>| retain\n " - "\t<LAYERED>:= ip <ipdata> | ip6 <ip6data> \n " - " \t\t| udp <udpdata> | tcp <tcpdata> | icmp <icmpdata> \n" -- "\t<BRANCH>:= reclassify | pipe | drop | continue | pass\n" -+ "\tCONTROL:= reclassify | pipe | drop | continue | pass\n" - "For Example usage look at the examples directory\n"); - - } --- -1.8.3.1 - diff --git a/SOURCES/0139-tc-flower-support-masked-ICMP-code-and-type-match.patch b/SOURCES/0139-tc-flower-support-masked-ICMP-code-and-type-match.patch new file mode 100644 index 0000000..aeeaeac --- /dev/null +++ b/SOURCES/0139-tc-flower-support-masked-ICMP-code-and-type-match.patch @@ -0,0 +1,174 @@ +From aa7beedaa4ac1371c1d08e8afc8d9b6cfd72e22e Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:25:13 +0100 +Subject: [PATCH] tc: flower: support masked ICMP code and type match + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 6374961a00d4b + +commit 6374961a00d4b862bdf87c0f22af86d3ff7d0d67 +Author: Simon Horman <simon.horman@netronome.com> +Date: Thu Feb 9 14:49:01 2017 +0100 + + tc: flower: support masked ICMP code and type match + + Extend ICMP code and type match to support masks. + + Also add missing documentation to synopsis in manpage. + + tc qdisc add dev eth0 ingress + tc filter add dev eth0 protocol ipv6 parent ffff: flower \ + indev eth0 ip_proto icmpv6 type 128/240 code 0 action drop + + Signed-off-by: Simon Horman <simon.horman@netronome.com> +--- + man/man8/tc-flower.8 | 16 ++++++++++---- + tc/f_flower.c | 59 ++++++++++++++++++++++++++++++---------------------- + 2 files changed, 46 insertions(+), 29 deletions(-) + +diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 +index b1bef8b..fc5bac5 100644 +--- a/man/man8/tc-flower.8 ++++ b/man/man8/tc-flower.8 +@@ -34,7 +34,11 @@ flower \- flow based traffic control filter + .BR dst_ip " | " src_ip " } " + .IR PREFIX " | { " + .BR dst_port " | " src_port " } " +-.IR port_number " } | { " ++.IR port_number " } | " ++.B type ++.IR MASKED_TYPE " | " ++.B code ++.IR MASKED_CODE " | { " + .BR arp_tip " | " arp_sip " } " + .IR IPV4_PREFIX " | " + .BR arp_op " { " request " | " reply " | " +@@ -132,10 +136,14 @@ Match on layer 4 protocol source or destination port number. Only available for + .BR ip_proto " values " udp ", " tcp " and " sctp + which have to be specified in beforehand. + .TP +-.BI type " NUMBER" ++.BI type " MASKED_TYPE" + .TQ +-.BI code " NUMBER" +-Match on ICMP type or code. Only available for ++.BI code " MASKED_CODE" ++Match on ICMP type or code. A mask may be optionally provided to limit the ++bits of the address which are matched. A mask is provided by following the ++address with a slash and then the mask. The mask must be as a number which ++represents a bitwise mask If the mask is missing then a match on all bits ++is assumed. Only available for + .BR ip_proto " values " icmp " and " icmpv6 + which have to be specified in beforehand. + .TP +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 9c13e53..e9d3a96 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -57,8 +57,8 @@ static void explain(void) + " src_ip PREFIX |\n" + " dst_port PORT-NUMBER |\n" + " src_port PORT-NUMBER |\n" +- " type ICMP-TYPE |\n" +- " code ICMP-CODE |\n" ++ " type MASKED-ICMP-TYPE |\n" ++ " code MASKED-ICMP-CODE |\n" + " arp_tip IPV4-PREFIX |\n" + " arp_sip IPV4-PREFIX |\n" + " arp_op [ request | reply | OP ] |\n" +@@ -407,24 +407,32 @@ static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto, + return -1; + } + ++static int flower_icmp_attr_mask_type(__be16 eth_type, __u8 ip_proto, ++ enum flower_icmp_field field) ++{ ++ if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP) ++ return field == FLOWER_ICMP_FIELD_CODE ? ++ TCA_FLOWER_KEY_ICMPV4_CODE_MASK : ++ TCA_FLOWER_KEY_ICMPV4_TYPE_MASK; ++ else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6) ++ return field == FLOWER_ICMP_FIELD_CODE ? ++ TCA_FLOWER_KEY_ICMPV6_CODE_MASK : ++ TCA_FLOWER_KEY_ICMPV6_TYPE_MASK; ++ ++ return -1; ++} ++ + static int flower_parse_icmp(char *str, __u16 eth_type, __u8 ip_proto, + enum flower_icmp_field field, struct nlmsghdr *n) + { +- int ret; +- int type; +- uint8_t value; +- +- type = flower_icmp_attr_type(eth_type, ip_proto, field); +- if (type < 0) +- return -1; ++ int value_type, mask_type; + +- ret = get_u8(&value, str, 10); +- if (ret) ++ value_type = flower_icmp_attr_type(eth_type, ip_proto, field); ++ mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto, field); ++ if (value_type < 0 || mask_type < 0) + return -1; + +- addattr8(n, MAX_MSG, type, value); +- +- return 0; ++ return flower_parse_u8(str, value_type, mask_type, NULL, NULL, n); + } + + static int flower_port_attr_type(__u8 ip_proto, enum flower_endpoint endpoint) +@@ -1000,12 +1008,6 @@ static void flower_print_key_id(FILE *f, const char *name, + fprintf(f, "\n %s %d", name, rta_getattr_be32(attr)); + } + +-static void flower_print_icmp(FILE *f, char *name, struct rtattr *attr) +-{ +- if (attr) +- fprintf(f, "\n %s %d", name, rta_getattr_u8(attr)); +-} +- + static void flower_print_masked_u8(FILE *f, const char *name, + struct rtattr *attr, + struct rtattr *mask_attr, +@@ -1045,9 +1047,9 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + struct rtattr *opt, __u32 handle) + { + struct rtattr *tb[TCA_FLOWER_MAX + 1]; ++ int nl_type, nl_mask_type; + __be16 eth_type = 0; + __u8 ip_proto = 0xff; +- int nl_type; + + if (!opt) + return 0; +@@ -1111,12 +1113,19 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, + + nl_type = flower_icmp_attr_type(eth_type, ip_proto, + FLOWER_ICMP_FIELD_TYPE); +- if (nl_type >= 0) +- flower_print_icmp(f, "icmp_type", tb[nl_type]); ++ nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto, ++ FLOWER_ICMP_FIELD_TYPE); ++ if (nl_type >= 0 && nl_mask_type >= 0) ++ flower_print_masked_u8(f, "icmp_type", tb[nl_type], ++ tb[nl_mask_type], NULL); ++ + nl_type = flower_icmp_attr_type(eth_type, ip_proto, + FLOWER_ICMP_FIELD_CODE); +- if (nl_type >= 0) +- flower_print_icmp(f, "icmp_code", tb[nl_type]); ++ nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto, ++ FLOWER_ICMP_FIELD_CODE); ++ if (nl_type >= 0 && nl_mask_type >= 0) ++ flower_print_masked_u8(f, "icmp_code", tb[nl_type], ++ tb[nl_mask_type], NULL); + + flower_print_ip4_addr(f, "arp_sip", tb[TCA_FLOWER_KEY_ARP_SIP], + tb[TCA_FLOWER_KEY_ARP_SIP_MASK]); +-- +1.8.3.1 + diff --git a/SOURCES/0140-man-tc-csum.8-Add-an-example.patch b/SOURCES/0140-man-tc-csum.8-Add-an-example.patch deleted file mode 100644 index 4636a59..0000000 --- a/SOURCES/0140-man-tc-csum.8-Add-an-example.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 40dbf26f8c9369ec6a7be6702cfb54d3d9c198d5 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:51:09 +0200 -Subject: [PATCH] man: tc-csum.8: Add an example - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit dbfb17a67f9c7 - -commit dbfb17a67f9c7cf64a38ca734ef638a3f613546c -Author: Phil Sutter <phil@nwl.cc> -Date: Tue Mar 22 15:48:34 2016 +0100 - - man: tc-csum.8: Add an example - - Signed-off-by: Phil Sutter <phil@nwl.cc> - Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> ---- - man/man8/tc-csum.8 | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/man/man8/tc-csum.8 b/man/man8/tc-csum.8 -index 9d00aae..3a64c82 100644 ---- a/man/man8/tc-csum.8 -+++ b/man/man8/tc-csum.8 -@@ -49,6 +49,21 @@ UDPLite header - .TP - .B SWEETS - These are merely syntactic sugar and ignored internally. -+.SH EXAMPLES -+The following performs stateless NAT for incoming packets from 192.168.1.100 to -+new destination 18.52.86.120 (0x12345678 in hex). Assuming these are UDP -+packets, both IP and UDP checksums have to be recalculated: -+ -+.RS -+.EX -+# tc qdisc add dev eth0 ingress handle ffff: -+# tc filter add eth0 prio 1 protocol ip parent ffff: \\ -+ u32 match ip src 192.168.1.100/32 flowid :1 \\ -+ action pedit munge ip dst set 0x12345678 pipe \\ -+ csum ip and udp -+.EE -+.RE -+ - .SH SEE ALSO - .BR tc (8), - .BR tc-pedit (8) --- -1.8.3.1 - diff --git a/SOURCES/0140-tc-flower-Fix-parsing-ip-address.patch b/SOURCES/0140-tc-flower-Fix-parsing-ip-address.patch new file mode 100644 index 0000000..3af9eef --- /dev/null +++ b/SOURCES/0140-tc-flower-Fix-parsing-ip-address.patch @@ -0,0 +1,42 @@ +From 08968eb2bfd306b4150e8531f799adee6a11966c Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:25:13 +0100 +Subject: [PATCH] tc: flower: Fix parsing ip address + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629 +Upstream Status: iproute2.git commit 164a9ff401e58 + +commit 164a9ff401e58ff9c0b90088a3aa96216e1d6e8a +Author: Roi Dayan <roid@mellanox.com> +Date: Wed Feb 22 16:05:01 2017 +0200 + + tc: flower: Fix parsing ip address + + Fix order of arguments when passed to __flower_parse_ip_addr. + + Fixes: ("f888f4e20534 tc: flower: Support matching ARP") + Signed-off-by: Roi Dayan <roid@mellanox.com> + Reviewed-by: Paul Blakey <paulb@mellanox.com> + Reviewed-by: Simon Horman <simon.horman@netronome.com> +--- + tc/f_flower.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index e9d3a96..17e9b3a 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -289,8 +289,8 @@ static int flower_parse_ip_addr(char *str, __be16 eth_type, + return -1; + } + +- return __flower_parse_ip_addr(str, family, addr4_type, addr6_type, +- mask4_type, mask6_type, n); ++ return __flower_parse_ip_addr(str, family, addr4_type, mask4_type, ++ addr6_type, mask6_type, n); + } + + static bool flower_eth_type_arp(__be16 eth_type) +-- +1.8.3.1 + diff --git a/SOURCES/0141-libgenl-introduce-genl_init_handle.patch b/SOURCES/0141-libgenl-introduce-genl_init_handle.patch new file mode 100644 index 0000000..e69e177 --- /dev/null +++ b/SOURCES/0141-libgenl-introduce-genl_init_handle.patch @@ -0,0 +1,154 @@ +From 734c47bbe6a885923d52be91e8aaddfccaa182f5 Mon Sep 17 00:00:00 2001 +From: Timothy Redaelli <tredaelli@redhat.com> +Date: Fri, 10 Feb 2017 12:51:08 +0100 +Subject: [PATCH] libgenl: introduce genl_init_handle + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1367071 +Upstream Status: iproute2.git commit 2b68cb7 +Conflicts: ip/ipfou.c and ip/ipila.c files doesn't exists in our tree + +commit 2b68cb77cde32f5cba5f984e15fc402758edea76 +Author: Sabrina Dubroca <sd@queasysnail.net> +Date: Tue Aug 16 16:26:55 2016 +0200 + + libgenl: introduce genl_init_handle + + All users of genl have the same code to open a genl socket and resolve + the family for their specific protocol. Introduce a helper to initialize + the handle, and use it in all the genl code. + + Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> + +Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> +--- + include/libgenl.h | 2 ++ + ip/ipl2tp.c | 12 ++---------- + ip/ipmacsec.c | 18 ++---------------- + ip/tcp_metrics.c | 14 +++----------- + lib/libgenl.c | 17 +++++++++++++++++ + 5 files changed, 26 insertions(+), 37 deletions(-) + +diff --git a/include/libgenl.h b/include/libgenl.h +index 9db4baf..2dbb4b3 100644 +--- a/include/libgenl.h ++++ b/include/libgenl.h +@@ -21,5 +21,7 @@ struct { \ + } + + extern int genl_resolve_family(struct rtnl_handle *grth, const char *family); ++extern int genl_init_handle(struct rtnl_handle *grth, const char *family, ++ int *genl_family); + + #endif /* __LIBGENL_H__ */ +diff --git a/ip/ipl2tp.c b/ip/ipl2tp.c +index d2c8979..ced4a8b 100644 +--- a/ip/ipl2tp.c ++++ b/ip/ipl2tp.c +@@ -711,16 +711,8 @@ int do_ipl2tp(int argc, char **argv) + if (argc < 1 || !matches(*argv, "help")) + usage(); + +- if (genl_family < 0) { +- if (rtnl_open_byproto(&genl_rth, 0, NETLINK_GENERIC) < 0) { +- fprintf(stderr, "Cannot open generic netlink socket\n"); +- exit(1); +- } +- +- genl_family = genl_resolve_family(&genl_rth, L2TP_GENL_NAME); +- if (genl_family < 0) +- exit(1); +- } ++ if (genl_init_handle(&genl_rth, L2TP_GENL_NAME, &genl_family)) ++ exit(1); + + if (matches(*argv, "add") == 0) + return do_add(argc-1, argv+1); +diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c +index 0c51bfc..f05b27a 100644 +--- a/ip/ipmacsec.c ++++ b/ip/ipmacsec.c +@@ -79,21 +79,6 @@ static int genl_family = -1; + _cmd, _flags) + + +-static void init_genl(void) +-{ +- if (genl_family >= 0) +- return; +- +- if (rtnl_open_byproto(&genl_rth, 0, NETLINK_GENERIC) < 0) { +- fprintf(stderr, "Cannot open generic netlink socket\n"); +- exit(1); +- } +- +- genl_family = genl_resolve_family(&genl_rth, MACSEC_GENL_NAME); +- if (genl_family < 0) +- exit(1); +-} +- + static void ipmacsec_usage(void) + { + fprintf(stderr, "Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEY\n"); +@@ -1001,7 +986,8 @@ static int do_show(int argc, char **argv) + + int do_ipmacsec(int argc, char **argv) + { +- init_genl(); ++ if (genl_init_handle(&genl_rth, MACSEC_GENL_NAME, &genl_family)) ++ exit(1); + + if (argc < 1) + ipmacsec_usage(); +diff --git a/ip/tcp_metrics.c b/ip/tcp_metrics.c +index c55d9ad..b055288 100644 +--- a/ip/tcp_metrics.c ++++ b/ip/tcp_metrics.c +@@ -320,17 +320,9 @@ static int tcpm_do_cmd(int cmd, int argc, char **argv) + ack = 0; + } + +- if (genl_family < 0) { +- if (rtnl_open_byproto(&grth, 0, NETLINK_GENERIC) < 0) { +- fprintf(stderr, "Cannot open generic netlink socket\n"); +- exit(1); +- } +- genl_family = genl_resolve_family(&grth, +- TCP_METRICS_GENL_NAME); +- if (genl_family < 0) +- exit(1); +- req.n.nlmsg_type = genl_family; +- } ++ if (genl_init_handle(&grth, TCP_METRICS_GENL_NAME, &genl_family)) ++ exit(1); ++ req.n.nlmsg_type = genl_family; + + if (!(cmd & CMD_FLUSH) && (atype >= 0 || (cmd & CMD_DEL))) { + if (ack) +diff --git a/lib/libgenl.c b/lib/libgenl.c +index acb1478..50d2d92 100644 +--- a/lib/libgenl.c ++++ b/lib/libgenl.c +@@ -61,3 +61,20 @@ int genl_resolve_family(struct rtnl_handle *grth, const char *family) + return genl_parse_getfamily(&req.n); + } + ++int genl_init_handle(struct rtnl_handle *grth, const char *family, ++ int *genl_family) ++{ ++ if (*genl_family >= 0) ++ return 0; ++ ++ if (rtnl_open_byproto(grth, 0, NETLINK_GENERIC) < 0) { ++ fprintf(stderr, "Cannot open generic netlink socket\n"); ++ return -1; ++ } ++ ++ *genl_family = genl_resolve_family(grth, family); ++ if (*genl_family < 0) ++ return -1; ++ ++ return 0; ++} +-- +1.8.3.1 + diff --git a/SOURCES/0141-man-tc-mirred.8-Reword-man-page-a-bit-add-generic-mi.patch b/SOURCES/0141-man-tc-mirred.8-Reword-man-page-a-bit-add-generic-mi.patch deleted file mode 100644 index a577a52..0000000 --- a/SOURCES/0141-man-tc-mirred.8-Reword-man-page-a-bit-add-generic-mi.patch +++ /dev/null @@ -1,69 +0,0 @@ -From a7a39f89b58da3eb939f7233c23f8eb225826d48 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:51:09 +0200 -Subject: [PATCH] man: tc-mirred.8: Reword man page a bit, add generic mirror - example - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit 26df2953a5c34 - -commit 26df2953a5c34fe03986cbf3466321fd8a3af1c5 -Author: Phil Sutter <phil@nwl.cc> -Date: Tue Mar 22 15:48:35 2016 +0100 - - man: tc-mirred.8: Reword man page a bit, add generic mirror example - - Signed-off-by: Phil Sutter <phil@nwl.cc> - Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> ---- - man/man8/tc-mirred.8 | 26 +++++++++++++++++++------- - 1 file changed, 19 insertions(+), 7 deletions(-) - -diff --git a/man/man8/tc-mirred.8 b/man/man8/tc-mirred.8 -index 52d98bc..bba96e0 100644 ---- a/man/man8/tc-mirred.8 -+++ b/man/man8/tc-mirred.8 -@@ -21,11 +21,9 @@ mirred - mirror/redirect action - .SH DESCRIPTION - The - .B mirred --action allows to redirect or mirror packets to another network interface on the --same system. It is typically used in combination with the --.B ifb --pseudo device to create a shrared instance where QoS happens, but serves well --for debugging or monitoring purposes, too. -+action allows packet mirroring (copying) or redirecting (stealing) the packet it -+receives. Mirroring is what is sometimes referred to as Switch Port Analyzer -+(SPAN) and is commonly used to analyze and/or debug flows. - .SH OPTIONS - .TP - .B ingress -@@ -67,9 +65,23 @@ debugging purposes: - .EE - .RE - --Use an -+Mirror all incoming ICMP packets on eth0 to a dummy interface for examination -+with e.g. tcpdump: -+ -+.RS -+.EX -+# ip link add dummy0 type dummy -+# ip link set dummy0 up -+# tc qdisc add dev eth0 handle ffff: ingress -+# tc filter add dev eth0 parent ffff: protocol ip \\ -+ u32 match ip protocol 1 0xff \\ -+ action mirred egress mirror dev dummy0 -+.EE -+.RE -+ -+Using an - .B ifb --interface to send ingress traffic on eth0 through an instance of -+interface, it is possible to send ingress traffic through an instance of - .BR sfq : - - .RS --- -1.8.3.1 - diff --git a/SOURCES/0142-macsec-show-usage-even-if-the-module-is-not-availabl.patch b/SOURCES/0142-macsec-show-usage-even-if-the-module-is-not-availabl.patch new file mode 100644 index 0000000..03c1cfe --- /dev/null +++ b/SOURCES/0142-macsec-show-usage-even-if-the-module-is-not-availabl.patch @@ -0,0 +1,55 @@ +From 42a4461854ab308ebcebb99df7085e1e896f8fa5 Mon Sep 17 00:00:00 2001 +From: Timothy Redaelli <tredaelli@redhat.com> +Date: Fri, 10 Feb 2017 12:51:09 +0100 +Subject: [PATCH] macsec: show usage even if the module is not available + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1367071 +Upstream Status: iproute2.git commit 688f9aa + +commit 688f9aa4f24ffac148f6b4127602f10a7837d4ba +Author: Sabrina Dubroca <sd@queasysnail.net> +Date: Tue Aug 16 16:26:56 2016 +0200 + + macsec: show usage even if the module is not available + + Currently, the `ip macsec` command tries to initialize a genl context + even when we just want to see the help for the command, which doesn't + require to talk to the kernel at all. + + Delay genl initialization, which can fail if the module isn't loaded, + until the point where we will actually need it. + + Fixes: b26fc590ce62 ("ip: add MACsec support") + Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> + +Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> +--- + ip/ipmacsec.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c +index f05b27a..127fa1e 100644 +--- a/ip/ipmacsec.c ++++ b/ip/ipmacsec.c +@@ -986,15 +986,15 @@ static int do_show(int argc, char **argv) + + int do_ipmacsec(int argc, char **argv) + { +- if (genl_init_handle(&genl_rth, MACSEC_GENL_NAME, &genl_family)) +- exit(1); +- + if (argc < 1) + ipmacsec_usage(); + + if (matches(*argv, "help") == 0) + ipmacsec_usage(); + ++ if (genl_init_handle(&genl_rth, MACSEC_GENL_NAME, &genl_family)) ++ exit(1); ++ + if (matches(*argv, "show") == 0) + return do_show(argc-1, argv+1); + +-- +1.8.3.1 + diff --git a/SOURCES/0142-man-tc-police.8-Emphasize-on-the-two-rate-control-me.patch b/SOURCES/0142-man-tc-police.8-Emphasize-on-the-two-rate-control-me.patch deleted file mode 100644 index 711ace1..0000000 --- a/SOURCES/0142-man-tc-police.8-Emphasize-on-the-two-rate-control-me.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 6bfb1788b2986d5d2dde9bc6dd941234c2076ae5 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:51:09 +0200 -Subject: [PATCH] man: tc-police.8: Emphasize on the two rate control - mechanisms - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit 8409abd59bbc8 - -commit 8409abd59bbc8a79689be25ab3a385c65d1334bd -Author: Phil Sutter <phil@nwl.cc> -Date: Tue Mar 22 15:48:36 2016 +0100 - - man: tc-police.8: Emphasize on the two rate control mechanisms - - As Jamal pointed out, there are two different approaches to bandwidth - measurement. Try to make this clear by separating them in synopsis and - also documenting the way to fine-tune avrate. - - Signed-off-by: Phil Sutter <phil@nwl.cc> - Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> ---- - man/man8/tc-police.8 | 29 +++++++++++++++++++++++++---- - 1 file changed, 25 insertions(+), 4 deletions(-) - -diff --git a/man/man8/tc-police.8 b/man/man8/tc-police.8 -index 2b1537e..5c5a632 100644 ---- a/man/man8/tc-police.8 -+++ b/man/man8/tc-police.8 -@@ -12,13 +12,21 @@ police - policing action - .IR BYTES [\fB/ BYTES "] ] [" - .BI peakrate " RATE" - ] [ --.BI avrate " RATE" --] [ - .BI overhead " BYTES" - ] [ - .BI linklayer " TYPE" - ] [ --.BI conform-exceed " EXCEEDACT\fR[\fB/\fIEXCEEDACT\fR]" -+.IR CONTROL " ]" -+ -+.ti -8 -+.BR tc " ... " filter " ... [ " estimator -+.IR "SAMPLE AVERAGE " ] -+.BR "action police avrate" -+.IR RATE " [ " CONTROL " ]" -+ -+.ti -8 -+.IR CONTROL " :=" -+.BI conform-exceed " EXCEEDACT\fR[\fB/\fIEXCEEDACT" - - .ti -8 - .IR EXCEEDACT " := { " -@@ -27,7 +35,14 @@ police - policing action - The - .B police - action allows to limit bandwidth of traffic matched by the filter it is --attached to. -+attached to. Basically there are two different algorithms available to measure -+the packet rate: The first one uses an internal dual token bucket and is -+configured using the -+.BR rate ", " burst ", " mtu ", " peakrate ", " overhead " and " linklayer -+parameters. The second one uses an in-kernel sampling mechanism. It can be -+fine-tuned using the -+.B estimator -+filter parameter. - .SH OPTIONS - .TP - .BI rate " RATE" -@@ -73,6 +88,12 @@ cell sizes, for - .B ethernet - no action is taken. - .TP -+.BI estimator " SAMPLE AVERAGE" -+Fine-tune the in-kernel packet rate estimator. -+.IR SAMPLE " and " AVERAGE -+are time values and control the frequency in which samples are taken and over -+what timespan an average is built. -+.TP - .BI conform-exceed " EXCEEDACT\fR[\fB/\fIEXCEEDACT\fR]" - Define how to handle packets which exceed (and, if the second - .I EXCEEDACT --- -1.8.3.1 - diff --git a/SOURCES/0143-man-tc-skbedit.8-Elaborate-a-bit-on-TX-queues.patch b/SOURCES/0143-man-tc-skbedit.8-Elaborate-a-bit-on-TX-queues.patch deleted file mode 100644 index 9bfc14f..0000000 --- a/SOURCES/0143-man-tc-skbedit.8-Elaborate-a-bit-on-TX-queues.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 067dc31603717259cfc09b859ffccbe1178553a5 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:51:09 +0200 -Subject: [PATCH] man: tc-skbedit.8: Elaborate a bit on TX queues - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit c73b621cfa480 - -commit c73b621cfa480b039bf09dc732d7e224e14684ba -Author: Phil Sutter <phil@nwl.cc> -Date: Tue Mar 22 15:48:37 2016 +0100 - - man: tc-skbedit.8: Elaborate a bit on TX queues - - Signed-off-by: Phil Sutter <phil@nwl.cc> - Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> ---- - man/man8/tc-skbedit.8 | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/man/man8/tc-skbedit.8 b/man/man8/tc-skbedit.8 -index b585a4d..e690296 100644 ---- a/man/man8/tc-skbedit.8 -+++ b/man/man8/tc-skbedit.8 -@@ -17,6 +17,18 @@ The - action allows to change a packet's associated meta data. It complements the - .B pedit - action, which in turn allows to change parts of the packet data itself. -+ -+The most unique feature of -+.B skbedit -+is it's ability to decide over which queue of an interface with multiple -+transmit queues the packet is to be sent out. The number of available transmit -+queues is reflected by sysfs entries within -+.I /sys/class/net/<interface>/queues -+with name -+.I tx-N -+(where -+.I N -+is the actual queue number). - .SH OPTIONS - .TP - .BI queue_mapping " QUEUE_MAPPING" --- -1.8.3.1 - diff --git a/SOURCES/0143-tc-don-t-accept-qdisc-handle-greater-than-ffff.patch b/SOURCES/0143-tc-don-t-accept-qdisc-handle-greater-than-ffff.patch new file mode 100644 index 0000000..d7d596c --- /dev/null +++ b/SOURCES/0143-tc-don-t-accept-qdisc-handle-greater-than-ffff.patch @@ -0,0 +1,44 @@ +From d97d0e6a5201c5c7d5a2019bd3c3a29b3b78d7d4 Mon Sep 17 00:00:00 2001 +From: Davide Caratti <dcaratti@redhat.com> +Date: Tue, 17 Jan 2017 14:40:44 +0100 +Subject: [PATCH] tc: don't accept qdisc 'handle' greater than ffff + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1375393 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=12376479 +Tested: on local VM (verified error message in case 'handle' is greater than ffff) +Upstream Status: iproute2.git commit 087dec7fcfb1 + +commit 087dec7fcfb18fc4e8a0ec68c9c0a84cb9f03e69 +Author: Davide Caratti <dcaratti@redhat.com> +Date: Fri Sep 16 10:30:00 2016 +0200 + + tc: don't accept qdisc 'handle' greater than ffff + + since get_qdisc_handle() truncates the input value to 16 bit, return an + error and prompt "invalid qdisc ID" in case input 'handle' parameter needs + more than 16 bit to be stored. + + Signed-off-by: Davide Caratti <dcaratti@redhat.com> + Acked-by: Phil Sutter <phil@nwl.cc> + +Signed-off-by: Davide Caratti <dcaratti@redhat.com> +--- + tc/tc_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tc/tc_util.c b/tc/tc_util.c +index 8114c97..df81c46 100644 +--- a/tc/tc_util.c ++++ b/tc/tc_util.c +@@ -48,7 +48,7 @@ int get_qdisc_handle(__u32 *h, const char *str) + if (strcmp(str, "none") == 0) + goto ok; + maj = strtoul(str, &p, 16); +- if (p == str) ++ if (p == str || maj >= (1 << 16)) + return -1; + maj <<= 16; + if (*p != ':' && *p!=0) +-- +1.8.3.1 + diff --git a/SOURCES/0144-ip-address-Support-filtering-by-slave-type-too.patch b/SOURCES/0144-ip-address-Support-filtering-by-slave-type-too.patch new file mode 100644 index 0000000..71c191c --- /dev/null +++ b/SOURCES/0144-ip-address-Support-filtering-by-slave-type-too.patch @@ -0,0 +1,117 @@ +From eff77a8493746b837f0a544cab5bcc87870fe9f6 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 13:38:43 +0100 +Subject: [PATCH] ip-address: Support filtering by slave type, too + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1375434 +Upstream Status: iproute2.git commit e0513807f6dbb +Conflicts: Dropped changes to non-existent print_linkinfo_brief(). + +commit e0513807f6dbbd4631fdbb27f0bd6bbce138e8cd +Author: Phil Sutter <phil@nwl.cc> +Date: Tue Jun 28 15:07:16 2016 +0200 + + ip-address: Support filtering by slave type, too + + This patch allows to query all interfaces enslaved to a bridge or bond + using the following syntax: + + | ip addr show type bridge_slave + + Filtering has to be done in userspace since the kernel does not support + filtering on IFLA_INFO_SLAVE_KIND. + + Functionality introduced in this patch is not fully complete since it + does not allow to match on type and slave type at the same time, but it + doesn't prevent implementing a dedicated slave_type match, either. + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + ip/ipaddress.c | 39 ++++++++++++++++++++++++++------------- + 1 file changed, 26 insertions(+), 13 deletions(-) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index 5f08cde..fe04a28 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -59,6 +59,7 @@ static struct + int group; + int master; + char *kind; ++ char *slave_kind; + } filter; + + static int do_link; +@@ -198,18 +199,27 @@ static void print_linkmode(FILE *f, struct rtattr *tb) + fprintf(f, "mode %s ", link_modes[mode]); + } + +-static char *parse_link_kind(struct rtattr *tb) ++static char *parse_link_kind(struct rtattr *tb, bool slave) + { + struct rtattr *linkinfo[IFLA_INFO_MAX+1]; ++ int attr = slave ? IFLA_INFO_SLAVE_KIND : IFLA_INFO_KIND; + + parse_rtattr_nested(linkinfo, IFLA_INFO_MAX, tb); + +- if (linkinfo[IFLA_INFO_KIND]) +- return RTA_DATA(linkinfo[IFLA_INFO_KIND]); ++ if (linkinfo[attr]) ++ return RTA_DATA(linkinfo[attr]); + + return ""; + } + ++static int match_link_kind(struct rtattr **tb, char *kind, bool slave) ++{ ++ if (!tb[IFLA_LINKINFO]) ++ return -1; ++ ++ return strcmp(parse_link_kind(tb[IFLA_LINKINFO], slave), kind); ++} ++ + static void print_linktype(FILE *fp, struct rtattr *tb) + { + struct rtattr *linkinfo[IFLA_INFO_MAX+1]; +@@ -590,16 +600,11 @@ int print_linkinfo(const struct sockaddr_nl *who, + else if (filter.master > 0) + return -1; + +- if (filter.kind) { +- if (tb[IFLA_LINKINFO]) { +- char *kind = parse_link_kind(tb[IFLA_LINKINFO]); ++ if (filter.kind && match_link_kind(tb, filter.kind, 0)) ++ return -1; + +- if (strcmp(kind, filter.kind)) +- return -1; +- } else { +- return -1; +- } +- } ++ if (filter.slave_kind && match_link_kind(tb, filter.slave_kind, 1)) ++ return -1; + + if (n->nlmsg_type == RTM_DELLINK) + fprintf(fp, "Deleted "); +@@ -1357,8 +1362,16 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) + invarg("Device does not exist\n", *argv); + filter.master = ifindex; + } else if (strcmp(*argv, "type") == 0) { ++ int soff; ++ + NEXT_ARG(); +- filter.kind = *argv; ++ soff = strlen(*argv) - strlen("_slave"); ++ if (!strcmp(*argv + soff, "_slave")) { ++ (*argv)[soff] = '\0'; ++ filter.slave_kind = *argv; ++ } else { ++ filter.kind = *argv; ++ } + } else { + if (strcmp(*argv, "dev") == 0) { + NEXT_ARG(); +-- +1.8.3.1 + diff --git a/SOURCES/0144-man-ship-action-man-pages.patch b/SOURCES/0144-man-ship-action-man-pages.patch deleted file mode 100644 index c79a339..0000000 --- a/SOURCES/0144-man-ship-action-man-pages.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 7a3afbd3a258eb8fad8d4c4fc0d2cc0b4989d09c Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:51:09 +0200 -Subject: [PATCH] man: ship action man pages - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit bcdd39c5880f3 -Conflicts: Only relevant changes applied manually. - -commit bcdd39c5880f39190a63325f1f93e6c9e87c5feb -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 13:11:46 2016 +0100 - - man: ship action man pages - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/Makefile | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/man/man8/Makefile b/man/man8/Makefile -index c60c773..8389fce 100644 ---- a/man/man8/Makefile -+++ b/man/man8/Makefile -@@ -12,7 +12,9 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss. - ip-netns.8 ip-ntable.8 ip-rule.8 ip-tunnel.8 ip-xfrm.8 \ - ip-tcp_metrics.8 ip-netconf.8 ip-token.8 \ - tc-basic.8 tc-cgroup.8 tc-flow.8 tc-fw.8 tc-route.8 \ -- tc-tcindex.8 tc-u32.8 -+ tc-tcindex.8 tc-u32.8 \ -+ tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 \ -+ tc-simple.8 tc-skbedit.8 tc-xt.8 - - all: $(TARGETS) - --- -1.8.3.1 - diff --git a/SOURCES/0145-doc-Add-my-article-about-tc-filters-and-actions.patch b/SOURCES/0145-doc-Add-my-article-about-tc-filters-and-actions.patch deleted file mode 100644 index e4670f8..0000000 --- a/SOURCES/0145-doc-Add-my-article-about-tc-filters-and-actions.patch +++ /dev/null @@ -1,569 +0,0 @@ -From bcccddebc0476f32a4cc725f7f9f20a85c7db47b Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:51:38 +0200 -Subject: [PATCH] doc: Add my article about tc, filters and actions - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit 5f4d27d533917 - -commit 5f4d27d533917ccce4249c1d367aabf606167c47 -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 13:11:47 2016 +0100 - - doc: Add my article about tc, filters and actions - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - doc/Makefile | 2 +- - doc/tc-filters.tex | 529 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 530 insertions(+), 1 deletion(-) - create mode 100644 doc/tc-filters.tex - -diff --git a/doc/Makefile b/doc/Makefile -index b92957e..5e9da17 100644 ---- a/doc/Makefile -+++ b/doc/Makefile -@@ -1,4 +1,4 @@ --PSFILES=ip-cref.ps ip-tunnels.ps api-ip6-flowlabels.ps ss.ps nstat.ps arpd.ps rtstat.ps -+PSFILES=ip-cref.ps ip-tunnels.ps api-ip6-flowlabels.ps ss.ps nstat.ps arpd.ps rtstat.ps tc-filters.ps - # tc-cref.ps - # api-rtnl.tex api-pmtudisc.tex api-news.tex - # iki-netdev.ps iki-neighdst.ps -diff --git a/doc/tc-filters.tex b/doc/tc-filters.tex -new file mode 100644 -index 0000000..59127d6 ---- /dev/null -+++ b/doc/tc-filters.tex -@@ -0,0 +1,529 @@ -+\documentclass[12pt,twoside]{article} -+ -+\usepackage[hidelinks]{hyperref} % \url -+\usepackage{booktabs} % nicer tabulars -+\usepackage{fancyvrb} -+\usepackage{fullpage} -+\usepackage{float} -+ -+\newcommand{\iface}{\textit} -+\newcommand{\cmd}{\texttt} -+\newcommand{\man}{\textit} -+\newcommand{\qdisc}{\texttt} -+\newcommand{\filter}{\texttt} -+ -+\begin{document} -+\title{QoS in Linux with TC and Filters} -+\author{Phil Sutter (phil@nwl.cc)} -+\date{January 2016} -+\maketitle -+ -+TC, the Traffic Control utility, has been there for a very long time - forever -+in my humble perception. It is still (and has ever been if I'm not mistaken) the -+only tool to configure QoS in Linux. -+ -+Standard practice when transmitting packets over a medium which may block (due -+to congestion, e.g.) is to use a queue which temporarily holds these packets. In -+Linux, this queueing approach is where QoS happens: A Queueing Discipline -+(qdisc) holds multiple packet queues with different priorities for dequeueing to -+the network driver. The classification (i.e. deciding which queue a packet -+should go into) is typically done based on Type Of Service (IPv4) or Traffic -+Class (IPv6) header fields but depending on qdisc implementation, might be -+controlled by the user as well. -+ -+Qdiscs come in two flavors, classful or classless. While classless qdiscs are -+not as flexible as classful ones, they also require much less customizing. Often -+it is enough to just attach them to an interface, without exact knowledge of -+what is done internally. Classful qdiscs are the exact opposite: flexible in -+application, they are often not even usable without insightful configuration. -+ -+As the name implies, classful qdiscs provide configurable classes to sort -+traffic into. In it's basic form, this is not much different than, say, the -+classless \qdisc{pfifo\_fast} which holds three queues and classifies per -+packet upon priority field. Though typically classes go beyond that by -+supporting nesting and additional characteristics like e.g. maximum traffic -+rate or quantum. -+ -+When it comes to controlling the classification process, filters come into play. -+They attach to the parent of a set of classes (i.e. either the qdisc itself or -+a parent class) and specify how a packet (or it's associated flow) has to look -+like in order to suit a given class. To overcome this simplification, it is -+possible to attach multiple filters to the same parent, which then consults each -+of them in row until the first one accepts the packet. -+ -+Before getting into detail about what filters there are and how to use them, a -+simple setup of a qdisc with classes is necessary: -+\begin{figure}[H] -+\begin{Verbatim} -+ .-------------------------------------------------------. -+ | | -+ | HTB | -+ | | -+ | .----------------------------------------------------.| -+ | | || -+ | | Class 1:1 || -+ | | || -+ | | .---------------..---------------..---------------.|| -+ | | | || || ||| -+ | | | Class 1:10 || Class 1:20 || Class 1:30 ||| -+ | | | || || ||| -+ | | | .------------.|| .------------.|| .------------.||| -+ | | | | ||| | ||| | |||| -+ | | | | fq_codel ||| | fq_codel ||| | fq_codel |||| -+ | | | | ||| | ||| | |||| -+ | | | '------------'|| '------------'|| '------------'||| -+ | | '---------------''---------------''---------------'|| -+ | '----------------------------------------------------'| -+ '-------------------------------------------------------' -+\end{Verbatim} -+\end{figure} -+\noindent -+The following commands establish the basic setup shown: -+\begin{Verbatim} -+(1) # tc qdisc replace dev eth0 root handle 1: htb default 30 -+(2) # tc class add dev eth0 parent 1: classid 1:1 htb rate 95mbit -+(3) # alias tclass='tc class add dev eth0 parent 1:1' -+(4) # tclass classid 1:10 htb rate 1mbit ceil 20mbit prio 1 -+(4) # tclass classid 1:20 htb rate 90mbit ceil 95mbit prio 2 -+(4) # tclass classid 1:30 htb rate 1mbit ceil 95mbit prio 3 -+(5) # tc qdisc add dev eth0 parent 1:10 fq_codel -+(5) # tc qdisc add dev eth0 parent 1:20 fq_codel -+(5) # tc qdisc add dev eth0 parent 1:30 fq_codel -+\end{Verbatim} -+A little explanation for the unfamiliar reader: -+\begin{enumerate} -+\item Replace the root qdisc of \iface{eth0} by an instance of \qdisc{HTB}. -+ Specifying the handle is necessary so it can be referenced in consecutive -+ calls to \cmd{tc}. The default class for unclassified traffic is set to -+ 30. -+\item Create a single top-level class with handle 1:1 which limits the total -+ bandwidth allowed to 95mbit/s. It is assumed that \iface{eth0} is a 100mbit/s link, -+ staying a little below that helps to keep the main point of enqueueing in -+ the qdisc layer instead of the interface hardware queue or at another -+ bottleneck in the network. -+\item Define an alias for the common part of the remaining three calls in order -+ to improve readability. This means all remaining classes are attached to the -+ common parent class from (2). -+\item Create three child classes for different uses: Class 1:10 has highest -+ priority but is tightly limited in bandwidth - fine for interactive -+ connections. Class 1:20 has mid priority and high guaranteed bandwidth, for -+ high priority bulk traffic. Finally, there's the default class 1:30 with -+ lowest priority, low guaranteed bandwidth and the ability to use the full -+ link in case it's unused otherwise. This should be fine for uninteresting -+ traffic not explicitly taken care of. -+\item Attach a leaf qdisc to each of the child classes created in (4). Since -+ \qdisc{HTB} by default attaches \qdisc{pfifo} as leaf qdisc, this step is optional. Still, -+ the fairness between different flows provided by the classless \qdisc{fq\_codel} is -+ worth the effort. -+\end{enumerate} -+More information about the qdiscs and fine-tuning parameters can be found in -+\man{tc-htb(8)} and \man{tc-fq\_codel(8)}. -+ -+Without any additional setup done, now all traffic leaving \iface{eth0} is shaped to -+95mbit/s and directed through class 1:30. This can be verified by looking at the -+\texttt{Sent} field of the class statistics printed via \cmd{tc -s class show dev eth0}: -+Only the root class 1:1 and it's child 1:30 should show any traffic. -+ -+ -+\section*{Finally time to start filtering!} -+ -+Let's begin with a simple one, i.e. reestablishing what \qdisc{pfifo\_fast} did -+automatically based on TOS/Priority field. Linux internally translates the -+header field into the priority field of struct skbuff, which -+\qdisc{pfifo\_fast} uses for -+classification. \man{tc-prio(8)} contains a table listing the priority (and -+ultimately, \qdisc{pfifo\_fast} queue index) each TOS value is being translated into. -+Here is a shorter version: -+\begin{center} -+\begin{tabular}{lll} -+TOS Values & Linux Priority (Number) & Queue Index \\ -+\midrule -+0x0 - 0x6 & Best Effort (0) & 1 \\ -+0x8 - 0xe & Bulk (2) & 2 \\ -+0x10 - 0x16 & Interactive (6) & 0 \\ -+0x18 - 0x1e & Interactive Bulk (4) & 1 \\ -+\end{tabular} -+\end{center} -+Using the \filter{basic} filter, it is possible to match packets based on that skbuff -+field, which has the added benefit of being IP version agnostic. Since the -+\qdisc{HTB} setup above defaults to class ID 1:30, the Bulk priority can be -+ignored. The \filter{basic} filter allows to combine matches, therefore we get along -+with only two filters: -+\begin{Verbatim} -+# tc filter add dev eth0 parent 1: basic \ -+ match 'meta(priority eq 6)' classid 1:10 -+# tc filter add dev eth0 parent 1: basic \ -+ match 'meta(priority eq 0)' \ -+ or 'meta(priority eq 4)' classid 1:20 -+\end{Verbatim} -+A detailed description of the \filter{basic} filter and the ematch syntax it uses can be -+found in \man{tc-basic(8)} and \man{tc-ematch(8)}. -+ -+Obviously, this first example cries for optimization. A simple one would be to -+just change the default class from 1:30 to 1:20, so filters are only needed for -+Bulk and Interactive priorities: -+\begin{Verbatim} -+# tc filter add dev eth0 parent 1: basic \ -+ match 'meta(priority eq 6)' classid 1:10 -+# tc filter add dev eth0 parent 1: basic \ -+ match 'meta(priority eq 2)' classid 1:20 -+\end{Verbatim} -+Given that class IDs are random, choosing them wisely allows for a direct -+mapping. So first, recreate the qdisc and classes configuration: -+\begin{Verbatim} -+# tc qdisc replace dev eth0 root handle 1: htb default 10 -+# tc class add dev eth0 parent 1: classid 1:1 htb rate 95mbit -+# alias tclass='tc class add dev eth0 parent 1:1' -+# tclass classid 1:16 htb rate 1mbit ceil 20mbit prio 1 -+# tclass classid 1:10 htb rate 90mbit ceil 95mbit prio 2 -+# tclass classid 1:12 htb rate 1mbit ceil 95mbit prio 3 -+# tc qdisc add dev eth0 parent 1:16 fq_codel -+# tc qdisc add dev eth0 parent 1:10 fq_codel -+# tc qdisc add dev eth0 parent 1:12 fq_codel -+\end{Verbatim} -+This is basically identical to above, but with changed leaf class IDs and the -+second priority class being the default. Using the \filter{flow} filter with it's \texttt{map} -+functionality, a single filter command is enough: -+\begin{Verbatim} -+# tc filter add dev eth0 parent 1: handle 0x1337 flow \ -+ map key priority baseclass 1:10 -+\end{Verbatim} -+The \filter{flow} filter now uses the priority value to construct a destination class ID -+by adding it to the value of \texttt{baseclass}. While this works for priority values of -+0, 2 and 6, it will result in non-existent class ID 1:14 for Interactive Bulk -+traffic. In that case, the \qdisc{HTB} default applies so that traffic goes into class -+ID 1:10 just as intended. Please note that specifying a handle is a mandatory -+requirement by the \filter{flow} filter, although I didn't see where one would use that -+later. For more information about \filter{flow}, see \man{tc-flow(8)}. -+ -+While \filter{flow} and \filter{basic} filters are relatively easy to apply and understand, they -+are as well quite limited to their intended purpose. A more flexible option is -+the \filter{u32} filter, which allows to match on arbitrary parts of the packet data - -+yet only on that, not any meta data associated to it by the kernel (with the -+exception of firewall mark value). So in order to continue this little -+exercise with \filter{u32}, we have to base classification directly upon the actual TOS -+value. An intuitive attempt might look like this: -+\begin{Verbatim} -+# alias tcfilter='tc filter add dev eth0 parent 1:' -+# tcfilter u32 match ip dsfield 0x10 0x1e classid 1:16 -+# tcfilter u32 match ip dsfield 0x12 0x1e classid 1:16 -+# tcfilter u32 match ip dsfield 0x14 0x1e classid 1:16 -+# tcfilter u32 match ip dsfield 0x16 0x1e classid 1:16 -+# tcfilter u32 match ip dsfield 0x8 0x1e classid 1:12 -+# tcfilter u32 match ip dsfield 0xa 0x1e classid 1:12 -+# tcfilter u32 match ip dsfield 0xc 0x1e classid 1:12 -+# tcfilter u32 match ip dsfield 0xe 0x1e classid 1:12 -+\end{Verbatim} -+The obvious drawback here is the amount of filters needed. And without the -+default class, eight more filters would be necessary. This also has performance -+implications: A packet with TOS value 0xe will be checked eight times in total -+in order to determine it's destination class. While there's not much to be done -+about the number of filters, at least the performance problem can be eliminated -+by using \filter{u32}'s hash table support: -+\begin{Verbatim} -+# tc filter add dev eth0 parent 1: prio 99 handle 1: u32 divisor 16 -+\end{Verbatim} -+This creates a hash table with 16 buckets. The table size is arbitrary, but not -+random: Since the first bit of the TOS field is not interesting, it can be -+ignored and therefore the range of values to consider is just [0;15], i.e. a -+number of 16 different values. The next step is to populate the hash table: -+\begin{Verbatim} -+# alias tcfilter='tc filter add dev eth0 parent 1: prio 99' -+# tcfilter u32 match u8 0 0 ht 1:0: classid 1:16 -+# tcfilter u32 match u8 0 0 ht 1:1: classid 1:16 -+# tcfilter u32 match u8 0 0 ht 1:2: classid 1:16 -+# tcfilter u32 match u8 0 0 ht 1:3: classid 1:16 -+# tcfilter u32 match u8 0 0 ht 1:4: classid 1:12 -+# tcfilter u32 match u8 0 0 ht 1:5: classid 1:12 -+# tcfilter u32 match u8 0 0 ht 1:6: classid 1:12 -+# tcfilter u32 match u8 0 0 ht 1:7: classid 1:12 -+# tcfilter u32 match u8 0 0 ht 1:8: classid 1:16 -+# tcfilter u32 match u8 0 0 ht 1:9: classid 1:16 -+# tcfilter u32 match u8 0 0 ht 1:a: classid 1:16 -+# tcfilter u32 match u8 0 0 ht 1:b: classid 1:16 -+# tcfilter u32 match u8 0 0 ht 1:c: classid 1:10 -+# tcfilter u32 match u8 0 0 ht 1:d: classid 1:10 -+# tcfilter u32 match u8 0 0 ht 1:e: classid 1:10 -+# tcfilter u32 match u8 0 0 ht 1:f: classid 1:10 -+\end{Verbatim} -+The parameter \texttt{ht} denotes the hash table and bucket the filter should be added -+to. Since the first TOS bit is ignored, it's value has to be divided by two in -+order to get to the bucket it maps to. E.g. a TOS value of 0x10 will therefore -+map to bucket 0x8. For the sake of completeness, all possible values are mapped -+and therefore a configurable default class is not required. Note that the used -+match expression is not necessary, but mandatory. Therefore anything that -+matches any packet will suffice. Finally, a filter which links to the defined -+hash table is needed: -+\begin{Verbatim} -+# tc filter add dev eth0 parent 1: prio 1 protocol ip u32 \ -+ link 1: hashkey mask 0x001e0000 match u8 0 0 -+\end{Verbatim} -+Here again, the actual match statement is not necessary, but syntactically -+required. All the magic lies within the \texttt{hashkey} parameter, which defines which -+part of the packet should be used directly as hash key. Here's a drawing of the -+first four bytes of the IPv4 header, with the area selected by \texttt{hashkey mask} -+highlighted: -+\begin{figure}[H] -+\begin{Verbatim} -+ 0 1 2 3 -+ .-----------------------------------------------------------------. -+ | | | ######## | | | -+ | Version| IHL | #DSCP### | ECN| Total Length | -+ | | | ######## | | | -+ '-----------------------------------------------------------------' -+\end{Verbatim} -+\end{figure} -+\noindent -+This may look confusing at first, but keep in mind that bit- as well as -+byte-ordering here is LSB while the mask value is written in MSB we humans use. -+Therefore reading the mask is done like so, starting from left: -+\begin{enumerate} -+\item Skip the first byte (which contains Version and IHL fields). -+\item Skip the lowest bit of the second byte (0x1e is even). -+\item Mark the four following bits (0x1e is 11110 in binary). -+\item Skip the remaining three bits of the second byte as well as the remaining two -+ bytes. -+\end{enumerate} -+Before doing the lookup, the kernel right-shifts the masked value by the amount -+of zero-bits in \texttt{mask}, which implicitly also does the division by two which the -+hash table depends on. With this setup, every packet has to pass exactly two -+filters to be classified. Note that this filter is limited to IPv4 packets: Due -+to the related Traffic Class field being at a different offset in the packet, it -+would not work for IPv6. To use the same setup for IPv6 as well, a second -+entry-level filter is necessary: -+\begin{Verbatim} -+# tc filter add dev eth0 parent 1: prio 2 protocol ipv6 u32 \ -+ link 1: hashkey mask 0x01e00000 match u8 0 0 -+\end{Verbatim} -+For illustration purposes, here again is a drawing of the first four bytes of -+the IPv6 header, again with masked area highlighted: -+\begin{figure}[H] -+\begin{Verbatim} -+ 0 1 2 3 -+ .-----------------------------------------------------------------. -+ | | ######## | | -+ | Version| #Traffic Class| Flow Label | -+ | | ######## | | -+ '-----------------------------------------------------------------' -+\end{Verbatim} -+\end{figure} -+\noindent -+Reading the mask value is analogous to IPv4 with the added complexity that -+Traffic Class spans over two bytes. Yet, for comparison there's a simple trick: -+IPv6 has the interesting field shifted by four bits to the left, and the new -+mask's value is shifted by the same amount. For further information about -+\filter{u32} and what can be done with it, consult it's man page -+\man{tc-u32(8)}. -+ -+Of course, the kernel provides many more filters than just \filter{basic}, -+\filter{flow} and \filter{u32} which have been presented above. As of now, the -+remaining ones are: -+\begin{description} -+\item[bpf] -+ Filtering using Berkeley Packet Filter programs. The program's return -+ code determines the packet's destination class ID. -+ -+\item[cgroup] -+ Filter packets based on control groups. This is only useful for packets -+ originating from the local host, as control groups only exist in that -+ scope. -+ -+\item[flower] -+ An extended variant of the flow filter. -+ -+\item[fw] -+ Matches on firewall mark values previously assigned to the packet by -+ netfilter (or a filter action, see below for details). This allows to -+ export the classification algorithm into netfilter, which is very -+ convenient if appropriate rules exist on the same system in there -+ already. -+ -+\item[route] -+ Filter packets based on matching routing table entry. Basically -+ equivalent to the \texttt{fw} filter above, to make use of an already existing -+ extensive routing table setup. -+ -+\item[rsvp, rsvp6] -+ Implementation of the Resource Reservation Protocol in Linux, to react -+ upon requests sent by an RSVP daemon. -+ -+\item[tcindex] -+ Match packets based on tcindex value, which is usually set by the dsmark -+ qdisc. This is part of an approach to support Differentiated Services in -+ Linux, which is another topic on it's own. -+\end{description} -+ -+ -+\section*{Filter Actions} -+ -+The tc filter framework provides the infrastructure to another extensible set of -+tools as well, namely tc actions. As the name suggests, they allow to do things -+with packets (or associated data). (The list of) Actions are part of a given -+filter. If it matches, each action it contains is executed in order before -+returning the classification result. Since the action has direct access to the -+latter, it is in theory possible for an action to react upon or even change the -+filtering result - as long as the packet matched, of course. Yet none of the -+currently in-tree actions make use of this. -+ -+The Generic Actions framework originally evolved out of the filters' ability to -+police traffic to a given maximum bandwidth. One common use case for that is to -+limit ingress traffic, dropping packets which exceed the threshold. A classic -+setup example is like so: -+\begin{Verbatim} -+# tc qdisc add dev eth0 handle ffff: ingress -+# tc filter add dev eth0 parent ffff: u32 \ -+ match u32 0 0 -+ police rate 1mbit burst 100k -+\end{Verbatim} -+The ingress qdisc is not a real one, but merely a point of reference for filters -+to attach to which should get applied to incoming traffic. The \filter{u32} filter added -+above matches on any packet and therefore limits the total incoming bandwidth to -+1mbit/s, allowing bursts of up to 100kbytes. Using the new syntax, the filter -+command changes slightly: -+\begin{Verbatim} -+# tc filter add dev eth0 parent ffff: u32 \ -+ match u32 0 0 \ -+ action police rate 1mbit burst 100k -+\end{Verbatim} -+The important detail is that this syntax allows to define multiple actions. -+E.g. for testing purposes, it is possible to redirect exceeding traffic to the -+loopback interface instead of dropping it: -+\begin{Verbatim} -+# tc filter add dev eth0 parent ffff: u32 \ -+ match u32 0 0 \ -+ action police rate 1mbit burst 100k conform-exceed pipe \ -+ action mirred egress redirect dev lo -+\end{Verbatim} -+The added parameter \texttt{conform-exceed pipe} tells the police action to allow for -+further actions to handle the exceeding packet. -+ -+Apart from \texttt{police} and \texttt{mirred} actions, there are a few more. Here's a full -+list of the currently implemented ones: -+\begin{description} -+\item[bpf] -+ Apply a Berkeley Packet Filter program to the packet. -+ -+\item[connmark] -+ Set the packet's firewall mark to that of it's connection. This works by -+ searching the conntrack table for a matching entry. If found, the mark -+ is restored. -+ -+\item[csum] -+ Trigger recalculation of packet checksums. The supported protocols are: -+ IPv4, ICMP, IGMP, TCP, UDP and UDPLite. -+ -+\item[ipt] -+ Pass the packet to an iptables target. This allows to use iptables -+ extensions directly instead of having to go the extra mile via setting -+ an arbitrary firewall mark and matching on that from within netfilter. -+ -+\item[mirred] -+ Mirror or redirect packets. This is often combined with the ifb pseudo -+ device to share a common QoS setup between multiple interfaces or even -+ ingress traffic. -+ -+\item[nat] -+ Perform stateless Native Address Translation. This is certainly not -+ complete and therefore inferior to NAT using iptables: Although the -+ kernel module decides between TCP, UDP and ICMP traffic, it does not -+ handle typical problematic protocols such as active FTP or SIP. -+ -+\item[pedit] -+ Generic packet editing. This allows to alter arbitrary bytes of the -+ packet, either by specifying an offset into the packet or by naming a -+ packet header and field name to change. Currently, the latter is -+ implemented only for IPv4 yet. -+ -+\item[police] -+ Apply a bandwidth rate limiting policy. Packets exceeding it are dropped -+ by default, but may optionally be handled differently. -+ -+\item[simple] -+ This is rather an example than real action. All it does is print a -+ user-defined string together with a packet counter. Useful maybe for -+ debugging when filter statistics are not available or too complicated. -+ -+\item[skbedit] -+ Edit associated packet data, supports changing queue mapping, priority -+ field and firewall mark value. -+ -+\item[vlan] -+ Add/remove a VLAN header to/from the packet. This might serve as -+ alternative to using 802.1Q pseudo-interfaces in combination with -+ routing rules when e.g. packets for a given destination need to be -+ encapsulated. -+\end{description} -+ -+ -+\section*{Intermediate Functional Block} -+ -+The Intermediate Functional Block (\texttt{ifb}) pseudo network interface acts as a QoS -+concentrator for multiple different sources of traffic. Packets from or to other -+interfaces have to be redirected to it using the \texttt{mirred} action in order to be -+handled, regularly routed traffic will be dropped. This way, a single stack of -+qdiscs, classes and filters can be shared between multiple interfaces. -+ -+Here's a simple example to feed incoming traffic from multiple interfaces -+through a Stochastic Fairness Queue (\qdisc{sfq}): -+\begin{Verbatim} -+(1) # modprobe ifb -+(2) # ip link set ifb0 up -+(3) # tc qdisc add dev ifb0 root sfq -+\end{Verbatim} -+The first step is to load the \texttt{ifb} kernel module (1). By default, this will -+create two ifb devices: \iface{ifb0} and \iface{ifb1}. After setting -+\iface{ifb0} up in (2), the root -+qdisc is replaced by \qdisc{sfq} in (3). Finally, one can start redirecting ingress -+traffic to \iface{ifb0}, e.g. from \iface{eth0}: -+\begin{Verbatim} -+# tc qdisc add dev eth0 handle ffff: ingress -+# tc filter add dev eth0 parent ffff: u32 \ -+ match u32 0 0 \ -+ action mirred egress redirect dev ifb0 -+\end{Verbatim} -+The same can be done for other interfaces, just replacing \iface{eth0} in the two -+commands above. One thing to keep in mind here is the asymmetrical routing this -+creates within the host doing the QoS: Incoming packets enter the system via -+\iface{ifb0}, while corresponding replies leave directly via \iface{eth0}. This can be observed -+using \cmd{tcpdump} on \iface{ifb0}, which shows the input part of the traffic only. What's -+more confusing is that \cmd{tcpdump} on \iface{eth0} shows both incoming and outgoing traffic, -+but the redirection is still effective - a simple prove is setting -+\iface{ifb0} down, -+which will interrupt the communication. Obviously \cmd{tcpdump} catches the packets to -+dump before they enter the ingress qdisc, which is why it sees them while the -+kernel itself doesn't. -+ -+ -+\section*{Conclusion} -+ -+My personal impression is that although the \cmd{tc} utility is an absolute -+necessity for anyone aiming at doing QoS in Linux professionally, there are way -+too many loose ends and trip wires present in it's environment. Contributing to -+this is the fact, that much of the non-essential functionality is redundantly -+available in netfilter. Another problem which adds weight to the first one is a -+general lack of documentation. Of course, there are many HOWTOs and guides in -+the internet, but since it's often not clear how up to date these are, I prefer -+the usual resources such as man or info pages. Surely nothing one couldn't fix -+in hindsight, but quality certainly suffers if the original author of the code -+does not or can not contribute to that. -+ -+All that being said, once the steep learning curve has been mastered, the -+conglomerate of (classful) qdiscs, filters and actions provides a highly -+sophisticated and flexible infrastructure to perform QoS, which plays nicely -+along with routing and firewalling setups. -+ -+ -+\section*{Further Reading} -+ -+A good starting point for novice users and experienced ones diving into unknown -+areas is the extensive HOWTO at \url{http://lartc.org}. The iproute2 package ships -+some examples (usually in /usr/share/doc/, depending on distribution) as well as -+man pages for \cmd{tc} in general, qdiscs and filters. The latter have been added -+just recently though, so if your distribution does not ship iproute2 version -+4.3.0 yet, these are not in there. Apart from that, the internet is a spring of -+HOWTOs and scripts people wrote - though these should be taken with a grain of -+salt: The complexity of the matter often leads to copying others' solutions -+without much validation, which allows for less optimal or even obsolete -+implementations to survive much longer than desired. -+ -+\end{document} --- -1.8.3.1 - diff --git a/SOURCES/0145-man-ss.8-Add-missing-protocols-to-description-of-A.patch b/SOURCES/0145-man-ss.8-Add-missing-protocols-to-description-of-A.patch new file mode 100644 index 0000000..726fc68 --- /dev/null +++ b/SOURCES/0145-man-ss.8-Add-missing-protocols-to-description-of-A.patch @@ -0,0 +1,37 @@ +From 08d8450413afec2eb9772293dbe9951b1704931a Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Fri, 17 Mar 2017 16:51:07 +0100 +Subject: [PATCH] man: ss.8: Add missing protocols to description of -A + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1063934 +Upstream Status: iproute2.git commit 32b1a12713a95 + +commit 32b1a12713a95794159630d5cf67ee86d11161d9 +Author: Phil Sutter <phil@nwl.cc> +Date: Thu Mar 9 17:07:33 2017 +0100 + + man: ss.8: Add missing protocols to description of -A + + The list was missing dccp and sctp protocols. + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + man/man8/ss.8 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/man8/ss.8 b/man/man8/ss.8 +index b02a68c..c955a1d 100644 +--- a/man/man8/ss.8 ++++ b/man/man8/ss.8 +@@ -124,7 +124,7 @@ Currently the following families are supported: unix, inet, inet6, link, netlink + .B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY + List of socket tables to dump, separated by commas. The following identifiers + are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, +-unix_stream, unix_seqpacket, packet_raw, packet_dgram. ++unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp. + .TP + .B \-D FILE, \-\-diag=FILE + Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used. +-- +1.8.3.1 + diff --git a/SOURCES/0146-doc-tc-filters.tex-Drop-overly-subjective-paragraphs.patch b/SOURCES/0146-doc-tc-filters.tex-Drop-overly-subjective-paragraphs.patch deleted file mode 100644 index b5a9e0c..0000000 --- a/SOURCES/0146-doc-tc-filters.tex-Drop-overly-subjective-paragraphs.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 099c84e5b772f0fc5ec2f0176e74330a4e4ec0cb Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 30 Mar 2016 16:51:38 +0200 -Subject: [PATCH] doc/tc-filters.tex: Drop overly subjective paragraphs - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1275426 -Upstream Status: iproute2.git commit edf35b88248f6 - -commit edf35b88248f667c0b4f1502ccd35ce423d12451 -Author: Phil Sutter <phil@nwl.cc> -Date: Tue Mar 22 15:48:32 2016 +0100 - - doc/tc-filters.tex: Drop overly subjective paragraphs - - Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com> - Signed-off-by: Phil Sutter <phil@nwl.cc> - Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> ---- - doc/tc-filters.tex | 23 ++++------------------- - 1 file changed, 4 insertions(+), 19 deletions(-) - -diff --git a/doc/tc-filters.tex b/doc/tc-filters.tex -index 59127d6..54cc0c9 100644 ---- a/doc/tc-filters.tex -+++ b/doc/tc-filters.tex -@@ -18,10 +18,6 @@ - \date{January 2016} - \maketitle - --TC, the Traffic Control utility, has been there for a very long time - forever --in my humble perception. It is still (and has ever been if I'm not mistaken) the --only tool to configure QoS in Linux. -- - Standard practice when transmitting packets over a medium which may block (due - to congestion, e.g.) is to use a queue which temporarily holds these packets. In - Linux, this queueing approach is where QoS happens: A Queueing Discipline -@@ -496,21 +492,10 @@ kernel itself doesn't. - - \section*{Conclusion} - --My personal impression is that although the \cmd{tc} utility is an absolute --necessity for anyone aiming at doing QoS in Linux professionally, there are way --too many loose ends and trip wires present in it's environment. Contributing to --this is the fact, that much of the non-essential functionality is redundantly --available in netfilter. Another problem which adds weight to the first one is a --general lack of documentation. Of course, there are many HOWTOs and guides in --the internet, but since it's often not clear how up to date these are, I prefer --the usual resources such as man or info pages. Surely nothing one couldn't fix --in hindsight, but quality certainly suffers if the original author of the code --does not or can not contribute to that. -- --All that being said, once the steep learning curve has been mastered, the --conglomerate of (classful) qdiscs, filters and actions provides a highly --sophisticated and flexible infrastructure to perform QoS, which plays nicely --along with routing and firewalling setups. -+Once the steep learning curve has been mastered, the conglomerate of (classful) -+qdiscs, filters and actions provides a highly sophisticated and flexible -+infrastructure to perform QoS, which plays nicely along with routing and -+firewalling setups. - - - \section*{Further Reading} --- -1.8.3.1 - diff --git a/SOURCES/0146-xfrm-add-support-of-ESN-and-anti-replay-window.patch b/SOURCES/0146-xfrm-add-support-of-ESN-and-anti-replay-window.patch new file mode 100644 index 0000000..0b8e4d9 --- /dev/null +++ b/SOURCES/0146-xfrm-add-support-of-ESN-and-anti-replay-window.patch @@ -0,0 +1,221 @@ +From 438595db1cfbb23a85f68d2a573a9f35083bc3ee Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Mon, 27 Mar 2017 13:11:34 +0200 +Subject: [PATCH] xfrm: add support of ESN and anti-replay window + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1425059 +Upstream Status: iproute2.git commit 0151b56d10296 + +commit 0151b56d102961c1418aea3ee53428d4ca2669c9 +Author: dingzhi <zhi.ding@6wind.com> +Date: Mon Oct 20 11:23:04 2014 +0200 + + xfrm: add support of ESN and anti-replay window + + This patch allows to configure ESN and anti-replay window. + + Signed-off-by: dingzhi <zhi.ding@6wind.com> + Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com> + Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> +--- + ip/ipxfrm.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + ip/xfrm_state.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++------- + 2 files changed, 109 insertions(+), 7 deletions(-) + +diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c +index 899ec9d..fd3e645 100644 +--- a/ip/ipxfrm.c ++++ b/ip/ipxfrm.c +@@ -795,6 +795,62 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, + fprintf(fp, "%s", _SL_); + } + ++ if (tb[XFRMA_REPLAY_VAL]) { ++ struct xfrm_replay_state *replay; ++ ++ if (prefix) ++ fputs(prefix, fp); ++ fprintf(fp, "anti-replay context: "); ++ ++ if (RTA_PAYLOAD(tb[XFRMA_REPLAY_VAL]) < sizeof(*replay)) { ++ fprintf(fp, "(ERROR truncated)"); ++ fprintf(fp, "%s", _SL_); ++ return; ++ } ++ ++ replay = (struct xfrm_replay_state *)RTA_DATA(tb[XFRMA_REPLAY_VAL]); ++ fprintf(fp, "seq 0x%x, oseq 0x%x, bitmap 0x%08x", ++ replay->seq, replay->oseq, replay->bitmap); ++ fprintf(fp, "%s", _SL_); ++ } ++ ++ if (tb[XFRMA_REPLAY_ESN_VAL]) { ++ struct xfrm_replay_state_esn *replay; ++ unsigned int i, j; ++ ++ if (prefix) ++ fputs(prefix, fp); ++ fprintf(fp, "anti-replay esn context:"); ++ ++ if (RTA_PAYLOAD(tb[XFRMA_REPLAY_ESN_VAL]) < sizeof(*replay)) { ++ fprintf(fp, "(ERROR truncated)"); ++ fprintf(fp, "%s", _SL_); ++ return; ++ } ++ fprintf(fp, "%s", _SL_); ++ ++ replay = (struct xfrm_replay_state_esn *)RTA_DATA(tb[XFRMA_REPLAY_ESN_VAL]); ++ if (prefix) ++ fputs(prefix, fp); ++ fprintf(fp, " seq-hi 0x%x, seq 0x%x, oseq-hi 0x%0x, oseq 0x%0x", ++ replay->seq_hi, replay->seq, replay->oseq_hi, ++ replay->oseq); ++ fprintf(fp, "%s", _SL_); ++ if (prefix) ++ fputs(prefix, fp); ++ fprintf(fp, " replay_window %u, bitmap-length %u", ++ replay->replay_window, replay->bmp_len); ++ for (i = replay->bmp_len, j = 0; i; i--) { ++ if (j++ % 8 == 0) { ++ fprintf(fp, "%s", _SL_); ++ if (prefix) ++ fputs(prefix, fp); ++ fprintf(fp, " "); ++ } ++ fprintf(fp, "%08x ", replay->bmp[i - 1]); ++ } ++ fprintf(fp, "%s", _SL_); ++ } + } + + static int xfrm_selector_iszero(struct xfrm_selector *s) +@@ -838,6 +894,7 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo, + XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_ICMP, "icmp"); + XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_AF_UNSPEC, "af-unspec"); + XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_ALIGN4, "align4"); ++ XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_ESN, "esn"); + if (flags) + fprintf(fp, "%x", flags); + } +diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c +index 4dfddbc..d01f8ad 100644 +--- a/ip/xfrm_state.c ++++ b/ip/xfrm_state.c +@@ -59,6 +59,7 @@ static void usage(void) + fprintf(stderr, "Usage: ip xfrm state { add | update } ID [ ALGO-LIST ] [ mode MODE ]\n"); + fprintf(stderr, " [ mark MARK [ mask MASK ] ] [ reqid REQID ] [ seq SEQ ]\n"); + fprintf(stderr, " [ replay-window SIZE ] [ replay-seq SEQ ] [ replay-oseq SEQ ]\n"); ++ fprintf(stderr, " [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]\n"); + fprintf(stderr, " [ flag FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ] [ encap ENCAP ]\n"); + fprintf(stderr, " [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n"); + fprintf(stderr, "Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n"); +@@ -88,7 +89,7 @@ static void usage(void) + fprintf(stderr, " ALGO-NAME\n"); + fprintf(stderr, "MODE := transport | tunnel | beet | ro | in_trigger\n"); + fprintf(stderr, "FLAG-LIST := [ FLAG-LIST ] FLAG\n"); +- fprintf(stderr, "FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | af-unspec | align4\n"); ++ fprintf(stderr, "FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | af-unspec | align4 | esn\n"); + fprintf(stderr, "EXTRA-FLAG-LIST := [ EXTRA-FLAG-LIST ] EXTRA-FLAG\n"); + fprintf(stderr, "EXTRA-FLAG := dont-encap-dscp\n"); + fprintf(stderr, "SELECTOR := [ src ADDR[/PLEN] ] [ dst ADDR[/PLEN] ] [ dev DEV ] [ UPSPEC ]\n"); +@@ -213,6 +214,8 @@ static int xfrm_state_flag_parse(__u8 *flags, int *argcp, char ***argvp) + *flags |= XFRM_STATE_AF_UNSPEC; + else if (strcmp(*argv, "align4") == 0) + *flags |= XFRM_STATE_ALIGN4; ++ else if (strcmp(*argv, "esn") == 0) ++ *flags |= XFRM_STATE_ESN; + else { + PREV_ARG(); /* back track */ + break; +@@ -272,6 +275,9 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv) + char buf[RTA_BUF_SIZE]; + } req; + struct xfrm_replay_state replay; ++ struct xfrm_replay_state_esn replay_esn; ++ __u32 replay_window = 0; ++ __u32 seq = 0, oseq = 0, seq_hi = 0, oseq_hi = 0; + char *idp = NULL; + char *aeadop = NULL; + char *ealgop = NULL; +@@ -288,6 +294,7 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv) + + memset(&req, 0, sizeof(req)); + memset(&replay, 0, sizeof(replay)); ++ memset(&replay_esn, 0, sizeof(replay_esn)); + memset(&ctx, 0, sizeof(ctx)); + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsinfo)); +@@ -314,16 +321,24 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv) + xfrm_seq_parse(&req.xsinfo.seq, &argc, &argv); + } else if (strcmp(*argv, "replay-window") == 0) { + NEXT_ARG(); +- if (get_u8(&req.xsinfo.replay_window, *argv, 0)) ++ if (get_u32(&replay_window, *argv, 0)) + invarg("value after \"replay-window\" is invalid", *argv); + } else if (strcmp(*argv, "replay-seq") == 0) { + NEXT_ARG(); +- if (get_u32(&replay.seq, *argv, 0)) ++ if (get_u32(&seq, *argv, 0)) + invarg("value after \"replay-seq\" is invalid", *argv); ++ } else if (strcmp(*argv, "replay-seq-hi") == 0) { ++ NEXT_ARG(); ++ if (get_u32(&seq_hi, *argv, 0)) ++ invarg("value after \"replay-seq-hi\" is invalid", *argv); + } else if (strcmp(*argv, "replay-oseq") == 0) { + NEXT_ARG(); +- if (get_u32(&replay.oseq, *argv, 0)) ++ if (get_u32(&oseq, *argv, 0)) + invarg("value after \"replay-oseq\" is invalid", *argv); ++ } else if (strcmp(*argv, "replay-oseq-hi") == 0) { ++ NEXT_ARG(); ++ if (get_u32(&oseq_hi, *argv, 0)) ++ invarg("value after \"replay-oseq-hi\" is invalid", *argv); + } else if (strcmp(*argv, "flag") == 0) { + NEXT_ARG(); + xfrm_state_flag_parse(&req.xsinfo.flags, &argc, &argv); +@@ -511,9 +526,39 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv) + argc--; argv++; + } + +- if (replay.seq || replay.oseq) +- addattr_l(&req.n, sizeof(req.buf), XFRMA_REPLAY_VAL, +- (void *)&replay, sizeof(replay)); ++ if (req.xsinfo.flags & XFRM_STATE_ESN && ++ replay_window == 0) { ++ fprintf(stderr, "Error: esn flag set without replay-window.\n"); ++ exit(-1); ++ } ++ ++ if (replay_window > XFRMA_REPLAY_ESN_MAX) { ++ fprintf(stderr, ++ "Error: replay-window (%u) > XFRMA_REPLAY_ESN_MAX (%u).\n", ++ replay_window, XFRMA_REPLAY_ESN_MAX); ++ exit(-1); ++ } ++ ++ if (req.xsinfo.flags & XFRM_STATE_ESN || ++ replay_window > (sizeof(replay.bitmap) * 8)) { ++ replay_esn.seq = seq; ++ replay_esn.oseq = oseq; ++ replay_esn.seq_hi = seq_hi; ++ replay_esn.oseq_hi = oseq_hi; ++ replay_esn.replay_window = replay_window; ++ replay_esn.bmp_len = (replay_window + sizeof(__u32) * 8 - 1) / ++ (sizeof(__u32) * 8); ++ addattr_l(&req.n, sizeof(req.buf), XFRMA_REPLAY_ESN_VAL, ++ &replay_esn, sizeof(replay_esn)); ++ } else { ++ if (seq || oseq) { ++ replay.seq = seq; ++ replay.oseq = oseq; ++ addattr_l(&req.n, sizeof(req.buf), XFRMA_REPLAY_VAL, ++ &replay, sizeof(replay)); ++ } ++ req.xsinfo.replay_window = replay_window; ++ } + + if (extra_flags) + addattr32(&req.n, sizeof(req.buf), XFRMA_SA_EXTRA_FLAGS, +-- +1.8.3.1 + diff --git a/SOURCES/0147-man-update-doc-after-support-of-ESN-and-anti-replay-.patch b/SOURCES/0147-man-update-doc-after-support-of-ESN-and-anti-replay-.patch new file mode 100644 index 0000000..6991465 --- /dev/null +++ b/SOURCES/0147-man-update-doc-after-support-of-ESN-and-anti-replay-.patch @@ -0,0 +1,56 @@ +From ef6fe92876cf6b9a572457896bb8c420a0cceba4 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Mon, 27 Mar 2017 13:11:34 +0200 +Subject: [PATCH] man: update doc after support of ESN and anti-replay window + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1425059 +Upstream Status: iproute2.git commit eeb669a7403cb + +commit eeb669a7403cbca859070aaed6f1a55131d75627 +Author: Nicolas Dichtel <nicolas.dichtel@6wind.com> +Date: Thu Oct 30 01:18:48 2014 -0700 + + man: update doc after support of ESN and anti-replay window + + Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> +--- + man/man8/ip-xfrm.8 | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 +index aa04804..11f7104 100644 +--- a/man/man8/ip-xfrm.8 ++++ b/man/man8/ip-xfrm.8 +@@ -43,6 +43,10 @@ ip-xfrm \- transform configuration + .IR SEQ " ]" + .RB "[ " replay-oseq + .IR SEQ " ]" ++.RB "[ " replay-seq-hi ++.IR SEQ " ]" ++.RB "[ " replay-oseq-hi ++.IR SEQ " ]" + .RB "[ " flag + .IR FLAG-LIST " ]" + .RB "[ " sel +@@ -140,7 +144,8 @@ ip-xfrm \- transform configuration + + .ti -8 + .IR FLAG " :=" +-.BR noecn " | " decap-dscp " | " nopmtudisc " | " wildrecv " | " icmp " | " af-unspec " | " align4 ++.BR noecn " | " decap-dscp " | " nopmtudisc " | " wildrecv " | " icmp " | " ++.BR af-unspec " | " align4 " | " esn + + .ti -8 + .IR SELECTOR " :=" +@@ -498,7 +503,7 @@ and inbound trigger + .I FLAG-LIST + contains one or more of the following optional flags: + .BR noecn ", " decap-dscp ", " nopmtudisc ", " wildrecv ", " icmp ", " +-.BR af-unspec ", or " align4 "." ++.BR af-unspec ", " align4 ", or " esn "." + + .TP + .IR SELECTOR +-- +1.8.3.1 + diff --git a/SOURCES/0147-ss-Fix-wrong-filter-behaviour.patch b/SOURCES/0147-ss-Fix-wrong-filter-behaviour.patch deleted file mode 100644 index 2a9b7b0..0000000 --- a/SOURCES/0147-ss-Fix-wrong-filter-behaviour.patch +++ /dev/null @@ -1,210 +0,0 @@ -From d57e50c6402fb84b9fb21617a9e4e69551af50f2 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Mon, 30 May 2016 16:46:58 +0200 -Subject: [PATCH] ss: Fix wrong filter behaviour - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1318005 -Upstream Status: iproute2.git commit 57ff5a1096cab - -commit 57ff5a1096cab63107d7e85bcd0d822614e33d73 -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Thu Apr 30 07:30:24 2015 +0300 - - ss: Fix wrong filter behaviour - - Fixed applying family & socket type filters. - It was not possible to select UDP & UNIX sockets together. - - Now selected families are ORed. - - The problem was that filters were combined by AND. - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> - Reported-By: Mihai Moldovan <ionic@ionic.de> ---- - misc/ss.c | 91 ++++++++++++++++++++++++++++++++++----------------------------- - 1 file changed, 49 insertions(+), 42 deletions(-) - -diff --git a/misc/ss.c b/misc/ss.c -index 7750887..95f3c31 100644 ---- a/misc/ss.c -+++ b/misc/ss.c -@@ -233,14 +233,12 @@ static struct filter current_filter; - static void filter_db_set(struct filter *f, int db) - { - f->states |= default_dbs[db].states; -- f->families |= default_dbs[db].families; - f->dbs |= 1 << db; - do_default = 0; - } - - static void filter_af_set(struct filter *f, int af) - { -- f->dbs |= default_afs[af].dbs; - f->states |= default_afs[af].states; - f->families |= 1 << af; - do_default = 0; -@@ -266,21 +264,31 @@ static void filter_default_dbs(struct filter *f) - filter_db_set(f, NETLINK_DB); - } - --static void filter_merge(struct filter *af, struct filter *dbf, int states) -+static void filter_states_set(struct filter *f, int states) - { -- if (af->families) -- af->families = (af->families | dbf->families) & af->families; -- else -- af->families = dbf->families; -+ if (states) -+ f->states = (f->states | states) & states; -+} - -- if (dbf->dbs) -- af->dbs = (af->dbs | dbf->dbs) & dbf->dbs; -+static void filter_merge_defaults(struct filter *f) -+{ -+ int db; -+ int af; - -- if (dbf->states) -- af->states = (af->states | dbf->states) & dbf->states; -+ for (db = 0; db < MAX_DB; db++) { -+ if (!(f->dbs & (1 << db))) -+ continue; - -- if (states) -- af->states = (af->states | states) & states; -+ if (!(default_dbs[db].families & f->families)) -+ f->families |= default_dbs[db].families; -+ } -+ for (af = 0; af < AF_MAX; af++) { -+ if (!(f->families & (1 << af))) -+ continue; -+ -+ if (!(default_afs[af].dbs & f->dbs)) -+ f->dbs |= default_afs[af].dbs; -+ } - } - - static FILE *generic_proc_open(const char *env, const char *name) -@@ -1540,7 +1548,7 @@ out: - if (fam != AF_UNSPEC) { - f->families = 0; - filter_af_set(f, fam); -- filter_merge(f, f, 0); -+ filter_states_set(f, 0); - } - - res = malloc(sizeof(*res)); -@@ -3440,7 +3448,6 @@ int main(int argc, char *argv[]) - const char *dump_tcpdiag = NULL; - FILE *filter_fp = NULL; - int ch; -- struct filter dbs_filter = {}; - int state_filter = 0; - - while ((ch = getopt_long(argc, argv, "dhaletuwxnro460spbf:miA:D:F:vVzZN:", -@@ -3474,16 +3481,16 @@ int main(int argc, char *argv[]) - show_bpf++; - break; - case 'd': -- filter_db_set(&dbs_filter, DCCP_DB); -+ filter_db_set(¤t_filter, DCCP_DB); - break; - case 't': -- filter_db_set(&dbs_filter, TCP_DB); -+ filter_db_set(¤t_filter, TCP_DB); - break; - case 'u': -- filter_db_set(&dbs_filter, UDP_DB); -+ filter_db_set(¤t_filter, UDP_DB); - break; - case 'w': -- filter_db_set(&dbs_filter, RAW_DB); -+ filter_db_set(¤t_filter, RAW_DB); - break; - case 'x': - filter_af_set(¤t_filter, AF_UNIX); -@@ -3537,44 +3544,44 @@ int main(int argc, char *argv[]) - if ((p1 = strchr(p, ',')) != NULL) - *p1 = 0; - if (strcmp(p, "all") == 0) { -- filter_default_dbs(&dbs_filter); -+ filter_default_dbs(¤t_filter); - } else if (strcmp(p, "inet") == 0) { -- filter_db_set(&dbs_filter, UDP_DB); -- filter_db_set(&dbs_filter, DCCP_DB); -- filter_db_set(&dbs_filter, TCP_DB); -- filter_db_set(&dbs_filter, RAW_DB); -+ filter_db_set(¤t_filter, UDP_DB); -+ filter_db_set(¤t_filter, DCCP_DB); -+ filter_db_set(¤t_filter, TCP_DB); -+ filter_db_set(¤t_filter, RAW_DB); - } else if (strcmp(p, "udp") == 0) { -- filter_db_set(&dbs_filter, UDP_DB); -+ filter_db_set(¤t_filter, UDP_DB); - } else if (strcmp(p, "dccp") == 0) { -- filter_db_set(&dbs_filter, DCCP_DB); -+ filter_db_set(¤t_filter, DCCP_DB); - } else if (strcmp(p, "tcp") == 0) { -- filter_db_set(&dbs_filter, TCP_DB); -+ filter_db_set(¤t_filter, TCP_DB); - } else if (strcmp(p, "raw") == 0) { -- filter_db_set(&dbs_filter, RAW_DB); -+ filter_db_set(¤t_filter, RAW_DB); - } else if (strcmp(p, "unix") == 0) { -- filter_db_set(&dbs_filter, UNIX_ST_DB); -- filter_db_set(&dbs_filter, UNIX_DG_DB); -- filter_db_set(&dbs_filter, UNIX_SQ_DB); -+ filter_db_set(¤t_filter, UNIX_ST_DB); -+ filter_db_set(¤t_filter, UNIX_DG_DB); -+ filter_db_set(¤t_filter, UNIX_SQ_DB); - } else if (strcasecmp(p, "unix_stream") == 0 || - strcmp(p, "u_str") == 0) { -- filter_db_set(&dbs_filter, UNIX_ST_DB); -+ filter_db_set(¤t_filter, UNIX_ST_DB); - } else if (strcasecmp(p, "unix_dgram") == 0 || - strcmp(p, "u_dgr") == 0) { -- filter_db_set(&dbs_filter, UNIX_DG_DB); -+ filter_db_set(¤t_filter, UNIX_DG_DB); - } else if (strcasecmp(p, "unix_seqpacket") == 0 || - strcmp(p, "u_seq") == 0) { -- filter_db_set(&dbs_filter, UNIX_SQ_DB); -+ filter_db_set(¤t_filter, UNIX_SQ_DB); - } else if (strcmp(p, "packet") == 0) { -- filter_db_set(&dbs_filter, PACKET_R_DB); -- filter_db_set(&dbs_filter, PACKET_DG_DB); -+ filter_db_set(¤t_filter, PACKET_R_DB); -+ filter_db_set(¤t_filter, PACKET_DG_DB); - } else if (strcmp(p, "packet_raw") == 0 || - strcmp(p, "p_raw") == 0) { -- filter_db_set(&dbs_filter, PACKET_R_DB); -+ filter_db_set(¤t_filter, PACKET_R_DB); - } else if (strcmp(p, "packet_dgram") == 0 || - strcmp(p, "p_dgr") == 0) { -- filter_db_set(&dbs_filter, PACKET_DG_DB); -+ filter_db_set(¤t_filter, PACKET_DG_DB); - } else if (strcmp(p, "netlink") == 0) { -- filter_db_set(&dbs_filter, NETLINK_DB); -+ filter_db_set(¤t_filter, NETLINK_DB); - } else { - fprintf(stderr, "ss: \"%s\" is illegal socket table id\n", p); - usage(); -@@ -3667,11 +3674,11 @@ int main(int argc, char *argv[]) - if (do_default) { - state_filter = state_filter ? state_filter : SS_CONN; - filter_default_dbs(¤t_filter); -- filter_merge(¤t_filter, ¤t_filter, state_filter); -- } else { -- filter_merge(¤t_filter, &dbs_filter, state_filter); - } - -+ filter_states_set(¤t_filter, state_filter); -+ filter_merge_defaults(¤t_filter); -+ - if (resolve_services && resolve_hosts && - (current_filter.dbs&(UNIX_DBM|(1<<TCP_DB)|(1<<UDP_DB)|(1<<DCCP_DB)))) - init_service_resolver(); --- -1.8.3.1 - diff --git a/SOURCES/0148-ss-Drop-silly-assignment.patch b/SOURCES/0148-ss-Drop-silly-assignment.patch deleted file mode 100644 index 7b5d53d..0000000 --- a/SOURCES/0148-ss-Drop-silly-assignment.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 26763f0545c14630b1af31fbd9550a38356dad31 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Mon, 30 May 2016 16:46:58 +0200 -Subject: [PATCH] ss: Drop silly assignment - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1318005 -Upstream Status: iproute2.git commit 9d320e1e92863 - -commit 9d320e1e928630d8b2b83d5e4ef4e10a117352bc -Author: Phil Sutter <phil@nwl.cc> -Date: Wed Apr 13 22:07:04 2016 +0200 - - ss: Drop silly assignment - - An expression of the form '(a | b) & b' will evaluate to the value of b - for any value of a or b. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - misc/ss.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/misc/ss.c b/misc/ss.c -index 95f3c31..ce7fa82 100644 ---- a/misc/ss.c -+++ b/misc/ss.c -@@ -267,7 +267,7 @@ static void filter_default_dbs(struct filter *f) - static void filter_states_set(struct filter *f, int states) - { - if (states) -- f->states = (f->states | states) & states; -+ f->states = states; - } - - static void filter_merge_defaults(struct filter *f) --- -1.8.3.1 - diff --git a/SOURCES/0148-tc-m_xt-Prevent-segfault-with-standard-targets.patch b/SOURCES/0148-tc-m_xt-Prevent-segfault-with-standard-targets.patch new file mode 100644 index 0000000..7a98caa --- /dev/null +++ b/SOURCES/0148-tc-m_xt-Prevent-segfault-with-standard-targets.patch @@ -0,0 +1,49 @@ +From cadd480c74b11f0510aa56d9ee9f58c7fd7c094d Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:21:45 +0200 +Subject: [PATCH] tc: m_xt: Prevent segfault with standard targets + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit 445745221a21e + +commit 445745221a21ecb4111c19cfa7f4c2cf4796337f +Author: Phil Sutter <phil@nwl.cc> +Date: Fri Jun 10 13:42:00 2016 +0200 + + tc: m_xt: Prevent segfault with standard targets + + Iptables standard targets like DROP or REJECT don't implement the print + callback in libxtables. Hence the following command would segfault: + + | tc filter add dev d0 parent ffff: u32 match u32 0 0 action xt -j DROP + + With this patch standard targets still can't be used (and are not really + useful anyway), but at least it doesn't crash anymore. + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index 537daf8..aa83061 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -248,8 +248,12 @@ static int parse_ipt(struct action_util *a,int *argc_p, + fprintf(stdout, "tablename: %s hook: %s\n ", tname, ipthooks[hook]); + fprintf(stdout, "\ttarget: "); + +- if (m) +- m->print(NULL, m->t, 0); ++ if (m) { ++ if (m->print) ++ m->print(NULL, m->t, 0); ++ else ++ printf("%s ", m->name); ++ } + fprintf(stdout, " index %d\n", index); + + if (strlen(tname) > 16) { +-- +1.8.3.1 + diff --git a/SOURCES/0149-ss-Fix-accidental-state-filter-override.patch b/SOURCES/0149-ss-Fix-accidental-state-filter-override.patch deleted file mode 100644 index ecac69a..0000000 --- a/SOURCES/0149-ss-Fix-accidental-state-filter-override.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 603d0ffb9ec9200de2395200dbc50ba762de6038 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Mon, 30 May 2016 16:46:58 +0200 -Subject: [PATCH] ss: Fix accidental state filter override - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1318005 -Upstream Status: iproute2.git commit e56a959e550f4 - -commit e56a959e550f424023ebf3ebb8437f214944a245 -Author: Phil Sutter <phil@nwl.cc> -Date: Wed Apr 13 22:07:05 2016 +0200 - - ss: Fix accidental state filter override - - Passing a filter expression and selecting an address family using the - '-f' flag would overwrite the state filter by accident. Therefore - calling e.g. 'ss -nl -f inet '(sport = :22)' would not only print - listening sockets (as requested by '-l' flag) but connected ones, as - well. - - Fix this by reusing the formerly ineffective call to filter_states_set() - to restore the state filter as it was before the call to - filter_af_set(). - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - misc/ss.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/misc/ss.c b/misc/ss.c -index ce7fa82..c385d47 100644 ---- a/misc/ss.c -+++ b/misc/ss.c -@@ -1546,9 +1546,10 @@ void *parse_hostcond(char *addr, bool is_port) - - out: - if (fam != AF_UNSPEC) { -+ int states = f->states; - f->families = 0; - filter_af_set(f, fam); -- filter_states_set(f, 0); -+ filter_states_set(f, states); - } - - res = malloc(sizeof(*res)); --- -1.8.3.1 - diff --git a/SOURCES/0149-tc-m_xt-Fix-segfault-when-adding-multiple-actions-at.patch b/SOURCES/0149-tc-m_xt-Fix-segfault-when-adding-multiple-actions-at.patch new file mode 100644 index 0000000..fee360e --- /dev/null +++ b/SOURCES/0149-tc-m_xt-Fix-segfault-when-adding-multiple-actions-at.patch @@ -0,0 +1,81 @@ +From cee4a40e7febe8f1b5b38b31f42f1b64f536ddb4 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:21:45 +0200 +Subject: [PATCH] tc: m_xt: Fix segfault when adding multiple actions at once + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit 8eee75a8358c5 + +commit 8eee75a8358c542d881d2a84e2c47cc0a9fa92ef +Author: Phil Sutter <phil@nwl.cc> +Date: Fri Jun 10 13:42:01 2016 +0200 + + tc: m_xt: Fix segfault when adding multiple actions at once + + Without this, the following call to tc would segfault: + + | tc filter add dev d0 parent ffff: u32 match u32 0 0 \ + | action xt -j MARK --set-mark 0x1 \ + | action xt -j MARK --set-mark 0x1 + + The reason is basically the same as for 6e2e5ec28bad4 ("fix print_ipt: + segfault if more then one filter with action -j MARK.") but in + parse_ipt() instead of print_ipt(). + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index aa83061..f0efd28 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -133,7 +133,9 @@ static int parse_ipt(struct action_util *a,int *argc_p, + __u32 hook = 0, index = 0; + struct option *opts = NULL; + +- xtables_init_all(&tcipt_globals, NFPROTO_IPV4); ++ /* copy tcipt_globals because .opts will be modified by iptables */ ++ struct xtables_globals tmp_tcipt_globals = tcipt_globals; ++ xtables_init_all(&tmp_tcipt_globals, NFPROTO_IPV4); + set_lib_dir(); + + { +@@ -152,7 +154,7 @@ static int parse_ipt(struct action_util *a,int *argc_p, + } + + while (1) { +- c = getopt_long(argc, argv, "j:", tcipt_globals.opts, NULL); ++ c = getopt_long(argc, argv, "j:", tmp_tcipt_globals.opts, NULL); + if (c == -1) + break; + switch (c) { +@@ -165,12 +167,12 @@ static int parse_ipt(struct action_util *a,int *argc_p, + return -1; + } + #if (XTABLES_VERSION_CODE >= 6) +- opts = xtables_options_xfrm(tcipt_globals.orig_opts, +- tcipt_globals.opts, ++ opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts, ++ tmp_tcipt_globals.opts, + m->x6_options, + &m->option_offset); + #else +- opts = xtables_merge_options(tcipt_globals.opts, ++ opts = xtables_merge_options(tmp_tcipt_globals.opts, + m->extra_opts, + &m->option_offset); + #endif +@@ -178,7 +180,7 @@ static int parse_ipt(struct action_util *a,int *argc_p, + fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); + return -1; + } else +- tcipt_globals.opts = opts; ++ tmp_tcipt_globals.opts = opts; + } else { + fprintf(stderr," failed to find target %s\n\n", optarg); + return -1; +-- +1.8.3.1 + diff --git a/SOURCES/0150-ip-enable-configuring-multicast-group-autojoin.patch b/SOURCES/0150-ip-enable-configuring-multicast-group-autojoin.patch deleted file mode 100644 index f03b863..0000000 --- a/SOURCES/0150-ip-enable-configuring-multicast-group-autojoin.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 24aff639b62b443b15281c5fc44e28483c22236b Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Mon, 30 May 2016 18:37:49 +0200 -Subject: [PATCH] ip: enable configuring multicast group autojoin - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1333513 -Upstream Status: iproute2.git commit e31867ac30cf9 -Conflicts: Minor context conflict due to previously applied commit - c079e121a73af ("libnetlink: add size argument to rtnl_talk"). - -commit e31867ac30cf95155d113bbfaedf6b99f98a677f -Author: Madhu Challa <challa@noironetworks.com> -Date: Wed Mar 4 10:30:10 2015 -0800 - - ip: enable configuring multicast group autojoin - - Joining multicast group on ethernet level via "ip maddr" command would - not work if we have an Ethernet switch that does igmp snooping since - the switch would not replicate multicast packets on ports that did not - have IGMP reports for the multicast addresses. - - Linux vxlan interfaces created via "ip link add vxlan" have the group option - that enables then to do the required join. - - By extending ip address command with option "autojoin" we can get similar - functionality for openvswitch vxlan interfaces as well as other tunneling - mechanisms that need to receive multicast traffic. - - example: - ip address add 224.1.1.10/24 dev eth5 autojoin - ip address del 224.1.1.10/24 dev eth5 ---- - ip/ipaddress.c | 26 +++++++++++++++++++++++++- - 1 file changed, 25 insertions(+), 1 deletion(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 8681bf9..ffcc076 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -83,7 +83,7 @@ static void usage(void) - fprintf(stderr, " [-]tentative | [-]deprecated | [-]dadfailed | temporary |\n"); - fprintf(stderr, " CONFFLAG-LIST ]\n"); - fprintf(stderr, "CONFFLAG-LIST := [ CONFFLAG-LIST ] CONFFLAG\n"); -- fprintf(stderr, "CONFFLAG := [ home | nodad | mngtmpaddr | noprefixroute ]\n"); -+ fprintf(stderr, "CONFFLAG := [ home | nodad | mngtmpaddr | noprefixroute | autojoin ]\n"); - fprintf(stderr, "LIFETIME := [ valid_lft LFT ] [ preferred_lft LFT ]\n"); - fprintf(stderr, "LFT := forever | SECONDS\n"); - -@@ -868,6 +868,10 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, - ifa_flags &= ~IFA_F_NOPREFIXROUTE; - fprintf(fp, "noprefixroute "); - } -+ if (ifa_flags & IFA_F_MCAUTOJOIN) { -+ ifa_flags &= ~IFA_F_MCAUTOJOIN; -+ fprintf(fp, "autojoin "); -+ } - if (!(ifa_flags & IFA_F_PERMANENT)) { - fprintf(fp, "dynamic "); - } else -@@ -1272,6 +1276,9 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) - } else if (strcmp(*argv, "noprefixroute") == 0) { - filter.flags |= IFA_F_NOPREFIXROUTE; - filter.flagmask |= IFA_F_NOPREFIXROUTE; -+ } else if (strcmp(*argv, "autojoin") == 0) { -+ filter.flags |= IFA_F_MCAUTOJOIN; -+ filter.flagmask |= IFA_F_MCAUTOJOIN; - } else if (strcmp(*argv, "dadfailed") == 0) { - filter.flags |= IFA_F_DADFAILED; - filter.flagmask |= IFA_F_DADFAILED; -@@ -1408,6 +1415,16 @@ static int default_scope(inet_prefix *lcl) - return 0; - } - -+static bool ipaddr_is_multicast(inet_prefix *a) -+{ -+ if (a->family == AF_INET) -+ return IN_MULTICAST(ntohl(a->data[0])); -+ else if (a->family == AF_INET6) -+ return IN6_IS_ADDR_MULTICAST(a->data); -+ else -+ return false; -+} -+ - static int ipaddr_modify(int cmd, int flags, int argc, char **argv) - { - struct { -@@ -1515,6 +1532,8 @@ static int ipaddr_modify(int cmd, int flags, int argc, char **argv) - ifa_flags |= IFA_F_MANAGETEMPADDR; - } else if (strcmp(*argv, "noprefixroute") == 0) { - ifa_flags |= IFA_F_NOPREFIXROUTE; -+ } else if (strcmp(*argv, "autojoin") == 0) { -+ ifa_flags |= IFA_F_MCAUTOJOIN; - } else { - if (strcmp(*argv, "local") == 0) { - NEXT_ARG(); -@@ -1605,6 +1624,11 @@ static int ipaddr_modify(int cmd, int flags, int argc, char **argv) - sizeof(cinfo)); - } - -+ if ((ifa_flags & IFA_F_MCAUTOJOIN) && !ipaddr_is_multicast(&lcl)) { -+ fprintf(stderr, "autojoin needs multicast address\n"); -+ return -1; -+ } -+ - if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) - return -2; - --- -1.8.3.1 - diff --git a/SOURCES/0150-tc-m_xt-Fix-indenting.patch b/SOURCES/0150-tc-m_xt-Fix-indenting.patch new file mode 100644 index 0000000..7077e3f --- /dev/null +++ b/SOURCES/0150-tc-m_xt-Fix-indenting.patch @@ -0,0 +1,123 @@ +From 23def97f419f0cc00baf8d427b83f3cf45d3f6be Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:21:45 +0200 +Subject: [PATCH] tc: m_xt: Fix indenting + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit f1a7c7d8301e9 +Conflicts: Changes in context and replaced code due to missing upstream + commit 32a121cba2579 ("tc: code cleanup"). + +commit f1a7c7d8301e9dcead8f8c0d28e7f1587c0cd3cc +Author: Phil Sutter <phil@nwl.cc> +Date: Fri Jun 10 13:42:02 2016 +0200 + + tc: m_xt: Fix indenting + + By exiting early if xtables_find_target() fails, one indenting level can + be dropped. Some of the wrongly indented code then happens to sit at the + right spot by accident which is why this patch is smaller than expected. + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 54 ++++++++++++++++++++++++++---------------------------- + 1 file changed, 26 insertions(+), 28 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index f0efd28..02ac4dd 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -160,12 +160,15 @@ static int parse_ipt(struct action_util *a,int *argc_p, + switch (c) { + case 'j': + m = xtables_find_target(optarg, XTF_TRY_LOAD); +- if (NULL != m) { ++ if (!m) { ++ fprintf(stderr, " failed to find target %s\n\n", optarg); ++ return -1; ++ } + +- if (0 > build_st(m, NULL)) { +- printf(" %s error \n", m->name); +- return -1; +- } ++ if (build_st(m, NULL) < 0) { ++ printf(" %s error\n", m->name); ++ return -1; ++ } + #if (XTABLES_VERSION_CODE >= 6) + opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts, + tmp_tcipt_globals.opts, +@@ -181,22 +184,18 @@ static int parse_ipt(struct action_util *a,int *argc_p, + return -1; + } else + tmp_tcipt_globals.opts = opts; +- } else { +- fprintf(stderr," failed to find target %s\n\n", optarg); +- return -1; +- } + ok++; + break; + + default: + memset(&fw, 0, sizeof (fw)); + #if (XTABLES_VERSION_CODE >= 6) +- if (m != NULL && m->x6_parse != NULL ) { +- xtables_option_tpcall(c, argv, 0 , m, NULL); ++ if (m != NULL && m->x6_parse != NULL) { ++ xtables_option_tpcall(c, argv, 0, m, NULL); + #else +- if (m != NULL && m->parse != NULL ) { +- m->parse(c - m->option_offset, argv, 0, &m->tflags, +- NULL, &m->t); ++ if (m != NULL && m->parse != NULL) { ++ m->parse(c - m->option_offset, argv, 0, ++ &m->tflags, NULL, &m->t); + #endif + } else { + fprintf(stderr,"failed to find target %s\n\n", optarg); +@@ -335,11 +334,15 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) + struct xtables_target *m = NULL; + t = RTA_DATA(tb[TCA_IPT_TARG]); + m = xtables_find_target(t->u.user.name, XTF_TRY_LOAD); +- if (NULL != m) { +- if (0 > build_st(m, t)) { +- fprintf(stderr, " %s error \n", m->name); +- return -1; +- } ++ if (!m) { ++ fprintf(stderr, " failed to find target %s\n\n", ++ t->u.user.name); ++ return -1; ++ } ++ if (build_st(m, t) < 0) { ++ fprintf(stderr, " %s error\n", m->name); ++ return -1; ++ } + + #if (XTABLES_VERSION_CODE >= 6) + opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts, +@@ -351,16 +354,11 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) + m->extra_opts, + &m->option_offset); + #endif +- if (opts == NULL) { +- fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); +- return -1; +- } else +- tmp_tcipt_globals.opts = opts; +- } else { +- fprintf(stderr, " failed to find target %s\n\n", +- t->u.user.name); ++ if (opts == NULL) { ++ fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); + return -1; +- } ++ } else ++ tmp_tcipt_globals.opts = opts; + fprintf(f, "\ttarget "); + m->print(NULL, m->t, 0); + if (tb[TCA_IPT_INDEX] == NULL) { +-- +1.8.3.1 + diff --git a/SOURCES/0151-man-ip-ip-link-Fix-ip-option-location.patch b/SOURCES/0151-man-ip-ip-link-Fix-ip-option-location.patch deleted file mode 100644 index be6349a..0000000 --- a/SOURCES/0151-man-ip-ip-link-Fix-ip-option-location.patch +++ /dev/null @@ -1,76 +0,0 @@ -From be5c5dc145c7e7f4e8e8e3731c9cb9cc43cbb52c Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 1 Jun 2016 00:49:32 +0200 -Subject: [PATCH] man: ip, ip-link: Fix ip option location - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1251186 -Upstream Status: iproute2.git commit 134080cff35e3 -Conflicts: Context changes in ip-link.8.in due to missing other - features. - -commit 134080cff35e379cac81d47ec669d265c56d528d -Author: Phil Sutter <phil@nwl.cc> -Date: Mon May 30 20:46:27 2016 +0200 - - man: ip, ip-link: Fix ip option location - - This patch drops the redundant description of some of ip's options in - ip-link.8's description of the 'show' subcommand, preserving the - description of -iec (but appending it to the list in ip.8 with minor - fixes). - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-link.8.in | 20 -------------------- - man/man8/ip.8 | 4 ++++ - 2 files changed, 4 insertions(+), 20 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index e8dccbd..744a8af 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -915,26 +915,6 @@ specifies what group of devices to show. - .B up - only display running interfaces. - --.TP --The show command has additional formatting options: -- --.RS --.TP --.BR "\-s" , " \-stats", " \-statistics" --output more statistics about packet usage. -- --.TP --.BR "\-d", " \-details" --output more detailed information. -- --.TP --.BR "\-h", " \-human", " \-human-readable" --output statistics with human readable values number followed by suffix -- --.TP --.BR "\-iec" --print human readable rates in IEC units (ie. 1K = 1024). --.RE - - .SS ip link help - display help - -diff --git a/man/man8/ip.8 b/man/man8/ip.8 -index a95264d..b1c0bc0 100644 ---- a/man/man8/ip.8 -+++ b/man/man8/ip.8 -@@ -191,6 +191,10 @@ but use shorter format. - .BR "\-rc" , " \-rcvbuf" <SIZE> - Set the netlink socket receive buffer size, defaults to 1MB. - -+.TP -+.BR "\-iec" -+print human readable rates in IEC units (e.g. 1Ki = 1024). -+ - .SH IP - COMMAND SYNTAX - - .SS --- -1.8.3.1 - diff --git a/SOURCES/0151-tc-m_xt-Get-rid-of-one-indentation-level-in-parse_ip.patch b/SOURCES/0151-tc-m_xt-Get-rid-of-one-indentation-level-in-parse_ip.patch new file mode 100644 index 0000000..3f7dcc9 --- /dev/null +++ b/SOURCES/0151-tc-m_xt-Get-rid-of-one-indentation-level-in-parse_ip.patch @@ -0,0 +1,142 @@ +From afbf7fa2b6640a6d0675846459753f6e62db9704 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:22:21 +0200 +Subject: [PATCH] tc: m_xt: Get rid of one indentation level in parse_ipt() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit b45f9141c2602 +Conflicts: Changes in context and replaced code due to missing upstream + commit 32a121cba2579 ("tc: code cleanup"). + +commit b45f9141c2602de790a9fc3f0f423ed72419da24 +Author: Phil Sutter <phil@nwl.cc> +Date: Fri Jun 10 13:42:03 2016 +0200 + + tc: m_xt: Get rid of one indentation level in parse_ipt() + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 93 ++++++++++++++++++++++++++++++++------------------------------- + 1 file changed, 48 insertions(+), 45 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index 02ac4dd..bb1f929 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -296,6 +296,7 @@ static int parse_ipt(struct action_util *a,int *argc_p, + static int + print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) + { ++ struct xtables_target *m; + struct rtattr *tb[TCA_IPT_MAX + 1]; + struct xt_entry_target *t = NULL; + struct option *opts = NULL; +@@ -330,58 +331,60 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) + if (tb[TCA_IPT_TARG] == NULL) { + fprintf(f, "\t[NULL ipt target parameters ] \n"); + return -1; +- } else { +- struct xtables_target *m = NULL; +- t = RTA_DATA(tb[TCA_IPT_TARG]); +- m = xtables_find_target(t->u.user.name, XTF_TRY_LOAD); +- if (!m) { +- fprintf(stderr, " failed to find target %s\n\n", +- t->u.user.name); +- return -1; +- } +- if (build_st(m, t) < 0) { +- fprintf(stderr, " %s error\n", m->name); +- return -1; +- } ++ } ++ ++ t = RTA_DATA(tb[TCA_IPT_TARG]); ++ m = xtables_find_target(t->u.user.name, XTF_TRY_LOAD); ++ if (!m) { ++ fprintf(stderr, " failed to find target %s\n\n", ++ t->u.user.name); ++ return -1; ++ } ++ if (build_st(m, t) < 0) { ++ fprintf(stderr, " %s error\n", m->name); ++ return -1; ++ } + + #if (XTABLES_VERSION_CODE >= 6) +- opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts, +- tmp_tcipt_globals.opts, +- m->x6_options, +- &m->option_offset); ++ opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts, ++ tmp_tcipt_globals.opts, ++ m->x6_options, ++ &m->option_offset); + #else +- opts = xtables_merge_options(tmp_tcipt_globals.opts, +- m->extra_opts, +- &m->option_offset); ++ opts = xtables_merge_options(tmp_tcipt_globals.opts, ++ m->extra_opts, ++ &m->option_offset); + #endif +- if (opts == NULL) { +- fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); +- return -1; +- } else +- tmp_tcipt_globals.opts = opts; +- fprintf(f, "\ttarget "); +- m->print(NULL, m->t, 0); +- if (tb[TCA_IPT_INDEX] == NULL) { +- fprintf(f, " [NULL ipt target index ]\n"); +- } else { +- __u32 index; +- index = rta_getattr_u32(tb[TCA_IPT_INDEX]); +- fprintf(f, " \n\tindex %d", index); +- } ++ if (opts == NULL) { ++ fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); ++ return -1; ++ } else ++ tmp_tcipt_globals.opts = opts; ++ fprintf(f, "\ttarget "); ++ m->print(NULL, m->t, 0); ++ if (tb[TCA_IPT_INDEX] == NULL) { ++ fprintf(f, " [NULL ipt target index ]\n"); ++ } else { ++ __u32 index; + +- if (tb[TCA_IPT_CNT]) { +- struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);; +- fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt); +- } +- if (show_stats) { +- if (tb[TCA_IPT_TM]) { +- struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]); +- print_tm(f,tm); +- } +- } +- fprintf(f, " \n"); ++ index = rta_getattr_u32(tb[TCA_IPT_INDEX]); ++ fprintf(f, "\n\tindex %d", index); ++ } + ++ if (tb[TCA_IPT_CNT]) { ++ struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]); ++ ++ fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt); + } ++ if (show_stats) { ++ if (tb[TCA_IPT_TM]) { ++ struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]); ++ ++ print_tm(f, tm); ++ } ++ } ++ fprintf(f, "\n"); ++ + xtables_free_opts(1); + + return 0; +-- +1.8.3.1 + diff --git a/SOURCES/0152-ip-link-Allow-to-filter-devices-by-master-dev.patch b/SOURCES/0152-ip-link-Allow-to-filter-devices-by-master-dev.patch deleted file mode 100644 index d89f1d6..0000000 --- a/SOURCES/0152-ip-link-Allow-to-filter-devices-by-master-dev.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 07d29a9b4fff9486c4d4077c714086c895951e02 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 16 Jun 2016 16:40:15 +0200 -Subject: [PATCH] ip link: Allow to filter devices by master dev - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1341343 -Upstream Status: iproute2.git commit 1b94414854d71 -Conflicts: Changes in ip-link.8.in due to previously applied patches - 134080cff35e3 ("man: ip, ip-link: Fix ip option location") - and ca611d6408c9b ("man: ip-link.8: Fix and improve - synopsis"). - -commit 1b94414854d71a6b6df367644ae9b06a54278daf -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Sat Nov 29 11:27:41 2014 -0800 - - ip link: Allow to filter devices by master dev - - Added 'master' option to 'ip link show' command - to filter devices by master dev. - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> ---- - ip/ipaddress.c | 16 ++++++++++++++++ - ip/iplink.c | 2 +- - man/man8/ip-link.8.in | 8 +++++++- - 3 files changed, 24 insertions(+), 2 deletions(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index ffcc076..3d9e47f 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -57,6 +57,7 @@ static struct - int flushp; - int flushe; - int group; -+ int master; - } filter; - - static int do_link; -@@ -560,6 +561,14 @@ int print_linkinfo(const struct sockaddr_nl *who, - return -1; - } - -+ if (tb[IFLA_MASTER]) { -+ int master = *(int*)RTA_DATA(tb[IFLA_MASTER]); -+ if (filter.master > 0 && master != filter.master) -+ return -1; -+ } -+ else if (filter.master > 0) -+ return -1; -+ - if (n->nlmsg_type == RTM_DELLINK) - fprintf(fp, "Deleted "); - -@@ -1292,6 +1301,13 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) - NEXT_ARG(); - if (rtnl_group_a2n(&filter.group, *argv)) - invarg("Invalid \"group\" value\n", *argv); -+ } else if (strcmp(*argv, "master") == 0) { -+ int ifindex; -+ NEXT_ARG(); -+ ifindex = ll_name_to_index(*argv); -+ if (!ifindex) -+ invarg("Device does not exist\n", *argv); -+ filter.master = ifindex; - } else { - if (strcmp(*argv, "dev") == 0) { - NEXT_ARG(); -diff --git a/ip/iplink.c b/ip/iplink.c -index 787d743..1d93229 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -84,7 +84,7 @@ void iplink_usage(void) - fprintf(stderr, " [ master DEVICE ]\n"); - fprintf(stderr, " [ nomaster ]\n"); - fprintf(stderr, " [ addrgenmode { eui64 | none } ]\n"); -- fprintf(stderr, " ip link show [ DEVICE | group GROUP ] [up]\n"); -+ fprintf(stderr, " ip link show [ DEVICE | group GROUP ] [up] [master DEV]\n"); - - if (iplink_have_newlink()) { - fprintf(stderr, " ip link help [ TYPE ]\n"); -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 744a8af..09ea2f7 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -141,7 +141,9 @@ ip-link \- network device configuration - .RI "[ " DEVICE " | " - .B group - .IR GROUP " ] [" --.BR up " ]" -+.BR up " ] [" -+.B master -+.IR DEVICE " ]" - - .ti -8 - .B ip link help -@@ -915,6 +917,10 @@ specifies what group of devices to show. - .B up - only display running interfaces. - -+.TP -+.BI master " DEVICE " -+.I DEVICE -+specifies the master device which enslaves devices to show. - - .SS ip link help - display help - --- -1.8.3.1 - diff --git a/SOURCES/0152-tc-m_xt-Drop-unused-variable-fw-in-parse_ipt.patch b/SOURCES/0152-tc-m_xt-Drop-unused-variable-fw-in-parse_ipt.patch new file mode 100644 index 0000000..b365736 --- /dev/null +++ b/SOURCES/0152-tc-m_xt-Drop-unused-variable-fw-in-parse_ipt.patch @@ -0,0 +1,44 @@ +From 44384a7557d92a53032d8f65adcbed79a5f990e6 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:22:40 +0200 +Subject: [PATCH] tc: m_xt: Drop unused variable fw in parse_ipt() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit b0ba0185763ad +Conflicts: Changes in context and replaced code due to missing upstream + commit 32a121cba2579 ("tc: code cleanup"). + +commit b0ba0185763ad2bae3335423221919ed47951885 +Author: Phil Sutter <phil@nwl.cc> +Date: Fri Jun 10 13:42:04 2016 +0200 + + tc: m_xt: Drop unused variable fw in parse_ipt() + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index bb1f929..4e660c4 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -120,7 +120,6 @@ static int parse_ipt(struct action_util *a,int *argc_p, + char ***argv_p, int tca_id, struct nlmsghdr *n) + { + struct xtables_target *m = NULL; +- struct ipt_entry fw; + struct rtattr *tail; + + int c; +@@ -188,7 +187,6 @@ static int parse_ipt(struct action_util *a,int *argc_p, + break; + + default: +- memset(&fw, 0, sizeof (fw)); + #if (XTABLES_VERSION_CODE >= 6) + if (m != NULL && m->x6_parse != NULL) { + xtables_option_tpcall(c, argv, 0, m, NULL); +-- +1.8.3.1 + diff --git a/SOURCES/0153-ip-link-Show-devices-by-type.patch b/SOURCES/0153-ip-link-Show-devices-by-type.patch deleted file mode 100644 index 14962bf..0000000 --- a/SOURCES/0153-ip-link-Show-devices-by-type.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 1483dbd11fe093100866a1bad822941e12d10c6a Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 16 Jun 2016 16:41:37 +0200 -Subject: [PATCH] ip link: Show devices by type - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1341343 -Upstream Status: iproute2.git commit 712249d8fac88 -Conflicts: Changes in ip-link.8.in due to previously applied patches - 134080cff35e3 ("man: ip, ip-link: Fix ip option location") - and ca611d6408c9b ("man: ip-link.8: Fix and improve - synopsis"). - -commit 712249d8fac88bcf3a9fd0b1de2263074075873b -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Wed Dec 10 10:11:29 2014 +0200 - - ip link: Show devices by type - - Added new option 'type' to 'ip link show' - command which allows to filter devices by type: - - ip link show type bridge - ip link show type vlan - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> ---- - ip/ipaddress.c | 27 +++++++++++++++++++++++++++ - ip/iplink.c | 2 +- - man/man8/ip-link.8.in | 19 ++++++++++++++++++- - 3 files changed, 46 insertions(+), 2 deletions(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 3d9e47f..4720de0 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -58,6 +58,7 @@ static struct - int flushe; - int group; - int master; -+ char *kind; - } filter; - - static int do_link; -@@ -190,6 +191,18 @@ static void print_linkmode(FILE *f, struct rtattr *tb) - fprintf(f, "mode %s ", link_modes[mode]); - } - -+static char *parse_link_kind(struct rtattr *tb) -+{ -+ struct rtattr *linkinfo[IFLA_INFO_MAX+1]; -+ -+ parse_rtattr_nested(linkinfo, IFLA_INFO_MAX, tb); -+ -+ if (linkinfo[IFLA_INFO_KIND]) -+ return RTA_DATA(linkinfo[IFLA_INFO_KIND]); -+ -+ return ""; -+} -+ - static void print_linktype(FILE *fp, struct rtattr *tb) - { - struct rtattr *linkinfo[IFLA_INFO_MAX+1]; -@@ -569,6 +582,17 @@ int print_linkinfo(const struct sockaddr_nl *who, - else if (filter.master > 0) - return -1; - -+ if (filter.kind) { -+ if (tb[IFLA_LINKINFO]) { -+ char *kind = parse_link_kind(tb[IFLA_LINKINFO]); -+ -+ if (strcmp(kind, filter.kind)) -+ return -1; -+ } else { -+ return -1; -+ } -+ } -+ - if (n->nlmsg_type == RTM_DELLINK) - fprintf(fp, "Deleted "); - -@@ -1308,6 +1332,9 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) - if (!ifindex) - invarg("Device does not exist\n", *argv); - filter.master = ifindex; -+ } else if (do_link && strcmp(*argv, "type") == 0) { -+ NEXT_ARG(); -+ filter.kind = *argv; - } else { - if (strcmp(*argv, "dev") == 0) { - NEXT_ARG(); -diff --git a/ip/iplink.c b/ip/iplink.c -index 1d93229..0f91043 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -84,7 +84,7 @@ void iplink_usage(void) - fprintf(stderr, " [ master DEVICE ]\n"); - fprintf(stderr, " [ nomaster ]\n"); - fprintf(stderr, " [ addrgenmode { eui64 | none } ]\n"); -- fprintf(stderr, " ip link show [ DEVICE | group GROUP ] [up] [master DEV]\n"); -+ fprintf(stderr, " ip link show [ DEVICE | group GROUP ] [up] [master DEV] [type TYPE]\n"); - - if (iplink_have_newlink()) { - fprintf(stderr, " ip link help [ TYPE ]\n"); -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 09ea2f7..f968e49 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -143,7 +143,9 @@ ip-link \- network device configuration - .IR GROUP " ] [" - .BR up " ] [" - .B master --.IR DEVICE " ]" -+.IR DEVICE " ] [" -+.B type -+.IR TYPE " ]" - - .ti -8 - .B ip link help -@@ -922,6 +924,11 @@ only display running interfaces. - .I DEVICE - specifies the master device which enslaves devices to show. - -+.TP -+.BI type " TYPE " -+.I TYPE -+specifies the type of devices to show. -+ - .SS ip link help - display help - - .PP -@@ -935,6 +942,16 @@ ip link show - Shows the state of all network interfaces on the system. - .RE - .PP -+ip link show type bridge -+.RS 4 -+Shows the bridge devices. -+.RE -+.PP -+ip link show type vlan -+.RS 4 -+Shows the vlan devices. -+.RE -+.PP - ip link set dev ppp0 mtu 1400 - .RS 4 - Change the MTU the ppp0 device. --- -1.8.3.1 - diff --git a/SOURCES/0153-tc-m_xt-Get-rid-of-rargc-in-parse_ipt.patch b/SOURCES/0153-tc-m_xt-Get-rid-of-rargc-in-parse_ipt.patch new file mode 100644 index 0000000..ffd3124 --- /dev/null +++ b/SOURCES/0153-tc-m_xt-Get-rid-of-rargc-in-parse_ipt.patch @@ -0,0 +1,67 @@ +From 1f1f1e431f8cb9c8051f4b04ee5d6b36cc27f949 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:23:16 +0200 +Subject: [PATCH] tc: m_xt: Get rid of rargc in parse_ipt() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit ab8f52fc4ae11 +Conflicts: Changes in replaced code due to missing upstream commit + 32a121cba2579 ("tc: code cleanup"). + +commit ab8f52fc4ae1141ff9980d24244f2d9559e47968 +Author: Phil Sutter <phil@nwl.cc> +Date: Fri Jun 10 13:42:05 2016 +0200 + + tc: m_xt: Get rid of rargc in parse_ipt() + + No need to copy the passed parameter, it's changed only once right + before function return. + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index 4e660c4..7947e5a 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -123,7 +123,6 @@ static int parse_ipt(struct action_util *a,int *argc_p, + struct rtattr *tail; + + int c; +- int rargc = *argc_p; + char **argv = *argv_p; + int argc = 0, iargc = 0; + char k[16]; +@@ -139,7 +138,8 @@ static int parse_ipt(struct action_util *a,int *argc_p, + + { + int i; +- for (i = 0; i < rargc; i++) { ++ ++ for (i = 0; i < *argc_p; i++) { + if (NULL == argv[i] || 0 == strcmp(argv[i], "action")) { + break; + } +@@ -148,7 +148,7 @@ static int parse_ipt(struct action_util *a,int *argc_p, + } + + if (argc <= 2) { +- fprintf(stderr,"bad arguements to ipt %d vs %d \n", argc, rargc); ++ fprintf(stderr, "bad arguments to ipt %d vs %d\n", argc, *argc_p); + return -1; + } + +@@ -272,7 +272,7 @@ static int parse_ipt(struct action_util *a,int *argc_p, + + argc -= optind; + argv += optind; +- *argc_p = rargc - iargc; ++ *argc_p -= iargc; + *argv_p = argv; + + optind = 0; +-- +1.8.3.1 + diff --git a/SOURCES/0154-man-ip-link-Small-example-of-ip-link-show-master.patch b/SOURCES/0154-man-ip-link-Small-example-of-ip-link-show-master.patch deleted file mode 100644 index 6917287..0000000 --- a/SOURCES/0154-man-ip-link-Small-example-of-ip-link-show-master.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f74901523533aee13be145d36877d93a8163536d Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 16 Jun 2016 16:41:52 +0200 -Subject: [PATCH] man ip-link: Small example of 'ip link show master' - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1341343 -Upstream Status: iproute2.git commit 417b2180a57b0 - -commit 417b2180a57b0335981bdaaaaa017a48d1a84b72 -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Fri Dec 26 04:46:20 2014 +0200 - - man ip-link: Small example of 'ip link show master' - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> ---- - man/man8/ip-link.8.in | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index f968e49..312be6b 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -952,6 +952,11 @@ ip link show type vlan - Shows the vlan devices. - .RE - .PP -+ip link show master br0 -+.RS 4 -+Shows devices enslaved by br0 -+.RE -+.PP - ip link set dev ppp0 mtu 1400 - .RS 4 - Change the MTU the ppp0 device. --- -1.8.3.1 - diff --git a/SOURCES/0154-tc-m_xt-Get-rid-of-iargc-variable-in-parse_ipt.patch b/SOURCES/0154-tc-m_xt-Get-rid-of-iargc-variable-in-parse_ipt.patch new file mode 100644 index 0000000..70c3887 --- /dev/null +++ b/SOURCES/0154-tc-m_xt-Get-rid-of-iargc-variable-in-parse_ipt.patch @@ -0,0 +1,67 @@ +From cae38feb629c7d30c53366e5b48e96b759b7963d Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:23:42 +0200 +Subject: [PATCH] tc: m_xt: Get rid of iargc variable in parse_ipt() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit 28432f370e6ad + +commit 28432f370e6ad72a7eab9ba6bae67eabdd4b1c57 +Author: Phil Sutter <phil@nwl.cc> +Date: Fri Jun 10 13:42:06 2016 +0200 + + tc: m_xt: Get rid of iargc variable in parse_ipt() + + After dropping the unused decrement of argc in the function's tail, it + can fully take over what iargc has been used for. + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index 7947e5a..e0ed8a4 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -124,7 +124,7 @@ static int parse_ipt(struct action_util *a,int *argc_p, + + int c; + char **argv = *argv_p; +- int argc = 0, iargc = 0; ++ int argc = 0; + char k[16]; + int size = 0; + int iok = 0, ok = 0; +@@ -144,7 +144,7 @@ static int parse_ipt(struct action_util *a,int *argc_p, + break; + } + } +- iargc = argc = i; ++ argc = i; + } + + if (argc <= 2) { +@@ -205,7 +205,7 @@ static int parse_ipt(struct action_util *a,int *argc_p, + } + } + +- if (iargc > optind) { ++ if (argc > optind) { + if (matches(argv[optind], "index") == 0) { + if (get_u32(&index, argv[optind + 1], 10)) { + fprintf(stderr, "Illegal \"index\"\n"); +@@ -270,9 +270,8 @@ static int parse_ipt(struct action_util *a,int *argc_p, + addattr_l(n, MAX_MSG, TCA_IPT_TARG, m->t, m->t->u.target_size); + tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail; + +- argc -= optind; + argv += optind; +- *argc_p -= iargc; ++ *argc_p -= argc; + *argv_p = argv; + + optind = 0; +-- +1.8.3.1 + diff --git a/SOURCES/0155-ipaddress-Allow-listing-addresses-by-type.patch b/SOURCES/0155-ipaddress-Allow-listing-addresses-by-type.patch deleted file mode 100644 index dbc194d..0000000 --- a/SOURCES/0155-ipaddress-Allow-listing-addresses-by-type.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 836bc8fd1c04199a9a2b40fc8c2cf07debb7fd0b Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 16 Jun 2016 16:41:52 +0200 -Subject: [PATCH] ipaddress: Allow listing addresses by type - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1341343 -Upstream Status: iproute2.git commit 24604eb2877a3 - -commit 24604eb2877a3be3f3167ca329b37cba178537f2 -Author: Phil Sutter <phil@nwl.cc> -Date: Thu Jun 9 19:20:36 2016 +0200 - - ipaddress: Allow listing addresses by type - - Not sure why this was limited to ip-link before. It is semantically - equal to the 'master' keyword, which is not restricted at all. - - The man page and help text adjustments include the 'master' keyword as - well since that is also supported but wasn't documented before. - - Cc: Vadim Kochan <vadim4j@gmail.com> - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - ip/ipaddress.c | 11 ++++++++-- - man/man8/ip-address.8.in | 57 +++++++++++++++++++++++++++++++++++++++++++++--- - 2 files changed, 63 insertions(+), 5 deletions(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 4720de0..f10f58a 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -73,8 +73,11 @@ static void usage(void) - fprintf(stderr, "Usage: ip address {add|change|replace} IFADDR dev IFNAME [ LIFETIME ]\n"); - fprintf(stderr, " [ CONFFLAG-LIST ]\n"); - fprintf(stderr, " ip address del IFADDR dev IFNAME [mngtmpaddr]\n"); -- fprintf(stderr, " ip address {show|save|flush} [ dev IFNAME ] [ scope SCOPE-ID ]\n"); -+ fprintf(stderr, " ip address {save|flush} [ dev IFNAME ] [ scope SCOPE-ID ]\n"); - fprintf(stderr, " [ to PREFIX ] [ FLAG-LIST ] [ label LABEL ] [up]\n"); -+ fprintf(stderr, " ip address [ show [ dev IFNAME ] [ scope SCOPE-ID ] [ master DEVICE ]\n"); -+ fprintf(stderr, " [ type TYPE ] [ to PREFIX ] [ FLAG-LIST ]\n"); -+ fprintf(stderr, " [ label LABEL ] [up] ]\n"); - fprintf(stderr, " ip address {showdump|restore}\n"); - fprintf(stderr, "IFADDR := PREFIX | ADDR peer PREFIX\n"); - fprintf(stderr, " [ broadcast ADDR ] [ anycast ADDR ]\n"); -@@ -88,6 +91,10 @@ static void usage(void) - fprintf(stderr, "CONFFLAG := [ home | nodad | mngtmpaddr | noprefixroute | autojoin ]\n"); - fprintf(stderr, "LIFETIME := [ valid_lft LFT ] [ preferred_lft LFT ]\n"); - fprintf(stderr, "LFT := forever | SECONDS\n"); -+ fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"); -+ fprintf(stderr, " bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |\n"); -+ fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti | nlmon |\n"); -+ fprintf(stderr, " bond_slave | ipvlan | geneve | bridge_slave | vrf }\n"); - - exit(-1); - } -@@ -1332,7 +1339,7 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) - if (!ifindex) - invarg("Device does not exist\n", *argv); - filter.master = ifindex; -- } else if (do_link && strcmp(*argv, "type") == 0) { -+ } else if (strcmp(*argv, "type") == 0) { - NEXT_ARG(); - filter.kind = *argv; - } else { -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index ff3fe0b..ab0942d 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -23,7 +23,7 @@ ip-address \- protocol address management - .IB IFADDR " dev " IFNAME " [ " mngtmpaddr " ]" - - .ti -8 --.BR "ip address" " { " show " | " save " | " flush " } [ " dev -+.BR "ip address" " { " save " | " flush " } [ " dev - .IR IFNAME " ] [ " - .B scope - .IR SCOPE-ID " ] [ " -@@ -33,6 +33,21 @@ ip-address \- protocol address management - .IR PATTERN " ] [ " up " ]" - - .ti -8 -+.BR "ip address" " [ " show " [ " dev -+.IR IFNAME " ] [ " -+.B scope -+.IR SCOPE-ID " ] [ " -+.B to -+.IR PREFIX " ] [ " FLAG-LIST " ] [ " -+.B label -+.IR PATTERN " ] [ " -+.B master -+.IR DEVICE " ] [ " -+.B type -+.IR TYPE " ] [ " -+.BR up " ] ]" -+ -+.ti -8 - .BR "ip address" " { " showdump " | " restore " }" - - .ti -8 -@@ -80,6 +95,34 @@ ip-address \- protocol address management - .BR forever " |" - .IR SECONDS " ]" - -+.ti -8 -+.IR TYPE " := [ " -+.BR bridge " | " -+.BR bond " | " -+.BR can " | " -+.BR dummy " | " -+.BR hsr " | " -+.BR ifb " | " -+.BR ipoib " |" -+.BR macvlan " | " -+.BR macvtap " | " -+.BR vcan " | " -+.BR veth " | " -+.BR vlan " | " -+.BR vxlan " |" -+.BR ip6tnl " |" -+.BR ipip " |" -+.BR sit " |" -+.BR gre " |" -+.BR gretap " |" -+.BR ip6gre " |" -+.BR ip6gretap " |" -+.BR vti " |" -+.BR nlmon " |" -+.BR ipvlan " |" -+.BR lowpan " |" -+.BR geneve " ]" -+ - .SH "DESCRIPTION" - The - .B address -@@ -230,6 +273,14 @@ only list addresses with labels matching the - is a usual shell style pattern. - - .TP -+.BI master " DEVICE" -+only list interfaces enslaved to this master device. -+ -+.TP -+.BI type " TYPE" -+only list interfaces of the given type. -+ -+.TP - .B up - only list running interfaces. - -@@ -280,8 +331,8 @@ This command flushes the protocol addresses selected by some criteria. - - .PP - This command has the same arguments as --.B show. --The difference is that it does not run when no arguments are given. -+.BR show " except that " type " and " master " selectors are not supported." -+Another difference is that it does not run when no arguments are given. - - .PP - .B Warning: --- -1.8.3.1 - diff --git a/SOURCES/0155-tc-m_xt-Simplify-argc-adjusting-in-parse_ipt.patch b/SOURCES/0155-tc-m_xt-Simplify-argc-adjusting-in-parse_ipt.patch new file mode 100644 index 0000000..b5085cf --- /dev/null +++ b/SOURCES/0155-tc-m_xt-Simplify-argc-adjusting-in-parse_ipt.patch @@ -0,0 +1,63 @@ +From e1d15d63d531aa08fd6abe021aba5e287e13d527 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:23:42 +0200 +Subject: [PATCH] tc: m_xt: Simplify argc adjusting in parse_ipt() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit f6ddd9c5da4e5 + +commit f6ddd9c5da4e552322baf237075aae6db17237d4 +Author: Phil Sutter <phil@nwl.cc> +Date: Fri Jun 10 13:42:07 2016 +0200 + + tc: m_xt: Simplify argc adjusting in parse_ipt() + + And while at it, also improve the error message in case too few + parameters have been given. + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 17 ++++++----------- + 1 file changed, 6 insertions(+), 11 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index e0ed8a4..da3f7ab 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -124,7 +124,7 @@ static int parse_ipt(struct action_util *a,int *argc_p, + + int c; + char **argv = *argv_p; +- int argc = 0; ++ int argc; + char k[16]; + int size = 0; + int iok = 0, ok = 0; +@@ -136,19 +136,14 @@ static int parse_ipt(struct action_util *a,int *argc_p, + xtables_init_all(&tmp_tcipt_globals, NFPROTO_IPV4); + set_lib_dir(); + +- { +- int i; +- +- for (i = 0; i < *argc_p; i++) { +- if (NULL == argv[i] || 0 == strcmp(argv[i], "action")) { +- break; +- } +- } +- argc = i; ++ /* parse only up until the next action */ ++ for (argc = 0; argc < *argc_p; argc++) { ++ if (!argv[argc] || !strcmp(argv[argc], "action")) ++ break; + } + + if (argc <= 2) { +- fprintf(stderr, "bad arguments to ipt %d vs %d\n", argc, *argc_p); ++ fprintf(stderr, "too few arguments for xt, need at least '-j <target>'\n"); + return -1; + } + +-- +1.8.3.1 + diff --git a/SOURCES/0156-add-new-IFLA_VF_TRUST-netlink-attribute.patch b/SOURCES/0156-add-new-IFLA_VF_TRUST-netlink-attribute.patch deleted file mode 100644 index 613f8f5..0000000 --- a/SOURCES/0156-add-new-IFLA_VF_TRUST-netlink-attribute.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 57400a02cdfa4332a927d0dbeed97d4e969fd070 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 16 Jun 2016 16:50:43 +0200 -Subject: [PATCH] add new IFLA_VF_TRUST netlink attribute - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1302119 -Upstream Status: iproute2.git commit dddf1b44126ea - -commit dddf1b44126eaa25c6698be618fb452fc7b9bed3 -Author: Stephen Hemminger <shemming@brocade.com> -Date: Fri Oct 23 15:47:07 2015 -0700 - - add new IFLA_VF_TRUST netlink attribute ---- - include/linux/if_link.h | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/include/linux/if_link.h b/include/linux/if_link.h -index 1934566..ca9a681 100644 ---- a/include/linux/if_link.h -+++ b/include/linux/if_link.h -@@ -499,6 +499,7 @@ enum { - * on/off switch - */ - IFLA_VF_STATS, /* network device statistics */ -+ IFLA_VF_TRUST, /* Trust VF */ - __IFLA_VF_MAX, - }; - -@@ -560,6 +561,11 @@ enum { - - #define IFLA_VF_STATS_MAX (__IFLA_VF_STATS_MAX - 1) - -+struct ifla_vf_trust { -+ __u32 vf; -+ __u32 setting; -+}; -+ - /* VF ports management section - * - * Nested layout of set/get msg is: --- -1.8.3.1 - diff --git a/SOURCES/0156-tc-m_xt-Introduce-get_xtables_target_opts.patch b/SOURCES/0156-tc-m_xt-Introduce-get_xtables_target_opts.patch new file mode 100644 index 0000000..fae4283 --- /dev/null +++ b/SOURCES/0156-tc-m_xt-Introduce-get_xtables_target_opts.patch @@ -0,0 +1,132 @@ +From 9816ef34f02ebbffece0ec7d298742f1d73e1acd Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:23:42 +0200 +Subject: [PATCH] tc: m_xt: Introduce get_xtables_target_opts() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit 2ef4008585ec9 +Conflicts: Context change due to missing upstream commit 32a121cba2579 + ("tc: code cleanup"). + +commit 2ef4008585ec9184a0abf7534bf7f575ce6579d1 +Author: Phil Sutter <phil@nwl.cc> +Date: Fri Jun 10 13:42:08 2016 +0200 + + tc: m_xt: Introduce get_xtables_target_opts() + + This pulls common code from parse_ipt() and print_ipt() functions + together. + + While here, also fix for incorrect use of the global 'optarg' variable + in print_ipt(). + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 60 ++++++++++++++++++++++++++++++------------------------------ + 1 file changed, 30 insertions(+), 30 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index da3f7ab..c96d58c 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -116,7 +116,28 @@ static void set_lib_dir(void) + + } + +-static int parse_ipt(struct action_util *a,int *argc_p, ++static int get_xtables_target_opts(struct xtables_globals *globals, ++ struct xtables_target *m) ++{ ++ struct option *opts; ++ ++#if (XTABLES_VERSION_CODE >= 6) ++ opts = xtables_options_xfrm(globals->orig_opts, ++ globals->opts, ++ m->x6_options, ++ &m->option_offset); ++#else ++ opts = xtables_merge_options(globals->opts, ++ m->extra_opts, ++ &m->option_offset); ++#endif ++ if (!opts) ++ return -1; ++ globals->opts = opts; ++ return 0; ++} ++ ++static int parse_ipt(struct action_util *a, int *argc_p, + char ***argv_p, int tca_id, struct nlmsghdr *n) + { + struct xtables_target *m = NULL; +@@ -129,7 +150,6 @@ static int parse_ipt(struct action_util *a,int *argc_p, + int size = 0; + int iok = 0, ok = 0; + __u32 hook = 0, index = 0; +- struct option *opts = NULL; + + /* copy tcipt_globals because .opts will be modified by iptables */ + struct xtables_globals tmp_tcipt_globals = tcipt_globals; +@@ -163,21 +183,11 @@ static int parse_ipt(struct action_util *a,int *argc_p, + printf(" %s error\n", m->name); + return -1; + } +-#if (XTABLES_VERSION_CODE >= 6) +- opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts, +- tmp_tcipt_globals.opts, +- m->x6_options, +- &m->option_offset); +-#else +- opts = xtables_merge_options(tmp_tcipt_globals.opts, +- m->extra_opts, +- &m->option_offset); +-#endif +- if (opts == NULL) { ++ ++ if (get_xtables_target_opts(&tmp_tcipt_globals, m) < 0) { + fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); + return -1; +- } else +- tmp_tcipt_globals.opts = opts; ++ } + ok++; + break; + +@@ -291,7 +301,6 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) + struct xtables_target *m; + struct rtattr *tb[TCA_IPT_MAX + 1]; + struct xt_entry_target *t = NULL; +- struct option *opts = NULL; + + if (arg == NULL) + return -1; +@@ -337,21 +346,12 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) + return -1; + } + +-#if (XTABLES_VERSION_CODE >= 6) +- opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts, +- tmp_tcipt_globals.opts, +- m->x6_options, +- &m->option_offset); +-#else +- opts = xtables_merge_options(tmp_tcipt_globals.opts, +- m->extra_opts, +- &m->option_offset); +-#endif +- if (opts == NULL) { +- fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); ++ if (get_xtables_target_opts(&tmp_tcipt_globals, m) < 0) { ++ fprintf(stderr, ++ " failed to find additional options for target %s\n\n", ++ t->u.user.name); + return -1; +- } else +- tmp_tcipt_globals.opts = opts; ++ } + fprintf(f, "\ttarget "); + m->print(NULL, m->t, 0); + if (tb[TCA_IPT_INDEX] == NULL) { +-- +1.8.3.1 + diff --git a/SOURCES/0157-iplink-Support-VF-Trust.patch b/SOURCES/0157-iplink-Support-VF-Trust.patch deleted file mode 100644 index 8020fa0..0000000 --- a/SOURCES/0157-iplink-Support-VF-Trust.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 090af3d3a7fe36caa6eceb6bed51491425045ce9 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 16 Jun 2016 16:50:59 +0200 -Subject: [PATCH] iplink: Support VF Trust - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1302119 -Upstream Status: iproute2.git commit b6d77d9ee3122 -Conflicts: Context changes due to missing other features. - -commit b6d77d9ee312246146e9b5ca70a8a1426898b484 -Author: Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com> -Date: Fri Feb 26 02:40:18 2016 +0000 - - iplink: Support VF Trust - - Add IFLA_VF_TRUST message to trust the VF. - PF can accept some privileged operation from the trusted VF. - For example, ixgbe PF doesn't allow to enable VF promiscuous mode until - the VF is trusted because it may hurt performance. - - To trust VF. - # ip link set dev eth0 vf 1 trust on - - To untrust VF. - # ip link set dev eth0 vf 1 trust off - - Signed-off-by: Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com> ---- - ip/iplink.c | 13 +++++++++++++ - man/man8/ip-link.8.in | 8 +++++++- - 2 files changed, 20 insertions(+), 1 deletion(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index 0f91043..84bdc56 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -81,6 +81,7 @@ void iplink_usage(void) - fprintf(stderr, " [ spoofchk { on | off} ]\n"); - fprintf(stderr, " [ query_rss { on | off} ]\n"); - fprintf(stderr, " [ state { auto | enable | disable} ] ]\n"); -+ fprintf(stderr, " [ trust { on | off} ] ]\n"); - fprintf(stderr, " [ master DEVICE ]\n"); - fprintf(stderr, " [ nomaster ]\n"); - fprintf(stderr, " [ addrgenmode { eui64 | none } ]\n"); -@@ -302,6 +303,18 @@ static int iplink_parse_vf(int vf, int *argcp, char ***argvp, - ivs.vf = vf; - addattr_l(&req->n, sizeof(*req), IFLA_VF_RSS_QUERY_EN, &ivs, sizeof(ivs)); - -+ } else if (matches(*argv, "trust") == 0) { -+ struct ifla_vf_trust ivt; -+ NEXT_ARG(); -+ if (matches(*argv, "on") == 0) -+ ivt.setting = 1; -+ else if (matches(*argv, "off") == 0) -+ ivt.setting = 0; -+ else -+ invarg("Invalid \"trust\" value\n", *argv); -+ ivt.vf = vf; -+ addattr_l(&req->n, sizeof(*req), IFLA_VF_TRUST, &ivt, sizeof(ivt)); -+ - } else if (matches(*argv, "state") == 0) { - struct ifla_vf_link_state ivl; - NEXT_ARG(); -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 312be6b..1d052ef 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -118,7 +118,9 @@ ip-link \- network device configuration - .RB "[ " vlan - .IR VLANID " [ " - .B qos --.IR VLAN-QOS " ] ]" -+.IR VLAN-QOS " ] ] [" -+.B trust { on | off } -+] | - .br - .RB "[ " rate - .IR TXRATE " ]" -@@ -872,6 +874,10 @@ parameter must be specified. - .sp - .BI spoofchk " on|off" - - turn packet spoof checking on or off for the specified VF. -+.sp -+.BI trust " on|off" -+- trust the specified VF user. This enables that VF user can set a specific feature -+which may impact security and/or performance. (e.g. VF multicast promiscuous mode) - .in -8 - - .TP --- -1.8.3.1 - diff --git a/SOURCES/0157-m_xt-whitespace-cleanup.patch b/SOURCES/0157-m_xt-whitespace-cleanup.patch new file mode 100644 index 0000000..6100e78 --- /dev/null +++ b/SOURCES/0157-m_xt-whitespace-cleanup.patch @@ -0,0 +1,125 @@ +From 0401b1f92170a3c503e6dd1430b9b7cc0bcdbe47 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:24:00 +0200 +Subject: [PATCH] m_xt: whitespace cleanup + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit 4b83a08c280fc +Conflicts: Changes in replaced code due to missing upstream commit + 32a121cba2579 ("tc: code cleanup"). + +commit 4b83a08c280fcd14ed8e775adc7604ea13c1252f +Author: Stephen Hemminger <shemming@brocade.com> +Date: Tue Jun 14 14:40:53 2016 -0700 + + m_xt: whitespace cleanup + + Make it 99% checkpatch clean. +--- + tc/m_xt.c | 32 +++++++++++++++++++++----------- + 1 file changed, 21 insertions(+), 11 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index c96d58c..8317f31 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -39,8 +39,10 @@ + #endif + + #ifndef __ALIGN_KERNEL +-#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1) +-#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) ++#define __ALIGN_KERNEL(x, a) \ ++ __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1) ++#define __ALIGN_KERNEL_MASK(x, mask) \ ++ (((x) + (mask)) & ~(mask)) + #endif + + #ifndef ALIGN +@@ -51,7 +53,7 @@ static const char *tname = "mangle"; + + char *lib_dir; + +-static const char *ipthooks[] = { ++static const char * const ipthooks[] = { + "NF_IP_PRE_ROUTING", + "NF_IP_LOCAL_IN", + "NF_IP_FORWARD", +@@ -153,6 +155,7 @@ static int parse_ipt(struct action_util *a, int *argc_p, + + /* copy tcipt_globals because .opts will be modified by iptables */ + struct xtables_globals tmp_tcipt_globals = tcipt_globals; ++ + xtables_init_all(&tmp_tcipt_globals, NFPROTO_IPV4); + set_lib_dir(); + +@@ -163,7 +166,8 @@ static int parse_ipt(struct action_util *a, int *argc_p, + } + + if (argc <= 2) { +- fprintf(stderr, "too few arguments for xt, need at least '-j <target>'\n"); ++ fprintf(stderr, ++ "too few arguments for xt, need at least '-j <target>'\n"); + return -1; + } + +@@ -175,7 +179,9 @@ static int parse_ipt(struct action_util *a, int *argc_p, + case 'j': + m = xtables_find_target(optarg, XTF_TRY_LOAD); + if (!m) { +- fprintf(stderr, " failed to find target %s\n\n", optarg); ++ fprintf(stderr, ++ " failed to find target %s\n\n", ++ optarg); + return -1; + } + +@@ -184,8 +190,11 @@ static int parse_ipt(struct action_util *a, int *argc_p, + return -1; + } + +- if (get_xtables_target_opts(&tmp_tcipt_globals, m) < 0) { +- fprintf(stderr, " failed to find additional options for target %s\n\n", optarg); ++ if (get_xtables_target_opts(&tmp_tcipt_globals, ++ m) < 0) { ++ fprintf(stderr, ++ " failed to find additional options for target %s\n\n", ++ optarg); + return -1; + } + ok++; +@@ -198,10 +207,11 @@ static int parse_ipt(struct action_util *a, int *argc_p, + #else + if (m != NULL && m->parse != NULL) { + m->parse(c - m->option_offset, argv, 0, +- &m->tflags, NULL, &m->t); ++ &m->tflags, NULL, &m->t); + #endif + } else { +- fprintf(stderr,"failed to find target %s\n\n", optarg); ++ fprintf(stderr, ++ "failed to find target %s\n\n", optarg); + return -1; + + } +@@ -296,7 +306,7 @@ static int parse_ipt(struct action_util *a, int *argc_p, + } + + static int +-print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) ++print_ipt(struct action_util *au, FILE *f, struct rtattr *arg) + { + struct xtables_target *m; + struct rtattr *tb[TCA_IPT_MAX + 1]; +@@ -348,7 +358,7 @@ print_ipt(struct action_util *au,FILE * f, struct rtattr *arg) + + if (get_xtables_target_opts(&tmp_tcipt_globals, m) < 0) { + fprintf(stderr, +- " failed to find additional options for target %s\n\n", ++ " failed to find additional options for target %s\n\n", + t->u.user.name); + return -1; + } +-- +1.8.3.1 + diff --git a/SOURCES/0158-ip-link-Support-printing-VF-trust-setting.patch b/SOURCES/0158-ip-link-Support-printing-VF-trust-setting.patch deleted file mode 100644 index ee4bd0d..0000000 --- a/SOURCES/0158-ip-link-Support-printing-VF-trust-setting.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 9318ed3fad1320bbe3ca61e5ed5f317331ec38d7 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 16 Jun 2016 16:51:20 +0200 -Subject: [PATCH] ip-link: Support printing VF trust setting - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1302119 -Upstream Status: iproute2.git commit fe9322781e635 -Conflicts: Context changes due to missing commit a1b99717c7cd7 - ("Add displaying VF traffic statistics"). - -commit fe9322781e6351b5572cbaa8df4dd0e5ec96398a -Author: Phil Sutter <phil@nwl.cc> -Date: Thu Mar 31 14:43:32 2016 +0200 - - ip-link: Support printing VF trust setting - - This adds a new item to VF lines of a PF, stating whether the VF is - trusted or not. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - ip/ipaddress.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index f10f58a..05e0da9 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -356,6 +356,13 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) - else - fprintf(fp, ", link-state disable"); - } -+ if (vf[IFLA_VF_TRUST]) { -+ struct ifla_vf_trust *vf_trust = RTA_DATA(vf[IFLA_VF_TRUST]); -+ -+ if (vf_trust->setting != -1) -+ fprintf(fp, ", trust %s", -+ vf_trust->setting ? "on" : "off"); -+ } - } - - static void print_num(FILE *fp, unsigned width, uint64_t count) --- -1.8.3.1 - diff --git a/SOURCES/0158-tc-m_xt-Fix-segfault-with-iptables-1.6.0.patch b/SOURCES/0158-tc-m_xt-Fix-segfault-with-iptables-1.6.0.patch new file mode 100644 index 0000000..19ff652 --- /dev/null +++ b/SOURCES/0158-tc-m_xt-Fix-segfault-with-iptables-1.6.0.patch @@ -0,0 +1,45 @@ +From cff7ec6ee4af587761cae0819471cb28d48463d8 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:26:50 +0200 +Subject: [PATCH] tc: m_xt: Fix segfault with iptables-1.6.0 + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit 97a02cabefb2e + +commit 97a02cabefb2e2dcfe27f89943709afa84be5525 +Author: Phil Sutter <phil@nwl.cc> +Date: Thu Jan 12 15:22:49 2017 +0100 + + tc: m_xt: Fix segfault with iptables-1.6.0 + + Said iptables version introduced struct xtables_globals field + 'compat_rev', a function pointer. Initializing it is mandatory as + libxtables calls it without existence check. + + Without this, tc segfaults when using the xt action like so: + + | tc filter add dev d0 parent ffff: u32 match u32 0 0 \ + | action xt -j MARK --set-mark 20 + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index 8317f31..890dddd 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -77,6 +77,9 @@ static struct xtables_globals tcipt_globals = { + .orig_opts = original_opts, + .opts = original_opts, + .exit_err = NULL, ++#if (XTABLES_VERSION_CODE >= 11) ++ .compat_rev = xtables_compatible_revision, ++#endif + }; + + /* +-- +1.8.3.1 + diff --git a/SOURCES/0159-man-ip-link.8-Fix-ip-link-delete-description.patch b/SOURCES/0159-man-ip-link.8-Fix-ip-link-delete-description.patch deleted file mode 100644 index 9228b0d..0000000 --- a/SOURCES/0159-man-ip-link.8-Fix-ip-link-delete-description.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5b52a263b3e8b9b86100f3e69923401cb5be1cbd Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 23 Jun 2016 22:33:18 +0200 -Subject: [PATCH] man: ip-link.8: Fix 'ip link delete' description - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1341343 -Upstream Status: Side effect of iproute2.git commit 7f74cf6de03a3 - -This is not a backport as the above mentioned upstream commit does -something completely different and we only want the man page fix it -contains. ---- - man/man8/ip-link.8.in | 11 +++++------ - 1 file changed, 5 insertions(+), 6 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 1d052ef..c9ccf23 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -709,15 +709,14 @@ using standard tools. - .in -8 - - .SS ip link delete - delete virtual link --.I DEVICE --specifies the virtual device to act operate on. --.I TYPE --specifies the type of the device. -- - - .TP - .BI dev " DEVICE " --specifies the physical device to act operate on. -+specifies the virtual device to act operate on. -+ -+.TP -+.BI type " TYPE " -+specifies the type of the device. - - .SS ip link set - change device attributes - --- -1.8.3.1 - diff --git a/SOURCES/0159-tc-m_xt-Drop-needless-parentheses-from-if-checks.patch b/SOURCES/0159-tc-m_xt-Drop-needless-parentheses-from-if-checks.patch new file mode 100644 index 0000000..71d97c0 --- /dev/null +++ b/SOURCES/0159-tc-m_xt-Drop-needless-parentheses-from-if-checks.patch @@ -0,0 +1,62 @@ +From d7885e6a737866ada8445fd86c6352ac5ba96d7d Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Tue, 4 Apr 2017 16:26:50 +0200 +Subject: [PATCH] tc: m_xt: Drop needless parentheses from #if checks + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326726 +Upstream Status: iproute2.git commit a05b9557f48e2 + +commit a05b9557f48e23e69a4c1a597f2f288f133ef170 +Author: Phil Sutter <phil@nwl.cc> +Date: Fri Jan 13 13:06:19 2017 +0100 + + tc: m_xt: Drop needless parentheses from #if checks + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + tc/m_xt.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tc/m_xt.c b/tc/m_xt.c +index 890dddd..478523d 100644 +--- a/tc/m_xt.c ++++ b/tc/m_xt.c +@@ -77,7 +77,7 @@ static struct xtables_globals tcipt_globals = { + .orig_opts = original_opts, + .opts = original_opts, + .exit_err = NULL, +-#if (XTABLES_VERSION_CODE >= 11) ++#if XTABLES_VERSION_CODE >= 11 + .compat_rev = xtables_compatible_revision, + #endif + }; +@@ -126,7 +126,7 @@ static int get_xtables_target_opts(struct xtables_globals *globals, + { + struct option *opts; + +-#if (XTABLES_VERSION_CODE >= 6) ++#if XTABLES_VERSION_CODE >= 6 + opts = xtables_options_xfrm(globals->orig_opts, + globals->opts, + m->x6_options, +@@ -204,7 +204,7 @@ static int parse_ipt(struct action_util *a, int *argc_p, + break; + + default: +-#if (XTABLES_VERSION_CODE >= 6) ++#if XTABLES_VERSION_CODE >= 6 + if (m != NULL && m->x6_parse != NULL) { + xtables_option_tpcall(c, argv, 0, m, NULL); + #else +@@ -242,7 +242,7 @@ static int parse_ipt(struct action_util *a, int *argc_p, + } + + /* check that we passed the correct parameters to the target */ +-#if (XTABLES_VERSION_CODE >= 6) ++#if XTABLES_VERSION_CODE >= 6 + if (m) + xtables_option_tfcall(m); + #else +-- +1.8.3.1 + diff --git a/SOURCES/0160-man-ip-address-ip-link-Document-type-quirk.patch b/SOURCES/0160-man-ip-address-ip-link-Document-type-quirk.patch deleted file mode 100644 index c4bd43a..0000000 --- a/SOURCES/0160-man-ip-address-ip-link-Document-type-quirk.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 7384fd2e31a9284f2ded443666fb91eabc15b75b Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Fri, 1 Jul 2016 20:36:52 +0200 -Subject: [PATCH] man: ip-address, ip-link: Document 'type' quirk - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1341343 -Upstream Status: iproute2.git commit 3462c116f8dd5 - -commit 3462c116f8dd578591f5f41d249d7542ea476ca4 -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Jun 24 12:14:23 2016 +0200 - - man: ip-address, ip-link: Document 'type' quirk - - This covers the fact that calling 'ip {link|addr} show type foobar' does - not return an error. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-address.8.in | 6 ++++++ - man/man8/ip-link.8.in | 6 ++++++ - 2 files changed, 12 insertions(+) - -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index ab0942d..8d34adb 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -280,6 +280,12 @@ only list interfaces enslaved to this master device. - .BI type " TYPE" - only list interfaces of the given type. - -+Note that the type name is not checked against the list of supported types - -+instead it is sent as-is to the kernel. Later it is used to filter the returned -+interface list by comparing it with the relevant attribute in case the kernel -+didn't filter already. Therefore any string is accepted, but may lead to empty -+output. -+ - .TP - .B up - only list running interfaces. -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index c9ccf23..5e4862f 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -934,6 +934,12 @@ specifies the master device which enslaves devices to show. - .I TYPE - specifies the type of devices to show. - -+Note that the type name is not checked against the list of supported types - -+instead it is sent as-is to the kernel. Later it is used to filter the returned -+interface list by comparing it with the relevant attribute in case the kernel -+didn't filter already. Therefore any string is accepted, but may lead to empty -+output. -+ - .SS ip link help - display help - - .PP --- -1.8.3.1 - diff --git a/SOURCES/0160-man-ip-link.8-document-bridge-options.patch b/SOURCES/0160-man-ip-link.8-document-bridge-options.patch new file mode 100644 index 0000000..1703975 --- /dev/null +++ b/SOURCES/0160-man-ip-link.8-document-bridge-options.patch @@ -0,0 +1,263 @@ +From 5cc1ea2216d6b9bd26ed0a90db2ec5e045834c3c Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Wed, 5 Apr 2017 15:15:36 +0200 +Subject: [PATCH] man: ip-link.8: document bridge options + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1373869 +Upstream Status: iproute2.git commit 3fbb5d43bb759 + +commit 3fbb5d43bb759c7501404d8a92ae95e058c1763a +Author: Sabrina Dubroca <sd@queasysnail.net> +Date: Tue Mar 28 17:56:48 2017 +0200 + + man: ip-link.8: document bridge options + + Signed-off-by: Phil Sutter <phil@nwl.cc> + Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> +--- + man/man8/ip-link.8.in | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 229 insertions(+) + +diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in +index 8030203..e4e95b7 100644 +--- a/man/man8/ip-link.8.in ++++ b/man/man8/ip-link.8.in +@@ -778,6 +778,235 @@ using standard tools. + .in -8 + + .TP ++BRIDGE Type Support ++For a link of type ++.I BRIDGE ++the following additional arguments are supported: ++ ++.BI "ip link add " DEVICE " type bridge " ++[ ++.BI ageing_time " AGEING_TIME " ++] [ ++.BI group_fwd_mask " MASK " ++] [ ++.BI group_address " ADDRESS " ++] [ ++.BI forward_delay " FORWARD_DELAY " ++] [ ++.BI hello_time " HELLO_TIME " ++] [ ++.BI max_age " MAX_AGE " ++] [ ++.BI stp_state " STP_STATE " ++] [ ++.BI priority " PRIORITY " ++] [ ++.BI vlan_filtering " VLAN_FILTERING " ++] [ ++.BI vlan_protocol " VLAN_PROTOCOL " ++] [ ++.BI vlan_default_pvid " VLAN_DEFAULT_PVID " ++] [ ++.BI vlan_stats_enabled " VLAN_STATS_ENABLED " ++] [ ++.BI mcast_snooping " MULTICAST_SNOOPING " ++] [ ++.BI mcast_router " MULTICAST_ROUTER " ++] [ ++.BI mcast_query_use_ifaddr " MCAST_QUERY_USE_IFADDR " ++] [ ++.BI mcast_querier " MULTICAST_QUERIER " ++] [ ++.BI mcast_hash_elasticity " HASH_ELASTICITY " ++] [ ++.BI mcast_hash_max " HASH_MAX " ++] [ ++.BI mcast_last_member_count " LAST_MEMBER_COUNT " ++] [ ++.BI mcast_startup_query_count " STARTUP_QUERY_COUNT " ++] [ ++.BI mcast_last_member_interval " LAST_MEMBER_INTERVAL " ++] [ ++.BI mcast_membership_interval " MEMBERSHIP_INTERVAL " ++] [ ++.BI mcast_querier_interval " QUERIER_INTERVAL " ++] [ ++.BI mcast_query_interval " QUERY_INTERVAL " ++] [ ++.BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL " ++] [ ++.BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL " ++] [ ++.BI mcast_stats_enabled " MCAST_STATS_ENABLED " ++] [ ++.BI mcast_igmp_version " IGMP_VERSION " ++] [ ++.BI mcast_mld_version " MLD_VERSION " ++] [ ++.BI nf_call_iptables " NF_CALL_IPTABLES " ++] [ ++.BI nf_call_ip6tables " NF_CALL_IP6TABLES " ++] [ ++.BI nf_call_arptables " NF_CALL_ARPTABLES " ++] ++ ++.in +8 ++.sp ++.BI ageing_time " AGEING_TIME " ++- configure the bridge's FDB entries ageing time, ie the number of seconds a MAC address will be kept in the FDB after a packet has been received from that address. after this time has passed, entries are cleaned up. ++ ++.BI group_fwd_mask " MASK " ++- set the group forward mask. This is the bitmask that is applied to decide whether to forward incoming frames destined to link-local addresses, ie addresses of the form 01:80:C2:00:00:0X (defaults to 0, ie the bridge does not forward any link-local frames). ++ ++.BI group_address " ADDRESS " ++- set the MAC address of the multicast group this bridge uses for STP. The address must be a link-local address in standard Ethernet MAC address format, ie an address of the form 01:80:C2:00:00:0X, with X in [0, 4..f]. ++ ++.BI forward_delay " FORWARD_DELAY " ++- set the forwarding delay in seconds, ie the time spent in LISTENING state (before moving to LEARNING) and in LEARNING state (before moving to FORWARDING). Only relevant if STP is enabled. Valid values are between 2 and 30. ++ ++.BI hello_time " HELLO_TIME " ++- set the time in seconds between hello packets sent by the bridge, when it is a root bridge or a designated bridges. Only relevant if STP is enabled. Valid values are between 1 and 10. ++ ++.BI max_age " MAX_AGE " ++- set the hello packet timeout, ie the time in seconds until another bridge in the spanning tree is assumed to be dead, after reception of its last hello message. Only relevant if STP is enabled. Valid values are between 6 and 40. ++ ++.BI stp_state " STP_STATE " ++- turn spanning tree protocol on ++.RI ( STP_STATE " > 0) " ++or off ++.RI ( STP_STATE " == 0). " ++for this bridge. ++ ++.BI priority " PRIORITY " ++- set this bridge's spanning tree priority, used during STP root bridge election. ++.I PRIORITY ++is a 16bit unsigned integer. ++ ++.BI vlan_filtering " VLAN_FILTERING " ++- turn VLAN filtering on ++.RI ( VLAN_FILTERING " > 0) " ++or off ++.RI ( VLAN_FILTERING " == 0). " ++When disabled, the bridge will not consider the VLAN tag when handling packets. ++ ++.BR vlan_protocol " { " 802.1Q " | " 802.1ad " } " ++- set the protocol used for VLAN filtering. ++ ++.BI vlan_default_pvid " VLAN_DEFAULT_PVID " ++- set the default PVID (native/untagged VLAN ID) for this bridge. ++ ++.BI vlan_stats_enabled " VLAN_STATS_ENABLED " ++- enable ++.RI ( VLAN_STATS_ENABLED " == 1) " ++or disable ++.RI ( VLAN_STATS_ENABLED " == 0) " ++per-VLAN stats accounting. ++ ++.BI mcast_snooping " MULTICAST_SNOOPING " ++- turn multicast snooping on ++.RI ( MULTICAST_SNOOPING " > 0) " ++or off ++.RI ( MULTICAST_SNOOPING " == 0). " ++ ++.BI mcast_router " MULTICAST_ROUTER " ++- set bridge's multicast router if IGMP snooping is enabled. ++.I MULTICAST_ROUTER ++is an integer value having the following meaning: ++.in +8 ++.sp ++.B 0 ++- disabled. ++ ++.B 1 ++- automatic (queried). ++ ++.B 2 ++- permanently enabled. ++.in -8 ++ ++.BI mcast_query_use_ifaddr " MCAST_QUERY_USE_IFADDR " ++- whether to use the bridge's own IP address as source address for IGMP queries ++.RI ( MCAST_QUERY_USE_IFADDR " > 0) " ++or the default of 0.0.0.0 ++.RI ( MCAST_QUERY_USE_IFADDR " == 0). " ++ ++.BI mcast_querier " MULTICAST_QUERIER " ++- enable ++.RI ( MULTICAST_QUERIER " > 0) " ++or disable ++.RI ( MULTICAST_QUERIER " == 0) " ++IGMP querier, ie sending of multicast queries by the bridge (default: disabled). ++ ++.BI mcast_querier_interval " QUERIER_INTERVAL " ++- interval between queries sent by other routers. if no queries are seen after this delay has passed, the bridge will start to send its own queries (as if ++.BI mcast_querier ++was enabled). ++ ++.BI mcast_hash_elasticity " HASH_ELASTICITY " ++- set multicast database hash elasticity, ie the maximum chain length in the multicast hash table (defaults to 4). ++ ++.BI mcast_hash_max " HASH_MAX " ++- set maximum size of multicast hash table (defaults to 512, value must be a power of 2). ++ ++.BI mcast_last_member_count " LAST_MEMBER_COUNT " ++- set multicast last member count, ie the number of queries the bridge will send before stopping forwarding a multicast group after a "leave" message has been received (defaults to 2). ++ ++.BI mcast_last_member_interval " LAST_MEMBER_INTERVAL " ++- interval between queries to find remaining members of a group, after a "leave" message is received. ++ ++.BI mcast_startup_query_count " STARTUP_QUERY_COUNT " ++- set the number of IGMP queries to send during startup phase (defaults to 2). ++ ++.BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL " ++- interval between queries in the startup phase. ++ ++.BI mcast_query_interval " QUERY_INTERVAL " ++- interval between queries sent by the bridge after the end of the startup phase. ++ ++.BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL " ++- set the Max Response Time/Maximum Response Delay for IGMP/MLD queries sent by the bridge. ++ ++.BI mcast_membership_interval " MEMBERSHIP_INTERVAL " ++- delay after which the bridge will leave a group, if no membership reports for this group are received. ++ ++.BI mcast_stats_enabled " MCAST_STATS_ENABLED " ++- enable ++.RI ( MCAST_STATS_ENABLED " > 0) " ++or disable ++.RI ( MCAST_STATS_ENABLED " == 0) " ++multicast (IGMP/MLD) stats accounting. ++ ++.BI mcast_igmp_version " IGMP_VERSION " ++- set the IGMP version. ++ ++.BI mcast_mld_version " MLD_VERSION " ++- set the MLD version. ++ ++.BI nf_call_iptables " NF_CALL_IPTABLES " ++- enable ++.RI ( NF_CALL_IPTABLES " > 0) " ++or disable ++.RI ( NF_CALL_IPTABLES " == 0) " ++iptables hooks on the bridge. ++ ++.BI nf_call_ip6tables " NF_CALL_IP6TABLES " ++- enable ++.RI ( NF_CALL_IP6TABLES " > 0) " ++or disable ++.RI ( NF_CALL_IP6TABLES " == 0) " ++ip6tables hooks on the bridge. ++ ++.BI nf_call_arptables " NF_CALL_ARPTABLES " ++- enable ++.RI ( NF_CALL_ARPTABLES " > 0) " ++or disable ++.RI ( NF_CALL_ARPTABLES " == 0) " ++arptables hooks on the bridge. ++ ++ ++.in-8 ++ ++.TP + MACsec Type Support + For a link of type + .I MACsec +-- +1.8.3.1 + diff --git a/SOURCES/0161-iproute2-GENEVE-support.patch b/SOURCES/0161-iproute2-GENEVE-support.patch deleted file mode 100644 index a6985c4..0000000 --- a/SOURCES/0161-iproute2-GENEVE-support.patch +++ /dev/null @@ -1,201 +0,0 @@ -From 66373cc86a92570198bc282fde92782d8a256966 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 2 Jul 2016 12:42:24 +0200 -Subject: [PATCH] iproute2: GENEVE support - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1339178 -Upstream Status: iproute2.git commit 908755dc49df0 -Conflicts: - - Context changes due to missing interface type support for hsr, fou - and ipvlan. - - Added missing IFLA_GENEVE_* defines. - -commit 908755dc49df0beffd12c8cad91e425e5be76888 -Author: John W. Linville <linville@tuxdriver.com> -Date: Fri May 8 13:27:08 2015 -0400 - - iproute2: GENEVE support - - Signed-off-by: John W. Linville <linville@tuxdriver.com> ---- - include/linux/if_link.h | 5 ++ - ip/Makefile | 3 +- - ip/iplink.c | 2 +- - ip/iplink_geneve.c | 122 ++++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 130 insertions(+), 2 deletions(-) - create mode 100644 ip/iplink_geneve.c - -diff --git a/include/linux/if_link.h b/include/linux/if_link.h -index ca9a681..73b5556 100644 ---- a/include/linux/if_link.h -+++ b/include/linux/if_link.h -@@ -410,6 +410,11 @@ enum { - IFLA_GENEVE_TOS, - IFLA_GENEVE_PORT, /* destination port */ - IFLA_GENEVE_COLLECT_METADATA, -+ IFLA_GENEVE_REMOTE6, -+ IFLA_GENEVE_UDP_CSUM, -+ IFLA_GENEVE_UDP_ZERO_CSUM6_TX, -+ IFLA_GENEVE_UDP_ZERO_CSUM6_RX, -+ IFLA_GENEVE_LABEL, - __IFLA_GENEVE_MAX - }; - #define IFLA_GENEVE_MAX (__IFLA_GENEVE_MAX - 1) -diff --git a/ip/Makefile b/ip/Makefile -index e4f0507..5aad224 100644 ---- a/ip/Makefile -+++ b/ip/Makefile -@@ -6,7 +6,8 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ - iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \ - iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ - link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o \ -- iplink_bridge.o iplink_bridge_slave.o -+ iplink_bridge.o iplink_bridge_slave.o \ -+ iplink_geneve.o - - RTMONOBJ=rtmon.o - -diff --git a/ip/iplink.c b/ip/iplink.c -index 84bdc56..0e2390d 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -93,7 +93,7 @@ void iplink_usage(void) - fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"); - fprintf(stderr, " bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |\n"); - fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti | nlmon |\n"); -- fprintf(stderr, " bond_slave }\n"); -+ fprintf(stderr, " bond_slave | geneve }\n"); - } - exit(-1); - } -diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c -new file mode 100644 -index 0000000..74703e1 ---- /dev/null -+++ b/ip/iplink_geneve.c -@@ -0,0 +1,122 @@ -+/* -+ * iplink_geneve.c GENEVE device support -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: John W. Linville <linville@tuxdriver.com> -+ */ -+ -+#include <stdio.h> -+ -+#include "utils.h" -+#include "ip_common.h" -+ -+static void print_explain(FILE *f) -+{ -+ fprintf(f, "Usage: ... geneve id VNI remote ADDR\n"); -+ fprintf(f, "\n"); -+ fprintf(f, "Where: VNI := 0-16777215\n"); -+ fprintf(f, " ADDR := IP_ADDRESS\n"); -+} -+ -+static void explain(void) -+{ -+ print_explain(stderr); -+} -+ -+static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, -+ struct nlmsghdr *n) -+{ -+ __u32 vni = 0; -+ int vni_set = 0; -+ __u32 daddr = 0; -+ struct in6_addr daddr6 = IN6ADDR_ANY_INIT; -+ -+ -+ while (argc > 0) { -+ if (!matches(*argv, "id") || -+ !matches(*argv, "vni")) { -+ NEXT_ARG(); -+ if (get_u32(&vni, *argv, 0) || -+ vni >= 1u << 24) -+ invarg("invalid id", *argv); -+ vni_set = 1; -+ } else if (!matches(*argv, "remote")) { -+ NEXT_ARG(); -+ if (!inet_get_addr(*argv, &daddr, &daddr6)) { -+ fprintf(stderr, "Invalid address \"%s\"\n", *argv); -+ return -1; -+ } -+ if (IN_MULTICAST(ntohl(daddr))) -+ invarg("invalid remote address", *argv); -+ } else if (matches(*argv, "help") == 0) { -+ explain(); -+ return -1; -+ } else { -+ fprintf(stderr, "geneve: unknown command \"%s\"?\n", *argv); -+ explain(); -+ return -1; -+ } -+ argc--, argv++; -+ } -+ -+ if (!vni_set) { -+ fprintf(stderr, "geneve: missing virtual network identifier\n"); -+ return -1; -+ } -+ -+ if (!daddr) { -+ fprintf(stderr, "geneve: remove link partner not specified\n"); -+ return -1; -+ } -+ if (memcmp(&daddr6, &in6addr_any, sizeof(daddr6)) != 0) { -+ fprintf(stderr, "geneve: remove link over IPv6 not supported\n"); -+ return -1; -+ } -+ -+ addattr32(n, 1024, IFLA_GENEVE_ID, vni); -+ if (daddr) -+ addattr_l(n, 1024, IFLA_GENEVE_REMOTE, &daddr, 4); -+ -+ return 0; -+} -+ -+static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) -+{ -+ __u32 vni; -+ char s1[1024]; -+ -+ if (!tb) -+ return; -+ -+ if (!tb[IFLA_GENEVE_ID] || -+ RTA_PAYLOAD(tb[IFLA_GENEVE_ID]) < sizeof(__u32)) -+ return; -+ -+ vni = rta_getattr_u32(tb[IFLA_GENEVE_ID]); -+ fprintf(f, "id %u ", vni); -+ -+ if (tb[IFLA_GENEVE_REMOTE]) { -+ __be32 addr = rta_getattr_u32(tb[IFLA_GENEVE_REMOTE]); -+ if (addr) -+ fprintf(f, "remote %s ", -+ format_host(AF_INET, 4, &addr, s1, sizeof(s1))); -+ } -+} -+ -+static void geneve_print_help(struct link_util *lu, int argc, char **argv, -+ FILE *f) -+{ -+ print_explain(f); -+} -+ -+struct link_util geneve_link_util = { -+ .id = "geneve", -+ .maxattr = IFLA_GENEVE_MAX, -+ .parse_opt = geneve_parse_opt, -+ .print_opt = geneve_print_opt, -+ .print_help = geneve_print_help, -+}; --- -1.8.3.1 - diff --git a/SOURCES/0161-man-ip-link-Specify-min-max-values-for-bridge-slave-.patch b/SOURCES/0161-man-ip-link-Specify-min-max-values-for-bridge-slave-.patch new file mode 100644 index 0000000..1cb62db --- /dev/null +++ b/SOURCES/0161-man-ip-link-Specify-min-max-values-for-bridge-slave-.patch @@ -0,0 +1,42 @@ +From fae9e8e688591e1680a7c8da2d20770e28b75e9b Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Wed, 5 Apr 2017 15:18:12 +0200 +Subject: [PATCH] man: ip-link: Specify min/max values for bridge slave + priority and cost + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1374360 +Upstream Status: iproute2.git commit 058d28b44c6cc + +commit 058d28b44c6cc66e5cdce31e80dc7284ccb22017 +Author: Phil Sutter <phil@nwl.cc> +Date: Tue Apr 4 17:08:43 2017 +0200 + + man: ip-link: Specify min/max values for bridge slave priority and cost + + The values are parsed as u16/u32, but kernel limits allowed values. + + Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + man/man8/ip-link.8.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in +index e4e95b7..5c80666 100644 +--- a/man/man8/ip-link.8.in ++++ b/man/man8/ip-link.8.in +@@ -1390,10 +1390,10 @@ is a number representing the following states: + .BR 4 " (blocking)." + + .BI priority " PRIO" +-- set port priority (a 16bit unsigned value). ++- set port priority (allowed values are between 0 and 63, inclusively). + + .BI cost " COST" +-- set port cost (a 32bit unsigned value). ++- set port cost (allowed values are between 1 and 65535, inclusively). + + .BR guard " { " on " | " off " }" + - block incoming BPDU packets on this port. +-- +1.8.3.1 + diff --git a/SOURCES/0162-ip-route-Prevent-some-other-double-spaces-in-output.patch b/SOURCES/0162-ip-route-Prevent-some-other-double-spaces-in-output.patch new file mode 100644 index 0000000..e558966 --- /dev/null +++ b/SOURCES/0162-ip-route-Prevent-some-other-double-spaces-in-output.patch @@ -0,0 +1,216 @@ +From db77b23a4cf4c140881e68bd1a32fb08508a918e Mon Sep 17 00:00:00 2001 +From: Phil Sutter <psutter@redhat.com> +Date: Thu, 20 Apr 2017 13:30:19 +0200 +Subject: [PATCH] ip-route: Prevent some other double spaces in output + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1374446 +Upstream Status: iproute2.git commit 5551ed44d394f +Conflicts: Adjusted for missing upstream commits: +* 194e9b855d053 ("ip: support RFC4191 router preference") +* 528c2551cdb27 ("iproute2: add support to print 'linkdown' nexthop flag") +* ecc509f9a36be ("ip route: add mpls multipath support") +* 93ae283594094 ("add support for the RTA_VIA attribute") +* 56f5daac98da0 ("ip: code cleanup") + +commit 5551ed44d394fac6e9a035dadb259580fbda84d3 +Author: Timothy Redaelli <tredaelli@redhat.com> +Date: Wed Apr 5 19:10:26 2017 +0200 + + ip-route: Prevent some other double spaces in output + + Print spaces only after text. + + CC: Phil Sutter <phil@nwl.cc> + Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> + Acked-by: Phil Sutter <phil@nwl.cc> +--- + ip/iproute.c | 69 ++++++++++++++++++++++++++++++------------------------------ + 1 file changed, 35 insertions(+), 34 deletions(-) + +diff --git a/ip/iproute.c b/ip/iproute.c +index 134b146..2b50709 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -292,12 +292,12 @@ static void print_rtax_features(FILE *fp, unsigned int features) + unsigned int of = features; + + if (features & RTAX_FEATURE_ECN) { +- fprintf(fp, " ecn"); ++ fprintf(fp, "ecn "); + features &= ~RTAX_FEATURE_ECN; + } + + if (features) +- fprintf(fp, " 0x%x", of); ++ fprintf(fp, "0x%x ", of); + } + + int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) +@@ -483,21 +483,21 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + if (!hz) + hz = get_user_hz(); + if (ci->rta_expires != 0) +- fprintf(fp, " expires %dsec", ci->rta_expires/hz); ++ fprintf(fp, "expires %dsec ", ci->rta_expires/hz); + if (ci->rta_error != 0) +- fprintf(fp, " error %d", ci->rta_error); ++ fprintf(fp, "error %d ", ci->rta_error); + if (show_stats) { + if (ci->rta_clntref) +- fprintf(fp, " users %d", ci->rta_clntref); ++ fprintf(fp, "users %d ", ci->rta_clntref); + if (ci->rta_used != 0) +- fprintf(fp, " used %d", ci->rta_used); ++ fprintf(fp, "used %d ", ci->rta_used); + if (ci->rta_lastuse != 0) +- fprintf(fp, " age %dsec", ci->rta_lastuse/hz); ++ fprintf(fp, "age %dsec ", ci->rta_lastuse/hz); + } + if (ci->rta_id) +- fprintf(fp, " ipid 0x%04x", ci->rta_id); ++ fprintf(fp, "ipid 0x%04x ", ci->rta_id); + if (ci->rta_ts || ci->rta_tsage) +- fprintf(fp, " ts 0x%x tsage %dsec", ++ fprintf(fp, "ts 0x%x tsage %dsec ", + ci->rta_ts, ci->rta_tsage); + } + } else if (r->rtm_family == AF_INET6) { +@@ -510,20 +510,20 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + if (r->rtm_flags & RTM_F_CLONED) + fprintf(fp, "%s cache ", _SL_); + if (ci->rta_expires) +- fprintf(fp, " expires %dsec", ci->rta_expires/hz); ++ fprintf(fp, "expires %dsec ", ci->rta_expires/hz); + if (ci->rta_error != 0) +- fprintf(fp, " error %d", ci->rta_error); ++ fprintf(fp, "error %d ", ci->rta_error); + if (show_stats) { + if (ci->rta_clntref) +- fprintf(fp, " users %d", ci->rta_clntref); ++ fprintf(fp, "users %d ", ci->rta_clntref); + if (ci->rta_used != 0) +- fprintf(fp, " used %d", ci->rta_used); ++ fprintf(fp, "used %d ", ci->rta_used); + if (ci->rta_lastuse != 0) +- fprintf(fp, " age %dsec", ci->rta_lastuse/hz); ++ fprintf(fp, "age %dsec ", ci->rta_lastuse/hz); + } + } else if (ci) { + if (ci->rta_error != 0) +- fprintf(fp, " error %d", ci->rta_error); ++ fprintf(fp, "error %d ", ci->rta_error); + } + } + if (tb[RTA_METRICS]) { +@@ -549,19 +549,19 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + continue; + + if (i < sizeof(mx_names)/sizeof(char*) && mx_names[i]) +- fprintf(fp, " %s", mx_names[i]); ++ fprintf(fp, "%s ", mx_names[i]); + else +- fprintf(fp, " metric %d", i); ++ fprintf(fp, "metric %d ", i); + + if (mxlock & (1<<i)) +- fprintf(fp, " lock"); ++ fprintf(fp, "lock "); + + switch (i) { + case RTAX_FEATURES: + print_rtax_features(fp, val); + break; + default: +- fprintf(fp, " %u", val); ++ fprintf(fp, "%u ", val); + break; + + case RTAX_RTT: +@@ -573,18 +573,18 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + val /= 4; + + if (val >= 1000) +- fprintf(fp, " %gs", val/1e3); ++ fprintf(fp, "%gs ", val/1e3); + else +- fprintf(fp, " %ums", val); ++ fprintf(fp, "%ums ", val); + break; + case RTAX_CC_ALGO: +- fprintf(fp, " %s", rta_getattr_str(mxrta[i])); ++ fprintf(fp, "%s ", rta_getattr_str(mxrta[i])); + break; + } + } + } + if (tb[RTA_IIF] && filter.iifmask != -1) { +- fprintf(fp, " iif %s", ll_index_to_name(*(int*)RTA_DATA(tb[RTA_IIF]))); ++ fprintf(fp, "iif %s ", ll_index_to_name(*(int*)RTA_DATA(tb[RTA_IIF]))); + } + if (tb[RTA_MULTIPATH]) { + struct rtnexthop *nh = RTA_DATA(tb[RTA_MULTIPATH]); +@@ -599,11 +599,11 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + break; + if (r->rtm_flags&RTM_F_CLONED && r->rtm_type == RTN_MULTICAST) { + if (first) +- fprintf(fp, " Oifs:"); ++ fprintf(fp, "Oifs: "); + else + fprintf(fp, " "); + } else +- fprintf(fp, "%s\tnexthop", _SL_); ++ fprintf(fp, "%s\tnexthop ", _SL_); + if (nh->rtnh_len > sizeof(*nh)) { + parse_rtattr(tb, RTA_MAX, RTNH_DATA(nh), nh->rtnh_len - sizeof(*nh)); + if (tb[RTA_GATEWAY]) { +@@ -613,7 +613,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + if (nh->rtnh_len > sizeof(*nh)) { + parse_rtattr(tb, RTA_MAX, RTNH_DATA(nh), nh->rtnh_len - sizeof(*nh)); + if (tb[RTA_GATEWAY]) { +- fprintf(fp, " via %s ", ++ fprintf(fp, "via %s ", + format_host(r->rtm_family, + RTA_PAYLOAD(tb[RTA_GATEWAY]), + RTA_DATA(tb[RTA_GATEWAY]))); +@@ -622,29 +622,30 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) + __u32 to = rta_getattr_u32(tb[RTA_FLOW]); + __u32 from = to>>16; + to &= 0xFFFF; +- fprintf(fp, " realm%s ", from ? "s" : ""); ++ fprintf(fp, "realm%s ", from ? "s" : ""); + if (from) { + fprintf(fp, "%s/", + rtnl_rtrealm_n2a(from, b1, sizeof(b1))); + } +- fprintf(fp, "%s", ++ fprintf(fp, "%s ", + rtnl_rtrealm_n2a(to, b1, sizeof(b1))); + } + } + if (r->rtm_flags&RTM_F_CLONED && r->rtm_type == RTN_MULTICAST) { +- fprintf(fp, " %s", ll_index_to_name(nh->rtnh_ifindex)); ++ fprintf(fp, "%s", ll_index_to_name(nh->rtnh_ifindex)); + if (nh->rtnh_hops != 1) + fprintf(fp, "(ttl>%d)", nh->rtnh_hops); ++ fprintf(fp, " "); + } else { +- fprintf(fp, " dev %s", ll_index_to_name(nh->rtnh_ifindex)); +- fprintf(fp, " weight %d", nh->rtnh_hops+1); ++ fprintf(fp, "dev %s ", ll_index_to_name(nh->rtnh_ifindex)); ++ fprintf(fp, "weight %d ", nh->rtnh_hops+1); + } + if (nh->rtnh_flags & RTNH_F_DEAD) +- fprintf(fp, " dead"); ++ fprintf(fp, "dead "); + if (nh->rtnh_flags & RTNH_F_ONLINK) +- fprintf(fp, " onlink"); ++ fprintf(fp, "onlink "); + if (nh->rtnh_flags & RTNH_F_PERVASIVE) +- fprintf(fp, " pervasive"); ++ fprintf(fp, "pervasive "); + len -= NLMSG_ALIGN(nh->rtnh_len); + nh = RTNH_NEXT(nh); + } +-- +1.8.3.1 + diff --git a/SOURCES/0162-iproute2-update-ip-link.8-for-geneve-tunnels.patch b/SOURCES/0162-iproute2-update-ip-link.8-for-geneve-tunnels.patch deleted file mode 100644 index 0e90b85..0000000 --- a/SOURCES/0162-iproute2-update-ip-link.8-for-geneve-tunnels.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 99659a911616298190930b2bf370bd2794973723 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 2 Jul 2016 12:43:58 +0200 -Subject: [PATCH] iproute2: update ip-link.8 for geneve tunnels - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1339178 -Upstream Status: iproute2.git commit c1a1d8bc4c2f1 -Conflicts: Context changes due to missing lowpan interface type support - and previously added MACVLAN/MACVTAP support. - -commit c1a1d8bc4c2f1da2f4ed5f11e3d9edc276c0c8d1 -Author: John W. Linville <linville@tuxdriver.com> -Date: Fri May 22 14:46:46 2015 -0400 - - iproute2: update ip-link.8 for geneve tunnels - - Signed-off-by: John W. Linville <linville@tuxdriver.com> ---- - man/man8/ip-link.8.in | 26 +++++++++++++++++++++++++- - 1 file changed, 25 insertions(+), 1 deletion(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 5e4862f..21503ff 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -60,7 +60,8 @@ ip-link \- network device configuration - .BR ip6gretap " |" - .BR vti " |" - .BR nlmon " |" --.BR ipvlan " ]" -+.BR ipvlan " |" -+.BR geneve " ]" - - .ti -8 - .BI "ip link delete " DEVICE -@@ -231,6 +232,9 @@ Link types: - .sp - .BR ipvlan - - Interface for L3 (IPv6/IPv4) based VLANs -+.sp -+.BR geneve -+- GEneric NEtwork Virtualization Encapsulation - .in -8 - - .TP -@@ -659,6 +663,26 @@ the following additional arguments are supported: - - specifies the mode (datagram or connected) to use. - - .TP -+GENEVE Type Support -+For a link of type -+.I GENEVE -+the following additional arguments are supported: -+ -+.BI "ip link add " DEVICE -+.BI type " geneve " id " ID " remote " IPADDR" -+ -+.in +8 -+.sp -+.BI id " VNI " -+- specifies the Virtual Network Identifer to use. -+ -+.sp -+.BI remote " IPADDR" -+- specifies the unicast destination IP address to use in outgoing packets. -+ -+.in -8 -+ -+.TP - MACVLAN and MACVTAP Type Support - For a link of type - .I MACVLAN --- -1.8.3.1 - diff --git a/SOURCES/0163-iplink_geneve-add-ttl-configuration-at-link-creation.patch b/SOURCES/0163-iplink_geneve-add-ttl-configuration-at-link-creation.patch deleted file mode 100644 index 49f7f50..0000000 --- a/SOURCES/0163-iplink_geneve-add-ttl-configuration-at-link-creation.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 9e871fce2cd86c1e7ee7db0b7f658b63c6b70c84 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 2 Jul 2016 12:45:04 +0200 -Subject: [PATCH] iplink_geneve: add ttl configuration at link creation - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1339178 -Upstream Status: iproute2.git commit f4c05c2e99538 -Conflicts: Context changes due to already updated kernel headers. - -commit f4c05c2e9953810c42e37ae21f6970c1f024fa46 -Author: John W. Linville <linville@tuxdriver.com> -Date: Mon Jun 15 14:37:15 2015 -0400 - - iplink_geneve: add ttl configuration at link creation - - Signed-off-by: John W. Linville <linville@tuxdriver.com> ---- - ip/iplink_geneve.c | 23 ++++++++++++++++++++++- - man/man8/ip-link.8.in | 7 +++++++ - 2 files changed, 29 insertions(+), 1 deletion(-) - -diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c -index 74703e1..dff08a6 100644 ---- a/ip/iplink_geneve.c -+++ b/ip/iplink_geneve.c -@@ -17,9 +17,11 @@ - static void print_explain(FILE *f) - { - fprintf(f, "Usage: ... geneve id VNI remote ADDR\n"); -+ fprintf(f, " [ ttl TTL ]\n"); - fprintf(f, "\n"); - fprintf(f, "Where: VNI := 0-16777215\n"); - fprintf(f, " ADDR := IP_ADDRESS\n"); -+ fprintf(f, " TTL := { 1..255 | inherit }\n"); - } - - static void explain(void) -@@ -34,7 +36,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - int vni_set = 0; - __u32 daddr = 0; - struct in6_addr daddr6 = IN6ADDR_ANY_INIT; -- -+ __u8 ttl = 0; - - while (argc > 0) { - if (!matches(*argv, "id") || -@@ -52,6 +54,18 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - } - if (IN_MULTICAST(ntohl(daddr))) - invarg("invalid remote address", *argv); -+ } else if (!matches(*argv, "ttl") || -+ !matches(*argv, "hoplimit")) { -+ unsigned uval; -+ -+ NEXT_ARG(); -+ if (strcmp(*argv, "inherit") != 0) { -+ if (get_unsigned(&uval, *argv, 0)) -+ invarg("invalid TTL", *argv); -+ if (uval > 255) -+ invarg("TTL must be <= 255", *argv); -+ ttl = uval; -+ } - } else if (matches(*argv, "help") == 0) { - explain(); - return -1; -@@ -80,6 +94,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - addattr32(n, 1024, IFLA_GENEVE_ID, vni); - if (daddr) - addattr_l(n, 1024, IFLA_GENEVE_REMOTE, &daddr, 4); -+ addattr8(n, 1024, IFLA_GENEVE_TTL, ttl); - - return 0; - } -@@ -105,6 +120,12 @@ static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - fprintf(f, "remote %s ", - format_host(AF_INET, 4, &addr, s1, sizeof(s1))); - } -+ -+ if (tb[IFLA_GENEVE_TTL]) { -+ __u8 ttl = rta_getattr_u8(tb[IFLA_GENEVE_TTL]); -+ if (ttl) -+ fprintf(f, "ttl %d ", ttl); -+ } - } - - static void geneve_print_help(struct link_util *lu, int argc, char **argv, -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 21503ff..284ee13 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -670,6 +670,9 @@ the following additional arguments are supported: - - .BI "ip link add " DEVICE - .BI type " geneve " id " ID " remote " IPADDR" -+.R " [ " -+.BI ttl " TTL " -+.R " ]" - - .in +8 - .sp -@@ -680,6 +683,10 @@ the following additional arguments are supported: - .BI remote " IPADDR" - - specifies the unicast destination IP address to use in outgoing packets. - -+.sp -+.BI ttl " TTL" -+- specifies the TTL value to use in outgoing packets. -+ - .in -8 - - .TP --- -1.8.3.1 - diff --git a/SOURCES/0164-iplink_geneve-add-tos-configuration-at-link-creation.patch b/SOURCES/0164-iplink_geneve-add-tos-configuration-at-link-creation.patch deleted file mode 100644 index 37f02ca..0000000 --- a/SOURCES/0164-iplink_geneve-add-tos-configuration-at-link-creation.patch +++ /dev/null @@ -1,129 +0,0 @@ -From a57db8e46974abc5b942ba2f617761da90a13eff Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 2 Jul 2016 12:45:39 +0200 -Subject: [PATCH] iplink_geneve: add tos configuration at link creation - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1339178 -Upstream Status: iproute2.git commit f4739b2ee780e -Conflicts: Context changes due to already updated kernel headers. - -commit f4739b2ee780e8bba51945bf9f37d3459b67102f -Author: John W. Linville <linville@tuxdriver.com> -Date: Mon Jun 15 14:37:16 2015 -0400 - - iplink_geneve: add tos configuration at link creation - - Signed-off-by: John W. Linville <linville@tuxdriver.com> ---- - ip/iplink_geneve.c | 26 +++++++++++++++++++++++++- - man/man8/ip-link.8.in | 6 ++++++ - 2 files changed, 31 insertions(+), 1 deletion(-) - -diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c -index dff08a6..331240a 100644 ---- a/ip/iplink_geneve.c -+++ b/ip/iplink_geneve.c -@@ -11,16 +11,18 @@ - - #include <stdio.h> - -+#include "rt_names.h" - #include "utils.h" - #include "ip_common.h" - - static void print_explain(FILE *f) - { - fprintf(f, "Usage: ... geneve id VNI remote ADDR\n"); -- fprintf(f, " [ ttl TTL ]\n"); -+ fprintf(f, " [ ttl TTL ] [ tos TOS ]\n"); - fprintf(f, "\n"); - fprintf(f, "Where: VNI := 0-16777215\n"); - fprintf(f, " ADDR := IP_ADDRESS\n"); -+ fprintf(f, " TOS := { NUMBER | inherit }\n"); - fprintf(f, " TTL := { 1..255 | inherit }\n"); - } - -@@ -37,6 +39,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - __u32 daddr = 0; - struct in6_addr daddr6 = IN6ADDR_ANY_INIT; - __u8 ttl = 0; -+ __u8 tos = 0; - - while (argc > 0) { - if (!matches(*argv, "id") || -@@ -66,6 +69,17 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - invarg("TTL must be <= 255", *argv); - ttl = uval; - } -+ } else if (!matches(*argv, "tos") || -+ !matches(*argv, "dsfield")) { -+ __u32 uval; -+ -+ NEXT_ARG(); -+ if (strcmp(*argv, "inherit") != 0) { -+ if (rtnl_dsfield_a2n(&uval, *argv)) -+ invarg("bad TOS value", *argv); -+ tos = uval; -+ } else -+ tos = 1; - } else if (matches(*argv, "help") == 0) { - explain(); - return -1; -@@ -95,6 +109,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - if (daddr) - addattr_l(n, 1024, IFLA_GENEVE_REMOTE, &daddr, 4); - addattr8(n, 1024, IFLA_GENEVE_TTL, ttl); -+ addattr8(n, 1024, IFLA_GENEVE_TOS, tos); - - return 0; - } -@@ -103,6 +118,7 @@ static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - { - __u32 vni; - char s1[1024]; -+ __u8 tos; - - if (!tb) - return; -@@ -126,6 +142,14 @@ static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - if (ttl) - fprintf(f, "ttl %d ", ttl); - } -+ -+ if (tb[IFLA_GENEVE_TOS] && -+ (tos = rta_getattr_u8(tb[IFLA_GENEVE_TOS]))) { -+ if (tos == 1) -+ fprintf(f, "tos inherit "); -+ else -+ fprintf(f, "tos %#x ", tos); -+ } - } - - static void geneve_print_help(struct link_util *lu, int argc, char **argv, -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 284ee13..31a6190 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -672,6 +672,8 @@ the following additional arguments are supported: - .BI type " geneve " id " ID " remote " IPADDR" - .R " [ " - .BI ttl " TTL " -+.R " ] [ " -+.BI tos " TOS " - .R " ]" - - .in +8 -@@ -687,6 +689,10 @@ the following additional arguments are supported: - .BI ttl " TTL" - - specifies the TTL value to use in outgoing packets. - -+.sp -+.BI tos " TOS" -+- specifies the TOS value to use in outgoing packets. -+ - .in -8 - - .TP --- -1.8.3.1 - diff --git a/SOURCES/0164-tc-Add-support-for-the-matchall-traffic-classifier.patch b/SOURCES/0164-tc-Add-support-for-the-matchall-traffic-classifier.patch new file mode 100644 index 0000000..8bf0fa2 --- /dev/null +++ b/SOURCES/0164-tc-Add-support-for-the-matchall-traffic-classifier.patch @@ -0,0 +1,198 @@ +From 13127e1bbe84181c259c61eb65ca2b707f3ed31b Mon Sep 17 00:00:00 2001 +From: Ivan Vecera <ivecera@redhat.com> +Date: Wed, 31 May 2017 15:38:41 +0200 +Subject: [PATCH 164/169] tc: Add support for the matchall traffic classifier. + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1435624 +Upstream status: iproute2.git commit d5cbf3ff0561b + +Upstream commit(s): +commit d5cbf3ff0561b6c8158c3538c7fe1946add9dec3 +Author: Yotam Gigi <yotamg@mellanox.com> +Date: Wed Aug 31 09:28:26 2016 +0200 + + tc: Add support for the matchall traffic classifier. + + The matchall classifier matches every packet and allows the user to apply + actions on it. In addition, it supports the skip_sw and skip_hw (as can + be found on u32 and flower filter) that direct the kernel to skip the + software/hardware processing of the actions. + + This filter is very useful in usecases where every packet should be + matched. For example, packet mirroring (SPAN) can be setup very easily + using that filter. + + Signed-off-by: Yotam Gigi <yotamg@mellanox.com> + Signed-off-by: Jiri Pirko <jiri@mellanox.com> + +Signed-off-by: Ivan Vecera <ivecera@redhat.com> +--- + tc/Makefile | 1 + + tc/f_matchall.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 144 insertions(+) + create mode 100644 tc/f_matchall.c + +diff --git a/tc/Makefile b/tc/Makefile +index a6ad9aee..6967a942 100644 +--- a/tc/Makefile ++++ b/tc/Makefile +@@ -59,6 +59,7 @@ TCMODULES += q_mqprio.o + TCMODULES += q_codel.o + TCMODULES += q_fq_codel.o + TCMODULES += q_fq.o ++TCMODULES += f_matchall.o + + ifeq ($(TC_CONFIG_IPSET), y) + ifeq ($(TC_CONFIG_XT), y) +diff --git a/tc/f_matchall.c b/tc/f_matchall.c +new file mode 100644 +index 00000000..04e524e3 +--- /dev/null ++++ b/tc/f_matchall.c +@@ -0,0 +1,143 @@ ++/* ++ * f_matchall.c Match-all Classifier ++ * ++ * This program is free software; you can distribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ * ++ * Authors: Jiri Pirko <jiri@mellanox.com>, Yotam Gigi <yotamg@mellanox.com> ++ * ++ */ ++ ++#include <stdio.h> ++#include <stdlib.h> ++#include <unistd.h> ++#include <syslog.h> ++#include <fcntl.h> ++#include <sys/socket.h> ++#include <netinet/in.h> ++#include <arpa/inet.h> ++#include <string.h> ++#include <linux/if.h> ++ ++#include "utils.h" ++#include "tc_util.h" ++ ++static void explain(void) ++{ ++ fprintf(stderr, "Usage: ... matchall [skip_sw | skip_hw]\n"); ++ fprintf(stderr, " [ action ACTION_SPEC ] [ classid CLASSID ]\n"); ++ fprintf(stderr, "\n"); ++ fprintf(stderr, "Where: SELECTOR := SAMPLE SAMPLE ...\n"); ++ fprintf(stderr, " FILTERID := X:Y:Z\n"); ++ fprintf(stderr, " ACTION_SPEC := ... look at individual actions\n"); ++ fprintf(stderr, "\nNOTE: CLASSID is parsed as hexadecimal input.\n"); ++} ++ ++static int matchall_parse_opt(struct filter_util *qu, char *handle, ++ int argc, char **argv, struct nlmsghdr *n) ++{ ++ struct tcmsg *t = NLMSG_DATA(n); ++ struct rtattr *tail; ++ __u32 flags = 0; ++ long h = 0; ++ ++ if (handle) { ++ h = strtol(handle, NULL, 0); ++ if (h == LONG_MIN || h == LONG_MAX) { ++ fprintf(stderr, "Illegal handle \"%s\", must be numeric.\n", ++ handle); ++ return -1; ++ } ++ } ++ t->tcm_handle = h; ++ ++ if (argc == 0) ++ return 0; ++ ++ tail = (struct rtattr *)(((void *)n)+NLMSG_ALIGN(n->nlmsg_len)); ++ addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0); ++ ++ while (argc > 0) { ++ if (matches(*argv, "classid") == 0 || ++ strcmp(*argv, "flowid") == 0) { ++ unsigned int handle; ++ ++ NEXT_ARG(); ++ if (get_tc_classid(&handle, *argv)) { ++ fprintf(stderr, "Illegal \"classid\"\n"); ++ return -1; ++ } ++ addattr_l(n, MAX_MSG, TCA_MATCHALL_CLASSID, &handle, 4); ++ } else if (matches(*argv, "action") == 0) { ++ NEXT_ARG(); ++ if (parse_action(&argc, &argv, TCA_MATCHALL_ACT, n)) { ++ fprintf(stderr, "Illegal \"action\"\n"); ++ return -1; ++ } ++ continue; ++ ++ } else if (strcmp(*argv, "skip_hw") == 0) { ++ NEXT_ARG(); ++ flags |= TCA_CLS_FLAGS_SKIP_HW; ++ continue; ++ } else if (strcmp(*argv, "skip_sw") == 0) { ++ NEXT_ARG(); ++ flags |= TCA_CLS_FLAGS_SKIP_SW; ++ continue; ++ } else if (strcmp(*argv, "help") == 0) { ++ explain(); ++ return -1; ++ } else { ++ fprintf(stderr, "What is \"%s\"?\n", *argv); ++ explain(); ++ return -1; ++ } ++ argc--; argv++; ++ } ++ ++ if (flags) { ++ if (!(flags ^ (TCA_CLS_FLAGS_SKIP_HW | ++ TCA_CLS_FLAGS_SKIP_SW))) { ++ fprintf(stderr, ++ "skip_hw and skip_sw are mutually exclusive\n"); ++ return -1; ++ } ++ addattr_l(n, MAX_MSG, TCA_MATCHALL_FLAGS, &flags, 4); ++ } ++ ++ tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail; ++ return 0; ++} ++ ++static int matchall_print_opt(struct filter_util *qu, FILE *f, ++ struct rtattr *opt, __u32 handle) ++{ ++ struct rtattr *tb[TCA_MATCHALL_MAX+1]; ++ ++ if (opt == NULL) ++ return 0; ++ ++ parse_rtattr_nested(tb, TCA_MATCHALL_MAX, opt); ++ ++ if (handle) ++ fprintf(f, "handle 0x%x ", handle); ++ ++ if (tb[TCA_MATCHALL_CLASSID]) { ++ SPRINT_BUF(b1); ++ fprintf(f, "flowid %s ", ++ sprint_tc_classid(rta_getattr_u32(tb[TCA_MATCHALL_CLASSID]), b1)); ++ } ++ ++ if (tb[TCA_MATCHALL_ACT]) ++ tc_print_action(f, tb[TCA_MATCHALL_ACT]); ++ ++ return 0; ++} ++ ++struct filter_util matchall_filter_util = { ++ .id = "matchall", ++ .parse_fopt = matchall_parse_opt, ++ .print_fopt = matchall_print_opt, ++}; +-- +2.13.0 + diff --git a/SOURCES/0165-geneve-add-support-for-IPv6-link-partners.patch b/SOURCES/0165-geneve-add-support-for-IPv6-link-partners.patch deleted file mode 100644 index 621b317..0000000 --- a/SOURCES/0165-geneve-add-support-for-IPv6-link-partners.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 0d9e19857745be8b49d5bca762bf4bdeaa977b08 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 2 Jul 2016 12:46:03 +0200 -Subject: [PATCH] geneve: add support for IPv6 link partners - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1339178 -Upstream Status: iproute2.git commit 906ac5437ab8e - -commit 906ac5437ab8e1e5f8514afe62bf01e1ff3906af -Author: John W. Linville <linville@tuxdriver.com> -Date: Thu Sep 24 14:39:39 2015 -0400 - - geneve: add support for IPv6 link partners - - Signed-off-by: John W. Linville <linville@tuxdriver.com> ---- - ip/iplink_geneve.c | 20 +++++++++++++------- - 1 file changed, 13 insertions(+), 7 deletions(-) - -diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c -index 331240a..1345479 100644 ---- a/ip/iplink_geneve.c -+++ b/ip/iplink_geneve.c -@@ -55,7 +55,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - fprintf(stderr, "Invalid address \"%s\"\n", *argv); - return -1; - } -- if (IN_MULTICAST(ntohl(daddr))) -+ if (IN6_IS_ADDR_MULTICAST(&daddr6) || IN_MULTICAST(ntohl(daddr))) - invarg("invalid remote address", *argv); - } else if (!matches(*argv, "ttl") || - !matches(*argv, "hoplimit")) { -@@ -96,18 +96,16 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - return -1; - } - -- if (!daddr) { -- fprintf(stderr, "geneve: remove link partner not specified\n"); -- return -1; -- } -- if (memcmp(&daddr6, &in6addr_any, sizeof(daddr6)) != 0) { -- fprintf(stderr, "geneve: remove link over IPv6 not supported\n"); -+ if (!daddr && memcmp(&daddr6, &in6addr_any, sizeof(daddr6)) == 0) { -+ fprintf(stderr, "geneve: remote link partner not specified\n"); - return -1; - } - - addattr32(n, 1024, IFLA_GENEVE_ID, vni); - if (daddr) - addattr_l(n, 1024, IFLA_GENEVE_REMOTE, &daddr, 4); -+ if (memcmp(&daddr6, &in6addr_any, sizeof(daddr6)) != 0) -+ addattr_l(n, 1024, IFLA_GENEVE_REMOTE6, &daddr6, sizeof(struct in6_addr)); - addattr8(n, 1024, IFLA_GENEVE_TTL, ttl); - addattr8(n, 1024, IFLA_GENEVE_TOS, tos); - -@@ -135,6 +133,14 @@ static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - if (addr) - fprintf(f, "remote %s ", - format_host(AF_INET, 4, &addr, s1, sizeof(s1))); -+ } else if (tb[IFLA_GENEVE_REMOTE6]) { -+ struct in6_addr addr; -+ memcpy(&addr, RTA_DATA(tb[IFLA_GENEVE_REMOTE6]), sizeof(struct in6_addr)); -+ if (memcmp(&addr, &in6addr_any, sizeof(addr)) != 0) { -+ if (IN6_IS_ADDR_MULTICAST(&addr)) -+ fprintf(f, "remote %s ", -+ format_host(AF_INET6, sizeof(struct in6_addr), &addr, s1, sizeof(s1))); -+ } - } - - if (tb[IFLA_GENEVE_TTL]) { --- -1.8.3.1 - diff --git a/SOURCES/0165-tc-man-Add-man-entry-for-the-matchall-classifier.patch b/SOURCES/0165-tc-man-Add-man-entry-for-the-matchall-classifier.patch new file mode 100644 index 0000000..3f9a4a8 --- /dev/null +++ b/SOURCES/0165-tc-man-Add-man-entry-for-the-matchall-classifier.patch @@ -0,0 +1,143 @@ +From 5dccfc9ce00b980b81fea7204b5764544a895f0e Mon Sep 17 00:00:00 2001 +From: Ivan Vecera <ivecera@redhat.com> +Date: Wed, 31 May 2017 15:43:43 +0200 +Subject: [PATCH 165/169] tc: man: Add man entry for the matchall classifier. + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1435624 +Upstream status: iproute2.git commit 0501294bca39a + +commit 0501294bca39a19090dae302dc491684470b1a0d +Author: Yotam Gigi <yotamg@mellanox.com> +Date: Wed Aug 31 09:28:27 2016 +0200 + + tc: man: Add man entry for the matchall classifier. + + In addition to providing information about the mathcall filter and its + configurations, the man entry contains examples for creating port + mirorring entries. + + Signed-off-by: Yotam Gigi <yotamg@mellanox.com> + Signed-off-by: Jiri Pirko <jiri@mellanox.com> + +Signed-off-by: Ivan Vecera <ivecera@redhat.com> +--- + man/man8/Makefile | 2 +- + man/man8/tc-matchall.8 | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++ + man/man8/tc.8 | 5 ++++ + 3 files changed, 82 insertions(+), 1 deletion(-) + create mode 100644 man/man8/tc-matchall.8 + +diff --git a/man/man8/Makefile b/man/man8/Makefile +index 8d73f1ea..93b4cdc9 100644 +--- a/man/man8/Makefile ++++ b/man/man8/Makefile +@@ -12,7 +12,7 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss. + ip-netns.8 ip-ntable.8 ip-rule.8 ip-tunnel.8 ip-xfrm.8 \ + ip-tcp_metrics.8 ip-netconf.8 ip-token.8 \ + tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 \ +- tc-tcindex.8 tc-u32.8 \ ++ tc-tcindex.8 tc-u32.8 tc-matchall.8 \ + tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 \ + tc-simple.8 tc-skbedit.8 tc-xt.8 + +diff --git a/man/man8/tc-matchall.8 b/man/man8/tc-matchall.8 +new file mode 100644 +index 00000000..f9209226 +--- /dev/null ++++ b/man/man8/tc-matchall.8 +@@ -0,0 +1,76 @@ ++.TH "Match-all classifier in tc" 8 "21 Oct 2015" "iproute2" "Linux" ++ ++.SH NAME ++matchall \- traffic control filter that matches every packet ++.SH SYNOPSIS ++.in +8 ++.ti -8 ++.BR tc " " filter " ... " matchall " [ " ++.BR skip_sw " | " skip_hw ++.R " ] [ " ++.B action ++.IR ACTION_SPEC " ] [ " ++.B classid ++.IR CLASSID " ]" ++.SH DESCRIPTION ++The ++.B matchall ++filter allows to classify every packet that flows on the port and run a ++action on it. ++.SH OPTIONS ++.TP ++.BI action " ACTION_SPEC" ++Apply an action from the generic actions framework on matching packets. ++.TP ++.BI classid " CLASSID" ++Push matching packets into the class identified by ++.IR CLASSID . ++.TP ++.BI skip_sw ++Do not process filter by software. If hardware has no offload support for this ++filter, or TC offload is not enabled for the interface, operation will fail. ++.TP ++.BI skip_hw ++Do not process filter by hardware. ++.SH EXAMPLES ++To create ingress mirroring from port eth1 to port eth2: ++.RS ++.EX ++ ++tc qdisc add dev eth1 handle ffff: ingress ++tc filter add dev eth1 parent ffff: \\ ++ matchall skip_sw \\ ++ action mirred egress mirror \\ ++ dev eth2 ++.EE ++.RE ++ ++The first command creats an ingress qdisc with handle ++.BR ffff: ++on device ++.BR eth1 ++where the second command attaches a matchall filters on it that mirrors the ++packets to device eth2. ++ ++To create egress mirroring from port eth1 to port eth2: ++.EX ++ ++tc qdisc add dev eth1 handle 1: root prio ++tc filter add dev eth1 parent 1: \\ ++ matchall skip_sw \\ ++ action mirred egress mirror \\ ++ dev eth2 ++.EE ++.RE ++ ++The first command creats an egress qdisc with handle ++.BR 1: ++that replaces the root qdisc on device ++.BR eth1 ++where the second command attaches a matchall filters on it that mirrors the ++packets to device eth2. ++ ++ ++.EE ++.SH SEE ALSO ++.BR tc (8), +diff --git a/man/man8/tc.8 b/man/man8/tc.8 +index ee3479eb..42121b0c 100644 +--- a/man/man8/tc.8 ++++ b/man/man8/tc.8 +@@ -184,6 +184,11 @@ u32 + Generic filtering on arbitrary packet data, assisted by syntax to abstract common operations. See + .BR tc-u32 (8) + for details. ++.TP ++matchall ++Traffic control filter that matches every packet. See ++.BR tc-matchall (8) ++for details. + + .SH CLASSLESS QDISCS + The classless qdiscs are: +-- +2.13.0 + diff --git a/SOURCES/0166-geneve-add-support-for-lwt-tunnel-creation-and-dst-p.patch b/SOURCES/0166-geneve-add-support-for-lwt-tunnel-creation-and-dst-p.patch deleted file mode 100644 index 0f2b33c..0000000 --- a/SOURCES/0166-geneve-add-support-for-lwt-tunnel-creation-and-dst-p.patch +++ /dev/null @@ -1,117 +0,0 @@ -From ce4a302b676ce7e47237c4c20b3c1c3b3721ed3e Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 2 Jul 2016 12:46:03 +0200 -Subject: [PATCH] geneve: add support for lwt tunnel creation and dst port - selection - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1339178 -Upstream Status: iproute2.git commit 9450c5ec63b0c - -commit 9450c5ec63b0cc4068b363eae7c71b024fc25121 -Author: Paolo Abeni <pabeni@redhat.com> -Date: Thu Jan 28 14:48:55 2016 +0100 - - geneve: add support for lwt tunnel creation and dst port selection - - This change add the ability to create lwt/flow based/externally - controlled geneve device and to select the udp destination port used - by a full geneve tunnel. - - Signed-off-by: Paolo Abeni <pabeni@redhat.com> ---- - ip/iplink_geneve.c | 41 ++++++++++++++++++++++++++++++++++++----- - 1 file changed, 36 insertions(+), 5 deletions(-) - -diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c -index 1345479..30b16b9 100644 ---- a/ip/iplink_geneve.c -+++ b/ip/iplink_geneve.c -@@ -19,6 +19,7 @@ static void print_explain(FILE *f) - { - fprintf(f, "Usage: ... geneve id VNI remote ADDR\n"); - fprintf(f, " [ ttl TTL ] [ tos TOS ]\n"); -+ fprintf(f, " [ dstport PORT ] [ [no]external ]\n"); - fprintf(f, "\n"); - fprintf(f, "Where: VNI := 0-16777215\n"); - fprintf(f, " ADDR := IP_ADDRESS\n"); -@@ -40,6 +41,8 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - struct in6_addr daddr6 = IN6ADDR_ANY_INIT; - __u8 ttl = 0; - __u8 tos = 0; -+ __u16 dstport = 0; -+ bool metadata = 0; - - while (argc > 0) { - if (!matches(*argv, "id") || -@@ -80,6 +83,14 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - tos = uval; - } else - tos = 1; -+ } else if (!matches(*argv, "dstport")) { -+ NEXT_ARG(); -+ if (get_u16(&dstport, *argv, 0)) -+ invarg("dstport", *argv); -+ } else if (!matches(*argv, "external")) { -+ metadata = true; -+ } else if (!matches(*argv, "noexternal")) { -+ metadata = false; - } else if (matches(*argv, "help") == 0) { - explain(); - return -1; -@@ -91,14 +102,22 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - argc--, argv++; - } - -- if (!vni_set) { -- fprintf(stderr, "geneve: missing virtual network identifier\n"); -+ if (metadata && vni_set) { -+ fprintf(stderr, "geneve: both 'external' and vni cannot be specified\n"); - return -1; - } - -- if (!daddr && memcmp(&daddr6, &in6addr_any, sizeof(daddr6)) == 0) { -- fprintf(stderr, "geneve: remote link partner not specified\n"); -- return -1; -+ if (!metadata) { -+ /* parameter checking make sense only for full geneve tunnels */ -+ if (!vni_set) { -+ fprintf(stderr, "geneve: missing virtual network identifier\n"); -+ return -1; -+ } -+ -+ if (!daddr && memcmp(&daddr6, &in6addr_any, sizeof(daddr6)) == 0) { -+ fprintf(stderr, "geneve: remote link partner not specified\n"); -+ return -1; -+ } - } - - addattr32(n, 1024, IFLA_GENEVE_ID, vni); -@@ -108,6 +127,10 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - addattr_l(n, 1024, IFLA_GENEVE_REMOTE6, &daddr6, sizeof(struct in6_addr)); - addattr8(n, 1024, IFLA_GENEVE_TTL, ttl); - addattr8(n, 1024, IFLA_GENEVE_TOS, tos); -+ if (dstport) -+ addattr16(n, 1024, IFLA_GENEVE_PORT, htons(dstport)); -+ if (metadata) -+ addattr(n, 1024, IFLA_GENEVE_COLLECT_METADATA); - - return 0; - } -@@ -156,6 +179,14 @@ static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - else - fprintf(f, "tos %#x ", tos); - } -+ -+ if (tb[IFLA_GENEVE_PORT]) -+ fprintf(f, "dstport %u ", -+ ntohs(rta_getattr_u16(tb[IFLA_GENEVE_PORT]))); -+ -+ if (tb[IFLA_GENEVE_COLLECT_METADATA]) -+ fputs("external ", f); -+ - } - - static void geneve_print_help(struct link_util *lu, int argc, char **argv, --- -1.8.3.1 - diff --git a/SOURCES/0166-tc-add-missing-limits.h-header.patch b/SOURCES/0166-tc-add-missing-limits.h-header.patch new file mode 100644 index 0000000..47fe171 --- /dev/null +++ b/SOURCES/0166-tc-add-missing-limits.h-header.patch @@ -0,0 +1,50 @@ +From c92669986eb3f899905224e8bcb78460e655bf5b Mon Sep 17 00:00:00 2001 +From: Ivan Vecera <ivecera@redhat.com> +Date: Wed, 31 May 2017 15:44:34 +0200 +Subject: [PATCH 166/169] tc: add missing limits.h header +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1435624 +Upstream status: iproute2.git commit d421bb4efea64 + +commit d421bb4efea6470c1667be3e8bfb1529e8e832d0 +Author: Baruch Siach <baruch@tkos.co.il> +Date: Thu Dec 22 20:52:48 2016 +0200 + + tc: add missing limits.h header + + This fixes under musl build issues like: + + f_matchall.c: In function ‘matchall_parse_opt’: + f_matchall.c:48:12: error: ‘LONG_MIN’ undeclared (first use in this function) + if (h == LONG_MIN || h == LONG_MAX) { + ^ + f_matchall.c:48:12: note: each undeclared identifier is reported only once for each function it appears in + f_matchall.c:48:29: error: ‘LONG_MAX’ undeclared (first use in this function) + if (h == LONG_MIN || h == LONG_MAX) { + ^ + + Signed-off-by: Baruch Siach <baruch@tkos.co.il> + +Signed-off-by: Ivan Vecera <ivecera@redhat.com> +--- + tc/tc_util.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tc/tc_util.h b/tc/tc_util.h +index 4f544363..3e0da966 100644 +--- a/tc/tc_util.h ++++ b/tc/tc_util.h +@@ -2,6 +2,7 @@ + #define _TC_UTIL_H_ 1 + + #define MAX_MSG 16384 ++#include <limits.h> + #include <linux/pkt_sched.h> + #include <linux/pkt_cls.h> + #include <linux/gen_stats.h> +-- +2.13.0 + diff --git a/SOURCES/0167-geneve-Add-support-for-configuring-UDP-checksums.patch b/SOURCES/0167-geneve-Add-support-for-configuring-UDP-checksums.patch deleted file mode 100644 index 7183ec4..0000000 --- a/SOURCES/0167-geneve-Add-support-for-configuring-UDP-checksums.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 95f2a6b5b5d0065cd08cf23bb0ad6dda510454cf Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 2 Jul 2016 12:46:04 +0200 -Subject: [PATCH] geneve: Add support for configuring UDP checksums. - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1339178 -Upstream Status: iproute2.git commit 325d02b44ce31 - -commit 325d02b44ce3194a6d7a57e6a46b5ed767b61025 -Author: Jesse Gross <jesse@kernel.org> -Date: Fri Mar 18 17:51:09 2016 -0700 - - geneve: Add support for configuring UDP checksums. - - Enable support for configuring outer UDP checksums on Geneve tunnels: - - ip link add type geneve id 10 remote 10.0.0.2 udpcsum - - Signed-off-by: Jesse Gross <jesse@kernel.org> ---- - ip/iplink_geneve.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 48 insertions(+) - -diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c -index 30b16b9..13a6d80 100644 ---- a/ip/iplink_geneve.c -+++ b/ip/iplink_geneve.c -@@ -20,6 +20,7 @@ static void print_explain(FILE *f) - fprintf(f, "Usage: ... geneve id VNI remote ADDR\n"); - fprintf(f, " [ ttl TTL ] [ tos TOS ]\n"); - fprintf(f, " [ dstport PORT ] [ [no]external ]\n"); -+ fprintf(f, " [ [no]udpcsum ] [ [no]udp6zerocsumtx ] [ [no]udp6zerocsumrx ]\n"); - fprintf(f, "\n"); - fprintf(f, "Where: VNI := 0-16777215\n"); - fprintf(f, " ADDR := IP_ADDRESS\n"); -@@ -43,6 +44,12 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - __u8 tos = 0; - __u16 dstport = 0; - bool metadata = 0; -+ __u8 udpcsum = 0; -+ bool udpcsum_set = false; -+ __u8 udp6zerocsumtx = 0; -+ bool udp6zerocsumtx_set = false; -+ __u8 udp6zerocsumrx = 0; -+ bool udp6zerocsumrx_set = false; - - while (argc > 0) { - if (!matches(*argv, "id") || -@@ -91,6 +98,24 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - metadata = true; - } else if (!matches(*argv, "noexternal")) { - metadata = false; -+ } else if (!matches(*argv, "udpcsum")) { -+ udpcsum = 1; -+ udpcsum_set = true; -+ } else if (!matches(*argv, "noudpcsum")) { -+ udpcsum = 0; -+ udpcsum_set = true; -+ } else if (!matches(*argv, "udp6zerocsumtx")) { -+ udp6zerocsumtx = 1; -+ udp6zerocsumtx_set = true; -+ } else if (!matches(*argv, "noudp6zerocsumtx")) { -+ udp6zerocsumtx = 0; -+ udp6zerocsumtx_set = true; -+ } else if (!matches(*argv, "udp6zerocsumrx")) { -+ udp6zerocsumrx = 1; -+ udp6zerocsumrx_set = true; -+ } else if (!matches(*argv, "noudp6zerocsumrx")) { -+ udp6zerocsumrx = 0; -+ udp6zerocsumrx_set = true; - } else if (matches(*argv, "help") == 0) { - explain(); - return -1; -@@ -131,6 +156,12 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - addattr16(n, 1024, IFLA_GENEVE_PORT, htons(dstport)); - if (metadata) - addattr(n, 1024, IFLA_GENEVE_COLLECT_METADATA); -+ if (udpcsum_set) -+ addattr8(n, 1024, IFLA_GENEVE_UDP_CSUM, udpcsum); -+ if (udp6zerocsumtx_set) -+ addattr8(n, 1024, IFLA_GENEVE_UDP_ZERO_CSUM6_TX, udp6zerocsumtx); -+ if (udp6zerocsumrx_set) -+ addattr8(n, 1024, IFLA_GENEVE_UDP_ZERO_CSUM6_RX, udp6zerocsumrx); - - return 0; - } -@@ -187,6 +218,23 @@ static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - if (tb[IFLA_GENEVE_COLLECT_METADATA]) - fputs("external ", f); - -+ if (tb[IFLA_GENEVE_UDP_CSUM]) { -+ if (!rta_getattr_u8(tb[IFLA_GENEVE_UDP_CSUM])) -+ fputs("no", f); -+ fputs("udpcsum ", f); -+ } -+ -+ if (tb[IFLA_GENEVE_UDP_ZERO_CSUM6_TX]) { -+ if (!rta_getattr_u8(tb[IFLA_GENEVE_UDP_ZERO_CSUM6_TX])) -+ fputs("no", f); -+ fputs("udp6zerocsumtx ", f); -+ } -+ -+ if (tb[IFLA_GENEVE_UDP_ZERO_CSUM6_RX]) { -+ if (!rta_getattr_u8(tb[IFLA_GENEVE_UDP_ZERO_CSUM6_RX])) -+ fputs("no", f); -+ fputs("udp6zerocsumrx ", f); -+ } - } - - static void geneve_print_help(struct link_util *lu, int argc, char **argv, --- -1.8.3.1 - diff --git a/SOURCES/0167-tc-man-matchall-Fix-example-indentation.patch b/SOURCES/0167-tc-man-matchall-Fix-example-indentation.patch new file mode 100644 index 0000000..2d90c8c --- /dev/null +++ b/SOURCES/0167-tc-man-matchall-Fix-example-indentation.patch @@ -0,0 +1,40 @@ +From 0fee4b1316e3be7e2c8a0f675931acf0d0d36f7a Mon Sep 17 00:00:00 2001 +From: Ivan Vecera <ivecera@redhat.com> +Date: Wed, 31 May 2017 15:45:01 +0200 +Subject: [PATCH 167/169] tc: man: matchall: Fix example indentation + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1435624 +Upstream status: iproute2.git commit d65a744cdbe97 + +commit d65a744cdbe973cf807be108c73c91c0996b9c66 +Author: Yotam Gigi <yotamg@mellanox.com> +Date: Tue Jan 31 11:47:47 2017 +0200 + + tc: man: matchall: Fix example indentation + + The man page contains two examples, which have different indentation. Fix + the indentation of the two examples to match. + + Reviewed-by: Jiri Pirko <jiri@mellanox.com> + Signed-off-by: Yotam Gigi <yotamg@mellanox.com> + +Signed-off-by: Ivan Vecera <ivecera@redhat.com> +--- + man/man8/tc-matchall.8 | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/man/man8/tc-matchall.8 b/man/man8/tc-matchall.8 +index f9209226..5aa11dab 100644 +--- a/man/man8/tc-matchall.8 ++++ b/man/man8/tc-matchall.8 +@@ -53,6 +53,7 @@ where the second command attaches a matchall filters on it that mirrors the + packets to device eth2. + + To create egress mirroring from port eth1 to port eth2: ++.RS + .EX + + tc qdisc add dev eth1 handle 1: root prio +-- +2.13.0 + diff --git a/SOURCES/0168-geneve-add-support-to-set-flow-label.patch b/SOURCES/0168-geneve-add-support-to-set-flow-label.patch deleted file mode 100644 index ffd1d8f..0000000 --- a/SOURCES/0168-geneve-add-support-to-set-flow-label.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 20d649d4bb017d5c8280205db545a274b15ae21c Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 2 Jul 2016 12:46:04 +0200 -Subject: [PATCH] geneve: add support to set flow label - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1339178 -Upstream Status: iproute2.git commit 29bb2373a8777 -Conflicts: - - Missing formatting cleanup changes. - - Added missing LABEL_MAX_MASK define. - -commit 29bb2373a8777d0c8b8c68450a872c19bc7f245c -Author: Daniel Borkmann <daniel@iogearbox.net> -Date: Thu Mar 24 16:49:56 2016 +0100 - - geneve: add support to set flow label - - Follow-up for kernel commit 8eb3b99554b8 ("geneve: support setting - IPv6 flow label") to allow setting the label for the device config. - - Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> ---- - ip/ip_common.h | 4 ++++ - ip/iplink_geneve.c | 29 ++++++++++++++++++++++++----- - man/man8/ip-link.8.in | 6 ++++++ - 3 files changed, 34 insertions(+), 5 deletions(-) - -diff --git a/ip/ip_common.h b/ip/ip_common.h -index 917fcf8..880890e 100644 ---- a/ip/ip_common.h -+++ b/ip/ip_common.h -@@ -90,3 +90,7 @@ struct link_util *get_link_slave_kind(const char *slave_kind); - #ifndef INFINITY_LIFE_TIME - #define INFINITY_LIFE_TIME 0xFFFFFFFFU - #endif -+ -+#ifndef LABEL_MAX_MASK -+#define LABEL_MAX_MASK 0xFFFFFU -+#endif -diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c -index 13a6d80..fb0c6b1 100644 ---- a/ip/iplink_geneve.c -+++ b/ip/iplink_geneve.c -@@ -18,14 +18,15 @@ - static void print_explain(FILE *f) - { - fprintf(f, "Usage: ... geneve id VNI remote ADDR\n"); -- fprintf(f, " [ ttl TTL ] [ tos TOS ]\n"); -+ fprintf(f, " [ ttl TTL ] [ tos TOS ] [ flowlabel LABEL ]\n"); - fprintf(f, " [ dstport PORT ] [ [no]external ]\n"); - fprintf(f, " [ [no]udpcsum ] [ [no]udp6zerocsumtx ] [ [no]udp6zerocsumrx ]\n"); - fprintf(f, "\n"); -- fprintf(f, "Where: VNI := 0-16777215\n"); -- fprintf(f, " ADDR := IP_ADDRESS\n"); -- fprintf(f, " TOS := { NUMBER | inherit }\n"); -- fprintf(f, " TTL := { 1..255 | inherit }\n"); -+ fprintf(f, "Where: VNI := 0-16777215\n"); -+ fprintf(f, " ADDR := IP_ADDRESS\n"); -+ fprintf(f, " TOS := { NUMBER | inherit }\n"); -+ fprintf(f, " TTL := { 1..255 | inherit }\n"); -+ fprintf(f, " LABEL := 0-1048575\n"); - } - - static void explain(void) -@@ -40,6 +41,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - int vni_set = 0; - __u32 daddr = 0; - struct in6_addr daddr6 = IN6ADDR_ANY_INIT; -+ __u32 label = 0; - __u8 ttl = 0; - __u8 tos = 0; - __u16 dstport = 0; -@@ -90,6 +92,15 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - tos = uval; - } else - tos = 1; -+ } else if (!matches(*argv, "label") || -+ !matches(*argv, "flowlabel")) { -+ __u32 uval; -+ -+ NEXT_ARG(); -+ if (get_u32(&uval, *argv, 0) || -+ (uval & ~LABEL_MAX_MASK)) -+ invarg("invalid flowlabel", *argv); -+ label = htonl(uval); - } else if (!matches(*argv, "dstport")) { - NEXT_ARG(); - if (get_u16(&dstport, *argv, 0)) -@@ -150,6 +161,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv, - addattr_l(n, 1024, IFLA_GENEVE_REMOTE, &daddr, 4); - if (memcmp(&daddr6, &in6addr_any, sizeof(daddr6)) != 0) - addattr_l(n, 1024, IFLA_GENEVE_REMOTE6, &daddr6, sizeof(struct in6_addr)); -+ addattr32(n, 1024, IFLA_GENEVE_LABEL, label); - addattr8(n, 1024, IFLA_GENEVE_TTL, ttl); - addattr8(n, 1024, IFLA_GENEVE_TOS, tos); - if (dstport) -@@ -211,6 +223,13 @@ static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - fprintf(f, "tos %#x ", tos); - } - -+ if (tb[IFLA_GENEVE_LABEL]) { -+ __u32 label = rta_getattr_u32(tb[IFLA_GENEVE_LABEL]); -+ -+ if (label) -+ fprintf(f, "flowlabel %#x ", ntohl(label)); -+ } -+ - if (tb[IFLA_GENEVE_PORT]) - fprintf(f, "dstport %u ", - ntohs(rta_getattr_u16(tb[IFLA_GENEVE_PORT]))); -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 31a6190..3002e47 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -674,6 +674,8 @@ the following additional arguments are supported: - .BI ttl " TTL " - .R " ] [ " - .BI tos " TOS " -+.R " ] [ " -+.BI flowlabel " FLOWLABEL " - .R " ]" - - .in +8 -@@ -693,6 +695,10 @@ the following additional arguments are supported: - .BI tos " TOS" - - specifies the TOS value to use in outgoing packets. - -+.sp -+.BI flowlabel " FLOWLABEL" -+- specifies the flow label to use in outgoing packets. -+ - .in -8 - - .TP --- -1.8.3.1 - diff --git a/SOURCES/0168-tc-matchall-Print-skip-flags-when-dumping-a-filter.patch b/SOURCES/0168-tc-matchall-Print-skip-flags-when-dumping-a-filter.patch new file mode 100644 index 0000000..7dc7413 --- /dev/null +++ b/SOURCES/0168-tc-matchall-Print-skip-flags-when-dumping-a-filter.patch @@ -0,0 +1,48 @@ +From 7adefadcd79a33ba625a948c42745a7ff51325f6 Mon Sep 17 00:00:00 2001 +From: Ivan Vecera <ivecera@redhat.com> +Date: Wed, 31 May 2017 15:45:26 +0200 +Subject: [PATCH 168/169] tc: matchall: Print skip flags when dumping a filter + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1435624 +Upstream status: iproute2.git commit afdc1fed243f5 + +commit afdc1fed243f5499a53f5fda202031cf4c4d4044 +Author: Or Gerlitz <ogerlitz@mellanox.com> +Date: Thu Feb 9 15:10:14 2017 +0200 + + tc: matchall: Print skip flags when dumping a filter + + Print the skip flags when we dump a filter. + + Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> + Acked by: Yotam Gigi <yotamg@mellanox.com> + Reviewed-by: Simon Horman <simon.horman@netronome.com> + +Signed-off-by: Ivan Vecera <ivecera@redhat.com> +--- + tc/f_matchall.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/tc/f_matchall.c b/tc/f_matchall.c +index 04e524e3..ac486308 100644 +--- a/tc/f_matchall.c ++++ b/tc/f_matchall.c +@@ -130,6 +130,15 @@ static int matchall_print_opt(struct filter_util *qu, FILE *f, + sprint_tc_classid(rta_getattr_u32(tb[TCA_MATCHALL_CLASSID]), b1)); + } + ++ if (tb[TCA_MATCHALL_FLAGS]) { ++ __u32 flags = rta_getattr_u32(tb[TCA_MATCHALL_FLAGS]); ++ ++ if (flags & TCA_CLS_FLAGS_SKIP_HW) ++ fprintf(f, "\n skip_hw"); ++ if (flags & TCA_CLS_FLAGS_SKIP_SW) ++ fprintf(f, "\n skip_sw"); ++ } ++ + if (tb[TCA_MATCHALL_ACT]) + tc_print_action(f, tb[TCA_MATCHALL_ACT]); + +-- +2.13.0 + diff --git a/SOURCES/0169-geneve-fix-IPv6-remote-address-reporting.patch b/SOURCES/0169-geneve-fix-IPv6-remote-address-reporting.patch deleted file mode 100644 index 27ca499..0000000 --- a/SOURCES/0169-geneve-fix-IPv6-remote-address-reporting.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 4290eadae6233b5d7bc7d92821dbdc0f8fee07a5 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 2 Jul 2016 12:46:47 +0200 -Subject: [PATCH] geneve: fix IPv6 remote address reporting - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1339178 -Upstream Status: iproute2.git commit 2642b6b03e546 - -commit 2642b6b03e546b04e163a7cb2585ece791324a05 -Author: Edward Cree <ecree@solarflare.com> -Date: Fri May 6 15:28:25 2016 +0100 - - geneve: fix IPv6 remote address reporting - - Since we can only configure unicast, we probably want to be able to - display unicast, rather than multicast. - - Fixes: 906ac5437ab8 ("geneve: add support for IPv6 link partners") - Signed-off-by: Edward Cree <ecree@solarflare.com> ---- - ip/iplink_geneve.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c -index fb0c6b1..905c537 100644 ---- a/ip/iplink_geneve.c -+++ b/ip/iplink_geneve.c -@@ -203,7 +203,7 @@ static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - struct in6_addr addr; - memcpy(&addr, RTA_DATA(tb[IFLA_GENEVE_REMOTE6]), sizeof(struct in6_addr)); - if (memcmp(&addr, &in6addr_any, sizeof(addr)) != 0) { -- if (IN6_IS_ADDR_MULTICAST(&addr)) -+ if (!IN6_IS_ADDR_MULTICAST(&addr)) - fprintf(f, "remote %s ", - format_host(AF_INET6, sizeof(struct in6_addr), &addr, s1, sizeof(s1))); - } --- -1.8.3.1 - diff --git a/SOURCES/0169-tc-clsact-add-clsact-frontend.patch b/SOURCES/0169-tc-clsact-add-clsact-frontend.patch new file mode 100644 index 0000000..a5fc0e7 --- /dev/null +++ b/SOURCES/0169-tc-clsact-add-clsact-frontend.patch @@ -0,0 +1,178 @@ +From cca177ccfd0b5ae01ed8954f36c913fd95ef4b84 Mon Sep 17 00:00:00 2001 +From: Ivan Vecera <ivecera@redhat.com> +Date: Wed, 31 May 2017 15:45:54 +0200 +Subject: [PATCH 169/169] tc, clsact: add clsact frontend + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1435624 +Upstream status: iproute2.git commit 8f9afdd531560 +Upstream divergences: Only partially backported to provide 'ingress' keyword + for 'tc filter' command. The commit itself provides support for 'clsact' + qdisc that is not supported on RHEL. + +commit 8f9afdd531560c1534be44424669add2e19deeec +Author: Daniel Borkmann <daniel@iogearbox.net> +Date: Tue Jan 12 01:42:20 2016 +0100 + + tc, clsact: add clsact frontend + + Add the tc part for the kernel commit 1f211a1b929c ("net, sched: add + clsact qdisc"). Quoting example usage from that commit description: + + Example, adding qdisc: + + # tc qdisc add dev foo clsact + # tc qdisc show dev foo + qdisc mq 0: root + qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 + qdisc pfifo_fast 0: parent :2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 + qdisc pfifo_fast 0: parent :3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 + qdisc pfifo_fast 0: parent :4 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 + qdisc clsact ffff: parent ffff:fff1 + + Adding filters (deleting, etc works analogous by specifying ingress/egress): + + # tc filter add dev foo ingress bpf da obj bar.o sec ingress + # tc filter add dev foo egress bpf da obj bar.o sec egress + # tc filter show dev foo ingress + filter protocol all pref 49152 bpf + filter protocol all pref 49152 bpf handle 0x1 bar.o:[ingress] direct-action + # tc filter show dev foo egress + filter protocol all pref 49152 bpf + filter protocol all pref 49152 bpf handle 0x1 bar.o:[egress] direct-action + + The ingress parent alias can also be used with ingress qdisc. + + Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> + +Signed-off-by: Ivan Vecera <ivecera@redhat.com> +--- + tc/tc_filter.c | 46 ++++++++++++++++++++++++++++++++++++++-------- + tc/tc_qdisc.c | 3 --- + 2 files changed, 38 insertions(+), 11 deletions(-) + +diff --git a/tc/tc_filter.c b/tc/tc_filter.c +index e76d616f..2a303c04 100644 +--- a/tc/tc_filter.c ++++ b/tc/tc_filter.c +@@ -26,25 +26,21 @@ + #include "tc_util.h" + #include "tc_common.h" + +-static void usage(void); +- + static void usage(void) + { + fprintf(stderr, "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n"); + fprintf(stderr, " [ pref PRIO ] protocol PROTO\n"); + fprintf(stderr, " [ estimator INTERVAL TIME_CONSTANT ]\n"); +- fprintf(stderr, " [ root | classid CLASSID ] [ handle FILTERID ]\n"); +- fprintf(stderr, " [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n"); ++ fprintf(stderr, " [ root | ingress | egress | parent CLASSID ]\n"); ++ fprintf(stderr, " [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n"); + fprintf(stderr, "\n"); +- fprintf(stderr, " tc filter show [ dev STRING ] [ root | parent CLASSID ]\n"); ++ fprintf(stderr, " tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n"); + fprintf(stderr, "Where:\n"); + fprintf(stderr, "FILTER_TYPE := { rsvp | u32 | fw | route | etc. }\n"); + fprintf(stderr, "FILTERID := ... format depends on classifier, see there\n"); + fprintf(stderr, "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n"); +- return; + } + +- + static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) + { + struct { +@@ -87,6 +83,20 @@ static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) + return -1; + } + req.t.tcm_parent = TC_H_ROOT; ++ } else if (strcmp(*argv, "ingress") == 0) { ++ if (req.t.tcm_parent) { ++ fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n"); ++ return -1; ++ } ++ req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT, ++ TC_H_MIN_INGRESS); ++ } else if (strcmp(*argv, "egress") == 0) { ++ if (req.t.tcm_parent) { ++ fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n"); ++ return -1; ++ } ++ req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT, ++ TC_H_MIN_EGRESS); + } else if (strcmp(*argv, "parent") == 0) { + __u32 handle; + NEXT_ARG(); +@@ -220,11 +230,16 @@ int print_filter(const struct sockaddr_nl *who, + if (!filter_parent || filter_parent != t->tcm_parent) { + if (t->tcm_parent == TC_H_ROOT) + fprintf(fp, "root "); ++ else if (t->tcm_parent == TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_INGRESS)) ++ fprintf(fp, "ingress "); ++ else if (t->tcm_parent == TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_EGRESS)) ++ fprintf(fp, "egress "); + else { + print_tc_classid(abuf, sizeof(abuf), t->tcm_parent); + fprintf(fp, "parent %s ", abuf); + } + } ++ + if (t->tcm_info) { + f_proto = TC_H_MIN(t->tcm_info); + __u32 prio = TC_H_MAJ(t->tcm_info)>>16; +@@ -259,7 +274,6 @@ int print_filter(const struct sockaddr_nl *who, + return 0; + } + +- + static int tc_filter_list(int argc, char **argv) + { + struct tcmsg t; +@@ -284,6 +298,22 @@ static int tc_filter_list(int argc, char **argv) + return -1; + } + filter_parent = t.tcm_parent = TC_H_ROOT; ++ } else if (strcmp(*argv, "ingress") == 0) { ++ if (t.tcm_parent) { ++ fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n"); ++ return -1; ++ } ++ filter_parent = TC_H_MAKE(TC_H_CLSACT, ++ TC_H_MIN_INGRESS); ++ t.tcm_parent = filter_parent; ++ } else if (strcmp(*argv, "egress") == 0) { ++ if (t.tcm_parent) { ++ fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n"); ++ return -1; ++ } ++ filter_parent = TC_H_MAKE(TC_H_CLSACT, ++ TC_H_MIN_EGRESS); ++ t.tcm_parent = filter_parent; + } else if (strcmp(*argv, "parent") == 0) { + __u32 handle; + NEXT_ARG(); +diff --git a/tc/tc_qdisc.c b/tc/tc_qdisc.c +index c31ae8d2..61aec4f8 100644 +--- a/tc/tc_qdisc.c ++++ b/tc/tc_qdisc.c +@@ -26,8 +26,6 @@ + #include "tc_util.h" + #include "tc_common.h" + +-static int usage(void); +- + static int usage(void) + { + fprintf(stderr, "Usage: tc qdisc [ add | del | replace | change | show ] dev STRING\n"); +@@ -277,7 +275,6 @@ int print_qdisc(const struct sockaddr_nl *who, + return 0; + } + +- + static int tc_qdisc_list(int argc, char **argv) + { + struct tcmsg t; +-- +2.13.0 + diff --git a/SOURCES/0170-devlink-Add-e-switch-support.patch b/SOURCES/0170-devlink-Add-e-switch-support.patch new file mode 100644 index 0000000..8c29870 --- /dev/null +++ b/SOURCES/0170-devlink-Add-e-switch-support.patch @@ -0,0 +1,288 @@ +From b55eb737f0bf16eb25435ba84a2ff017ab804d36 Mon Sep 17 00:00:00 2001 +From: Sabrina Dubroca <sdubroca@redhat.com> +Date: Fri, 9 Jun 2017 10:06:23 +0200 +Subject: [PATCH] devlink: Add e-switch support + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1459772 +Upstream Status: iproute2.git commit f57856fab2e5 + +Conflicts: in pr_out_eswitch and cmd_dev_eswitch_show, because we don't +support json output. Fix that by doing the reverse of the transformation +that commit e3d0f0c0e3d8 did to pr_out_port(). + +commit f57856fab2e51047c833f5618f2af231f3a9fb5a +Author: Or Gerlitz <ogerlitz@mellanox.com> +Date: Sun Aug 28 16:35:21 2016 +0300 + + devlink: Add e-switch support + + Implement kernel devlink e-switch interface. Currently we allow + to get and set the device e-switch mode. + + Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> + Signed-off-by: Roi Dayan <roid@mellanox.com> + Acked-by: Jiri Pirko <jiri@mellanox.com> + +Signed-off-by: Sabrina Dubroca <sdubroca@redhat.com> +--- + devlink/devlink.c | 121 +++++++++++++++++++++++++++++++++++++++++++++++++ + man/man8/devlink-dev.8 | 34 ++++++++++++++ + 2 files changed, 155 insertions(+) + +diff --git a/devlink/devlink.c b/devlink/devlink.c +index ffefa86d2ed2..ab55f8c73681 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -25,6 +25,9 @@ + #include "list.h" + #include "mnlg.h" + ++#define ESWITCH_MODE_LEGACY "legacy" ++#define ESWITCH_MODE_SWITCHDEV "switchdev" ++ + #define pr_err(args...) fprintf(stderr, ##args) + #define pr_out(args...) fprintf(stdout, ##args) + #define pr_out_sp(num, args...) \ +@@ -127,6 +130,7 @@ static void ifname_map_free(struct ifname_map *ifname_map) + #define DL_OPT_SB_THTYPE BIT(8) + #define DL_OPT_SB_TH BIT(9) + #define DL_OPT_SB_TC BIT(10) ++#define DL_OPT_ESWITCH_MODE BIT(11) + + struct dl_opts { + uint32_t present; /* flags of present items */ +@@ -142,6 +146,7 @@ struct dl_opts { + enum devlink_sb_threshold_type sb_pool_thtype; + uint32_t sb_threshold; + uint16_t sb_tc_index; ++ enum devlink_eswitch_mode eswitch_mode; + }; + + struct dl { +@@ -287,6 +292,9 @@ static int attr_cb(const struct nlattr *attr, void *data) + if (type == DEVLINK_ATTR_SB_OCC_MAX && + mnl_attr_validate(attr, MNL_TYPE_U32) < 0) + return MNL_CB_ERROR; ++ if (type == DEVLINK_ATTR_ESWITCH_MODE && ++ mnl_attr_validate(attr, MNL_TYPE_U16) < 0) ++ return MNL_CB_ERROR; + tb[type] = attr; + return MNL_CB_OK; + } +@@ -651,6 +659,19 @@ static int threshold_type_get(const char *typestr, + return 0; + } + ++static int eswitch_mode_get(const char *typestr, enum devlink_eswitch_mode *p_mode) ++{ ++ if (strcmp(typestr, ESWITCH_MODE_LEGACY) == 0) { ++ *p_mode = DEVLINK_ESWITCH_MODE_LEGACY; ++ } else if (strcmp(typestr, ESWITCH_MODE_SWITCHDEV) == 0) { ++ *p_mode = DEVLINK_ESWITCH_MODE_SWITCHDEV; ++ } else { ++ pr_err("Unknown eswitch mode \"%s\"\n", typestr); ++ return -EINVAL; ++ } ++ return 0; ++} ++ + static int dl_argv_parse(struct dl *dl, uint32_t o_required, + uint32_t o_optional) + { +@@ -760,6 +781,17 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required, + if (err) + return err; + o_found |= DL_OPT_SB_TC; ++ } else if (dl_argv_match(dl, "mode") && ++ (o_all & DL_OPT_ESWITCH_MODE)) { ++ const char *typestr; ++ dl_arg_inc(dl); ++ err = dl_argv_str(dl, &typestr); ++ if (err) ++ return err; ++ err = eswitch_mode_get(typestr, &opts->eswitch_mode); ++ if (err) ++ return err; ++ o_found |= DL_OPT_ESWITCH_MODE; + } else { + pr_err("Unknown option \"%s\"\n", dl_argv(dl)); + return -EINVAL; +@@ -813,6 +845,12 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required, + pr_err("TC index option expected.\n"); + return -EINVAL; + } ++ ++ if ((o_required & DL_OPT_ESWITCH_MODE) && !(o_found & DL_OPT_ESWITCH_MODE)) { ++ pr_err("E-Switch mode option expected.\n"); ++ return -EINVAL; ++ } ++ + return 0; + } + +@@ -856,6 +894,9 @@ static void dl_opts_put(struct nlmsghdr *nlh, struct dl *dl) + if (opts->present & DL_OPT_SB_TC) + mnl_attr_put_u16(nlh, DEVLINK_ATTR_SB_TC_INDEX, + opts->sb_tc_index); ++ if (opts->present & DL_OPT_ESWITCH_MODE) ++ mnl_attr_put_u16(nlh, DEVLINK_ATTR_ESWITCH_MODE, ++ opts->eswitch_mode); + } + + static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl, +@@ -976,6 +1017,83 @@ static void pr_out_dev(struct nlattr **tb) + pr_out("\n"); + } + ++static const char *eswitch_mode_name(uint32_t mode) ++{ ++ switch (mode) { ++ case DEVLINK_ESWITCH_MODE_LEGACY: return ESWITCH_MODE_LEGACY; ++ case DEVLINK_ESWITCH_MODE_SWITCHDEV: return ESWITCH_MODE_SWITCHDEV; ++ default: return "<unknown mode>"; ++ } ++} ++ ++static void pr_out_eswitch(struct dl *dl, struct nlattr **tb) ++{ ++ pr_out_handle(tb); ++ pr_out(":"); ++ ++ if (tb[DEVLINK_ATTR_ESWITCH_MODE]) ++ pr_out(" mode %s", ++ eswitch_mode_name(mnl_attr_get_u16(tb[DEVLINK_ATTR_ESWITCH_MODE]))); ++ ++ pr_out("\n"); ++} ++ ++static int cmd_dev_eswitch_show_cb(const struct nlmsghdr *nlh, void *data) ++{ ++ struct dl *dl = data; ++ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; ++ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); ++ ++ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); ++ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME]) ++ return MNL_CB_ERROR; ++ pr_out_eswitch(dl, tb); ++ return MNL_CB_OK; ++} ++ ++static int cmd_dev_eswitch_show(struct dl *dl) ++{ ++ struct nlmsghdr *nlh; ++ int err; ++ ++ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_ESWITCH_MODE_GET, ++ NLM_F_REQUEST | NLM_F_ACK); ++ ++ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, 0); ++ if (err) ++ return err; ++ ++ return _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_dev_eswitch_show_cb, NULL); ++} ++ ++static int cmd_dev_eswitch_set(struct dl *dl) ++{ ++ struct nlmsghdr *nlh; ++ int err; ++ ++ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_ESWITCH_MODE_SET, ++ NLM_F_REQUEST | NLM_F_ACK); ++ ++ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE | DL_OPT_ESWITCH_MODE, 0); ++ if (err) ++ return err; ++ ++ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); ++} ++ ++static int cmd_dev_eswitch(struct dl *dl) ++{ ++ if (dl_argv_match(dl, "set")) { ++ dl_arg_inc(dl); ++ return cmd_dev_eswitch_set(dl); ++ } else if (dl_argv_match(dl, "show")) { ++ dl_arg_inc(dl); ++ return cmd_dev_eswitch_show(dl); ++ } ++ pr_err("Command \"%s\" not found\n", dl_argv(dl)); ++ return -ENOENT; ++} ++ + static int cmd_dev_show_cb(const struct nlmsghdr *nlh, void *data) + { + struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; +@@ -1017,6 +1135,9 @@ static int cmd_dev(struct dl *dl) + dl_argv_match(dl, "list") || dl_no_arg(dl)) { + dl_arg_inc(dl); + return cmd_dev_show(dl); ++ } else if (dl_argv_match(dl, "eswitch")) { ++ dl_arg_inc(dl); ++ return cmd_dev_eswitch(dl); + } + pr_err("Command \"%s\" not found\n", dl_argv(dl)); + return -ENOENT; +diff --git a/man/man8/devlink-dev.8 b/man/man8/devlink-dev.8 +index 62bcead37e89..9ce319374551 100644 +--- a/man/man8/devlink-dev.8 ++++ b/man/man8/devlink-dev.8 +@@ -25,6 +25,17 @@ devlink-dev \- devlink device configuration + .ti -8 + .B devlink dev help + ++.ti -8 ++.BR "devlink dev eswitch set" ++.IR DEV ++.RI "[ " ++.BR mode " { " legacy " | " switchdev " } " ++.RI "]" ++ ++.ti -8 ++.BR "devlink dev eswitch show" ++.IR DEV ++ + .SH "DESCRIPTION" + .SS devlink dev show - display devlink device attributes + +@@ -38,6 +49,19 @@ Format is: + .in +2 + BUS_NAME/BUS_ADDRESS + ++.SS devlink dev eswitch show - display devlink device eswitch attributes ++.SS devlink dev eswitch set - sets devlink device eswitch attributes ++ ++.TP ++.BR mode " { " legacy " | " switchdev " } " ++set eswitch mode ++ ++.I legacy ++- Legacy SRIOV ++ ++.I switchdev ++- SRIOV switchdev offloads ++ + .SH "EXAMPLES" + .PP + devlink dev show +@@ -48,6 +72,16 @@ Shows the state of all devlink devices on the system. + devlink dev show pci/0000:01:00.0 + .RS 4 + Shows the state of specified devlink device. ++.RE ++.PP ++devlink dev eswitch show pci/0000:01:00.0 ++.RS 4 ++Shows the eswitch mode of specified devlink device. ++.RE ++.PP ++devlink dev eswitch set pci/0000:01:00.0 mode switchdev ++.RS 4 ++Sets the eswitch mode of specified devlink device to switchdev. + + .SH SEE ALSO + .BR devlink (8), +-- +2.13.1 + diff --git a/SOURCES/0170-iproute2-utils-change-hexstring_n2a-and-hexstring_a2.patch b/SOURCES/0170-iproute2-utils-change-hexstring_n2a-and-hexstring_a2.patch deleted file mode 100644 index 6c59b20..0000000 --- a/SOURCES/0170-iproute2-utils-change-hexstring_n2a-and-hexstring_a2.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 60969cb2bd1782f232d1c74871642c03b429d676 Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 6 Jul 2016 18:41:30 +0200 -Subject: [PATCH] iproute2: utils: change hexstring_n2a and hexstring_a2n to do - not work with ":" - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1300765 -Upstream Status: iproute2.git commit 316c2346f7f3 - -commit 316c2346f7f3e337be9a56e7ad5fc8e04cd26d63 -Author: Jiri Pirko <jiri@resnulli.us> -Date: Thu May 15 15:10:21 2014 +0200 - - iproute2: utils: change hexstring_n2a and hexstring_a2n to do not work with ":" - - Signed-off-by: Jiri Pirko <jiri@resnulli.us> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - lib/utils.c | 46 +++++++++++++--------------------------------- - 1 file changed, 13 insertions(+), 33 deletions(-) - -diff --git a/lib/utils.c b/lib/utils.c -index 1cd4fdd..7f842ae 100644 ---- a/lib/utils.c -+++ b/lib/utils.c -@@ -783,10 +783,6 @@ char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen) - sprintf(ptr, "%02x", str[i]); - ptr += 2; - blen -= 2; -- if (i != len-1 && blen > 1) { -- *ptr++ = ':'; -- blen--; -- } - } - return buf; - } -@@ -794,38 +790,22 @@ char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen) - __u8* hexstring_a2n(const char *str, __u8 *buf, int blen) - { - int cnt = 0; -+ char *endptr; - -- for (;;) { -- unsigned acc; -- char ch; -- -- acc = 0; -- -- while ((ch = *str) != ':' && ch != 0) { -- if (ch >= '0' && ch <= '9') -- ch -= '0'; -- else if (ch >= 'a' && ch <= 'f') -- ch -= 'a'-10; -- else if (ch >= 'A' && ch <= 'F') -- ch -= 'A'-10; -- else -- return NULL; -- acc = (acc<<4) + ch; -- str++; -- } -- -- if (acc > 255) -+ if (strlen(str) % 2) -+ return NULL; -+ while (cnt < blen && strlen(str) > 1) { -+ unsigned int tmp; -+ char tmpstr[3]; -+ -+ strncpy(tmpstr, str, 2); -+ tmpstr[2] = '\0'; -+ tmp = strtoul(tmpstr, &endptr, 16); -+ if (errno != 0 || tmp > 0xFF || *endptr != '\0') - return NULL; -- if (cnt < blen) { -- buf[cnt] = acc; -- cnt++; -- } -- if (ch == 0) -- break; -- ++str; -+ buf[cnt++] = tmp; -+ str += 2; - } -- if (cnt < blen) -- memset(buf+cnt, 0, blen-cnt); - return buf; - } - --- -1.8.3.1 - diff --git a/SOURCES/0171-devlink-whitespace-cleanup.patch b/SOURCES/0171-devlink-whitespace-cleanup.patch new file mode 100644 index 0000000..3ff99ed --- /dev/null +++ b/SOURCES/0171-devlink-whitespace-cleanup.patch @@ -0,0 +1,56 @@ +From 39f9fe4a47b1bb564c72944b624889d48dda2c3d Mon Sep 17 00:00:00 2001 +From: Sabrina Dubroca <sdubroca@redhat.com> +Date: Fri, 9 Jun 2017 10:08:00 +0200 +Subject: [PATCH] devlink: whitespace cleanup + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1459772 +Upstream Status: iproute2.git commit 7c55d7700f43 + +commit 7c55d7700f4320186784590516993a73183bc2f2 +Author: Stephen Hemminger <stephen@networkplumber.org> +Date: Mon Aug 29 11:17:38 2016 -0700 + + devlink: whitespace cleanup + + Break long lines + +Signed-off-by: Sabrina Dubroca <sdubroca@redhat.com> +--- + devlink/devlink.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/devlink/devlink.c b/devlink/devlink.c +index ab55f8c73681..52fc7f49f51c 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -659,7 +659,8 @@ static int threshold_type_get(const char *typestr, + return 0; + } + +-static int eswitch_mode_get(const char *typestr, enum devlink_eswitch_mode *p_mode) ++static int eswitch_mode_get(const char *typestr, ++ enum devlink_eswitch_mode *p_mode) + { + if (strcmp(typestr, ESWITCH_MODE_LEGACY) == 0) { + *p_mode = DEVLINK_ESWITCH_MODE_LEGACY; +@@ -784,6 +785,7 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required, + } else if (dl_argv_match(dl, "mode") && + (o_all & DL_OPT_ESWITCH_MODE)) { + const char *typestr; ++ + dl_arg_inc(dl); + err = dl_argv_str(dl, &typestr); + if (err) +@@ -846,7 +848,8 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required, + return -EINVAL; + } + +- if ((o_required & DL_OPT_ESWITCH_MODE) && !(o_found & DL_OPT_ESWITCH_MODE)) { ++ if ((o_required & DL_OPT_ESWITCH_MODE) && ++ !(o_found & DL_OPT_ESWITCH_MODE)) { + pr_err("E-Switch mode option expected.\n"); + return -EINVAL; + } +-- +2.13.1 + diff --git a/SOURCES/0171-iproute2-arpd-use-ll_addr_a2n-and-ll_addr_n2a.patch b/SOURCES/0171-iproute2-arpd-use-ll_addr_a2n-and-ll_addr_n2a.patch deleted file mode 100644 index 8b3dc43..0000000 --- a/SOURCES/0171-iproute2-arpd-use-ll_addr_a2n-and-ll_addr_n2a.patch +++ /dev/null @@ -1,55 +0,0 @@ -From a3c9bb79b1f03896d09df67a7095cd545e495ab0 Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 6 Jul 2016 18:41:31 +0200 -Subject: [PATCH] iproute2: arpd: use ll_addr_a2n and ll_addr_n2a - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1300765 -Upstream Status: iproute2.git commit dd50247dba85 - -commit dd50247dba85255538d659551305b4bb75bcae62 -Author: Jiri Pirko <jiri@resnulli.us> -Date: Thu May 15 15:10:20 2014 +0200 - - iproute2: arpd: use ll_addr_a2n and ll_addr_n2a - - Signed-off-by: Jiri Pirko <jiri@resnulli.us> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - misc/arpd.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/misc/arpd.c b/misc/arpd.c -index cc5e1ca..7919eb8 100644 ---- a/misc/arpd.c -+++ b/misc/arpd.c -@@ -36,6 +36,7 @@ - - #include "libnetlink.h" - #include "utils.h" -+#include "rt_names.h" - - int resolve_hosts; - -@@ -721,8 +722,7 @@ int main(int argc, char **argv) - goto do_abort; - } - -- dbdat.data = hexstring_a2n(macbuf, b1, 6); -- if (dbdat.data == NULL) -+ if (ll_addr_a2n((char *) b1, 6, macbuf) != 6) - goto do_abort; - dbdat.size = 6; - -@@ -747,7 +747,7 @@ int main(int argc, char **argv) - printf("%-8d %-15s %s\n", - key->iface, - inet_ntoa(*(struct in_addr*)&key->addr), -- hexstring_n2a(dbdat.data, 6, b1, 18)); -+ ll_addr_n2a(dbdat.data, 6, ARPHRD_ETHER, b1, 18)); - } else { - printf("%-8d %-15s FAILED: %dsec ago\n", - key->iface, --- -1.8.3.1 - diff --git a/SOURCES/0172-devlink-Convert-conditional-in-dl_argv_handle_port-t.patch b/SOURCES/0172-devlink-Convert-conditional-in-dl_argv_handle_port-t.patch new file mode 100644 index 0000000..945ebe0 --- /dev/null +++ b/SOURCES/0172-devlink-Convert-conditional-in-dl_argv_handle_port-t.patch @@ -0,0 +1,63 @@ +From 78e2bc47a913408cf51b0057230cd8d61d67e305 Mon Sep 17 00:00:00 2001 +From: Sabrina Dubroca <sdubroca@redhat.com> +Date: Fri, 9 Jun 2017 10:08:08 +0200 +Subject: [PATCH] devlink: Convert conditional in dl_argv_handle_port() to + switch() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1459772 +Upstream Status: iproute2.git commit 7a34b9d098fc + +commit 7a34b9d098fce6778a02c475fd877e0b34aa7a13 +Author: Hangbin Liu <liuhangbin@gmail.com> +Date: Sun Oct 9 10:14:18 2016 +0800 + + devlink: Convert conditional in dl_argv_handle_port() to switch() + + Discovered by Phil's covscan. The final return statement is never reached. + This is not inherently clear from looking at the code, so change the + conditional to a switch() statement which should clarify this. + + CC: Phil Sutter <phil@nwl.cc> + Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> + Acked-by: Phil Sutter <phil@nwl.cc> + +Signed-off-by: Sabrina Dubroca <sdubroca@redhat.com> +--- + devlink/devlink.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/devlink/devlink.c b/devlink/devlink.c +index 52fc7f49f51c..07c28eb95270 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -514,19 +514,18 @@ static int dl_argv_handle_port(struct dl *dl, char **p_bus_name, + return -EINVAL; + } + slash_count = strslashcount(str); +- if (slash_count != 2 && slash_count != 0) { ++ switch (slash_count) { ++ case 0: ++ return __dl_argv_handle_port_ifname(dl, str, p_bus_name, ++ p_dev_name, p_port_index); ++ case 2: ++ return __dl_argv_handle_port(str, p_bus_name, ++ p_dev_name, p_port_index); ++ default: + pr_err("Wrong port identification string format.\n"); + pr_err("Expected \"bus_name/dev_name/port_index\" or \"netdev_ifname\".\n"); + return -EINVAL; + } +- if (slash_count == 2) { +- return __dl_argv_handle_port(str, p_bus_name, +- p_dev_name, p_port_index); +- } else if (slash_count == 0) { +- return __dl_argv_handle_port_ifname(dl, str, p_bus_name, +- p_dev_name, p_port_index); +- } +- return 0; + } + + static int dl_argv_handle_both(struct dl *dl, char **p_bus_name, +-- +2.13.1 + diff --git a/SOURCES/0172-lib-ll_addr-improve-ll_addr_n2a-a-bit.patch b/SOURCES/0172-lib-ll_addr-improve-ll_addr_n2a-a-bit.patch deleted file mode 100644 index 98a8e1a..0000000 --- a/SOURCES/0172-lib-ll_addr-improve-ll_addr_n2a-a-bit.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 6b0e32fa35dbb002e7b6d2b6529cd3543b07bdef Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 6 Jul 2016 18:41:32 +0200 -Subject: [PATCH] lib/ll_addr: improve ll_addr_n2a() a bit - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1300765 -Upstream Status: iproute2.git commit f63ed3e62989 - -commit f63ed3e629893046aca58a3bb409a3ff909a8fae -Author: Phil Sutter <phil@nwl.cc> -Date: Tue Mar 22 19:35:19 2016 +0100 - - lib/ll_addr: improve ll_addr_n2a() a bit - - Apart from making the code a bit more compact and efficient, this also - prevents a potential buffer overflow if the passed buffer is really too - small: Although correctly decrementing the size parameter passed to - snprintf, it could become negative which would then wrap since snprintf - uses (unsigned) size_t for the parameter. - - Signed-off-by: Phil Sutter <phil@nwl.cc> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - lib/ll_addr.c | 15 +++------------ - 1 file changed, 3 insertions(+), 12 deletions(-) - -diff --git a/lib/ll_addr.c b/lib/ll_addr.c -index c12ab07..d38bc31 100644 ---- a/lib/ll_addr.c -+++ b/lib/ll_addr.c -@@ -41,18 +41,9 @@ const char *ll_addr_n2a(unsigned char *addr, int alen, int type, char *buf, int - if (alen == 16 && type == ARPHRD_TUNNEL6) { - return inet_ntop(AF_INET6, addr, buf, blen); - } -- l = 0; -- for (i=0; i<alen; i++) { -- if (i==0) { -- snprintf(buf+l, blen, "%02x", addr[i]); -- blen -= 2; -- l += 2; -- } else { -- snprintf(buf+l, blen, ":%02x", addr[i]); -- blen -= 3; -- l += 3; -- } -- } -+ snprintf(buf, blen, "%02x", addr[0]); -+ for (i = 1, l = 2; i < alen && l < blen; i++, l += 3) -+ snprintf(buf + l, blen - l, ":%02x", addr[i]); - return buf; - } - --- -1.8.3.1 - diff --git a/SOURCES/0173-devlink-write-usage-help-messages-to-stderr.patch b/SOURCES/0173-devlink-write-usage-help-messages-to-stderr.patch new file mode 100644 index 0000000..98e8fe3 --- /dev/null +++ b/SOURCES/0173-devlink-write-usage-help-messages-to-stderr.patch @@ -0,0 +1,111 @@ +From 5ae2d3cb2d16ad5d7e193978aefba1610de26ac5 Mon Sep 17 00:00:00 2001 +From: Sabrina Dubroca <sdubroca@redhat.com> +Date: Fri, 9 Jun 2017 10:31:01 +0200 +Subject: [PATCH] devlink: write usage help messages to stderr + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1459772 +Upstream Status: iproute2.git commit 7a9466dbcba1 + +commit 7a9466dbcba1918a1c93de8f93b9ff3d62418fcf +Author: Jiri Pirko <jiri@mellanox.com> +Date: Fri Jul 22 18:34:29 2016 +0200 + + devlink: write usage help messages to stderr + + In order to not confuse reader, write help messages into stderr. + + Signed-off-by: Jiri Pirko <jiri@mellanox.com> + +Signed-off-by: Sabrina Dubroca <sdubroca@redhat.com> +--- + devlink/devlink.c | 46 +++++++++++++++++++++++----------------------- + 1 file changed, 23 insertions(+), 23 deletions(-) + +diff --git a/devlink/devlink.c b/devlink/devlink.c +index 07c28eb95270..bd801880c75f 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -952,7 +952,7 @@ static bool dl_dump_filter(struct dl *dl, struct nlattr **tb) + + static void cmd_dev_help(void) + { +- pr_out("Usage: devlink dev show [ DEV ]\n"); ++ pr_err("Usage: devlink dev show [ DEV ]\n"); + } + + static void __pr_out_handle(const char *bus_name, const char *dev_name) +@@ -1147,10 +1147,10 @@ static int cmd_dev(struct dl *dl) + + static void cmd_port_help(void) + { +- pr_out("Usage: devlink port show [ DEV/PORT_INDEX ]\n"); +- pr_out(" devlink port set DEV/PORT_INDEX [ type { eth | ib | auto} ]\n"); +- pr_out(" devlink port split DEV/PORT_INDEX count COUNT\n"); +- pr_out(" devlink port unsplit DEV/PORT_INDEX\n"); ++ pr_err("Usage: devlink port show [ DEV/PORT_INDEX ]\n"); ++ pr_err(" devlink port set DEV/PORT_INDEX [ type { eth | ib | auto} ]\n"); ++ pr_err(" devlink port split DEV/PORT_INDEX count COUNT\n"); ++ pr_err(" devlink port unsplit DEV/PORT_INDEX\n"); + } + + static const char *port_type_name(uint32_t type) +@@ -1297,22 +1297,22 @@ static int cmd_port(struct dl *dl) + + static void cmd_sb_help(void) + { +- pr_out("Usage: devlink sb show [ DEV [ sb SB_INDEX ] ]\n"); +- pr_out(" devlink sb pool show [ DEV [ sb SB_INDEX ] pool POOL_INDEX ]\n"); +- pr_out(" devlink sb pool set DEV [ sb SB_INDEX ] pool POOL_INDEX\n"); +- pr_out(" size POOL_SIZE thtype { static | dynamic }\n"); +- pr_out(" devlink sb port pool show [ DEV/PORT_INDEX [ sb SB_INDEX ]\n"); +- pr_out(" pool POOL_INDEX ]\n"); +- pr_out(" devlink sb port pool set DEV/PORT_INDEX [ sb SB_INDEX ]\n"); +- pr_out(" pool POOL_INDEX th THRESHOLD\n"); +- pr_out(" devlink sb tc bind show [ DEV/PORT_INDEX [ sb SB_INDEX ] tc TC_INDEX\n"); +- pr_out(" type { ingress | egress } ]\n"); +- pr_out(" devlink sb tc bind set DEV/PORT_INDEX [ sb SB_INDEX ] tc TC_INDEX\n"); +- pr_out(" type { ingress | egress } pool POOL_INDEX\n"); +- pr_out(" th THRESHOLD\n"); +- pr_out(" devlink sb occupancy show { DEV | DEV/PORT_INDEX } [ sb SB_INDEX ]\n"); +- pr_out(" devlink sb occupancy snapshot DEV [ sb SB_INDEX ]\n"); +- pr_out(" devlink sb occupancy clearmax DEV [ sb SB_INDEX ]\n"); ++ pr_err("Usage: devlink sb show [ DEV [ sb SB_INDEX ] ]\n"); ++ pr_err(" devlink sb pool show [ DEV [ sb SB_INDEX ] pool POOL_INDEX ]\n"); ++ pr_err(" devlink sb pool set DEV [ sb SB_INDEX ] pool POOL_INDEX\n"); ++ pr_err(" size POOL_SIZE thtype { static | dynamic }\n"); ++ pr_err(" devlink sb port pool show [ DEV/PORT_INDEX [ sb SB_INDEX ]\n"); ++ pr_err(" pool POOL_INDEX ]\n"); ++ pr_err(" devlink sb port pool set DEV/PORT_INDEX [ sb SB_INDEX ]\n"); ++ pr_err(" pool POOL_INDEX th THRESHOLD\n"); ++ pr_err(" devlink sb tc bind show [ DEV/PORT_INDEX [ sb SB_INDEX ] tc TC_INDEX\n"); ++ pr_err(" type { ingress | egress } ]\n"); ++ pr_err(" devlink sb tc bind set DEV/PORT_INDEX [ sb SB_INDEX ] tc TC_INDEX\n"); ++ pr_err(" type { ingress | egress } pool POOL_INDEX\n"); ++ pr_err(" th THRESHOLD\n"); ++ pr_err(" devlink sb occupancy show { DEV | DEV/PORT_INDEX } [ sb SB_INDEX ]\n"); ++ pr_err(" devlink sb occupancy snapshot DEV [ sb SB_INDEX ]\n"); ++ pr_err(" devlink sb occupancy clearmax DEV [ sb SB_INDEX ]\n"); + } + + static void pr_out_sb(struct nlattr **tb) +@@ -2114,7 +2114,7 @@ static int cmd_mon_show(struct dl *dl) + + static void cmd_mon_help(void) + { +- pr_out("Usage: devlink monitor [ all | OBJECT-LIST ]\n" ++ pr_err("Usage: devlink monitor [ all | OBJECT-LIST ]\n" + "where OBJECT-LIST := { dev | port }\n"); + } + +@@ -2133,7 +2133,7 @@ static int cmd_mon(struct dl *dl) + + static void help(void) + { +- pr_out("Usage: devlink [ OPTIONS ] OBJECT { COMMAND | help }\n" ++ pr_err("Usage: devlink [ OPTIONS ] OBJECT { COMMAND | help }\n" + "where OBJECT := { dev | port | sb | monitor }\n" + " OPTIONS := { -V[ersion] | -n[no-nice-names] }\n"); + } +-- +2.13.1 + diff --git a/SOURCES/0173-utils-make-hexstring_a2n-provide-the-number-of-hex-d.patch b/SOURCES/0173-utils-make-hexstring_a2n-provide-the-number-of-hex-d.patch deleted file mode 100644 index c2049bd..0000000 --- a/SOURCES/0173-utils-make-hexstring_a2n-provide-the-number-of-hex-d.patch +++ /dev/null @@ -1,72 +0,0 @@ -From da4ac3dc839ed968d4701534344a597df97b0cf0 Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 6 Jul 2016 18:41:33 +0200 -Subject: [PATCH] utils: make hexstring_a2n provide the number of hex digits - parsed - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1300765 -Upstream Status: iproute2.git commit 89ae502056f5 - -Conflicts: context conflicts around decalaration of hexstring_{n2a,a2n} -due to missing code cleanup (lack of upstream commit 892e21248cfd) - -commit 89ae502056f58a0177b9970f1f79a9683ac7fdd0 -Author: Sabrina Dubroca <sd@queasysnail.net> -Date: Fri Jun 3 16:45:45 2016 +0200 - - utils: make hexstring_a2n provide the number of hex digits parsed - - Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> - Acked-by: Phil Sutter <phil@nwl.cc> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - include/utils.h | 4 ++-- - lib/utils.c | 8 ++++++-- - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/include/utils.h b/include/utils.h -index 0234277..86af63b 100644 ---- a/include/utils.h -+++ b/include/utils.h -@@ -98,8 +98,8 @@ extern int get_s16(__s16 *val, const char *arg, int base); - extern int get_u8(__u8 *val, const char *arg, int base); - extern int get_s8(__s8 *val, const char *arg, int base); - --extern char* hexstring_n2a(const __u8 *str, int len, char *buf, int blen); --extern __u8* hexstring_a2n(const char *str, __u8 *buf, int blen); -+char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen); -+__u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len); - - extern const char *format_host(int af, int len, const void *addr, - char *buf, int buflen); -diff --git a/lib/utils.c b/lib/utils.c -index 7f842ae..5337084 100644 ---- a/lib/utils.c -+++ b/lib/utils.c -@@ -787,9 +787,9 @@ char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen) - return buf; - } - --__u8* hexstring_a2n(const char *str, __u8 *buf, int blen) -+__u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len) - { -- int cnt = 0; -+ unsigned int cnt = 0; - char *endptr; - - if (strlen(str) % 2) -@@ -806,6 +806,10 @@ __u8* hexstring_a2n(const char *str, __u8 *buf, int blen) - buf[cnt++] = tmp; - str += 2; - } -+ -+ if (len) -+ *len = cnt; -+ - return buf; - } - --- -1.8.3.1 - diff --git a/SOURCES/0174-devlink-Add-usage-help-for-eswitch-subcommand.patch b/SOURCES/0174-devlink-Add-usage-help-for-eswitch-subcommand.patch new file mode 100644 index 0000000..35c7b57 --- /dev/null +++ b/SOURCES/0174-devlink-Add-usage-help-for-eswitch-subcommand.patch @@ -0,0 +1,262 @@ +From 7a4657ac620bfdac456696fb44a6d7656baf8af2 Mon Sep 17 00:00:00 2001 +From: Sabrina Dubroca <sdubroca@redhat.com> +Date: Fri, 9 Jun 2017 10:31:05 +0200 +Subject: [PATCH] devlink: Add usage help for eswitch subcommand + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1459772 +Upstream Status: iproute2.git commit a93b6bb3a2e5 + +Conflicts: in pr_out_eswitch, because we don't support json output. Fix +that by doing the reverse of the transformation that commit e3d0f0c0e3d8 +did to pr_out_port(). + +commit a93b6bb3a2e50528fa20056c2fba33cbd9cf2ec7 +Author: Roi Dayan <roid@mellanox.com> +Date: Sun Nov 27 13:21:02 2016 +0200 + + devlink: Add usage help for eswitch subcommand + + Add missing usage help for devlink dev eswitch subcommand. + + Signed-off-by: Roi Dayan <roid@mellanox.com> + Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com> + +Signed-off-by: Sabrina Dubroca <sdubroca@redhat.com> +--- + devlink/devlink.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++++-- + man/man8/devlink-dev.8 | 21 +++++++++++- + 2 files changed, 106 insertions(+), 3 deletions(-) + +diff --git a/devlink/devlink.c b/devlink/devlink.c +index bd801880c75f..ce4aff871595 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -27,6 +27,10 @@ + + #define ESWITCH_MODE_LEGACY "legacy" + #define ESWITCH_MODE_SWITCHDEV "switchdev" ++#define ESWITCH_INLINE_MODE_NONE "none" ++#define ESWITCH_INLINE_MODE_LINK "link" ++#define ESWITCH_INLINE_MODE_NETWORK "network" ++#define ESWITCH_INLINE_MODE_TRANSPORT "transport" + + #define pr_err(args...) fprintf(stderr, ##args) + #define pr_out(args...) fprintf(stdout, ##args) +@@ -131,6 +135,7 @@ static void ifname_map_free(struct ifname_map *ifname_map) + #define DL_OPT_SB_TH BIT(9) + #define DL_OPT_SB_TC BIT(10) + #define DL_OPT_ESWITCH_MODE BIT(11) ++#define DL_OPT_ESWITCH_INLINE_MODE BIT(12) + + struct dl_opts { + uint32_t present; /* flags of present items */ +@@ -147,6 +152,7 @@ struct dl_opts { + uint32_t sb_threshold; + uint16_t sb_tc_index; + enum devlink_eswitch_mode eswitch_mode; ++ enum devlink_eswitch_inline_mode eswitch_inline_mode; + }; + + struct dl { +@@ -295,6 +301,9 @@ static int attr_cb(const struct nlattr *attr, void *data) + if (type == DEVLINK_ATTR_ESWITCH_MODE && + mnl_attr_validate(attr, MNL_TYPE_U16) < 0) + return MNL_CB_ERROR; ++ if (type == DEVLINK_ATTR_ESWITCH_INLINE_MODE && ++ mnl_attr_validate(attr, MNL_TYPE_U8) < 0) ++ return MNL_CB_ERROR; + tb[type] = attr; + return MNL_CB_OK; + } +@@ -672,6 +681,24 @@ static int eswitch_mode_get(const char *typestr, + return 0; + } + ++static int eswitch_inline_mode_get(const char *typestr, ++ enum devlink_eswitch_inline_mode *p_mode) ++{ ++ if (strcmp(typestr, ESWITCH_INLINE_MODE_NONE) == 0) { ++ *p_mode = DEVLINK_ESWITCH_INLINE_MODE_NONE; ++ } else if (strcmp(typestr, ESWITCH_INLINE_MODE_LINK) == 0) { ++ *p_mode = DEVLINK_ESWITCH_INLINE_MODE_LINK; ++ } else if (strcmp(typestr, ESWITCH_INLINE_MODE_NETWORK) == 0) { ++ *p_mode = DEVLINK_ESWITCH_INLINE_MODE_NETWORK; ++ } else if (strcmp(typestr, ESWITCH_INLINE_MODE_TRANSPORT) == 0) { ++ *p_mode = DEVLINK_ESWITCH_INLINE_MODE_TRANSPORT; ++ } else { ++ pr_err("Unknown eswitch inline mode \"%s\"\n", typestr); ++ return -EINVAL; ++ } ++ return 0; ++} ++ + static int dl_argv_parse(struct dl *dl, uint32_t o_required, + uint32_t o_optional) + { +@@ -793,6 +820,19 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required, + if (err) + return err; + o_found |= DL_OPT_ESWITCH_MODE; ++ } else if (dl_argv_match(dl, "inline-mode") && ++ (o_all & DL_OPT_ESWITCH_INLINE_MODE)) { ++ const char *typestr; ++ ++ dl_arg_inc(dl); ++ err = dl_argv_str(dl, &typestr); ++ if (err) ++ return err; ++ err = eswitch_inline_mode_get( ++ typestr, &opts->eswitch_inline_mode); ++ if (err) ++ return err; ++ o_found |= DL_OPT_ESWITCH_INLINE_MODE; + } else { + pr_err("Unknown option \"%s\"\n", dl_argv(dl)); + return -EINVAL; +@@ -853,6 +893,12 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required, + return -EINVAL; + } + ++ if ((o_required & DL_OPT_ESWITCH_INLINE_MODE) && ++ !(o_found & DL_OPT_ESWITCH_INLINE_MODE)) { ++ pr_err("E-Switch inline-mode option expected.\n"); ++ return -EINVAL; ++ } ++ + return 0; + } + +@@ -899,6 +945,9 @@ static void dl_opts_put(struct nlmsghdr *nlh, struct dl *dl) + if (opts->present & DL_OPT_ESWITCH_MODE) + mnl_attr_put_u16(nlh, DEVLINK_ATTR_ESWITCH_MODE, + opts->eswitch_mode); ++ if (opts->present & DL_OPT_ESWITCH_INLINE_MODE) ++ mnl_attr_put_u8(nlh, DEVLINK_ATTR_ESWITCH_INLINE_MODE, ++ opts->eswitch_inline_mode); + } + + static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl, +@@ -953,6 +1002,9 @@ static bool dl_dump_filter(struct dl *dl, struct nlattr **tb) + static void cmd_dev_help(void) + { + pr_err("Usage: devlink dev show [ DEV ]\n"); ++ pr_err(" devlink dev eswitch set DEV [ mode { legacy | switchdev } ]\n"); ++ pr_err(" [ inline-mode { none | link | network | transport } ]\n"); ++ pr_err(" devlink dev eswitch show DEV\n"); + } + + static void __pr_out_handle(const char *bus_name, const char *dev_name) +@@ -1028,6 +1080,22 @@ static const char *eswitch_mode_name(uint32_t mode) + } + } + ++static const char *eswitch_inline_mode_name(uint32_t mode) ++{ ++ switch (mode) { ++ case DEVLINK_ESWITCH_INLINE_MODE_NONE: ++ return ESWITCH_INLINE_MODE_NONE; ++ case DEVLINK_ESWITCH_INLINE_MODE_LINK: ++ return ESWITCH_INLINE_MODE_LINK; ++ case DEVLINK_ESWITCH_INLINE_MODE_NETWORK: ++ return ESWITCH_INLINE_MODE_NETWORK; ++ case DEVLINK_ESWITCH_INLINE_MODE_TRANSPORT: ++ return ESWITCH_INLINE_MODE_TRANSPORT; ++ default: ++ return "<unknown mode>"; ++ } ++} ++ + static void pr_out_eswitch(struct dl *dl, struct nlattr **tb) + { + pr_out_handle(tb); +@@ -1037,6 +1105,11 @@ static void pr_out_eswitch(struct dl *dl, struct nlattr **tb) + pr_out(" mode %s", + eswitch_mode_name(mnl_attr_get_u16(tb[DEVLINK_ATTR_ESWITCH_MODE]))); + ++ if (tb[DEVLINK_ATTR_ESWITCH_INLINE_MODE]) ++ pr_out(" inline-mode %s", ++ eswitch_inline_mode_name(mnl_attr_get_u8( ++ tb[DEVLINK_ATTR_ESWITCH_INLINE_MODE]))); ++ + pr_out("\n"); + } + +@@ -1076,16 +1149,27 @@ static int cmd_dev_eswitch_set(struct dl *dl) + nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_ESWITCH_MODE_SET, + NLM_F_REQUEST | NLM_F_ACK); + +- err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE | DL_OPT_ESWITCH_MODE, 0); ++ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, ++ DL_OPT_ESWITCH_MODE | ++ DL_OPT_ESWITCH_INLINE_MODE); ++ + if (err) + return err; + ++ if (dl->opts.present == 1) { ++ pr_err("Need to set at least one option\n"); ++ return -ENOENT; ++ } ++ + return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); + } + + static int cmd_dev_eswitch(struct dl *dl) + { +- if (dl_argv_match(dl, "set")) { ++ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) { ++ cmd_dev_help(); ++ return 0; ++ } else if (dl_argv_match(dl, "set")) { + dl_arg_inc(dl); + return cmd_dev_eswitch_set(dl); + } else if (dl_argv_match(dl, "show")) { +diff --git a/man/man8/devlink-dev.8 b/man/man8/devlink-dev.8 +index 9ce319374551..6bfe66f87955 100644 +--- a/man/man8/devlink-dev.8 ++++ b/man/man8/devlink-dev.8 +@@ -31,6 +31,9 @@ devlink-dev \- devlink device configuration + .RI "[ " + .BR mode " { " legacy " | " switchdev " } " + .RI "]" ++.RI "[ " ++.BR inline-mode " { " none " | " link " | " network " | " transport " } " ++.RI "]" + + .ti -8 + .BR "devlink dev eswitch show" +@@ -54,7 +57,7 @@ BUS_NAME/BUS_ADDRESS + + .TP + .BR mode " { " legacy " | " switchdev " } " +-set eswitch mode ++Set eswitch mode + + .I legacy + - Legacy SRIOV +@@ -62,6 +65,22 @@ set eswitch mode + .I switchdev + - SRIOV switchdev offloads + ++.TP ++.BR inline-mode " { " none " | " link " | " network " | " transport " } " ++Some HWs need the VF driver to put part of the packet headers on the TX descriptor so the e-switch can do proper matching and steering. ++ ++.I none ++- None ++ ++.I link ++- L2 mode ++ ++.I network ++- L3 mode ++ ++.I transport ++- L4 mode ++ + .SH "EXAMPLES" + .PP + devlink dev show +-- +2.13.1 + diff --git a/SOURCES/0174-utils-add-get_be-16-32-64-use-them-where-possible.patch b/SOURCES/0174-utils-add-get_be-16-32-64-use-them-where-possible.patch deleted file mode 100644 index 15b804d..0000000 --- a/SOURCES/0174-utils-add-get_be-16-32-64-use-them-where-possible.patch +++ /dev/null @@ -1,232 +0,0 @@ -From 25b35417c2ea49d31289177a81cb988369e138db Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 6 Jul 2016 18:41:34 +0200 -Subject: [PATCH] utils: add get_be{16, 32, 64}, use them where possible - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1300765 -Upstream Status: iproute2.git commit 9f7401fa4967 - -Conflicts: -- context conflicts due to missing code cleanups (lack of upstream commit -892e21248cfd and 56f5daac98da) -- hunks not merged: -get_be64() implementation in utils.{c,h} due to missing support for -lwtunnel (lack of upstream commit 1e5293056a02 implementing htonll()) -ip/ipfou.c due to missing support for foo-over-udp (lack of upstream commit -6928747b6e79) -tc/f_flower.c due to missing support for Flower classifier (lack of upstream -commit 30eb304ecd1d) -ip/iproute_lwtunnel.c due to missing support for lwtunnel (lack of upstream -commit 1e5293056a02) - -commit 9f7401fa4967178a071c53498f6bdc460c7cc4ea -Author: Sabrina Dubroca <sd@queasysnail.net> -Date: Fri Jun 3 16:45:46 2016 +0200 - - utils: add get_be{16, 32, 64}, use them where possible - - Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> - Acked-by: Phil Sutter <phil@nwl.cc> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - include/utils.h | 2 ++ - ip/iplink_vxlan.c | 7 ++----- - ip/ipxfrm.c | 13 +++---------- - ip/xfrm_state.c | 10 +++------- - lib/ll_proto.c | 3 +-- - lib/utils.c | 22 ++++++++++++++++++++++ - tc/f_u32.c | 8 ++------ - 7 files changed, 35 insertions(+), 30 deletions(-) - -diff --git a/include/utils.h b/include/utils.h -index 86af63b..4fd48b6 100644 ---- a/include/utils.h -+++ b/include/utils.h -@@ -97,6 +97,8 @@ extern int get_u16(__u16 *val, const char *arg, int base); - extern int get_s16(__s16 *val, const char *arg, int base); - extern int get_u8(__u8 *val, const char *arg, int base); - extern int get_s8(__s8 *val, const char *arg, int base); -+int get_be32(__be32 *val, const char *arg, int base); -+int get_be16(__be16 *val, const char *arg, int base); - - char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen); - __u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len); -diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c -index a4cf924..2ca97a4 100644 ---- a/ip/iplink_vxlan.c -+++ b/ip/iplink_vxlan.c -@@ -153,15 +153,12 @@ static int vxlan_parse_opt(struct link_util *lu, int argc, char **argv, - invarg("max addresses", *argv); - } else if (!matches(*argv, "port") || - !matches(*argv, "srcport")) { -- __u16 minport, maxport; - NEXT_ARG(); -- if (get_u16(&minport, *argv, 0)) -+ if (get_be16(&range.low, *argv, 0)) - invarg("min port", *argv); - NEXT_ARG(); -- if (get_u16(&maxport, *argv, 0)) -+ if (get_be16(&range.high, *argv, 0)) - invarg("max port", *argv); -- range.low = htons(minport); -- range.high = htons(maxport); - } else if (!matches(*argv, "dstport")){ - NEXT_ARG(); - if (get_u16(&dstport, *argv, 0)) -diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c -index feff09a..0344355 100644 ---- a/ip/ipxfrm.c -+++ b/ip/ipxfrm.c -@@ -1057,15 +1057,10 @@ int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family, - filter.id_proto_mask = XFRM_FILTER_MASK_FULL; - - } else if (strcmp(*argv, "spi") == 0) { -- __u32 spi; -- - NEXT_ARG(); -- if (get_u32(&spi, *argv, 0)) -+ if (get_be32(&id->spi, *argv, 0)) - invarg("SPI value is invalid", *argv); - -- spi = htonl(spi); -- id->spi = spi; -- - filter.id_spi_mask = XFRM_FILTER_MASK_FULL; - - } else { -@@ -1199,9 +1194,8 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel, - - NEXT_ARG(); - -- if (get_u16(&sel->sport, *argv, 0)) -+ if (get_be16(&sel->sport, *argv, 0)) - invarg("value after \"sport\" is invalid", *argv); -- sel->sport = htons(sel->sport); - if (sel->sport) - sel->sport_mask = ~((__u16)0); - -@@ -1212,9 +1206,8 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel, - - NEXT_ARG(); - -- if (get_u16(&sel->dport, *argv, 0)) -+ if (get_be16(&sel->dport, *argv, 0)) - invarg("value after \"dport\" is invalid", *argv); -- sel->dport = htons(sel->dport); - if (sel->dport) - sel->dport_mask = ~((__u16)0); - -diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c -index 20d7a7e..4dfddbc 100644 ---- a/ip/xfrm_state.c -+++ b/ip/xfrm_state.c -@@ -176,11 +176,9 @@ static int xfrm_seq_parse(__u32 *seq, int *argcp, char ***argvp) - int argc = *argcp; - char **argv = *argvp; - -- if (get_u32(seq, *argv, 0)) -+ if (get_be32(seq, *argv, 0)) - invarg("SEQ value is invalid", *argv); - -- *seq = htonl(*seq); -- - *argcp = argc; - *argvp = argv; - -@@ -346,13 +344,11 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv) - NEXT_ARG(); - xfrm_encap_type_parse(&encap.encap_type, &argc, &argv); - NEXT_ARG(); -- if (get_u16(&encap.encap_sport, *argv, 0)) -+ if (get_be16(&encap.encap_sport, *argv, 0)) - invarg("SPORT value after \"encap\" is invalid", *argv); -- encap.encap_sport = htons(encap.encap_sport); - NEXT_ARG(); -- if (get_u16(&encap.encap_dport, *argv, 0)) -+ if (get_be16(&encap.encap_dport, *argv, 0)) - invarg("DPORT value after \"encap\" is invalid", *argv); -- encap.encap_dport = htons(encap.encap_dport); - NEXT_ARG(); - get_addr(&oa, *argv, AF_UNSPEC); - memcpy(&encap.encap_oa, &oa.data, sizeof(encap.encap_oa)); -diff --git a/lib/ll_proto.c b/lib/ll_proto.c -index d8df68c..e094d9f 100644 ---- a/lib/ll_proto.c -+++ b/lib/ll_proto.c -@@ -111,8 +111,7 @@ int ll_proto_a2n(unsigned short *id, const char *buf) - return 0; - } - } -- if (get_u16(id, buf, 0)) -+ if (get_be16(id, buf, 0)) - return -1; -- *id = htons(*id); - return 0; - } -diff --git a/lib/utils.c b/lib/utils.c -index 5337084..687c188 100644 ---- a/lib/utils.c -+++ b/lib/utils.c -@@ -351,6 +351,28 @@ int get_s8(__s8 *val, const char *arg, int base) - return 0; - } - -+int get_be32(__be32 *val, const char *arg, int base) -+{ -+ __u32 v; -+ int ret = get_u32(&v, arg, base); -+ -+ if (!ret) -+ *val = htonl(v); -+ -+ return ret; -+} -+ -+int get_be16(__be16 *val, const char *arg, int base) -+{ -+ __u16 v; -+ int ret = get_u16(&v, arg, base); -+ -+ if (!ret) -+ *val = htons(v); -+ -+ return ret; -+} -+ - /* This uses a non-standard parsing (ie not inet_aton, or inet_pton) - * because of legacy choice to parse 10.8 as 10.8.0.0 not 10.0.0.8 - */ -diff --git a/tc/f_u32.c b/tc/f_u32.c -index 8bc9a17..134925e 100644 ---- a/tc/f_u32.c -+++ b/tc/f_u32.c -@@ -765,11 +765,9 @@ static int parse_offset(int *argc_p, char ***argv_p, struct tc_u32_sel *sel) - } - sel->flags |= TC_U32_VAROFFSET; - } else if (matches(*argv, "mask") == 0) { -- __u16 mask; - NEXT_ARG(); -- if (get_u16(&mask, *argv, 16)) -+ if (get_be16(&sel->offmask, *argv, 16)) - return -1; -- sel->offmask = htons(mask); - sel->flags |= TC_U32_VAROFFSET; - } else if (matches(*argv, "shift") == 0) { - int shift; -@@ -798,11 +796,9 @@ static int parse_hashkey(int *argc_p, char ***argv_p, struct tc_u32_sel *sel) - - while (argc > 0) { - if (matches(*argv, "mask") == 0) { -- __u32 mask; - NEXT_ARG(); -- if (get_u32(&mask, *argv, 16)) -+ if (get_be32(&sel->hmask, *argv, 16)) - return -1; -- sel->hmask = htonl(mask); - } else if (matches(*argv, "at") == 0) { - int num; - NEXT_ARG(); --- -1.8.3.1 - diff --git a/SOURCES/0175-devlink-Call-dl_free-in-early-exit-case.patch b/SOURCES/0175-devlink-Call-dl_free-in-early-exit-case.patch new file mode 100644 index 0000000..0f30458 --- /dev/null +++ b/SOURCES/0175-devlink-Call-dl_free-in-early-exit-case.patch @@ -0,0 +1,52 @@ +From af98686199a4b31c19894448d3942687bbcd1905 Mon Sep 17 00:00:00 2001 +From: Sabrina Dubroca <sdubroca@redhat.com> +Date: Fri, 9 Jun 2017 10:31:30 +0200 +Subject: [PATCH] devlink: Call dl_free in early exit case + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1459772 +Upstream Status: iproute2.git commit b77c77d29495 + +commit b77c77d294959bc8c8ef948fc7849d1794347f8e +Author: Leon Romanovsky <leonro@mellanox.com> +Date: Tue Feb 14 07:29:38 2017 +0200 + + devlink: Call dl_free in early exit case + + Prior to parsing command options, the devlink tool allocates memory + to store results. In case of early exit (wrong parameters or version + check), this memory wasn't freed. + + Signed-off-by: Leon Romanovsky <leonro@mellanox.com> + Acked-by: Jiri Pirko <jiri@mellanox.com> + +Signed-off-by: Sabrina Dubroca <sdubroca@redhat.com> +--- + devlink/devlink.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/devlink/devlink.c b/devlink/devlink.c +index ce4aff871595..a81668b0929c 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -2314,14 +2314,16 @@ int main(int argc, char **argv) + switch (opt) { + case 'V': + printf("devlink utility, iproute2-ss%s\n", SNAPSHOT); +- return EXIT_SUCCESS; ++ ret = EXIT_SUCCESS; ++ goto dl_free; + case 'n': + dl->no_nice_names = true; + break; + default: + pr_err("Unknown option.\n"); + help(); +- return EXIT_FAILURE; ++ ret = EXIT_FAILURE; ++ goto dl_free; + } + } + +-- +2.13.1 + diff --git a/SOURCES/0175-utils-provide-get_hex-to-read-a-hex-digit-from-a-cha.patch b/SOURCES/0175-utils-provide-get_hex-to-read-a-hex-digit-from-a-cha.patch deleted file mode 100644 index 71d702c..0000000 --- a/SOURCES/0175-utils-provide-get_hex-to-read-a-hex-digit-from-a-cha.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 1880eb1a9cd934736ed4b41b247664760bc7b69c Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 6 Jul 2016 18:41:35 +0200 -Subject: [PATCH] utils: provide get_hex to read a hex digit from a char - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1300765 -Upstream Status: iproute2.git commit 609640f5f0fe - -Conflicts: context conflict due to missing code cleanup (lack of upstream -commit 892e21248cfd) - -commit 609640f5f0feda8099b04452297d81dd1a8a1777 -Author: Sabrina Dubroca <sd@queasysnail.net> -Date: Fri Jun 3 16:45:47 2016 +0200 - - utils: provide get_hex to read a hex digit from a char - - Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> - Acked-by: Phil Sutter <phil@nwl.cc> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - include/utils.h | 1 + - ip/ipl2tp.c | 15 ++------------- - lib/ipx_pton.c | 18 +++--------------- - lib/utils.c | 12 ++++++++++++ - 4 files changed, 18 insertions(+), 28 deletions(-) - -diff --git a/include/utils.h b/include/utils.h -index 4fd48b6..fad82dc 100644 ---- a/include/utils.h -+++ b/include/utils.h -@@ -84,6 +84,7 @@ extern int get_addr(inet_prefix *dst, const char *arg, int family); - extern int get_prefix(inet_prefix *dst, char *arg, int family); - extern int mask2bits(__u32 netmask); - -+int get_hex(char c); - extern int get_integer(int *val, const char *arg, int base); - extern int get_unsigned(unsigned *val, const char *arg, int base); - extern int get_time_rtt(unsigned *val, const char *arg, int *raw); -diff --git a/ip/ipl2tp.c b/ip/ipl2tp.c -index 92e15c5..d2c8979 100644 ---- a/ip/ipl2tp.c -+++ b/ip/ipl2tp.c -@@ -424,30 +424,19 @@ static int get_tunnel(struct l2tp_data *p) - * Command parser - *****************************************************************************/ - --static int hex(char ch) --{ -- if ((ch >= 'a') && (ch <= 'f')) -- return ch - 'a' + 10; -- if ((ch >= '0') && (ch <= '9')) -- return ch - '0'; -- if ((ch >= 'A') && (ch <= 'F')) -- return ch - 'A' + 10; -- return -1; --} -- - static int hex2mem(const char *buf, uint8_t *mem, int count) - { - int i, j; - int c; - - for (i = 0, j = 0; i < count; i++, j += 2) { -- c = hex(buf[j]); -+ c = get_hex(buf[j]); - if (c < 0) - goto err; - - mem[i] = c << 4; - -- c = hex(buf[j + 1]); -+ c = get_hex(buf[j + 1]); - if (c < 0) - goto err; - -diff --git a/lib/ipx_pton.c b/lib/ipx_pton.c -index 3dca271..071a775 100644 ---- a/lib/ipx_pton.c -+++ b/lib/ipx_pton.c -@@ -6,18 +6,6 @@ - - #include "utils.h" - --static u_int32_t hexget(char c) --{ -- if (c >= 'A' && c <= 'F') -- return c - 'A' + 10; -- if (c >= 'a' && c <= 'f') -- return c - 'a' + 10; -- if (c >= '0' && c <= '9') -- return c - '0'; -- -- return 0xf0; --} -- - static int ipx_getnet(u_int32_t *net, const char *str) - { - int i; -@@ -25,7 +13,7 @@ static int ipx_getnet(u_int32_t *net, const char *str) - - for(i = 0; *str && (i < 8); i++) { - -- if ((tmp = hexget(*str)) & 0xf0) { -+ if ((tmp = get_hex(*str)) == -1) { - if (*str == '.') - return 0; - else -@@ -49,11 +37,11 @@ static int ipx_getnode(u_int8_t *node, const char *str) - u_int32_t tmp; - - for(i = 0; i < 6; i++) { -- if ((tmp = hexget(*str++)) & 0xf0) -+ if ((tmp = get_hex(*str++)) == -1) - return -1; - node[i] = (u_int8_t)tmp; - node[i] <<= 4; -- if ((tmp = hexget(*str++)) & 0xf0) -+ if ((tmp = get_hex(*str++)) == -1) - return -1; - node[i] |= (u_int8_t)tmp; - if (*str == ':') -diff --git a/lib/utils.c b/lib/utils.c -index 687c188..dedadff 100644 ---- a/lib/utils.c -+++ b/lib/utils.c -@@ -35,6 +35,18 @@ - - int timestamp_short = 0; - -+int get_hex(char c) -+{ -+ if (c >= 'A' && c <= 'F') -+ return c - 'A' + 10; -+ if (c >= 'a' && c <= 'f') -+ return c - 'a' + 10; -+ if (c >= '0' && c <= '9') -+ return c - '0'; -+ -+ return -1; -+} -+ - int get_integer(int *val, const char *arg, int base) - { - long res; --- -1.8.3.1 - diff --git a/SOURCES/0176-ip-add-MACsec-support.patch b/SOURCES/0176-ip-add-MACsec-support.patch deleted file mode 100644 index c50248f..0000000 --- a/SOURCES/0176-ip-add-MACsec-support.patch +++ /dev/null @@ -1,1619 +0,0 @@ -From 2eacdef42c7194133be00b2de64cabd72b88aef1 Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 6 Jul 2016 18:41:36 +0200 -Subject: [PATCH] ip: add MACsec support - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1300765 -Upstream Status: iproute2.git commit b26fc590ce62 - -Conflicts: -- context conflict due to missing code cleanup (lack of upstream commit -892e21248cfd) -- context conflict due to missing support for foo-over-udp (lack of upstream -commit 6928747b6e79) - -commit b26fc590ce6272835da35c016f6a99f5f43d6a88 -Author: Sabrina Dubroca <sd@queasysnail.net> -Date: Wed Jun 8 09:34:21 2016 -0700 - - ip: add MACsec support - - Extend ip-link to create MACsec devices - - ip link add link <master> <macsec> type macsec [options] - - Add `ip macsec` command to configure receive-side secure channels and - secure associations within a macsec netdevice. - - Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> - Acked-by: Phil Sutter <phil@nwl.cc> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - ip/Makefile | 2 +- - ip/ip.c | 3 +- - ip/ip_common.h | 1 + - ip/ipmacsec.c | 1301 +++++++++++++++++++++++++++++++++++++++++++++++++ - man/man8/Makefile | 2 +- - man/man8/ip-link.8.in | 85 ++++ - man/man8/ip-macsec.8 | 98 ++++ - 7 files changed, 1489 insertions(+), 3 deletions(-) - create mode 100644 ip/ipmacsec.c - create mode 100644 man/man8/ip-macsec.8 - -diff --git a/ip/Makefile b/ip/Makefile -index 5aad224..f6de690 100644 ---- a/ip/Makefile -+++ b/ip/Makefile -@@ -6,7 +6,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ - iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \ - iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ - link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o \ -- iplink_bridge.o iplink_bridge_slave.o \ -+ iplink_bridge.o iplink_bridge_slave.o ipmacsec.o \ - iplink_geneve.o - - RTMONOBJ=rtmon.o -diff --git a/ip/ip.c b/ip/ip.c -index 8b9b9c0..d6f1391 100644 ---- a/ip/ip.c -+++ b/ip/ip.c -@@ -49,7 +49,7 @@ static void usage(void) - " ip [ -force ] -batch filename\n" - "where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |\n" - " tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |\n" --" netns | l2tp | tcp_metrics | token }\n" -+" netns | l2tp | macsec | tcp_metrics | token }\n" - " OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n" - " -h[uman-readable] | -iec |\n" - " -f[amily] { inet | inet6 | ipx | dnet | bridge | link } |\n" -@@ -81,6 +81,7 @@ static const struct cmd { - { "ntbl", do_ipntable }, - { "link", do_iplink }, - { "l2tp", do_ipl2tp }, -+ { "macsec", do_ipmacsec }, - { "tunnel", do_iptunnel }, - { "tunl", do_iptunnel }, - { "tuntap", do_iptuntap }, -diff --git a/ip/ip_common.h b/ip/ip_common.h -index 880890e..c3e7fda 100644 ---- a/ip/ip_common.h -+++ b/ip/ip_common.h -@@ -44,6 +44,7 @@ extern int do_iptunnel(int argc, char **argv); - extern int do_ip6tunnel(int argc, char **argv); - extern int do_iptuntap(int argc, char **argv); - extern int do_iplink(int argc, char **argv); -+int do_ipmacsec(int argc, char **argv); - extern int do_ipmonitor(int argc, char **argv); - extern int do_multiaddr(int argc, char **argv); - extern int do_multiroute(int argc, char **argv); -diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c -new file mode 100644 -index 0000000..34ba341 ---- /dev/null -+++ b/ip/ipmacsec.c -@@ -0,0 +1,1301 @@ -+/* -+ * ipmacsec.c "ip macsec". -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Sabrina Dubroca <sd@queasysnail.net> -+ */ -+ -+#include <stdio.h> -+#include <stdlib.h> -+#include <string.h> -+#include <errno.h> -+#include <linux/genetlink.h> -+#include <linux/if_ether.h> -+#include <linux/if_macsec.h> -+ -+#include "rt_names.h" -+#include "utils.h" -+#include "ip_common.h" -+#include "ll_map.h" -+#include "libgenl.h" -+ -+static const char *values_on_off[] = { "off", "on" }; -+ -+static const char *VALIDATE_STR[] = { -+ [MACSEC_VALIDATE_DISABLED] = "disabled", -+ [MACSEC_VALIDATE_CHECK] = "check", -+ [MACSEC_VALIDATE_STRICT] = "strict", -+}; -+ -+struct sci { -+ __u64 sci; -+ __u16 port; -+ char abuf[6]; -+}; -+ -+struct sa_desc { -+ __u8 an; -+ __u32 pn; -+ __u8 key_id[MACSEC_KEYID_LEN]; -+ __u32 key_len; -+ __u8 key[MACSEC_MAX_KEY_LEN]; -+ __u8 active; -+}; -+ -+struct cipher_args { -+ __u64 id; -+ __u8 icv_len; -+}; -+ -+struct txsc_desc { -+ int ifindex; -+ __u64 sci; -+ __be16 port; -+ struct cipher_args cipher; -+ __u32 window; -+ enum macsec_validation_type validate; -+ __u8 encoding_sa; -+}; -+ -+struct rxsc_desc { -+ int ifindex; -+ __u64 sci; -+ __u8 active; -+}; -+ -+#define MACSEC_BUFLEN 1024 -+ -+ -+/* netlink socket */ -+static struct rtnl_handle genl_rth; -+static int genl_family = -1; -+ -+#define MACSEC_GENL_REQ(_req, _bufsiz, _cmd, _flags) \ -+ GENL_REQUEST(_req, _bufsiz, genl_family, 0, MACSEC_GENL_VERSION, \ -+ _cmd, _flags) -+ -+ -+static void init_genl(void) -+{ -+ if (genl_family >= 0) -+ return; -+ -+ if (rtnl_open_byproto(&genl_rth, 0, NETLINK_GENERIC) < 0) { -+ fprintf(stderr, "Cannot open generic netlink socket\n"); -+ exit(1); -+ } -+ -+ genl_family = genl_resolve_family(&genl_rth, MACSEC_GENL_NAME); -+ if (genl_family < 0) -+ exit(1); -+} -+ -+static void ipmacsec_usage(void) -+{ -+ fprintf(stderr, "Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEY\n"); -+ fprintf(stderr, " ip macsec set DEV tx sa { 0..3 } [ OPTS ]\n"); -+ fprintf(stderr, " ip macsec del DEV tx sa { 0..3 }\n"); -+ fprintf(stderr, " ip macsec add DEV rx SCI [ on | off ]\n"); -+ fprintf(stderr, " ip macsec set DEV rx SCI [ on | off ]\n"); -+ fprintf(stderr, " ip macsec del DEV rx SCI\n"); -+ fprintf(stderr, " ip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEY\n"); -+ fprintf(stderr, " ip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]\n"); -+ fprintf(stderr, " ip macsec del DEV rx SCI sa { 0..3 }\n"); -+ fprintf(stderr, " ip macsec show\n"); -+ fprintf(stderr, " ip macsec show DEV\n"); -+ fprintf(stderr, "where OPTS := [ pn <u32> ] [ on | off ]\n"); -+ fprintf(stderr, " ID := 128-bit hex string\n"); -+ fprintf(stderr, " KEY := 128-bit hex string\n"); -+ fprintf(stderr, " SCI := { sci <u64> | port <u16> address <lladdr> }\n"); -+ -+ exit(-1); -+} -+ -+static int one_of(const char *msg, const char *realval, const char **list, -+ size_t len, int *index) -+{ -+ int i; -+ -+ for (i = 0; i < len; i++) { -+ if (matches(realval, list[i]) == 0) { -+ *index = i; -+ return 0; -+ } -+ } -+ -+ fprintf(stderr, "Error: argument of \"%s\" must be one of ", msg); -+ for (i = 0; i < len; i++) -+ fprintf(stderr, "\"%s\", ", list[i]); -+ fprintf(stderr, "not \"%s\"\n", realval); -+ return -1; -+} -+ -+static int get_an(__u8 *val, const char *arg) -+{ -+ int ret = get_u8(val, arg, 0); -+ -+ if (ret) -+ return ret; -+ -+ if (*val > 3) -+ return -1; -+ -+ return 0; -+} -+ -+static int get_sci(__u64 *sci, const char *arg) -+{ -+ return get_u64(sci, arg, 16); -+} -+ -+static int get_port(__be16 *port, const char *arg) -+{ -+ return get_be16(port, arg, 10); -+} -+ -+#define _STR(a) #a -+#define STR(a) _STR(a) -+ -+static void get_icvlen(__u8 *icvlen, char *arg) -+{ -+ int ret = get_u8(icvlen, arg, 10); -+ -+ if (ret) -+ invarg("expected ICV length", arg); -+ -+ if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_MAX_ICV_LEN) -+ invarg("ICV length must be in the range {" -+ STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_MAX_ICV_LEN) -+ "}", arg); -+} -+ -+static bool get_sa(int *argcp, char ***argvp, __u8 *an) -+{ -+ int argc = *argcp; -+ char **argv = *argvp; -+ int ret; -+ -+ if (argc <= 0 || strcmp(*argv, "sa") != 0) -+ return false; -+ -+ NEXT_ARG(); -+ ret = get_an(an, *argv); -+ if (ret) -+ invarg("expected an { 0..3 }", *argv); -+ argc--; argv++; -+ -+ *argvp = argv; -+ *argcp = argc; -+ return true; -+} -+ -+static int parse_sa_args(int *argcp, char ***argvp, struct sa_desc *sa) -+{ -+ int argc = *argcp; -+ char **argv = *argvp; -+ int ret; -+ bool active_set = false; -+ -+ while (argc > 0) { -+ if (strcmp(*argv, "pn") == 0) { -+ if (sa->pn != 0) -+ duparg2("pn", "pn"); -+ NEXT_ARG(); -+ ret = get_u32(&sa->pn, *argv, 0); -+ if (ret) -+ invarg("expected pn", *argv); -+ if (sa->pn == 0) -+ invarg("expected pn != 0", *argv); -+ } else if (strcmp(*argv, "key") == 0) { -+ unsigned int len; -+ -+ NEXT_ARG(); -+ if (!hexstring_a2n(*argv, sa->key_id, MACSEC_KEYID_LEN, -+ &len)) -+ invarg("expected key id", *argv); -+ NEXT_ARG(); -+ if (!hexstring_a2n(*argv, sa->key, MACSEC_MAX_KEY_LEN, -+ &sa->key_len)) -+ invarg("expected key", *argv); -+ } else if (strcmp(*argv, "on") == 0) { -+ if (active_set) -+ duparg2("on/off", "on"); -+ sa->active = true; -+ active_set = true; -+ } else if (strcmp(*argv, "off") == 0) { -+ if (active_set) -+ duparg2("on/off", "off"); -+ sa->active = false; -+ active_set = true; -+ } else { -+ fprintf(stderr, "macsec: unknown command \"%s\"?\n", -+ *argv); -+ ipmacsec_usage(); -+ } -+ -+ argv++; argc--; -+ } -+ -+ *argvp = argv; -+ *argcp = argc; -+ return 0; -+} -+ -+static __u64 make_sci(char *addr, __be16 port) -+{ -+ __u64 sci; -+ -+ memcpy(&sci, addr, ETH_ALEN); -+ memcpy(((char *)&sci) + ETH_ALEN, &port, sizeof(port)); -+ -+ return sci; -+} -+ -+static bool sci_complete(bool sci, bool port, bool addr, bool port_only) -+{ -+ return sci || (port && (addr || port_only)); -+} -+ -+static int get_sci_portaddr(struct sci *sci, int *argcp, char ***argvp, -+ bool port_only, bool optional) -+{ -+ int argc = *argcp; -+ char **argv = *argvp; -+ int ret; -+ bool p = false, a = false, s = false; -+ -+ while (argc > 0) { -+ if (strcmp(*argv, "sci") == 0) { -+ if (p) -+ invarg("expected address", *argv); -+ if (a) -+ invarg("expected port", *argv); -+ NEXT_ARG(); -+ ret = get_sci(&sci->sci, *argv); -+ if (ret) -+ invarg("expected sci", *argv); -+ s = true; -+ } else if (strcmp(*argv, "port") == 0) { -+ NEXT_ARG(); -+ ret = get_port(&sci->port, *argv); -+ if (ret) -+ invarg("expected port", *argv); -+ if (sci->port == 0) -+ invarg("expected port != 0", *argv); -+ p = true; -+ } else if (strcmp(*argv, "address") == 0) { -+ NEXT_ARG(); -+ ret = ll_addr_a2n(sci->abuf, sizeof(sci->abuf), *argv); -+ if (ret < 0) -+ invarg("expected lladdr", *argv); -+ a = true; -+ } else if (optional) { -+ break; -+ } else { -+ invarg("expected sci, port, or address", *argv); -+ } -+ -+ argv++; argc--; -+ -+ if (sci_complete(s, p, a, port_only)) -+ break; -+ } -+ -+ if (!optional && !sci_complete(s, p, a, port_only)) -+ return -1; -+ -+ if (p && a) -+ sci->sci = make_sci(sci->abuf, sci->port); -+ -+ *argvp = argv; -+ *argcp = argc; -+ -+ return p || a || s; -+} -+ -+static bool parse_rxsci(int *argcp, char ***argvp, struct rxsc_desc *rxsc, -+ struct sa_desc *rxsa) -+{ -+ struct sci sci = { 0 }; -+ -+ if (*argcp == 0 || -+ get_sci_portaddr(&sci, argcp, argvp, false, false) < 0) { -+ fprintf(stderr, "expected sci\n"); -+ ipmacsec_usage(); -+ } -+ -+ rxsc->sci = sci.sci; -+ -+ return get_sa(argcp, argvp, &rxsa->an); -+} -+ -+static int parse_rxsci_args(int *argcp, char ***argvp, struct rxsc_desc *rxsc) -+{ -+ int argc = *argcp; -+ char **argv = *argvp; -+ bool active_set = false; -+ -+ while (argc > 0) { -+ if (strcmp(*argv, "on") == 0) { -+ if (active_set) -+ duparg2("on/off", "on"); -+ rxsc->active = true; -+ active_set = true; -+ } else if (strcmp(*argv, "off") == 0) { -+ if (active_set) -+ duparg2("on/off", "off"); -+ rxsc->active = false; -+ active_set = true; -+ } else { -+ fprintf(stderr, "macsec: unknown command \"%s\"?\n", -+ *argv); -+ ipmacsec_usage(); -+ } -+ -+ argv++; argc--; -+ } -+ -+ *argvp = argv; -+ *argcp = argc; -+ return 0; -+} -+ -+enum cmd { -+ CMD_ADD, -+ CMD_DEL, -+ CMD_UPD, -+ __CMD_MAX -+}; -+ -+static const enum macsec_nl_commands macsec_commands[__CMD_MAX][2][2] = { -+ [CMD_ADD] = { -+ [0] = {-1, MACSEC_CMD_ADD_RXSC}, -+ [1] = {MACSEC_CMD_ADD_TXSA, MACSEC_CMD_ADD_RXSA}, -+ }, -+ [CMD_UPD] = { -+ [0] = {-1, MACSEC_CMD_UPD_RXSC}, -+ [1] = {MACSEC_CMD_UPD_TXSA, MACSEC_CMD_UPD_RXSA}, -+ }, -+ [CMD_DEL] = { -+ [0] = {-1, MACSEC_CMD_DEL_RXSC}, -+ [1] = {MACSEC_CMD_DEL_TXSA, MACSEC_CMD_DEL_RXSA}, -+ }, -+}; -+ -+static int do_modify_nl(enum cmd c, enum macsec_nl_commands cmd, int ifindex, -+ struct rxsc_desc *rxsc, struct sa_desc *sa) -+{ -+ struct rtattr *attr_sa; -+ -+ MACSEC_GENL_REQ(req, MACSEC_BUFLEN, cmd, NLM_F_REQUEST); -+ -+ addattr32(&req.n, MACSEC_BUFLEN, MACSEC_ATTR_IFINDEX, ifindex); -+ if (rxsc) { -+ struct rtattr *attr_rxsc; -+ -+ attr_rxsc = addattr_nest(&req.n, MACSEC_BUFLEN, -+ MACSEC_ATTR_RXSC_CONFIG); -+ addattr64(&req.n, MACSEC_BUFLEN, -+ MACSEC_RXSC_ATTR_SCI, rxsc->sci); -+ if (c != CMD_DEL && rxsc->active != 0xff) -+ addattr8(&req.n, MACSEC_BUFLEN, -+ MACSEC_RXSC_ATTR_ACTIVE, rxsc->active); -+ -+ addattr_nest_end(&req.n, attr_rxsc); -+ } -+ -+ if (sa->an == 0xff) -+ goto talk; -+ -+ attr_sa = addattr_nest(&req.n, MACSEC_BUFLEN, MACSEC_ATTR_SA_CONFIG); -+ -+ addattr8(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_AN, sa->an); -+ -+ if (c != CMD_DEL) { -+ if (sa->pn) -+ addattr32(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_PN, -+ sa->pn); -+ -+ if (sa->key_len) { -+ addattr_l(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_KEYID, -+ sa->key_id, MACSEC_KEYID_LEN); -+ addattr_l(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_KEY, -+ sa->key, sa->key_len); -+ } -+ -+ if (sa->active != 0xff) { -+ addattr8(&req.n, MACSEC_BUFLEN, -+ MACSEC_SA_ATTR_ACTIVE, sa->active); -+ } -+ } -+ -+ addattr_nest_end(&req.n, attr_sa); -+ -+talk: -+ if (rtnl_talk(&genl_rth, &req.n, NULL, 0) < 0) -+ return -2; -+ -+ return 0; -+} -+ -+static bool check_sa_args(enum cmd c, struct sa_desc *sa) -+{ -+ if (c == CMD_ADD) { -+ if (!sa->key_len) { -+ fprintf(stderr, "cannot create SA without key\n"); -+ return -1; -+ } -+ -+ if (sa->pn == 0) { -+ fprintf(stderr, "must specify a packet number != 0\n"); -+ return -1; -+ } -+ } else if (c == CMD_UPD) { -+ if (sa->key_len) { -+ fprintf(stderr, "cannot change key on SA\n"); -+ return -1; -+ } -+ } -+ -+ return 0; -+} -+ -+static int do_modify_txsa(enum cmd c, int argc, char **argv, int ifindex) -+{ -+ struct sa_desc txsa = {0}; -+ enum macsec_nl_commands cmd; -+ -+ txsa.an = 0xff; -+ txsa.active = 0xff; -+ -+ if (argc == 0 || !get_sa(&argc, &argv, &txsa.an)) -+ ipmacsec_usage(); -+ -+ if (c == CMD_DEL) -+ goto modify; -+ -+ if (parse_sa_args(&argc, &argv, &txsa)) -+ return -1; -+ -+ if (check_sa_args(c, &txsa)) -+ return -1; -+ -+modify: -+ cmd = macsec_commands[c][1][0]; -+ return do_modify_nl(c, cmd, ifindex, NULL, &txsa); -+} -+ -+static int do_modify_rxsci(enum cmd c, int argc, char **argv, int ifindex) -+{ -+ struct rxsc_desc rxsc = {0}; -+ struct sa_desc rxsa = {0}; -+ bool sa_set; -+ enum macsec_nl_commands cmd; -+ -+ rxsc.ifindex = ifindex; -+ rxsc.active = 0xff; -+ rxsa.an = 0xff; -+ rxsa.active = 0xff; -+ -+ sa_set = parse_rxsci(&argc, &argv, &rxsc, &rxsa); -+ -+ if (c == CMD_DEL) -+ goto modify; -+ -+ if (sa_set && (parse_sa_args(&argc, &argv, &rxsa) || -+ check_sa_args(c, &rxsa))) -+ return -1; -+ if (!sa_set && parse_rxsci_args(&argc, &argv, &rxsc)) -+ return -1; -+ -+modify: -+ cmd = macsec_commands[c][sa_set][1]; -+ return do_modify_nl(c, cmd, rxsc.ifindex, &rxsc, &rxsa); -+} -+ -+static int do_modify(enum cmd c, int argc, char **argv) -+{ -+ int ifindex; -+ -+ if (argc == 0) -+ ipmacsec_usage(); -+ -+ ifindex = ll_name_to_index(*argv); -+ if (!ifindex) { -+ fprintf(stderr, "Device \"%s\" does not exist.\n", *argv); -+ return -1; -+ } -+ argc--; argv++; -+ -+ if (argc == 0) -+ ipmacsec_usage(); -+ -+ if (strcmp(*argv, "tx") == 0) -+ return do_modify_txsa(c, argc-1, argv+1, ifindex); -+ if (strcmp(*argv, "rx") == 0) -+ return do_modify_rxsci(c, argc-1, argv+1, ifindex); -+ -+ ipmacsec_usage(); -+ return -1; -+} -+ -+/* dump/show */ -+static struct { -+ int ifindex; -+ __u64 sci; -+} filter; -+ -+static int validate_dump(struct rtattr **attrs) -+{ -+ return attrs[MACSEC_ATTR_IFINDEX] && attrs[MACSEC_ATTR_SECY] && -+ attrs[MACSEC_ATTR_TXSA_LIST] && attrs[MACSEC_ATTR_RXSC_LIST] && -+ attrs[MACSEC_ATTR_TXSC_STATS] && attrs[MACSEC_ATTR_SECY_STATS]; -+ -+} -+ -+static int validate_secy_dump(struct rtattr **attrs) -+{ -+ return attrs[MACSEC_SECY_ATTR_SCI] && -+ attrs[MACSEC_SECY_ATTR_ENCODING_SA] && -+ attrs[MACSEC_SECY_ATTR_CIPHER_SUITE] && -+ attrs[MACSEC_SECY_ATTR_ICV_LEN] && -+ attrs[MACSEC_SECY_ATTR_PROTECT] && -+ attrs[MACSEC_SECY_ATTR_REPLAY] && -+ attrs[MACSEC_SECY_ATTR_OPER] && -+ attrs[MACSEC_SECY_ATTR_VALIDATE] && -+ attrs[MACSEC_SECY_ATTR_ENCRYPT] && -+ attrs[MACSEC_SECY_ATTR_INC_SCI] && -+ attrs[MACSEC_SECY_ATTR_ES] && -+ attrs[MACSEC_SECY_ATTR_SCB]; -+} -+ -+static void print_flag(FILE *f, struct rtattr *attrs[], const char *desc, -+ int field) -+{ -+ if (attrs[field]) -+ fprintf(f, "%s %s ", desc, -+ values_on_off[!!rta_getattr_u8(attrs[field])]); -+} -+ -+#define DEFAULT_CIPHER_NAME "GCM-AES-128" -+ -+static const char *cs_id_to_name(__u64 cid) -+{ -+ switch (cid) { -+ case MACSEC_DEFAULT_CIPHER_ID: -+ case MACSEC_DEFAULT_CIPHER_ALT: -+ return DEFAULT_CIPHER_NAME; -+ default: -+ return "(unknown)"; -+ } -+} -+ -+static void print_cipher_suite(const char *prefix, __u64 cid, __u8 icv_len) -+{ -+ printf("%scipher suite: %s, using ICV length %d\n", prefix, -+ cs_id_to_name(cid), icv_len); -+} -+ -+static void print_attrs(const char *prefix, struct rtattr *attrs[]) -+{ -+ print_flag(stdout, attrs, "protect", MACSEC_SECY_ATTR_PROTECT); -+ -+ if (attrs[MACSEC_SECY_ATTR_VALIDATE]) { -+ __u8 val = rta_getattr_u8(attrs[MACSEC_SECY_ATTR_VALIDATE]); -+ -+ printf("validate %s ", VALIDATE_STR[val]); -+ } -+ -+ print_flag(stdout, attrs, "sc", MACSEC_RXSC_ATTR_ACTIVE); -+ print_flag(stdout, attrs, "sa", MACSEC_SA_ATTR_ACTIVE); -+ print_flag(stdout, attrs, "encrypt", MACSEC_SECY_ATTR_ENCRYPT); -+ print_flag(stdout, attrs, "send_sci", MACSEC_SECY_ATTR_INC_SCI); -+ print_flag(stdout, attrs, "end_station", MACSEC_SECY_ATTR_ES); -+ print_flag(stdout, attrs, "scb", MACSEC_SECY_ATTR_SCB); -+ -+ print_flag(stdout, attrs, "replay", MACSEC_SECY_ATTR_REPLAY); -+ if (attrs[MACSEC_SECY_ATTR_WINDOW]) { -+ printf("window %d ", -+ rta_getattr_u32(attrs[MACSEC_SECY_ATTR_WINDOW])); -+ } -+ -+ if (attrs[MACSEC_SECY_ATTR_CIPHER_SUITE] && -+ attrs[MACSEC_SECY_ATTR_ICV_LEN]) { -+ printf("\n"); -+ print_cipher_suite(prefix, -+ rta_getattr_u64(attrs[MACSEC_SECY_ATTR_CIPHER_SUITE]), -+ rta_getattr_u8(attrs[MACSEC_SECY_ATTR_ICV_LEN])); -+ } -+ -+} -+ -+static void print_one_stat(const char **names, struct rtattr **attr, int idx, -+ bool long_stat) -+{ -+ int pad = strlen(names[idx]) + 1; -+ -+ if (attr[idx]) { -+ if (long_stat) -+ printf("%*llu", pad, rta_getattr_u64(attr[idx])); -+ else -+ printf("%*u", pad, rta_getattr_u32(attr[idx])); -+ } else { -+ printf("%*c", pad, '-'); -+ } -+} -+ -+static const char *txsc_stats_names[NUM_MACSEC_TXSC_STATS_ATTR] = { -+ [MACSEC_TXSC_STATS_ATTR_OUT_PKTS_PROTECTED] = "OutOctetsProtected", -+ [MACSEC_TXSC_STATS_ATTR_OUT_PKTS_ENCRYPTED] = "OutOctetsEncrypted", -+ [MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_PROTECTED] = "OutPktsProtected", -+ [MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_ENCRYPTED] = "OutPktsEncrypted", -+}; -+ -+static void print_txsc_stats(const char *prefix, struct rtattr *attr) -+{ -+ struct rtattr *stats[MACSEC_TXSC_STATS_ATTR_MAX + 1]; -+ int i; -+ -+ if (!attr || show_stats == 0) -+ return; -+ -+ parse_rtattr_nested(stats, MACSEC_TXSC_STATS_ATTR_MAX + 1, attr); -+ printf("%sstats:", prefix); -+ -+ for (i = 1; i < NUM_MACSEC_TXSC_STATS_ATTR; i++) { -+ if (!txsc_stats_names[i]) -+ continue; -+ printf(" %s", txsc_stats_names[i]); -+ } -+ -+ printf("\n%s ", prefix); -+ -+ for (i = 1; i < NUM_MACSEC_TXSC_STATS_ATTR; i++) { -+ if (!txsc_stats_names[i]) -+ continue; -+ print_one_stat(txsc_stats_names, stats, i, true); -+ } -+ -+ printf("\n"); -+} -+ -+static const char *secy_stats_names[NUM_MACSEC_SECY_STATS_ATTR] = { -+ [MACSEC_SECY_STATS_ATTR_OUT_PKTS_UNTAGGED] = "OutPktsUntagged", -+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_UNTAGGED] = "InPktsUntagged", -+ [MACSEC_SECY_STATS_ATTR_OUT_PKTS_TOO_LONG] = "OutPktsTooLong", -+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_TAG] = "InPktsNoTag", -+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_BAD_TAG] = "InPktsBadTag", -+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_UNKNOWN_SCI] = "InPktsUnknownSCI", -+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_SCI] = "InPktsNoSCI", -+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_OVERRUN] = "InPktsOverrun", -+}; -+ -+static void print_secy_stats(const char *prefix, struct rtattr *attr) -+{ -+ struct rtattr *stats[MACSEC_SECY_STATS_ATTR_MAX + 1]; -+ int i; -+ -+ if (!attr || show_stats == 0) -+ return; -+ -+ parse_rtattr_nested(stats, MACSEC_SECY_STATS_ATTR_MAX + 1, attr); -+ printf("%sstats:", prefix); -+ -+ for (i = 1; i < NUM_MACSEC_SECY_STATS_ATTR; i++) { -+ if (!secy_stats_names[i]) -+ continue; -+ printf(" %s", secy_stats_names[i]); -+ } -+ -+ printf("\n%s ", prefix); -+ -+ for (i = 1; i < NUM_MACSEC_SECY_STATS_ATTR; i++) { -+ if (!secy_stats_names[i]) -+ continue; -+ print_one_stat(secy_stats_names, stats, i, true); -+ } -+ -+ printf("\n"); -+} -+ -+static const char *rxsa_stats_names[NUM_MACSEC_SA_STATS_ATTR] = { -+ [MACSEC_SA_STATS_ATTR_IN_PKTS_OK] = "InPktsOK", -+ [MACSEC_SA_STATS_ATTR_IN_PKTS_INVALID] = "InPktsInvalid", -+ [MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_VALID] = "InPktsNotValid", -+ [MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_USING_SA] = "InPktsNotUsingSA", -+ [MACSEC_SA_STATS_ATTR_IN_PKTS_UNUSED_SA] = "InPktsUnusedSA", -+}; -+ -+static void print_rxsa_stats(const char *prefix, struct rtattr *attr) -+{ -+ struct rtattr *stats[MACSEC_SA_STATS_ATTR_MAX + 1]; -+ int i; -+ -+ if (!attr || show_stats == 0) -+ return; -+ -+ parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX + 1, attr); -+ printf("%s%s ", prefix, prefix); -+ -+ for (i = 1; i < NUM_MACSEC_SA_STATS_ATTR; i++) { -+ if (!rxsa_stats_names[i]) -+ continue; -+ printf(" %s", rxsa_stats_names[i]); -+ } -+ -+ printf("\n%s%s ", prefix, prefix); -+ -+ for (i = 1; i < NUM_MACSEC_SA_STATS_ATTR; i++) { -+ if (!rxsa_stats_names[i]) -+ continue; -+ print_one_stat(rxsa_stats_names, stats, i, false); -+ } -+ -+ printf("\n"); -+} -+ -+static const char *txsa_stats_names[NUM_MACSEC_SA_STATS_ATTR] = { -+ [MACSEC_SA_STATS_ATTR_OUT_PKTS_PROTECTED] = "OutPktsProtected", -+ [MACSEC_SA_STATS_ATTR_OUT_PKTS_ENCRYPTED] = "OutPktsEncrypted", -+}; -+ -+static void print_txsa_stats(const char *prefix, struct rtattr *attr) -+{ -+ struct rtattr *stats[MACSEC_SA_STATS_ATTR_MAX + 1]; -+ -+ if (!attr || show_stats == 0) -+ return; -+ -+ parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX + 1, attr); -+ printf("%s%s %s %s\n", prefix, prefix, -+ txsa_stats_names[MACSEC_SA_STATS_ATTR_OUT_PKTS_PROTECTED], -+ txsa_stats_names[MACSEC_SA_STATS_ATTR_OUT_PKTS_ENCRYPTED]); -+ printf("%s%s ", prefix, prefix); -+ -+ print_one_stat(txsa_stats_names, stats, -+ MACSEC_SA_STATS_ATTR_OUT_PKTS_PROTECTED, false); -+ print_one_stat(txsa_stats_names, stats, -+ MACSEC_SA_STATS_ATTR_OUT_PKTS_ENCRYPTED, false); -+ printf("\n"); -+} -+ -+static void print_tx_sc(const char *prefix, __u64 sci, __u8 encoding_sa, -+ struct rtattr *txsc_stats, struct rtattr *secy_stats, -+ struct rtattr *sa) -+{ -+ struct rtattr *sa_attr[MACSEC_SA_ATTR_MAX + 1]; -+ struct rtattr *a; -+ int rem; -+ -+ printf("%sTXSC: %016llx on SA %d\n", prefix, sci, encoding_sa); -+ print_secy_stats(prefix, secy_stats); -+ print_txsc_stats(prefix, txsc_stats); -+ -+ rem = RTA_PAYLOAD(sa); -+ for (a = RTA_DATA(sa); RTA_OK(a, rem); a = RTA_NEXT(a, rem)) { -+ SPRINT_BUF(keyid); -+ bool state; -+ -+ parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX + 1, a); -+ state = rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_ACTIVE]); -+ printf("%s%s%d: PN %u, state %s, key %s\n", prefix, prefix, -+ rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_AN]), -+ rta_getattr_u32(sa_attr[MACSEC_SA_ATTR_PN]), -+ values_on_off[state], -+ hexstring_n2a(RTA_DATA(sa_attr[MACSEC_SA_ATTR_KEYID]), -+ RTA_PAYLOAD(sa_attr[MACSEC_SA_ATTR_KEYID]), -+ keyid, sizeof(keyid))); -+ print_txsa_stats(prefix, sa_attr[MACSEC_SA_ATTR_STATS]); -+ } -+} -+ -+static const char *rxsc_stats_names[NUM_MACSEC_RXSC_STATS_ATTR] = { -+ [MACSEC_RXSC_STATS_ATTR_IN_OCTETS_VALIDATED] = "InOctetsValidated", -+ [MACSEC_RXSC_STATS_ATTR_IN_OCTETS_DECRYPTED] = "InOctetsDecrypted", -+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNCHECKED] = "InPktsUnchecked", -+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_DELAYED] = "InPktsDelayed", -+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_OK] = "InPktsOK", -+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_INVALID] = "InPktsInvalid", -+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_LATE] = "InPktsLate", -+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_VALID] = "InPktsNotValid", -+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_USING_SA] = "InPktsNotUsingSA", -+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNUSED_SA] = "InPktsUnusedSA", -+}; -+ -+static void print_rxsc_stats(const char *prefix, struct rtattr *attr) -+{ -+ struct rtattr *stats[MACSEC_RXSC_STATS_ATTR_MAX + 1]; -+ int i; -+ -+ if (!attr || show_stats == 0) -+ return; -+ -+ parse_rtattr_nested(stats, MACSEC_RXSC_STATS_ATTR_MAX + 1, attr); -+ printf("%sstats:", prefix); -+ for (i = 1; i < NUM_MACSEC_RXSC_STATS_ATTR; i++) { -+ if (!rxsc_stats_names[i]) -+ continue; -+ printf(" %s", rxsc_stats_names[i]); -+ } -+ -+ printf("\n%s ", prefix); -+ -+ for (i = 1; i < NUM_MACSEC_RXSC_STATS_ATTR; i++) { -+ if (!rxsc_stats_names[i]) -+ continue; -+ print_one_stat(rxsc_stats_names, stats, i, true); -+ } -+ -+ printf("\n"); -+} -+ -+static void print_rx_sc(const char *prefix, __u64 sci, __u8 active, -+ struct rtattr *rxsc_stats, struct rtattr *sa) -+{ -+ struct rtattr *sa_attr[MACSEC_SA_ATTR_MAX + 1]; -+ struct rtattr *a; -+ int rem; -+ -+ printf("%sRXSC: %016llx, state %s\n", prefix, sci, -+ values_on_off[!!active]); -+ print_rxsc_stats(prefix, rxsc_stats); -+ -+ rem = RTA_PAYLOAD(sa); -+ for (a = RTA_DATA(sa); RTA_OK(a, rem); a = RTA_NEXT(a, rem)) { -+ SPRINT_BUF(keyid); -+ bool state; -+ -+ parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX + 1, a); -+ state = rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_ACTIVE]); -+ printf("%s%s%d: PN %u, state %s, key %s\n", prefix, prefix, -+ rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_AN]), -+ rta_getattr_u32(sa_attr[MACSEC_SA_ATTR_PN]), -+ values_on_off[state], -+ hexstring_n2a(RTA_DATA(sa_attr[MACSEC_SA_ATTR_KEYID]), -+ RTA_PAYLOAD(sa_attr[MACSEC_SA_ATTR_KEYID]), -+ keyid, sizeof(keyid))); -+ print_rxsa_stats(prefix, sa_attr[MACSEC_SA_ATTR_STATS]); -+ } -+} -+ -+static int process(const struct sockaddr_nl *who, struct nlmsghdr *n, -+ void *arg) -+{ -+ struct genlmsghdr *ghdr; -+ struct rtattr *attrs[MACSEC_ATTR_MAX + 1], *sc, *c; -+ struct rtattr *attrs_secy[MACSEC_SECY_ATTR_MAX + 1]; -+ int len = n->nlmsg_len; -+ int ifindex; -+ __u64 sci; -+ __u8 encoding_sa; -+ int rem; -+ -+ if (n->nlmsg_type != genl_family) -+ return -1; -+ -+ len -= NLMSG_LENGTH(GENL_HDRLEN); -+ if (len < 0) -+ return -1; -+ -+ ghdr = NLMSG_DATA(n); -+ if (ghdr->cmd != MACSEC_CMD_GET_TXSC) -+ return 0; -+ -+ parse_rtattr(attrs, MACSEC_ATTR_MAX, (void *) ghdr + GENL_HDRLEN, len); -+ if (!validate_dump(attrs)) { -+ printf("incomplete dump message\n"); -+ return -1; -+ } -+ -+ ifindex = rta_getattr_u32(attrs[MACSEC_ATTR_IFINDEX]); -+ parse_rtattr_nested(attrs_secy, MACSEC_SECY_ATTR_MAX + 1, -+ attrs[MACSEC_ATTR_SECY]); -+ -+ if (!validate_secy_dump(attrs_secy)) { -+ printf("incomplete dump message\n"); -+ return -1; -+ } -+ -+ sci = rta_getattr_u64(attrs_secy[MACSEC_SECY_ATTR_SCI]); -+ encoding_sa = rta_getattr_u8(attrs_secy[MACSEC_SECY_ATTR_ENCODING_SA]); -+ -+ if (filter.ifindex && ifindex != filter.ifindex) -+ return 0; -+ -+ if (filter.sci && sci != filter.sci) -+ return 0; -+ -+ printf("%d: %s: ", ifindex, ll_index_to_name(ifindex)); -+ print_attrs(" ", attrs_secy); -+ -+ print_tx_sc(" ", sci, encoding_sa, -+ attrs[MACSEC_ATTR_TXSC_STATS], -+ attrs[MACSEC_ATTR_SECY_STATS], -+ attrs[MACSEC_ATTR_TXSA_LIST]); -+ -+ if (!attrs[MACSEC_ATTR_RXSC_LIST]) -+ return 0; -+ -+ sc = attrs[MACSEC_ATTR_RXSC_LIST]; -+ rem = RTA_PAYLOAD(sc); -+ for (c = RTA_DATA(sc); RTA_OK(c, rem); c = RTA_NEXT(c, rem)) { -+ struct rtattr *sc_attr[MACSEC_RXSC_ATTR_MAX + 1]; -+ -+ parse_rtattr_nested(sc_attr, MACSEC_RXSC_ATTR_MAX + 1, c); -+ print_rx_sc(" ", -+ rta_getattr_u64(sc_attr[MACSEC_RXSC_ATTR_SCI]), -+ rta_getattr_u32(sc_attr[MACSEC_RXSC_ATTR_ACTIVE]), -+ sc_attr[MACSEC_RXSC_ATTR_STATS], -+ sc_attr[MACSEC_RXSC_ATTR_SA_LIST]); -+ } -+ -+ return 0; -+} -+ -+static int do_dump(int ifindex) -+{ -+ MACSEC_GENL_REQ(req, MACSEC_BUFLEN, MACSEC_CMD_GET_TXSC, -+ NLM_F_REQUEST | NLM_F_DUMP); -+ -+ memset(&filter, 0, sizeof(filter)); -+ filter.ifindex = ifindex; -+ -+ req.n.nlmsg_seq = genl_rth.dump = ++genl_rth.seq; -+ if (rtnl_send(&genl_rth, &req, req.n.nlmsg_len) < 0) { -+ perror("Failed to send dump request"); -+ exit(1); -+ } -+ -+ if (rtnl_dump_filter(&genl_rth, process, stdout) < 0) { -+ fprintf(stderr, "Dump terminated\n"); -+ exit(1); -+ } -+ -+ return 0; -+} -+ -+static int do_show(int argc, char **argv) -+{ -+ int ifindex; -+ -+ if (argc == 0) -+ return do_dump(0); -+ -+ ifindex = ll_name_to_index(*argv); -+ if (ifindex == 0) { -+ fprintf(stderr, "Device \"%s\" does not exist.\n", *argv); -+ return -1; -+ } -+ -+ argc--, argv++; -+ if (argc == 0) -+ return do_dump(ifindex); -+ -+ ipmacsec_usage(); -+ return -1; -+} -+ -+int do_ipmacsec(int argc, char **argv) -+{ -+ init_genl(); -+ -+ if (argc < 1) -+ ipmacsec_usage(); -+ -+ if (matches(*argv, "help") == 0) -+ ipmacsec_usage(); -+ -+ if (matches(*argv, "show") == 0) -+ return do_show(argc-1, argv+1); -+ -+ if (matches(*argv, "add") == 0) -+ return do_modify(CMD_ADD, argc-1, argv+1); -+ if (matches(*argv, "set") == 0) -+ return do_modify(CMD_UPD, argc-1, argv+1); -+ if (matches(*argv, "delete") == 0) -+ return do_modify(CMD_DEL, argc-1, argv+1); -+ -+ fprintf(stderr, "Command \"%s\" is unknown, try \"ip macsec help\".\n", -+ *argv); -+ exit(-1); -+} -+ -+/* device creation */ -+static void macsec_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) -+{ -+ if (!tb) -+ return; -+ -+ if (tb[IFLA_MACSEC_SCI]) { -+ fprintf(f, "sci %016llx ", -+ rta_getattr_u64(tb[IFLA_MACSEC_SCI])); -+ } -+ -+ print_flag(f, tb, "protect", IFLA_MACSEC_PROTECT); -+ -+ if (tb[IFLA_MACSEC_CIPHER_SUITE]) { -+ __u64 csid = rta_getattr_u64(tb[IFLA_MACSEC_CIPHER_SUITE]); -+ -+ fprintf(f, "cipher %s ", cs_id_to_name(csid)); -+ } -+ -+ if (tb[IFLA_MACSEC_ICV_LEN]) { -+ fprintf(f, "icvlen %hhu ", -+ rta_getattr_u8(tb[IFLA_MACSEC_ICV_LEN])); -+ } -+ -+ if (tb[IFLA_MACSEC_ENCODING_SA]) { -+ fprintf(f, "encodingsa %hhu ", -+ rta_getattr_u8(tb[IFLA_MACSEC_ENCODING_SA])); -+ } -+ -+ if (tb[IFLA_MACSEC_VALIDATION]) { -+ __u8 val = rta_getattr_u8(tb[IFLA_MACSEC_VALIDATION]); -+ -+ fprintf(f, "validate %s ", VALIDATE_STR[val]); -+ } -+ -+ print_flag(f, tb, "encrypt", IFLA_MACSEC_ENCRYPT); -+ print_flag(f, tb, "send_sci", IFLA_MACSEC_INC_SCI); -+ print_flag(f, tb, "end_station", IFLA_MACSEC_ES); -+ print_flag(f, tb, "scb", IFLA_MACSEC_SCB); -+ -+ print_flag(f, tb, "replay", IFLA_MACSEC_REPLAY_PROTECT); -+ if (tb[IFLA_MACSEC_WINDOW]) { -+ fprintf(f, "window %d ", -+ rta_getattr_u32(tb[IFLA_MACSEC_WINDOW])); -+ } -+} -+ -+ -+static int do_cipher_suite(struct cipher_args *cipher, int *argcp, -+ char ***argvp) -+{ -+ char **argv = *argvp; -+ int argc = *argcp; -+ -+ if (argc == 0) -+ return -1; -+ -+ if (strcmp(*argv, "default") == 0 || -+ strcmp(*argv, "gcm-aes-128") == 0 || -+ strcmp(*argv, "GCM-AES-128") == 0) -+ cipher->id = MACSEC_DEFAULT_CIPHER_ID; -+ NEXT_ARG(); -+ -+ if (strcmp(*argv, "icvlen") == 0) { -+ NEXT_ARG(); -+ if (cipher->icv_len != 0) -+ duparg2("icvlen", "icvlen"); -+ get_icvlen(&cipher->icv_len, *argv); -+ } -+ *argcp = argc; -+ *argvp = argv; -+ -+ return 0; -+} -+ -+static bool check_txsc_flags(bool es, bool scb, bool sci) -+{ -+ if (sci && (es || scb)) -+ return false; -+ if (es && scb) -+ return false; -+ return true; -+} -+ -+static void usage(FILE *f) -+{ -+ fprintf(f, -+ "Usage: ... macsec [ port PORT | sci SCI ]\n" -+ " [ cipher CIPHER_SUITE ]\n" -+ " [ encrypt { on | off } ]\n" -+ " [ send_sci { on | off } ]\n" -+ " [ end_station { on | off } ]\n" -+ " [ scb { on | off } ]\n" -+ " [ protect { on | off } ]\n" -+ " [ replay { on | off} window { 0..2^32-1 } ]\n" -+ " [ validate { strict | check | disabled } ]\n" -+ " [ encodingsa { 0..3 } ]\n" -+ ); -+ fprintf(f, "CIPHER_SUITE := [ default = gcm-aes-128 ] icvlen { 8..32 }\n"); -+} -+ -+static int macsec_parse_opt(struct link_util *lu, int argc, char **argv, -+ struct nlmsghdr *hdr) -+{ -+ int ret; -+ __u8 encoding_sa = 0xff; -+ __u32 window = -1; -+ struct cipher_args cipher = {0}; -+ enum macsec_validation_type validate; -+ bool es = false, scb = false, send_sci = false; -+ int replay_protect = -1; -+ struct sci sci = { 0 }; -+ -+ ret = get_sci_portaddr(&sci, &argc, &argv, true, true); -+ if (ret < 0) { -+ fprintf(stderr, "expected sci\n"); -+ return -1; -+ } -+ -+ if (ret > 0) { -+ if (sci.sci) -+ addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_SCI, -+ &sci.sci, sizeof(sci.sci)); -+ else -+ addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_PORT, -+ &sci.port, sizeof(sci.port)); -+ } -+ -+ while (argc > 0) { -+ if (strcmp(*argv, "cipher") == 0) { -+ if (cipher.id) -+ duparg2("cipher", "cipher"); -+ NEXT_ARG(); -+ if (do_cipher_suite(&cipher, &argc, &argv)) -+ return -1; -+ } else if (strcmp(*argv, "encrypt") == 0) { -+ NEXT_ARG(); -+ int i; -+ -+ ret = one_of("encrypt", *argv, values_on_off, -+ ARRAY_SIZE(values_on_off), &i); -+ if (ret != 0) -+ return ret; -+ addattr8(hdr, MACSEC_BUFLEN, IFLA_MACSEC_ENCRYPT, i); -+ } else if (strcmp(*argv, "send_sci") == 0) { -+ NEXT_ARG(); -+ int i; -+ -+ ret = one_of("send_sci", *argv, values_on_off, -+ ARRAY_SIZE(values_on_off), &i); -+ if (ret != 0) -+ return ret; -+ send_sci = i; -+ addattr8(hdr, MACSEC_BUFLEN, -+ IFLA_MACSEC_INC_SCI, send_sci); -+ } else if (strcmp(*argv, "end_station") == 0) { -+ NEXT_ARG(); -+ int i; -+ -+ ret = one_of("end_station", *argv, values_on_off, -+ ARRAY_SIZE(values_on_off), &i); -+ if (ret != 0) -+ return ret; -+ es = i; -+ addattr8(hdr, MACSEC_BUFLEN, IFLA_MACSEC_ES, es); -+ } else if (strcmp(*argv, "scb") == 0) { -+ NEXT_ARG(); -+ int i; -+ -+ ret = one_of("scb", *argv, values_on_off, -+ ARRAY_SIZE(values_on_off), &i); -+ if (ret != 0) -+ return ret; -+ scb = i; -+ addattr8(hdr, MACSEC_BUFLEN, IFLA_MACSEC_SCB, scb); -+ } else if (strcmp(*argv, "protect") == 0) { -+ NEXT_ARG(); -+ int i; -+ -+ ret = one_of("protect", *argv, values_on_off, -+ ARRAY_SIZE(values_on_off), &i); -+ if (ret != 0) -+ return ret; -+ addattr8(hdr, MACSEC_BUFLEN, IFLA_MACSEC_PROTECT, i); -+ } else if (strcmp(*argv, "replay") == 0) { -+ NEXT_ARG(); -+ int i; -+ -+ ret = one_of("replay", *argv, values_on_off, -+ ARRAY_SIZE(values_on_off), &i); -+ if (ret != 0) -+ return ret; -+ replay_protect = !!i; -+ } else if (strcmp(*argv, "window") == 0) { -+ NEXT_ARG(); -+ ret = get_u32(&window, *argv, 0); -+ if (ret) -+ invarg("expected replay window size", *argv); -+ } else if (strcmp(*argv, "validate") == 0) { -+ NEXT_ARG(); -+ ret = one_of("validate", *argv, -+ VALIDATE_STR, ARRAY_SIZE(VALIDATE_STR), -+ (int *)&validate); -+ if (ret != 0) -+ return ret; -+ addattr8(hdr, MACSEC_BUFLEN, -+ IFLA_MACSEC_VALIDATION, validate); -+ } else if (strcmp(*argv, "encodingsa") == 0) { -+ if (encoding_sa != 0xff) -+ duparg2("encodingsa", "encodingsa"); -+ NEXT_ARG(); -+ ret = get_an(&encoding_sa, *argv); -+ if (ret) -+ invarg("expected an { 0..3 }", *argv); -+ } else { -+ fprintf(stderr, "macsec: unknown command \"%s\"?\n", -+ *argv); -+ usage(stderr); -+ return -1; -+ } -+ -+ argv++; argc--; -+ } -+ -+ if (!check_txsc_flags(es, scb, send_sci)) { -+ fprintf(stderr, "invalid combination of send_sci/end_station/scb\n"); -+ return -1; -+ } -+ -+ if (window != -1 && replay_protect == -1) { -+ fprintf(stderr, -+ "replay window set, but replay protection not enabled. did you mean 'replay on window %u'?\n", -+ window); -+ return -1; -+ } else if (window == -1 && replay_protect == 1) { -+ fprintf(stderr, -+ "replay protection enabled, but no window set. did you mean 'replay on window VALUE'?\n"); -+ return -1; -+ } -+ -+ if (cipher.id) { -+ addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_CIPHER_SUITE, -+ &cipher.id, sizeof(cipher.id)); -+ addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_ICV_LEN, -+ &cipher.icv_len, sizeof(cipher.icv_len)); -+ } -+ -+ if (replay_protect != -1) { -+ addattr32(hdr, MACSEC_BUFLEN, IFLA_MACSEC_WINDOW, window); -+ addattr8(hdr, MACSEC_BUFLEN, IFLA_MACSEC_REPLAY_PROTECT, -+ replay_protect); -+ } -+ -+ if (encoding_sa != 0xff) { -+ addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_ENCODING_SA, -+ &encoding_sa, sizeof(encoding_sa)); -+ } -+ -+ return 0; -+} -+ -+static void macsec_print_help(struct link_util *lu, int argc, char **argv, -+ FILE *f) -+{ -+ usage(f); -+} -+ -+struct link_util macsec_link_util = { -+ .id = "macsec", -+ .maxattr = IFLA_MACSEC_MAX, -+ .parse_opt = macsec_parse_opt, -+ .print_help = macsec_print_help, -+ .print_opt = macsec_print_opt, -+ .slave = false, -+}; -diff --git a/man/man8/Makefile b/man/man8/Makefile -index 8389fce..f3a3fa5 100644 ---- a/man/man8/Makefile -+++ b/man/man8/Makefile -@@ -7,7 +7,7 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss. - tc-netem.8 tc-pfifo.8 tc-pfifo_fast.8 tc-prio.8 tc-red.8 \ - tc-sfb.8 tc-sfq.8 tc-stab.8 tc-tbf.8 \ - bridge.8 rtstat.8 ctstat.8 nstat.8 routef.8 \ -- ip-addrlabel.8 ip-l2tp.8 \ -+ ip-addrlabel.8 ip-l2tp.8 ip-macsec.8 \ - ip-maddress.8 ip-monitor.8 ip-mroute.8 ip-neighbour.8 \ - ip-netns.8 ip-ntable.8 ip-rule.8 ip-tunnel.8 ip-xfrm.8 \ - ip-tcp_metrics.8 ip-netconf.8 ip-token.8 \ -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 3002e47..ac3bb77 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -235,6 +235,9 @@ Link types: - .sp - .BR geneve - - GEneric NEtwork Virtualization Encapsulation -+.sp -+.BR macsec -+- Interface for IEEE 802.1AE MAC Security (MACsec) - .in -8 - - .TP -@@ -751,6 +754,88 @@ forces the underlying interface into promiscuous mode. Passing the - using standard tools. - .in -8 - -+.TP -+MACsec Type Support -+For a link of type -+.I MACsec -+the following additional arguments are supported: -+ -+.BI "ip link add link " DEVICE " name " NAME " type macsec" -+[ -+.BI port " PORT" -+| -+.BI sci " SCI" -+] [ -+.BI cipher " CIPHER_SUITE" -+] [ -+.BR encrypt " {" -+.BR on " | " off " } ] [ " -+.BR send_sci " { " on " | " off " } ] [" -+.BR es " { " on " | " off " } ] [" -+.BR scb " { " on " | " off " } ] [" -+.BR protect " { " on " | " off " } ] [" -+.BR replay " { " on " | " off " }" -+.BR window " { " -+.IR 0..2^32-1 " } ] [" -+.BR validate " { " strict " | " check " | " disabled " } ] [" -+.BR encoding " { " -+.IR 0..3 " } ]" -+ -+.in +8 -+.sp -+.BI port " PORT " -+- sets the port number for this MACsec device. -+ -+.sp -+.BI sci " SCI " -+- sets the SCI for this MACsec device. -+ -+.sp -+.BI cipher " CIPHER_SUITE " -+- defines the cipher suite to use. -+ -+.sp -+.BR "encrypt on " or " encrypt off" -+- switches between authenticated encryption, or authenticity mode only. -+ -+.sp -+.BR "send_sci on " or " send_sci off" -+- specifies whether the SCI is included in every packet, or only when it is necessary. -+ -+.sp -+.BR "es on " or " es off" -+- sets the End Station bit. -+ -+.sp -+.BR "scb on " or " scb off" -+- sets the Single Copy Broadcast bit. -+ -+.sp -+.BR "protect on " or " protect off" -+- enables MACsec protection on the device. -+ -+.sp -+.BR "replay on " or " replay off" -+- enables replay protection on the device. -+ -+.in +8 -+ -+.sp -+.BI window " SIZE " -+- sets the size of the replay window. -+ -+.in -8 -+ -+.sp -+.BR "validate strict " or " validate check " or " validate disabled" -+- sets the validation mode on the device. -+ -+.sp -+.BI encoding " AN " -+- sets the active secure association for transmission. -+ -+.in -8 -+ - .SS ip link delete - delete virtual link - - .TP -diff --git a/man/man8/ip-macsec.8 b/man/man8/ip-macsec.8 -new file mode 100644 -index 0000000..e8455d7 ---- /dev/null -+++ b/man/man8/ip-macsec.8 -@@ -0,0 +1,98 @@ -+.TH IP\-MACSEC 8 "07 Mar 2016" "iproute" "Linux" -+.SH NAME -+ip-macsec \- MACsec device configuration -+.SH "SYNOPSIS" -+.BI "ip link add link " DEVICE " name " NAME " type macsec " -+[ [ -+.BR cipher " { " default " | " gcm-aes-128 " } ] " -+.BI icvlen " ICVLEN" -+] [ [ -+.BR encrypt " { " on " | " off " } ] [" -+.BR send_sci " { " on " | " off " } ] [" -+.BR end_station " { " on " | " off " } ] [" -+.BR scb " { " on " | " off " } ] [" -+.BR protect " { " on " | " off " } ] [" -+.BR replay " { " on " | " off " } ] [" -+.BI window " WINDOW" -+] [ -+.BI encodingsa " SA" -+] -+ -+.BI "ip macsec add " DEV " tx sa" -+.RI "{ " 0..3 " } [ " OPTS " ]" -+.BI key " ID KEY" -+.br -+.BI "ip macsec set " DEV " tx sa" -+.RI "{ " 0..3 " } [ " OPTS " ]" -+.br -+.BI "ip macsec del " DEV " tx sa" -+.RI "{ " 0..3 " }" -+ -+.BI "ip macsec add " DEV " rx " SCI -+.RB [ " on " | " off " ] -+.br -+.BI "ip macsec set " DEV " rx " SCI -+.RB [ " on " | " off " ] -+.br -+.BI "ip macsec del " DEV " rx " SCI -+ -+.BI "ip macsec add " DEV " rx " SCI " sa" -+.RI "{ " 0..3 " } [ " OPTS " ]" -+.BI key " ID KEY" -+.br -+.BI "ip macsec set " DEV " rx " SCI " sa" -+.RI "{ " 0..3 " } [ " OPTS " ]" -+.br -+.BI "ip macsec del " DEV " rx " SCI " sa" -+.RI "{ " 0..3 " }" -+ -+.B ip macsec show -+.RI [ " DEV " ] -+ -+.IR OPTS " := [ " -+.BR pn " { " -+.IR 1..2^32-1 " } ] [" -+.BR on " | " off " ]" -+.br -+.IR SCI " := { " -+.B sci -+.IR <u64> " | " -+.BI port " <u16> " address " <lladdr> " -+} -+ -+ -+.SH DESCRIPTION -+The -+.B ip macsec -+commands are used to configure transmit secure associations and receive secure channels and their secure associations on a MACsec device created with the -+.B ip link add -+command using the -+.I macsec -+type. -+ -+.SH EXAMPLES -+.PP -+.SS Create a MACsec device on link eth0 -+.nf -+# ip link add device eth0 macsec0 type macsec port 11 encrypt on -+.PP -+.SS Configure a secure association on that device -+.nf -+# ip macsec add macsec0 tx sa 0 pn 1024 on key 01 81818181818181818181818181818181 -+.PP -+.SS Configure a receive channel -+.nf -+# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 -+.PP -+.SS Configure a receive association -+.nf -+# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 sa 0 pn 1 on key 00 82828282828282828282828282828282 -+.PP -+.SS Display MACsec configuration -+.nf -+# ip macsec show -+.SH SEE ALSO -+.br -+.BR ip-link (8) -+.SH AUTHOR -+Sabrina Dubroca <sd@queasysnail.net> --- -1.8.3.1 - diff --git a/SOURCES/0177-utils-fix-hex-digits-parsing-in-hexstring_a2n.patch b/SOURCES/0177-utils-fix-hex-digits-parsing-in-hexstring_a2n.patch deleted file mode 100644 index 47fa534..0000000 --- a/SOURCES/0177-utils-fix-hex-digits-parsing-in-hexstring_a2n.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 91c9a1f1f26b1800e1d1d1cd7d814d3e2d14f822 Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 6 Jul 2016 18:41:37 +0200 -Subject: [PATCH] utils: fix hex digits parsing in hexstring_a2n() - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1300765 -Upstream Status: iproute2.git commit 9ba4126dc4d6 - -commit 9ba4126dc4d6abb8dc5c8c8d52177849e764a14e -Author: Beniamino Galvani <bgalvani@redhat.com> -Date: Tue Jun 14 22:55:17 2016 +0200 - - utils: fix hex digits parsing in hexstring_a2n() - - strtoul() only modifies errno on overflow, so if errno is not zero - before calling the function its value is preserved and makes the - function fail for valid inputs; initialize it. - - Signed-off-by: Beniamino Galvani <bgalvani@redhat.com> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - lib/utils.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/utils.c b/lib/utils.c -index dedadff..b310166 100644 ---- a/lib/utils.c -+++ b/lib/utils.c -@@ -834,6 +834,7 @@ __u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len) - - strncpy(tmpstr, str, 2); - tmpstr[2] = '\0'; -+ errno = 0; - tmp = strtoul(tmpstr, &endptr, 16); - if (errno != 0 || tmp > 0xFF || *endptr != '\0') - return NULL; --- -1.8.3.1 - diff --git a/SOURCES/0178-RH-INTERNAL-update-kernel-headers-to-v4.6.0.patch b/SOURCES/0178-RH-INTERNAL-update-kernel-headers-to-v4.6.0.patch deleted file mode 100644 index 3d5c03d..0000000 --- a/SOURCES/0178-RH-INTERNAL-update-kernel-headers-to-v4.6.0.patch +++ /dev/null @@ -1,1152 +0,0 @@ -From aefa5a575081f3ce848944ab4150918b41bc1268 Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 6 Jul 2016 18:41:38 +0200 -Subject: [PATCH] RH-INTERNAL: update kernel headers to v4.6.0 - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1300765 - -4.6.0 is the latest iproute2 tag including support for MACsec. -Obtained using the following command: - -$ git checkout v4.6.0 -- include/linux - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - include/linux/bpf.h | 155 +++++++++++++++++++++++-------- - include/linux/devlink.h | 72 ++++++++++++++ - include/linux/genetlink.h | 1 + - include/linux/if.h | 30 +++++- - include/linux/if_bridge.h | 38 +++++++- - include/linux/if_ether.h | 1 + - include/linux/if_link.h | 101 ++++++++++++++++++++ - include/linux/ila.h | 37 ++++++++ - include/linux/in6.h | 1 + - include/linux/libc-compat.h | 44 +++++++++ - include/linux/lwtunnel.h | 43 +++++++++ - include/linux/mpls_iptunnel.h | 28 ++++++ - include/linux/netconf.h | 1 + - include/linux/netfilter_ipv4/ip_tables.h | 1 + - include/linux/netlink.h | 1 + - include/linux/pkt_cls.h | 7 ++ - include/linux/pkt_sched.h | 4 + - include/linux/rtnetlink.h | 3 + - include/linux/sock_diag.h | 1 + - include/linux/tc_act/tc_ife.h | 38 ++++++++ - include/linux/tcp.h | 5 + - 21 files changed, 571 insertions(+), 41 deletions(-) - create mode 100644 include/linux/devlink.h - create mode 100644 include/linux/ila.h - create mode 100644 include/linux/lwtunnel.h - create mode 100644 include/linux/mpls_iptunnel.h - create mode 100644 include/linux/tc_act/tc_ife.h - -diff --git a/include/linux/bpf.h b/include/linux/bpf.h -index 3d6d00b..0f5d6f5 100644 ---- a/include/linux/bpf.h -+++ b/include/linux/bpf.h -@@ -63,50 +63,16 @@ struct bpf_insn { - __s32 imm; /* signed immediate constant */ - }; - --/* BPF syscall commands */ -+/* BPF syscall commands, see bpf(2) man-page for details. */ - enum bpf_cmd { -- /* create a map with given type and attributes -- * fd = bpf(BPF_MAP_CREATE, union bpf_attr *, u32 size) -- * returns fd or negative error -- * map is deleted when fd is closed -- */ - BPF_MAP_CREATE, -- -- /* lookup key in a given map -- * err = bpf(BPF_MAP_LOOKUP_ELEM, union bpf_attr *attr, u32 size) -- * Using attr->map_fd, attr->key, attr->value -- * returns zero and stores found elem into value -- * or negative error -- */ - BPF_MAP_LOOKUP_ELEM, -- -- /* create or update key/value pair in a given map -- * err = bpf(BPF_MAP_UPDATE_ELEM, union bpf_attr *attr, u32 size) -- * Using attr->map_fd, attr->key, attr->value, attr->flags -- * returns zero or negative error -- */ - BPF_MAP_UPDATE_ELEM, -- -- /* find and delete elem by key in a given map -- * err = bpf(BPF_MAP_DELETE_ELEM, union bpf_attr *attr, u32 size) -- * Using attr->map_fd, attr->key -- * returns zero or negative error -- */ - BPF_MAP_DELETE_ELEM, -- -- /* lookup key in a given map and return next key -- * err = bpf(BPF_MAP_GET_NEXT_KEY, union bpf_attr *attr, u32 size) -- * Using attr->map_fd, attr->key, attr->next_key -- * returns zero and stores next key or negative error -- */ - BPF_MAP_GET_NEXT_KEY, -- -- /* verify and load eBPF program -- * prog_fd = bpf(BPF_PROG_LOAD, union bpf_attr *attr, u32 size) -- * Using attr->prog_type, attr->insns, attr->license -- * returns fd or negative error -- */ - BPF_PROG_LOAD, -+ BPF_OBJ_PIN, -+ BPF_OBJ_GET, - }; - - enum bpf_map_type { -@@ -115,6 +81,9 @@ enum bpf_map_type { - BPF_MAP_TYPE_ARRAY, - BPF_MAP_TYPE_PROG_ARRAY, - BPF_MAP_TYPE_PERF_EVENT_ARRAY, -+ BPF_MAP_TYPE_PERCPU_HASH, -+ BPF_MAP_TYPE_PERCPU_ARRAY, -+ BPF_MAP_TYPE_STACK_TRACE, - }; - - enum bpf_prog_type { -@@ -132,12 +101,15 @@ enum bpf_prog_type { - #define BPF_NOEXIST 1 /* create new element if it didn't exist */ - #define BPF_EXIST 2 /* update existing element */ - -+#define BPF_F_NO_PREALLOC (1U << 0) -+ - union bpf_attr { - struct { /* anonymous struct used by BPF_MAP_CREATE command */ - __u32 map_type; /* one of enum bpf_map_type */ - __u32 key_size; /* size of key in bytes */ - __u32 value_size; /* size of value in bytes */ - __u32 max_entries; /* max number of entries in a map */ -+ __u32 map_flags; /* prealloc or not */ - }; - - struct { /* anonymous struct used by BPF_MAP_*_ELEM commands */ -@@ -160,6 +132,11 @@ union bpf_attr { - __aligned_u64 log_buf; /* user supplied buffer */ - __u32 kern_version; /* checked when prog_type=kprobe */ - }; -+ -+ struct { /* anonymous struct used by BPF_OBJ_* commands */ -+ __aligned_u64 pathname; -+ __u32 bpf_fd; -+ }; - } __attribute__((aligned(8))); - - /* integer value in 'imm' field of BPF_CALL instruction selects which helper -@@ -272,9 +249,103 @@ enum bpf_func_id { - BPF_FUNC_skb_get_tunnel_key, - BPF_FUNC_skb_set_tunnel_key, - BPF_FUNC_perf_event_read, /* u64 bpf_perf_event_read(&map, index) */ -+ /** -+ * bpf_redirect(ifindex, flags) - redirect to another netdev -+ * @ifindex: ifindex of the net device -+ * @flags: bit 0 - if set, redirect to ingress instead of egress -+ * other bits - reserved -+ * Return: TC_ACT_REDIRECT -+ */ -+ BPF_FUNC_redirect, -+ -+ /** -+ * bpf_get_route_realm(skb) - retrieve a dst's tclassid -+ * @skb: pointer to skb -+ * Return: realm if != 0 -+ */ -+ BPF_FUNC_get_route_realm, -+ -+ /** -+ * bpf_perf_event_output(ctx, map, index, data, size) - output perf raw sample -+ * @ctx: struct pt_regs* -+ * @map: pointer to perf_event_array map -+ * @index: index of event in the map -+ * @data: data on stack to be output as raw data -+ * @size: size of data -+ * Return: 0 on success -+ */ -+ BPF_FUNC_perf_event_output, -+ BPF_FUNC_skb_load_bytes, -+ -+ /** -+ * bpf_get_stackid(ctx, map, flags) - walk user or kernel stack and return id -+ * @ctx: struct pt_regs* -+ * @map: pointer to stack_trace map -+ * @flags: bits 0-7 - numer of stack frames to skip -+ * bit 8 - collect user stack instead of kernel -+ * bit 9 - compare stacks by hash only -+ * bit 10 - if two different stacks hash into the same stackid -+ * discard old -+ * other bits - reserved -+ * Return: >= 0 stackid on success or negative error -+ */ -+ BPF_FUNC_get_stackid, -+ -+ /** -+ * bpf_csum_diff(from, from_size, to, to_size, seed) - calculate csum diff -+ * @from: raw from buffer -+ * @from_size: length of from buffer -+ * @to: raw to buffer -+ * @to_size: length of to buffer -+ * @seed: optional seed -+ * Return: csum result -+ */ -+ BPF_FUNC_csum_diff, -+ -+ /** -+ * bpf_skb_[gs]et_tunnel_opt(skb, opt, size) -+ * retrieve or populate tunnel options metadata -+ * @skb: pointer to skb -+ * @opt: pointer to raw tunnel option data -+ * @size: size of @opt -+ * Return: 0 on success for set, option size for get -+ */ -+ BPF_FUNC_skb_get_tunnel_opt, -+ BPF_FUNC_skb_set_tunnel_opt, - __BPF_FUNC_MAX_ID, - }; - -+/* All flags used by eBPF helper functions, placed here. */ -+ -+/* BPF_FUNC_skb_store_bytes flags. */ -+#define BPF_F_RECOMPUTE_CSUM (1ULL << 0) -+#define BPF_F_INVALIDATE_HASH (1ULL << 1) -+ -+/* BPF_FUNC_l3_csum_replace and BPF_FUNC_l4_csum_replace flags. -+ * First 4 bits are for passing the header field size. -+ */ -+#define BPF_F_HDR_FIELD_MASK 0xfULL -+ -+/* BPF_FUNC_l4_csum_replace flags. */ -+#define BPF_F_PSEUDO_HDR (1ULL << 4) -+#define BPF_F_MARK_MANGLED_0 (1ULL << 5) -+ -+/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */ -+#define BPF_F_INGRESS (1ULL << 0) -+ -+/* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */ -+#define BPF_F_TUNINFO_IPV6 (1ULL << 0) -+ -+/* BPF_FUNC_get_stackid flags. */ -+#define BPF_F_SKIP_FIELD_MASK 0xffULL -+#define BPF_F_USER_STACK (1ULL << 8) -+#define BPF_F_FAST_STACK_CMP (1ULL << 9) -+#define BPF_F_REUSE_STACKID (1ULL << 10) -+ -+/* BPF_FUNC_skb_set_tunnel_key flags. */ -+#define BPF_F_ZERO_CSUM_TX (1ULL << 1) -+#define BPF_F_DONT_FRAGMENT (1ULL << 2) -+ - /* user accessible mirror of in-kernel sk_buff. - * new fields can only be added to the end of this structure - */ -@@ -293,11 +364,19 @@ struct __sk_buff { - __u32 tc_index; - __u32 cb[5]; - __u32 hash; -+ __u32 tc_classid; - }; - - struct bpf_tunnel_key { - __u32 tunnel_id; -- __u32 remote_ipv4; -+ union { -+ __u32 remote_ipv4; -+ __u32 remote_ipv6[4]; -+ }; -+ __u8 tunnel_tos; -+ __u8 tunnel_ttl; -+ __u16 tunnel_ext; -+ __u32 tunnel_label; - }; - - #endif /* __LINUX_BPF_H__ */ -diff --git a/include/linux/devlink.h b/include/linux/devlink.h -new file mode 100644 -index 0000000..a96e1a0 ---- /dev/null -+++ b/include/linux/devlink.h -@@ -0,0 +1,72 @@ -+/* -+ * include/uapi/linux/devlink.h - Network physical device Netlink interface -+ * Copyright (c) 2016 Mellanox Technologies. All rights reserved. -+ * Copyright (c) 2016 Jiri Pirko <jiri@mellanox.com> -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ */ -+ -+#ifndef _LINUX_DEVLINK_H_ -+#define _LINUX_DEVLINK_H_ -+ -+#define DEVLINK_GENL_NAME "devlink" -+#define DEVLINK_GENL_VERSION 0x1 -+#define DEVLINK_GENL_MCGRP_CONFIG_NAME "config" -+ -+enum devlink_command { -+ /* don't change the order or add anything between, this is ABI! */ -+ DEVLINK_CMD_UNSPEC, -+ -+ DEVLINK_CMD_GET, /* can dump */ -+ DEVLINK_CMD_SET, -+ DEVLINK_CMD_NEW, -+ DEVLINK_CMD_DEL, -+ -+ DEVLINK_CMD_PORT_GET, /* can dump */ -+ DEVLINK_CMD_PORT_SET, -+ DEVLINK_CMD_PORT_NEW, -+ DEVLINK_CMD_PORT_DEL, -+ -+ DEVLINK_CMD_PORT_SPLIT, -+ DEVLINK_CMD_PORT_UNSPLIT, -+ -+ /* add new commands above here */ -+ -+ __DEVLINK_CMD_MAX, -+ DEVLINK_CMD_MAX = __DEVLINK_CMD_MAX - 1 -+}; -+ -+enum devlink_port_type { -+ DEVLINK_PORT_TYPE_NOTSET, -+ DEVLINK_PORT_TYPE_AUTO, -+ DEVLINK_PORT_TYPE_ETH, -+ DEVLINK_PORT_TYPE_IB, -+}; -+ -+enum devlink_attr { -+ /* don't change the order or add anything between, this is ABI! */ -+ DEVLINK_ATTR_UNSPEC, -+ -+ /* bus name + dev name together are a handle for devlink entity */ -+ DEVLINK_ATTR_BUS_NAME, /* string */ -+ DEVLINK_ATTR_DEV_NAME, /* string */ -+ -+ DEVLINK_ATTR_PORT_INDEX, /* u32 */ -+ DEVLINK_ATTR_PORT_TYPE, /* u16 */ -+ DEVLINK_ATTR_PORT_DESIRED_TYPE, /* u16 */ -+ DEVLINK_ATTR_PORT_NETDEV_IFINDEX, /* u32 */ -+ DEVLINK_ATTR_PORT_NETDEV_NAME, /* string */ -+ DEVLINK_ATTR_PORT_IBDEV_NAME, /* string */ -+ DEVLINK_ATTR_PORT_SPLIT_COUNT, /* u32 */ -+ DEVLINK_ATTR_PORT_SPLIT_GROUP, /* u32 */ -+ -+ /* add new attributes above here, update the policy in devlink.c */ -+ -+ __DEVLINK_ATTR_MAX, -+ DEVLINK_ATTR_MAX = __DEVLINK_ATTR_MAX - 1 -+}; -+ -+#endif /* _LINUX_DEVLINK_H_ */ -diff --git a/include/linux/genetlink.h b/include/linux/genetlink.h -index 8a1d500..e792092 100644 ---- a/include/linux/genetlink.h -+++ b/include/linux/genetlink.h -@@ -21,6 +21,7 @@ struct genlmsghdr { - #define GENL_CMD_CAP_DO 0x02 - #define GENL_CMD_CAP_DUMP 0x04 - #define GENL_CMD_CAP_HASPOL 0x08 -+#define GENL_UNS_ADMIN_PERM 0x10 - - /* - * List of reserved static generic netlink identifiers: -diff --git a/include/linux/if.h b/include/linux/if.h -index a55a9e0..5b84948 100644 ---- a/include/linux/if.h -+++ b/include/linux/if.h -@@ -19,14 +19,20 @@ - #ifndef _LINUX_IF_H - #define _LINUX_IF_H - -+#include <linux/libc-compat.h> /* for compatibility with glibc */ - #include <linux/types.h> /* for "__kernel_caddr_t" et al */ - #include <linux/socket.h> /* for "struct sockaddr" et al */ - /* for "__user" et al */ - -+#if __UAPI_DEF_IF_IFNAMSIZ - #define IFNAMSIZ 16 -+#endif /* __UAPI_DEF_IF_IFNAMSIZ */ - #define IFALIASZ 256 - #include <linux/hdlc/ioctl.h> - -+/* For glibc compatibility. An empty enum does not compile. */ -+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 && \ -+ __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 - /** - * enum net_device_flags - &struct net_device flags - * -@@ -37,7 +43,7 @@ - * are shared for all types of net_devices. The sysfs entries are available - * via /sys/class/net/<dev>/flags. Flags which can be toggled through sysfs - * are annotated below, note that only a few flags can be toggled and some -- * other flags are always always preserved from the original net_device flags -+ * other flags are always preserved from the original net_device flags - * even if you try to set them via sysfs. Flags which are always preserved - * are kept under the flag grouping @IFF_VOLATILE. Flags which are __volatile__ - * are annotated below as such. -@@ -68,6 +74,8 @@ - * @IFF_ECHO: echo sent packets. Volatile. - */ - enum net_device_flags { -+/* for compatibility with glibc net/if.h */ -+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS - IFF_UP = 1<<0, /* sysfs */ - IFF_BROADCAST = 1<<1, /* __volatile__ */ - IFF_DEBUG = 1<<2, /* sysfs */ -@@ -84,11 +92,17 @@ enum net_device_flags { - IFF_PORTSEL = 1<<13, /* sysfs */ - IFF_AUTOMEDIA = 1<<14, /* sysfs */ - IFF_DYNAMIC = 1<<15, /* sysfs */ -+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS */ -+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO - IFF_LOWER_UP = 1<<16, /* __volatile__ */ - IFF_DORMANT = 1<<17, /* __volatile__ */ - IFF_ECHO = 1<<18, /* __volatile__ */ -+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */ - }; -+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 && __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 */ - -+/* for compatibility with glibc net/if.h */ -+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS - #define IFF_UP IFF_UP - #define IFF_BROADCAST IFF_BROADCAST - #define IFF_DEBUG IFF_DEBUG -@@ -105,9 +119,13 @@ enum net_device_flags { - #define IFF_PORTSEL IFF_PORTSEL - #define IFF_AUTOMEDIA IFF_AUTOMEDIA - #define IFF_DYNAMIC IFF_DYNAMIC -+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS */ -+ -+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO - #define IFF_LOWER_UP IFF_LOWER_UP - #define IFF_DORMANT IFF_DORMANT - #define IFF_ECHO IFF_ECHO -+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */ - - #define IFF_VOLATILE (IFF_LOOPBACK|IFF_POINTOPOINT|IFF_BROADCAST|IFF_ECHO|\ - IFF_MASTER|IFF_SLAVE|IFF_RUNNING|IFF_LOWER_UP|IFF_DORMANT) -@@ -166,6 +184,8 @@ enum { - * being very small might be worth keeping for clean configuration. - */ - -+/* for compatibility with glibc net/if.h */ -+#if __UAPI_DEF_IF_IFMAP - struct ifmap { - unsigned long mem_start; - unsigned long mem_end; -@@ -175,6 +195,7 @@ struct ifmap { - unsigned char port; - /* 3 bytes spare */ - }; -+#endif /* __UAPI_DEF_IF_IFMAP */ - - struct if_settings { - unsigned int type; /* Type of physical device or protocol */ -@@ -200,6 +221,8 @@ struct if_settings { - * remainder may be interface specific. - */ - -+/* for compatibility with glibc net/if.h */ -+#if __UAPI_DEF_IF_IFREQ - struct ifreq { - #define IFHWADDRLEN 6 - union -@@ -223,6 +246,7 @@ struct ifreq { - struct if_settings ifru_settings; - } ifr_ifru; - }; -+#endif /* __UAPI_DEF_IF_IFREQ */ - - #define ifr_name ifr_ifrn.ifrn_name /* interface name */ - #define ifr_hwaddr ifr_ifru.ifru_hwaddr /* MAC address */ -@@ -249,6 +273,8 @@ struct ifreq { - * must know all networks accessible). - */ - -+/* for compatibility with glibc net/if.h */ -+#if __UAPI_DEF_IF_IFCONF - struct ifconf { - int ifc_len; /* size of buffer */ - union { -@@ -256,6 +282,8 @@ struct ifconf { - struct ifreq *ifcu_req; - } ifc_ifcu; - }; -+#endif /* __UAPI_DEF_IF_IFCONF */ -+ - #define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */ - #define ifc_req ifc_ifcu.ifcu_req /* array of structures */ - -diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h -index f24050b..8de96b7 100644 ---- a/include/linux/if_bridge.h -+++ b/include/linux/if_bridge.h -@@ -127,6 +127,7 @@ enum { - #define BRIDGE_VLAN_INFO_UNTAGGED (1<<2) /* VLAN egresses untagged */ - #define BRIDGE_VLAN_INFO_RANGE_BEGIN (1<<3) /* VLAN is start of vlan range */ - #define BRIDGE_VLAN_INFO_RANGE_END (1<<4) /* VLAN is end of vlan range */ -+#define BRIDGE_VLAN_INFO_BRENTRY (1<<5) /* Global bridge VLAN entry */ - - struct bridge_vlan_info { - __u16 flags; -@@ -136,11 +137,17 @@ struct bridge_vlan_info { - /* Bridge multicast database attributes - * [MDBA_MDB] = { - * [MDBA_MDB_ENTRY] = { -- * [MDBA_MDB_ENTRY_INFO] -+ * [MDBA_MDB_ENTRY_INFO] { -+ * struct br_mdb_entry -+ * [MDBA_MDB_EATTR attributes] -+ * } - * } - * } - * [MDBA_ROUTER] = { -- * [MDBA_ROUTER_PORT] -+ * [MDBA_ROUTER_PORT] = { -+ * u32 ifindex -+ * [MDBA_ROUTER_PATTR attributes] -+ * } - * } - */ - enum { -@@ -165,6 +172,22 @@ enum { - }; - #define MDBA_MDB_ENTRY_MAX (__MDBA_MDB_ENTRY_MAX - 1) - -+/* per mdb entry additional attributes */ -+enum { -+ MDBA_MDB_EATTR_UNSPEC, -+ MDBA_MDB_EATTR_TIMER, -+ __MDBA_MDB_EATTR_MAX -+}; -+#define MDBA_MDB_EATTR_MAX (__MDBA_MDB_EATTR_MAX - 1) -+ -+/* multicast router types */ -+enum { -+ MDB_RTR_TYPE_DISABLED, -+ MDB_RTR_TYPE_TEMP_QUERY, -+ MDB_RTR_TYPE_PERM, -+ MDB_RTR_TYPE_TEMP -+}; -+ - enum { - MDBA_ROUTER_UNSPEC, - MDBA_ROUTER_PORT, -@@ -172,6 +195,15 @@ enum { - }; - #define MDBA_ROUTER_MAX (__MDBA_ROUTER_MAX - 1) - -+/* router port attributes */ -+enum { -+ MDBA_ROUTER_PATTR_UNSPEC, -+ MDBA_ROUTER_PATTR_TIMER, -+ MDBA_ROUTER_PATTR_TYPE, -+ __MDBA_ROUTER_PATTR_MAX -+}; -+#define MDBA_ROUTER_PATTR_MAX (__MDBA_ROUTER_PATTR_MAX - 1) -+ - struct br_port_msg { - __u8 family; - __u32 ifindex; -@@ -182,6 +214,8 @@ struct br_mdb_entry { - #define MDB_TEMPORARY 0 - #define MDB_PERMANENT 1 - __u8 state; -+#define MDB_FLAGS_OFFLOAD (1 << 0) -+ __u8 flags; - __u16 vid; - struct { - union { -diff --git a/include/linux/if_ether.h b/include/linux/if_ether.h -index bf278d6..8f3b0f4 100644 ---- a/include/linux/if_ether.h -+++ b/include/linux/if_ether.h -@@ -83,6 +83,7 @@ - #define ETH_P_8021AD 0x88A8 /* 802.1ad Service VLAN */ - #define ETH_P_802_EX1 0x88B5 /* 802.1 Local Experimental 1. */ - #define ETH_P_TIPC 0x88CA /* TIPC */ -+#define ETH_P_MACSEC 0x88E5 /* 802.1ae MACsec */ - #define ETH_P_8021AH 0x88E7 /* 802.1ah Backbone Service Tag */ - #define ETH_P_MVRP 0x88F5 /* 802.1Q MVRP */ - #define ETH_P_1588 0x88F7 /* IEEE 1588 Timesync */ -diff --git a/include/linux/if_link.h b/include/linux/if_link.h -index 73b5556..6a688e8 100644 ---- a/include/linux/if_link.h -+++ b/include/linux/if_link.h -@@ -35,6 +35,8 @@ struct rtnl_link_stats { - /* for cslip etc */ - __u32 rx_compressed; - __u32 tx_compressed; -+ -+ __u32 rx_nohandler; /* dropped, no handler found */ - }; - - /* The main device statistics structure */ -@@ -68,6 +70,8 @@ struct rtnl_link_stats64 { - /* for cslip etc */ - __u64 rx_compressed; - __u64 tx_compressed; -+ -+ __u64 rx_nohandler; /* dropped, no handler found */ - }; - - /* The struct should be in sync with struct ifmap */ -@@ -149,6 +153,8 @@ enum { - IFLA_LINK_NETNSID, - IFLA_PHYS_PORT_NAME, - IFLA_PROTO_DOWN, -+ IFLA_GSO_MAX_SEGS, -+ IFLA_GSO_MAX_SIZE, - __IFLA_MAX - }; - -@@ -216,6 +222,7 @@ enum in6_addr_gen_mode { - IN6_ADDR_GEN_MODE_EUI64, - IN6_ADDR_GEN_MODE_NONE, - IN6_ADDR_GEN_MODE_STABLE_PRIVACY, -+ IN6_ADDR_GEN_MODE_RANDOM, - }; - - /* Bridge section */ -@@ -230,11 +237,47 @@ enum { - IFLA_BR_PRIORITY, - IFLA_BR_VLAN_FILTERING, - IFLA_BR_VLAN_PROTOCOL, -+ IFLA_BR_GROUP_FWD_MASK, -+ IFLA_BR_ROOT_ID, -+ IFLA_BR_BRIDGE_ID, -+ IFLA_BR_ROOT_PORT, -+ IFLA_BR_ROOT_PATH_COST, -+ IFLA_BR_TOPOLOGY_CHANGE, -+ IFLA_BR_TOPOLOGY_CHANGE_DETECTED, -+ IFLA_BR_HELLO_TIMER, -+ IFLA_BR_TCN_TIMER, -+ IFLA_BR_TOPOLOGY_CHANGE_TIMER, -+ IFLA_BR_GC_TIMER, -+ IFLA_BR_GROUP_ADDR, -+ IFLA_BR_FDB_FLUSH, -+ IFLA_BR_MCAST_ROUTER, -+ IFLA_BR_MCAST_SNOOPING, -+ IFLA_BR_MCAST_QUERY_USE_IFADDR, -+ IFLA_BR_MCAST_QUERIER, -+ IFLA_BR_MCAST_HASH_ELASTICITY, -+ IFLA_BR_MCAST_HASH_MAX, -+ IFLA_BR_MCAST_LAST_MEMBER_CNT, -+ IFLA_BR_MCAST_STARTUP_QUERY_CNT, -+ IFLA_BR_MCAST_LAST_MEMBER_INTVL, -+ IFLA_BR_MCAST_MEMBERSHIP_INTVL, -+ IFLA_BR_MCAST_QUERIER_INTVL, -+ IFLA_BR_MCAST_QUERY_INTVL, -+ IFLA_BR_MCAST_QUERY_RESPONSE_INTVL, -+ IFLA_BR_MCAST_STARTUP_QUERY_INTVL, -+ IFLA_BR_NF_CALL_IPTABLES, -+ IFLA_BR_NF_CALL_IP6TABLES, -+ IFLA_BR_NF_CALL_ARPTABLES, -+ IFLA_BR_VLAN_DEFAULT_PVID, - __IFLA_BR_MAX, - }; - - #define IFLA_BR_MAX (__IFLA_BR_MAX - 1) - -+struct ifla_bridge_id { -+ __u8 prio[2]; -+ __u8 addr[6]; /* ETH_ALEN */ -+}; -+ - enum { - BRIDGE_MODE_UNSPEC, - BRIDGE_MODE_HAIRPIN, -@@ -254,6 +297,19 @@ enum { - IFLA_BRPORT_PROXYARP, /* proxy ARP */ - IFLA_BRPORT_LEARNING_SYNC, /* mac learning sync from device */ - IFLA_BRPORT_PROXYARP_WIFI, /* proxy ARP for Wi-Fi */ -+ IFLA_BRPORT_ROOT_ID, /* designated root */ -+ IFLA_BRPORT_BRIDGE_ID, /* designated bridge */ -+ IFLA_BRPORT_DESIGNATED_PORT, -+ IFLA_BRPORT_DESIGNATED_COST, -+ IFLA_BRPORT_ID, -+ IFLA_BRPORT_NO, -+ IFLA_BRPORT_TOPOLOGY_CHANGE_ACK, -+ IFLA_BRPORT_CONFIG_PENDING, -+ IFLA_BRPORT_MESSAGE_AGE_TIMER, -+ IFLA_BRPORT_FORWARD_DELAY_TIMER, -+ IFLA_BRPORT_HOLD_TIMER, -+ IFLA_BRPORT_FLUSH, -+ IFLA_BRPORT_MULTICAST_ROUTER, - __IFLA_BRPORT_MAX - }; - #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) -@@ -349,6 +405,43 @@ enum { - - #define IFLA_VRF_MAX (__IFLA_VRF_MAX - 1) - -+enum { -+ IFLA_VRF_PORT_UNSPEC, -+ IFLA_VRF_PORT_TABLE, -+ __IFLA_VRF_PORT_MAX -+}; -+ -+#define IFLA_VRF_PORT_MAX (__IFLA_VRF_PORT_MAX - 1) -+ -+/* MACSEC section */ -+enum { -+ IFLA_MACSEC_UNSPEC, -+ IFLA_MACSEC_SCI, -+ IFLA_MACSEC_PORT, -+ IFLA_MACSEC_ICV_LEN, -+ IFLA_MACSEC_CIPHER_SUITE, -+ IFLA_MACSEC_WINDOW, -+ IFLA_MACSEC_ENCODING_SA, -+ IFLA_MACSEC_ENCRYPT, -+ IFLA_MACSEC_PROTECT, -+ IFLA_MACSEC_INC_SCI, -+ IFLA_MACSEC_ES, -+ IFLA_MACSEC_SCB, -+ IFLA_MACSEC_REPLAY_PROTECT, -+ IFLA_MACSEC_VALIDATION, -+ __IFLA_MACSEC_MAX, -+}; -+ -+#define IFLA_MACSEC_MAX (__IFLA_MACSEC_MAX - 1) -+ -+enum macsec_validation_type { -+ MACSEC_VALIDATE_DISABLED = 0, -+ MACSEC_VALIDATE_CHECK = 1, -+ MACSEC_VALIDATE_STRICT = 2, -+ __MACSEC_VALIDATE_END, -+ MACSEC_VALIDATE_MAX = __MACSEC_VALIDATE_END - 1, -+}; -+ - /* IPVLAN section */ - enum { - IFLA_IPVLAN_UNSPEC, -@@ -392,6 +485,7 @@ enum { - IFLA_VXLAN_GBP, - IFLA_VXLAN_REMCSUM_NOPARTIAL, - IFLA_VXLAN_COLLECT_METADATA, -+ IFLA_VXLAN_LABEL, - __IFLA_VXLAN_MAX - }; - #define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1) -@@ -505,6 +599,8 @@ enum { - */ - IFLA_VF_STATS, /* network device statistics */ - IFLA_VF_TRUST, /* Trust VF */ -+ IFLA_VF_IB_NODE_GUID, /* VF Infiniband node GUID */ -+ IFLA_VF_IB_PORT_GUID, /* VF Infiniband port GUID */ - __IFLA_VF_MAX, - }; - -@@ -537,6 +633,11 @@ struct ifla_vf_spoofchk { - __u32 setting; - }; - -+struct ifla_vf_guid { -+ __u32 vf; -+ __u64 guid; -+}; -+ - enum { - IFLA_VF_LINK_STATE_AUTO, /* link state of the uplink */ - IFLA_VF_LINK_STATE_ENABLE, /* link always up */ -diff --git a/include/linux/ila.h b/include/linux/ila.h -new file mode 100644 -index 0000000..4f9e1de ---- /dev/null -+++ b/include/linux/ila.h -@@ -0,0 +1,37 @@ -+/* ila.h - ILA Interface */ -+ -+#ifndef _LINUX_ILA_H -+#define _LINUX_ILA_H -+ -+/* NETLINK_GENERIC related info */ -+#define ILA_GENL_NAME "ila" -+#define ILA_GENL_VERSION 0x1 -+ -+enum { -+ ILA_ATTR_UNSPEC, -+ ILA_ATTR_LOCATOR, /* u64 */ -+ ILA_ATTR_IDENTIFIER, /* u64 */ -+ ILA_ATTR_LOCATOR_MATCH, /* u64 */ -+ ILA_ATTR_IFINDEX, /* s32 */ -+ ILA_ATTR_DIR, /* u32 */ -+ -+ __ILA_ATTR_MAX, -+}; -+ -+#define ILA_ATTR_MAX (__ILA_ATTR_MAX - 1) -+ -+enum { -+ ILA_CMD_UNSPEC, -+ ILA_CMD_ADD, -+ ILA_CMD_DEL, -+ ILA_CMD_GET, -+ -+ __ILA_CMD_MAX, -+}; -+ -+#define ILA_CMD_MAX (__ILA_CMD_MAX - 1) -+ -+#define ILA_DIR_IN (1 << 0) -+#define ILA_DIR_OUT (1 << 1) -+ -+#endif /* _LINUX_ILA_H */ -diff --git a/include/linux/in6.h b/include/linux/in6.h -index 994f4c2..aa5b66d 100644 ---- a/include/linux/in6.h -+++ b/include/linux/in6.h -@@ -196,6 +196,7 @@ struct in6_flowlabel_req { - - #define IPV6_IPSEC_POLICY 34 - #define IPV6_XFRM_POLICY 35 -+#define IPV6_HDRINCL 36 - #endif - - /* -diff --git a/include/linux/libc-compat.h b/include/linux/libc-compat.h -index 9bed5b6..b3c2085 100644 ---- a/include/linux/libc-compat.h -+++ b/include/linux/libc-compat.h -@@ -51,6 +51,40 @@ - /* We have included glibc headers... */ - #if defined(__GLIBC__) - -+/* Coordinate with glibc net/if.h header. */ -+#if defined(_NET_IF_H) -+ -+/* GLIBC headers included first so don't define anything -+ * that would already be defined. */ -+ -+#define __UAPI_DEF_IF_IFCONF 0 -+#define __UAPI_DEF_IF_IFMAP 0 -+#define __UAPI_DEF_IF_IFNAMSIZ 0 -+#define __UAPI_DEF_IF_IFREQ 0 -+/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */ -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 0 -+/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */ -+#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1 -+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */ -+ -+#else /* _NET_IF_H */ -+ -+/* Linux headers included first, and we must define everything -+ * we need. The expectation is that glibc will check the -+ * __UAPI_DEF_* defines and adjust appropriately. */ -+ -+#define __UAPI_DEF_IF_IFCONF 1 -+#define __UAPI_DEF_IF_IFMAP 1 -+#define __UAPI_DEF_IF_IFNAMSIZ 1 -+#define __UAPI_DEF_IF_IFREQ 1 -+/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */ -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1 -+/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */ -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1 -+ -+#endif /* _NET_IF_H */ -+ - /* Coordinate with glibc netinet/in.h header. */ - #if defined(_NETINET_IN_H) - -@@ -117,6 +151,16 @@ - * that we need. */ - #else /* !defined(__GLIBC__) */ - -+/* Definitions for if.h */ -+#define __UAPI_DEF_IF_IFCONF 1 -+#define __UAPI_DEF_IF_IFMAP 1 -+#define __UAPI_DEF_IF_IFNAMSIZ 1 -+#define __UAPI_DEF_IF_IFREQ 1 -+/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */ -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1 -+/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */ -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1 -+ - /* Definitions for in.h */ - #define __UAPI_DEF_IN_ADDR 1 - #define __UAPI_DEF_IN_IPPROTO 1 -diff --git a/include/linux/lwtunnel.h b/include/linux/lwtunnel.h -new file mode 100644 -index 0000000..1d2f4f6 ---- /dev/null -+++ b/include/linux/lwtunnel.h -@@ -0,0 +1,43 @@ -+#ifndef _LWTUNNEL_H_ -+#define _LWTUNNEL_H_ -+ -+#include <linux/types.h> -+ -+enum lwtunnel_encap_types { -+ LWTUNNEL_ENCAP_NONE, -+ LWTUNNEL_ENCAP_MPLS, -+ LWTUNNEL_ENCAP_IP, -+ LWTUNNEL_ENCAP_ILA, -+ LWTUNNEL_ENCAP_IP6, -+ __LWTUNNEL_ENCAP_MAX, -+}; -+ -+#define LWTUNNEL_ENCAP_MAX (__LWTUNNEL_ENCAP_MAX - 1) -+ -+enum lwtunnel_ip_t { -+ LWTUNNEL_IP_UNSPEC, -+ LWTUNNEL_IP_ID, -+ LWTUNNEL_IP_DST, -+ LWTUNNEL_IP_SRC, -+ LWTUNNEL_IP_TTL, -+ LWTUNNEL_IP_TOS, -+ LWTUNNEL_IP_FLAGS, -+ __LWTUNNEL_IP_MAX, -+}; -+ -+#define LWTUNNEL_IP_MAX (__LWTUNNEL_IP_MAX - 1) -+ -+enum lwtunnel_ip6_t { -+ LWTUNNEL_IP6_UNSPEC, -+ LWTUNNEL_IP6_ID, -+ LWTUNNEL_IP6_DST, -+ LWTUNNEL_IP6_SRC, -+ LWTUNNEL_IP6_HOPLIMIT, -+ LWTUNNEL_IP6_TC, -+ LWTUNNEL_IP6_FLAGS, -+ __LWTUNNEL_IP6_MAX, -+}; -+ -+#define LWTUNNEL_IP6_MAX (__LWTUNNEL_IP6_MAX - 1) -+ -+#endif /* _LWTUNNEL_H_ */ -diff --git a/include/linux/mpls_iptunnel.h b/include/linux/mpls_iptunnel.h -new file mode 100644 -index 0000000..4132c3c ---- /dev/null -+++ b/include/linux/mpls_iptunnel.h -@@ -0,0 +1,28 @@ -+/* -+ * mpls tunnel api -+ * -+ * Authors: -+ * Roopa Prabhu <roopa@cumulusnetworks.com> -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ */ -+ -+#ifndef _LINUX_MPLS_IPTUNNEL_H -+#define _LINUX_MPLS_IPTUNNEL_H -+ -+/* MPLS tunnel attributes -+ * [RTA_ENCAP] = { -+ * [MPLS_IPTUNNEL_DST] -+ * } -+ */ -+enum { -+ MPLS_IPTUNNEL_UNSPEC, -+ MPLS_IPTUNNEL_DST, -+ __MPLS_IPTUNNEL_MAX, -+}; -+#define MPLS_IPTUNNEL_MAX (__MPLS_IPTUNNEL_MAX - 1) -+ -+#endif /* _LINUX_MPLS_IPTUNNEL_H */ -diff --git a/include/linux/netconf.h b/include/linux/netconf.h -index 7210fe4..70306a8 100644 ---- a/include/linux/netconf.h -+++ b/include/linux/netconf.h -@@ -19,6 +19,7 @@ enum { - __NETCONFA_MAX - }; - #define NETCONFA_MAX (__NETCONFA_MAX - 1) -+#define NETCONFA_ALL -1 - - #define NETCONFA_IFINDEX_ALL -1 - #define NETCONFA_IFINDEX_DEFAULT -2 -diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h -index 38542b4..456fb86 100644 ---- a/include/linux/netfilter_ipv4/ip_tables.h -+++ b/include/linux/netfilter_ipv4/ip_tables.h -@@ -17,6 +17,7 @@ - - #include <linux/types.h> - -+#include <linux/if.h> - #include <linux/netfilter_ipv4.h> - - #include <linux/netfilter/x_tables.h> -diff --git a/include/linux/netlink.h b/include/linux/netlink.h -index 352b5b8..8a7ca5c 100644 ---- a/include/linux/netlink.h -+++ b/include/linux/netlink.h -@@ -54,6 +54,7 @@ struct nlmsghdr { - #define NLM_F_ACK 4 /* Reply with ack, with zero or error code */ - #define NLM_F_ECHO 8 /* Echo this request */ - #define NLM_F_DUMP_INTR 16 /* Dump was inconsistent due to sequence change */ -+#define NLM_F_DUMP_FILTERED 32 /* Dump was filtered as requested */ - - /* Modifiers to GET request */ - #define NLM_F_ROOT 0x100 /* specify tree root */ -diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h -index 25af89f..b69358b 100644 ---- a/include/linux/pkt_cls.h -+++ b/include/linux/pkt_cls.h -@@ -33,6 +33,7 @@ enum { - #define TC_ACT_STOLEN 4 - #define TC_ACT_QUEUED 5 - #define TC_ACT_REPEAT 6 -+#define TC_ACT_REDIRECT 7 - #define TC_ACT_JUMP 0x10000000 - - /* Action type identifiers*/ -@@ -117,6 +118,7 @@ enum { - TCA_U32_INDEV, - TCA_U32_PCNT, - TCA_U32_MARK, -+ TCA_U32_FLAGS, - __TCA_U32_MAX - }; - -@@ -319,6 +321,8 @@ enum { - - /* BPF classifier */ - -+#define TCA_BPF_FLAG_ACT_DIRECT (1 << 0) -+ - enum { - TCA_BPF_UNSPEC, - TCA_BPF_ACT, -@@ -328,6 +332,7 @@ enum { - TCA_BPF_OPS, - TCA_BPF_FD, - TCA_BPF_NAME, -+ TCA_BPF_FLAGS, - __TCA_BPF_MAX, - }; - -@@ -358,6 +363,8 @@ enum { - TCA_FLOWER_KEY_TCP_DST, /* be16 */ - TCA_FLOWER_KEY_UDP_SRC, /* be16 */ - TCA_FLOWER_KEY_UDP_DST, /* be16 */ -+ -+ TCA_FLOWER_FLAGS, - __TCA_FLOWER_MAX, - }; - -diff --git a/include/linux/pkt_sched.h b/include/linux/pkt_sched.h -index 8d2530d..8cb18b4 100644 ---- a/include/linux/pkt_sched.h -+++ b/include/linux/pkt_sched.h -@@ -72,6 +72,10 @@ struct tc_estimator { - #define TC_H_UNSPEC (0U) - #define TC_H_ROOT (0xFFFFFFFFU) - #define TC_H_INGRESS (0xFFFFFFF1U) -+#define TC_H_CLSACT TC_H_INGRESS -+ -+#define TC_H_MIN_INGRESS 0xFFF2U -+#define TC_H_MIN_EGRESS 0xFFF3U - - /* Need to corrospond to iproute2 tc/tc_core.h "enum link_layer" */ - enum tc_link_layer { -diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h -index 3244947..6aaa2a3 100644 ---- a/include/linux/rtnetlink.h -+++ b/include/linux/rtnetlink.h -@@ -270,6 +270,7 @@ enum rt_scope_t { - #define RTM_F_CLONED 0x200 /* This route is cloned */ - #define RTM_F_EQUALIZE 0x400 /* Multipath equalizer: NI */ - #define RTM_F_PREFIX 0x800 /* Prefix addresses */ -+#define RTM_F_LOOKUP_TABLE 0x1000 /* set rtm_table to FIB lookup result */ - - /* Reserved table identifiers */ - -@@ -310,6 +311,7 @@ enum rtattr_type_t { - RTA_PREF, - RTA_ENCAP_TYPE, - RTA_ENCAP, -+ RTA_EXPIRES, - __RTA_MAX - }; - -@@ -664,6 +666,7 @@ struct tcamsg { - #define RTEXT_FILTER_VF (1 << 0) - #define RTEXT_FILTER_BRVLAN (1 << 1) - #define RTEXT_FILTER_BRVLAN_COMPRESSED (1 << 2) -+#define RTEXT_FILTER_SKIP_STATS (1 << 3) - - /* End of information exported to user level */ - -diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h -index 024e1f4..dafcb89 100644 ---- a/include/linux/sock_diag.h -+++ b/include/linux/sock_diag.h -@@ -4,6 +4,7 @@ - #include <linux/types.h> - - #define SOCK_DIAG_BY_FAMILY 20 -+#define SOCK_DESTROY 21 - - struct sock_diag_req { - __u8 sdiag_family; -diff --git a/include/linux/tc_act/tc_ife.h b/include/linux/tc_act/tc_ife.h -new file mode 100644 -index 0000000..d648ff6 ---- /dev/null -+++ b/include/linux/tc_act/tc_ife.h -@@ -0,0 +1,38 @@ -+#ifndef __UAPI_TC_IFE_H -+#define __UAPI_TC_IFE_H -+ -+#include <linux/types.h> -+#include <linux/pkt_cls.h> -+ -+#define TCA_ACT_IFE 25 -+/* Flag bits for now just encoding/decoding; mutually exclusive */ -+#define IFE_ENCODE 1 -+#define IFE_DECODE 0 -+ -+struct tc_ife { -+ tc_gen; -+ __u16 flags; -+}; -+ -+/*XXX: We need to encode the total number of bytes consumed */ -+enum { -+ TCA_IFE_UNSPEC, -+ TCA_IFE_PARMS, -+ TCA_IFE_TM, -+ TCA_IFE_DMAC, -+ TCA_IFE_SMAC, -+ TCA_IFE_TYPE, -+ TCA_IFE_METALST, -+ __TCA_IFE_MAX -+}; -+#define TCA_IFE_MAX (__TCA_IFE_MAX - 1) -+ -+#define IFE_META_SKBMARK 1 -+#define IFE_META_HASHID 2 -+#define IFE_META_PRIO 3 -+#define IFE_META_QMAP 4 -+/*Can be overridden at runtime by module option*/ -+#define __IFE_META_MAX 5 -+#define IFE_META_MAX (__IFE_META_MAX - 1) -+ -+#endif -diff --git a/include/linux/tcp.h b/include/linux/tcp.h -index 1e9b4a6..7f21db9 100644 ---- a/include/linux/tcp.h -+++ b/include/linux/tcp.h -@@ -196,6 +196,11 @@ struct tcp_info { - __u64 tcpi_bytes_received; /* RFC4898 tcpEStatsAppHCThruOctetsReceived */ - __u32 tcpi_segs_out; /* RFC4898 tcpEStatsPerfSegsOut */ - __u32 tcpi_segs_in; /* RFC4898 tcpEStatsPerfSegsIn */ -+ -+ __u32 tcpi_notsent_bytes; -+ __u32 tcpi_min_rtt; -+ __u32 tcpi_data_segs_in; /* RFC4898 tcpEStatsDataSegsIn */ -+ __u32 tcpi_data_segs_out; /* RFC4898 tcpEStatsDataSegsOut */ - }; - - /* for TCP_MD5SIG socket option */ --- -1.8.3.1 - diff --git a/SOURCES/0179-add-if_macsec-header.patch b/SOURCES/0179-add-if_macsec-header.patch deleted file mode 100644 index c0236b0..0000000 --- a/SOURCES/0179-add-if_macsec-header.patch +++ /dev/null @@ -1,200 +0,0 @@ -From a55fc510ebab810aa67dcf62191eec4c4b83b472 Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 6 Jul 2016 18:41:39 +0200 -Subject: [PATCH] add if_macsec header - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1300765 -Upstream Status: iproute2.git commit 5c33c9592412 - -commit 5c33c9592412216eec32d3a8b1c21c03311c79fc -Author: Stephen Hemminger <shemming@brocade.com> -Date: Mon May 23 16:10:43 2016 -0700 - - add if_macsec header - - Current version from 4.7-pre-rc1 - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - include/linux/if_macsec.h | 169 ++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 169 insertions(+) - create mode 100644 include/linux/if_macsec.h - -diff --git a/include/linux/if_macsec.h b/include/linux/if_macsec.h -new file mode 100644 -index 0000000..cbd4faa ---- /dev/null -+++ b/include/linux/if_macsec.h -@@ -0,0 +1,169 @@ -+/* -+ * include/uapi/linux/if_macsec.h - MACsec device -+ * -+ * Copyright (c) 2015 Sabrina Dubroca <sd@queasysnail.net> -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ */ -+ -+#ifndef _MACSEC_H -+#define _MACSEC_H -+ -+#include <linux/types.h> -+ -+#define MACSEC_GENL_NAME "macsec" -+#define MACSEC_GENL_VERSION 1 -+ -+#define MACSEC_MAX_KEY_LEN 128 -+ -+#define MACSEC_KEYID_LEN 16 -+ -+#define MACSEC_DEFAULT_CIPHER_ID 0x0080020001000001ULL -+#define MACSEC_DEFAULT_CIPHER_ALT 0x0080C20001000001ULL -+ -+#define MACSEC_MIN_ICV_LEN 8 -+#define MACSEC_MAX_ICV_LEN 32 -+ -+enum macsec_attrs { -+ MACSEC_ATTR_UNSPEC, -+ MACSEC_ATTR_IFINDEX, /* u32, ifindex of the MACsec netdevice */ -+ MACSEC_ATTR_RXSC_CONFIG, /* config, nested macsec_rxsc_attrs */ -+ MACSEC_ATTR_SA_CONFIG, /* config, nested macsec_sa_attrs */ -+ MACSEC_ATTR_SECY, /* dump, nested macsec_secy_attrs */ -+ MACSEC_ATTR_TXSA_LIST, /* dump, nested, macsec_sa_attrs for each TXSA */ -+ MACSEC_ATTR_RXSC_LIST, /* dump, nested, macsec_rxsc_attrs for each RXSC */ -+ MACSEC_ATTR_TXSC_STATS, /* dump, nested, macsec_txsc_stats_attr */ -+ MACSEC_ATTR_SECY_STATS, /* dump, nested, macsec_secy_stats_attr */ -+ __MACSEC_ATTR_END, -+ NUM_MACSEC_ATTR = __MACSEC_ATTR_END, -+ MACSEC_ATTR_MAX = __MACSEC_ATTR_END - 1, -+}; -+ -+enum macsec_secy_attrs { -+ MACSEC_SECY_ATTR_UNSPEC, -+ MACSEC_SECY_ATTR_SCI, -+ MACSEC_SECY_ATTR_ENCODING_SA, -+ MACSEC_SECY_ATTR_WINDOW, -+ MACSEC_SECY_ATTR_CIPHER_SUITE, -+ MACSEC_SECY_ATTR_ICV_LEN, -+ MACSEC_SECY_ATTR_PROTECT, -+ MACSEC_SECY_ATTR_REPLAY, -+ MACSEC_SECY_ATTR_OPER, -+ MACSEC_SECY_ATTR_VALIDATE, -+ MACSEC_SECY_ATTR_ENCRYPT, -+ MACSEC_SECY_ATTR_INC_SCI, -+ MACSEC_SECY_ATTR_ES, -+ MACSEC_SECY_ATTR_SCB, -+ MACSEC_SECY_ATTR_PAD, -+ __MACSEC_SECY_ATTR_END, -+ NUM_MACSEC_SECY_ATTR = __MACSEC_SECY_ATTR_END, -+ MACSEC_SECY_ATTR_MAX = __MACSEC_SECY_ATTR_END - 1, -+}; -+ -+enum macsec_rxsc_attrs { -+ MACSEC_RXSC_ATTR_UNSPEC, -+ MACSEC_RXSC_ATTR_SCI, /* config/dump, u64 */ -+ MACSEC_RXSC_ATTR_ACTIVE, /* config/dump, u8 0..1 */ -+ MACSEC_RXSC_ATTR_SA_LIST, /* dump, nested */ -+ MACSEC_RXSC_ATTR_STATS, /* dump, nested, macsec_rxsc_stats_attr */ -+ MACSEC_RXSC_ATTR_PAD, -+ __MACSEC_RXSC_ATTR_END, -+ NUM_MACSEC_RXSC_ATTR = __MACSEC_RXSC_ATTR_END, -+ MACSEC_RXSC_ATTR_MAX = __MACSEC_RXSC_ATTR_END - 1, -+}; -+ -+enum macsec_sa_attrs { -+ MACSEC_SA_ATTR_UNSPEC, -+ MACSEC_SA_ATTR_AN, /* config/dump, u8 0..3 */ -+ MACSEC_SA_ATTR_ACTIVE, /* config/dump, u8 0..1 */ -+ MACSEC_SA_ATTR_PN, /* config/dump, u32 */ -+ MACSEC_SA_ATTR_KEY, /* config, data */ -+ MACSEC_SA_ATTR_KEYID, /* config/dump, 128-bit */ -+ MACSEC_SA_ATTR_STATS, /* dump, nested, macsec_sa_stats_attr */ -+ MACSEC_SA_ATTR_PAD, -+ __MACSEC_SA_ATTR_END, -+ NUM_MACSEC_SA_ATTR = __MACSEC_SA_ATTR_END, -+ MACSEC_SA_ATTR_MAX = __MACSEC_SA_ATTR_END - 1, -+}; -+ -+enum macsec_nl_commands { -+ MACSEC_CMD_GET_TXSC, -+ MACSEC_CMD_ADD_RXSC, -+ MACSEC_CMD_DEL_RXSC, -+ MACSEC_CMD_UPD_RXSC, -+ MACSEC_CMD_ADD_TXSA, -+ MACSEC_CMD_DEL_TXSA, -+ MACSEC_CMD_UPD_TXSA, -+ MACSEC_CMD_ADD_RXSA, -+ MACSEC_CMD_DEL_RXSA, -+ MACSEC_CMD_UPD_RXSA, -+}; -+ -+/* u64 per-RXSC stats */ -+enum macsec_rxsc_stats_attr { -+ MACSEC_RXSC_STATS_ATTR_UNSPEC, -+ MACSEC_RXSC_STATS_ATTR_IN_OCTETS_VALIDATED, -+ MACSEC_RXSC_STATS_ATTR_IN_OCTETS_DECRYPTED, -+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNCHECKED, -+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_DELAYED, -+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_OK, -+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_INVALID, -+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_LATE, -+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_VALID, -+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_USING_SA, -+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNUSED_SA, -+ MACSEC_RXSC_STATS_ATTR_PAD, -+ __MACSEC_RXSC_STATS_ATTR_END, -+ NUM_MACSEC_RXSC_STATS_ATTR = __MACSEC_RXSC_STATS_ATTR_END, -+ MACSEC_RXSC_STATS_ATTR_MAX = __MACSEC_RXSC_STATS_ATTR_END - 1, -+}; -+ -+/* u32 per-{RX,TX}SA stats */ -+enum macsec_sa_stats_attr { -+ MACSEC_SA_STATS_ATTR_UNSPEC, -+ MACSEC_SA_STATS_ATTR_IN_PKTS_OK, -+ MACSEC_SA_STATS_ATTR_IN_PKTS_INVALID, -+ MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_VALID, -+ MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_USING_SA, -+ MACSEC_SA_STATS_ATTR_IN_PKTS_UNUSED_SA, -+ MACSEC_SA_STATS_ATTR_OUT_PKTS_PROTECTED, -+ MACSEC_SA_STATS_ATTR_OUT_PKTS_ENCRYPTED, -+ __MACSEC_SA_STATS_ATTR_END, -+ NUM_MACSEC_SA_STATS_ATTR = __MACSEC_SA_STATS_ATTR_END, -+ MACSEC_SA_STATS_ATTR_MAX = __MACSEC_SA_STATS_ATTR_END - 1, -+}; -+ -+/* u64 per-TXSC stats */ -+enum macsec_txsc_stats_attr { -+ MACSEC_TXSC_STATS_ATTR_UNSPEC, -+ MACSEC_TXSC_STATS_ATTR_OUT_PKTS_PROTECTED, -+ MACSEC_TXSC_STATS_ATTR_OUT_PKTS_ENCRYPTED, -+ MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_PROTECTED, -+ MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_ENCRYPTED, -+ MACSEC_TXSC_STATS_ATTR_PAD, -+ __MACSEC_TXSC_STATS_ATTR_END, -+ NUM_MACSEC_TXSC_STATS_ATTR = __MACSEC_TXSC_STATS_ATTR_END, -+ MACSEC_TXSC_STATS_ATTR_MAX = __MACSEC_TXSC_STATS_ATTR_END - 1, -+}; -+ -+/* u64 per-SecY stats */ -+enum macsec_secy_stats_attr { -+ MACSEC_SECY_STATS_ATTR_UNSPEC, -+ MACSEC_SECY_STATS_ATTR_OUT_PKTS_UNTAGGED, -+ MACSEC_SECY_STATS_ATTR_IN_PKTS_UNTAGGED, -+ MACSEC_SECY_STATS_ATTR_OUT_PKTS_TOO_LONG, -+ MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_TAG, -+ MACSEC_SECY_STATS_ATTR_IN_PKTS_BAD_TAG, -+ MACSEC_SECY_STATS_ATTR_IN_PKTS_UNKNOWN_SCI, -+ MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_SCI, -+ MACSEC_SECY_STATS_ATTR_IN_PKTS_OVERRUN, -+ MACSEC_SECY_STATS_ATTR_PAD, -+ __MACSEC_SECY_STATS_ATTR_END, -+ NUM_MACSEC_SECY_STATS_ATTR = __MACSEC_SECY_STATS_ATTR_END, -+ MACSEC_SECY_STATS_ATTR_MAX = __MACSEC_SECY_STATS_ATTR_END - 1, -+}; -+ -+#endif /* _MACSEC_H */ --- -1.8.3.1 - diff --git a/SOURCES/0180-configure-Add-check-for-the-doc-tools.patch b/SOURCES/0180-configure-Add-check-for-the-doc-tools.patch deleted file mode 100644 index 8a3c390..0000000 --- a/SOURCES/0180-configure-Add-check-for-the-doc-tools.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 1ded94f66819e69ddf8a3e68924d978873ac400e Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:29:56 +0200 -Subject: [PATCH] configure: Add check for the doc tools - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit 10ed8b7f67513 - -commit 10ed8b7f6751305c78596bd5b8732bfccbd69e21 -Author: vadimk <vadim4j@gmail.com> -Date: Sun Nov 30 18:08:25 2014 +0200 - - configure: Add check for the doc tools - - Added checking existence of the doc files converters. - If the XXX tool exists then HAVE_XXX:=y will be written - to the Config file. Example of the configure script output: - - TC schedulers - ATM no - IPT using xtables - IPSET yes - - iptables modules directory: /usr/lib/iptables - libc has setns: yes - SELinux support: no - - Docs - latex: no - WARNING: no docs can be built from LaTeX files - sgml2html: yes - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> ---- - configure | 23 ++++++++++++++++++++++- - 1 file changed, 22 insertions(+), 1 deletion(-) - -diff --git a/configure b/configure -index d5170f0..c3dacdb 100755 ---- a/configure -+++ b/configure -@@ -7,6 +7,24 @@ INCLUDE=${1:-"$PWD/include"} - TMPDIR=$(mktemp -d config.XXXXXX) - trap 'status=$?; rm -rf $TMPDIR; exit $status' EXIT HUP INT QUIT TERM - -+check_prog() -+{ -+ echo -n "$2" -+ command -v $1 >/dev/null 2>&1 && (echo "$3:=y" >> Config; echo "yes") || (echo "no"; return 1) -+} -+ -+check_docs() -+{ -+ if check_prog latex " latex: " HAVE_LATEX; then -+ check_prog pdflatex " pdflatex: " HAVE_PDFLATEX || echo " WARNING: no PDF docs can be built from LaTeX files" -+ check_prog sgml2latex " sgml2latex: " HAVE_SGML2LATEX || echo " WARNING: no LaTeX files can be build from SGML files" -+ else -+ echo " WARNING: no docs can be built from LaTeX files" -+ fi -+ -+ check_prog sgml2html " sgml2html: " HAVE_SGML2HTML || echo " WARNING: no HTML docs can be built from SGML" -+} -+ - check_toolchain() - { - : ${PKG_CONFIG:=pkg-config} -@@ -260,7 +278,7 @@ check_ipt - echo -n " IPSET " - check_ipset - --echo -n "iptables modules directory: " -+echo -n -e "\niptables modules directory: " - check_ipt_lib_dir - - echo -n "libc has setns: " -@@ -268,3 +286,6 @@ check_setns - - echo -n "SELinux support: " - check_selinux -+ -+echo -e "\nDocs" -+check_docs --- -1.8.3.1 - diff --git a/SOURCES/0181-configure-Check-for-libmnl.patch b/SOURCES/0181-configure-Check-for-libmnl.patch deleted file mode 100644 index 340e574..0000000 --- a/SOURCES/0181-configure-Check-for-libmnl.patch +++ /dev/null @@ -1,59 +0,0 @@ -From f827299674966fbd0cbc13a243323f8ea7fbcc8d Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:29:56 +0200 -Subject: [PATCH] configure: Check for libmnl - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit b6907403efd9d -Conflicts: Context changes due to missing commit - 11c39b5e98a16 ("tc: add eBPF support to f_bpf"). - -commit b6907403efd9d64ed5a140d3bc6e23773452bef9 -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Fri May 29 13:27:41 2015 +0300 - - configure: Check for libmnl - - Indicate existence of libmnl which is required by tipc. - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> ---- - configure | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/configure b/configure -index c3dacdb..b270ace 100755 ---- a/configure -+++ b/configure -@@ -261,6 +261,17 @@ check_selinux() - fi - } - -+check_mnl() -+{ -+ if ${PKG_CONFIG} libmnl --exists -+ then -+ echo "HAVE_MNL:=y" >>Config -+ echo -n "yes" -+ else -+ echo -n "no" -+ fi -+} -+ - echo "# Generated config based on" $INCLUDE >Config - check_toolchain - -@@ -287,5 +298,10 @@ check_setns - echo -n "SELinux support: " - check_selinux - -+echo -n "libmnl support: " -+check_mnl -+echo " (required by tipc)" -+ - echo -e "\nDocs" - check_docs -+echo "" --- -1.8.3.1 - diff --git a/SOURCES/0182-configure-cleanup.patch b/SOURCES/0182-configure-cleanup.patch deleted file mode 100644 index 5a80b89..0000000 --- a/SOURCES/0182-configure-cleanup.patch +++ /dev/null @@ -1,48 +0,0 @@ -From b0c8d9f05f7241b3c8ea8ecc92853109a4fa9762 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:30:52 +0200 -Subject: [PATCH] configure: cleanup - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit aaf70458028a2 - -commit aaf70458028a243f0d60bbe82b787bdb1f3b9a31 -Author: Stephen Hemminger <shemming@brocade.com> -Date: Thu Jun 25 15:10:22 2015 -0400 - - configure: cleanup - - Don't echo "-e" when using builtin echo in bash. ---- - configure | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/configure b/configure -index b270ace..6672277 100755 ---- a/configure -+++ b/configure -@@ -289,7 +289,8 @@ check_ipt - echo -n " IPSET " - check_ipset - --echo -n -e "\niptables modules directory: " -+echo -+echo -n "iptables modules directory: " - check_ipt_lib_dir - - echo -n "libc has setns: " -@@ -300,8 +301,8 @@ check_selinux - - echo -n "libmnl support: " - check_mnl --echo " (required by tipc)" - --echo -e "\nDocs" -+echo -+echo -n "docs:" - check_docs --echo "" -+echo --- -1.8.3.1 - diff --git a/SOURCES/0183-include-add-linked-list-implementation-from-kernel.patch b/SOURCES/0183-include-add-linked-list-implementation-from-kernel.patch deleted file mode 100644 index 89981f1..0000000 --- a/SOURCES/0183-include-add-linked-list-implementation-from-kernel.patch +++ /dev/null @@ -1,237 +0,0 @@ -From 48a71ae76f5b7535f787a34b34162c2235550261 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:31:01 +0200 -Subject: [PATCH] include: add linked list implementation from kernel - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit 4952b45946d73 -Conflicts: Dropped changes in tc/tc_class.c since commit d954b34a1f8d8 - ("tc class: Show classes as ASCII graph") is missing. - -commit 4952b45946d73a4e5dd673928cf50327251de1de -Author: Jiri Pirko <jiri@mellanox.com> -Date: Tue Mar 22 10:02:20 2016 +0100 - - include: add linked list implementation from kernel - - Rename hlist.h to list.h while adding it to be aligned with kernel - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - include/hlist.h | 56 ---------------------------- - include/list.h | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - ip/ipnetns.c | 2 +- - lib/ll_map.c | 2 +- - 4 files changed, 114 insertions(+), 58 deletions(-) - delete mode 100644 include/hlist.h - create mode 100644 include/list.h - -diff --git a/include/hlist.h b/include/hlist.h -deleted file mode 100644 -index 4e8de9e..0000000 ---- a/include/hlist.h -+++ /dev/null -@@ -1,56 +0,0 @@ --#ifndef __HLIST_H__ --#define __HLIST_H__ 1 --/* Hash list stuff from kernel */ -- --#include <stddef.h> -- --#define container_of(ptr, type, member) ({ \ -- const typeof( ((type *)0)->member ) *__mptr = (ptr); \ -- (type *)( (char *)__mptr - offsetof(type,member) );}) -- --struct hlist_head { -- struct hlist_node *first; --}; -- --struct hlist_node { -- struct hlist_node *next, **pprev; --}; -- --static inline void hlist_del(struct hlist_node *n) --{ -- struct hlist_node *next = n->next; -- struct hlist_node **pprev = n->pprev; -- *pprev = next; -- if (next) -- next->pprev = pprev; --} -- --static inline void hlist_add_head(struct hlist_node *n, struct hlist_head *h) --{ -- struct hlist_node *first = h->first; -- n->next = first; -- if (first) -- first->pprev = &n->next; -- h->first = n; -- n->pprev = &h->first; --} -- --#define hlist_for_each(pos, head) \ -- for (pos = (head)->first; pos ; pos = pos->next) -- -- --#define hlist_for_each_safe(pos, n, head) \ -- for (pos = (head)->first; pos && ({ n = pos->next; 1; }); \ -- pos = n) -- --#define hlist_entry_safe(ptr, type, member) \ -- ({ typeof(ptr) ____ptr = (ptr); \ -- ____ptr ? hlist_entry(____ptr, type, member) : NULL; \ -- }) -- --#define hlist_for_each_entry(pos, head, member) \ -- for (pos = hlist_entry_safe((head)->first, typeof(*(pos)), member);\ -- pos; \ -- pos = hlist_entry_safe((pos)->member.next, typeof(*(pos)), member)) -- --#endif /* __HLIST_H__ */ -diff --git a/include/list.h b/include/list.h -new file mode 100644 -index 0000000..cdebe4d ---- /dev/null -+++ b/include/list.h -@@ -0,0 +1,112 @@ -+#ifndef __LIST_H__ -+#define __LIST_H__ 1 -+/* List and hash list stuff from kernel */ -+ -+#include <stddef.h> -+ -+#define container_of(ptr, type, member) ({ \ -+ const typeof( ((type *)0)->member ) *__mptr = (ptr); \ -+ (type *)( (char *)__mptr - offsetof(type,member) );}) -+ -+struct list_head { -+ struct list_head *next, *prev; -+}; -+ -+static inline void INIT_LIST_HEAD(struct list_head *list) -+{ -+ list->next = list; -+ list->prev = list; -+} -+ -+static inline void __list_add(struct list_head *new, -+ struct list_head *prev, -+ struct list_head *next) -+{ -+ next->prev = new; -+ new->next = next; -+ new->prev = prev; -+ prev->next = new; -+} -+ -+static inline void list_add(struct list_head *new, struct list_head *head) -+{ -+ __list_add(new, head, head->next); -+} -+ -+static inline void __list_del(struct list_head *prev, struct list_head *next) -+{ -+ next->prev = prev; -+ prev->next = next; -+} -+ -+static inline void list_del(struct list_head *entry) -+{ -+ __list_del(entry->prev, entry->next); -+} -+ -+#define list_entry(ptr, type, member) \ -+ container_of(ptr, type, member) -+ -+#define list_first_entry(ptr, type, member) \ -+ list_entry((ptr)->next, type, member) -+ -+#define list_next_entry(pos, member) \ -+ list_entry((pos)->member.next, typeof(*(pos)), member) -+ -+#define list_for_each_entry(pos, head, member) \ -+ for (pos = list_first_entry(head, typeof(*pos), member); \ -+ &pos->member != (head); \ -+ pos = list_next_entry(pos, member)) -+ -+#define list_for_each_entry_safe(pos, n, head, member) \ -+ for (pos = list_first_entry(head, typeof(*pos), member), \ -+ n = list_next_entry(pos, member); \ -+ &pos->member != (head); \ -+ pos = n, n = list_next_entry(n, member)) -+ -+struct hlist_head { -+ struct hlist_node *first; -+}; -+ -+struct hlist_node { -+ struct hlist_node *next, **pprev; -+}; -+ -+static inline void hlist_del(struct hlist_node *n) -+{ -+ struct hlist_node *next = n->next; -+ struct hlist_node **pprev = n->pprev; -+ *pprev = next; -+ if (next) -+ next->pprev = pprev; -+} -+ -+static inline void hlist_add_head(struct hlist_node *n, struct hlist_head *h) -+{ -+ struct hlist_node *first = h->first; -+ n->next = first; -+ if (first) -+ first->pprev = &n->next; -+ h->first = n; -+ n->pprev = &h->first; -+} -+ -+#define hlist_for_each(pos, head) \ -+ for (pos = (head)->first; pos ; pos = pos->next) -+ -+ -+#define hlist_for_each_safe(pos, n, head) \ -+ for (pos = (head)->first; pos && ({ n = pos->next; 1; }); \ -+ pos = n) -+ -+#define hlist_entry_safe(ptr, type, member) \ -+ ({ typeof(ptr) ____ptr = (ptr); \ -+ ____ptr ? hlist_entry(____ptr, type, member) : NULL; \ -+ }) -+ -+#define hlist_for_each_entry(pos, head, member) \ -+ for (pos = hlist_entry_safe((head)->first, typeof(*(pos)), member);\ -+ pos; \ -+ pos = hlist_entry_safe((pos)->member.next, typeof(*(pos)), member)) -+ -+#endif /* __LIST_H__ */ -diff --git a/ip/ipnetns.c b/ip/ipnetns.c -index 2c848bc..ef05ff3 100644 ---- a/ip/ipnetns.c -+++ b/ip/ipnetns.c -@@ -19,7 +19,7 @@ - #include <linux/net_namespace.h> - - #include "utils.h" --#include "hlist.h" -+#include "list.h" - #include "ip_common.h" - #include "namespace.h" - -diff --git a/lib/ll_map.c b/lib/ll_map.c -index c6f7027..fa14a77 100644 ---- a/lib/ll_map.c -+++ b/lib/ll_map.c -@@ -22,7 +22,7 @@ - - #include "libnetlink.h" - #include "ll_map.h" --#include "hlist.h" -+#include "list.h" - - struct ll_cache { - struct hlist_node idx_hash; --- -1.8.3.1 - diff --git a/SOURCES/0184-add-devlink-tool.patch b/SOURCES/0184-add-devlink-tool.patch deleted file mode 100644 index 9a6dbda..0000000 --- a/SOURCES/0184-add-devlink-tool.patch +++ /dev/null @@ -1,1713 +0,0 @@ -From f6e5ebe6d481c6785c7b6b8b9888620087669a1c Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:32:36 +0200 -Subject: [PATCH] add devlink tool - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit a3c4b484a1edd -Conflicts: Context changed due to missing tipc utility. - -commit a3c4b484a1eddc87fbb66812a2453d840bc89f35 -Author: Jiri Pirko <jiri@mellanox.com> -Date: Tue Mar 22 10:02:21 2016 +0100 - - add devlink tool - - Add new tool called devlink which is userspace counterpart of devlink - Netlink socket. - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - Makefile | 2 +- - devlink/Makefile | 20 + - devlink/devlink.c | 986 +++++++++++++++++++++++++++++++++++++++++++++ - devlink/mnlg.c | 274 +++++++++++++ - devlink/mnlg.h | 27 ++ - man/man8/devlink-dev.8 | 58 +++ - man/man8/devlink-monitor.8 | 36 ++ - man/man8/devlink-port.8 | 126 ++++++ - man/man8/devlink.8 | 83 ++++ - 9 files changed, 1611 insertions(+), 1 deletion(-) - create mode 100644 devlink/Makefile - create mode 100644 devlink/devlink.c - create mode 100644 devlink/mnlg.c - create mode 100644 devlink/mnlg.h - create mode 100644 man/man8/devlink-dev.8 - create mode 100644 man/man8/devlink-monitor.8 - create mode 100644 man/man8/devlink-port.8 - create mode 100644 man/man8/devlink.8 - -diff --git a/Makefile b/Makefile -index 18faee4..d50512f 100644 ---- a/Makefile -+++ b/Makefile -@@ -36,7 +36,7 @@ WFLAGS += -Wmissing-declarations -Wold-style-definition -Wformat=2 - CFLAGS := $(WFLAGS) $(CCOPTS) -I../include $(DEFINES) $(CFLAGS) - YACCFLAGS = -d -t -v - --SUBDIRS=lib ip tc bridge misc netem genl man -+SUBDIRS=lib ip tc bridge misc netem genl devlink man - - LIBNETLINK=../lib/libnetlink.a ../lib/libutil.a - LDLIBS += $(LIBNETLINK) -diff --git a/devlink/Makefile b/devlink/Makefile -new file mode 100644 -index 0000000..3fdaa69 ---- /dev/null -+++ b/devlink/Makefile -@@ -0,0 +1,20 @@ -+include ../Config -+ifeq ($(HAVE_MNL),y) -+ -+DEVLINKOBJ = devlink.o mnlg.o -+TARGETS=devlink -+ -+CFLAGS += $(shell $(PKG_CONFIG) libmnl --cflags) -+LDLIBS += $(shell $(PKG_CONFIG) libmnl --libs) -+ -+endif -+ -+all: $(TARGETS) $(LIBS) -+ -+devlink: $(DEVLINKOBJ) -+ -+install: all -+ install -m 0755 $(TARGETS) $(DESTDIR)$(SBINDIR) -+ -+clean: -+ rm -f $(DEVLINKOBJ) $(TARGETS) -diff --git a/devlink/devlink.c b/devlink/devlink.c -new file mode 100644 -index 0000000..c2da850 ---- /dev/null -+++ b/devlink/devlink.c -@@ -0,0 +1,986 @@ -+/* -+ * devlink.c Devlink tool -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Jiri Pirko <jiri@mellanox.com> -+ */ -+ -+#include <stdio.h> -+#include <stdlib.h> -+#include <string.h> -+#include <stdbool.h> -+#include <unistd.h> -+#include <getopt.h> -+#include <limits.h> -+#include <errno.h> -+#include <linux/genetlink.h> -+#include <linux/devlink.h> -+#include <libmnl/libmnl.h> -+ -+#include "SNAPSHOT.h" -+#include "list.h" -+#include "mnlg.h" -+ -+#define pr_err(args...) fprintf(stderr, ##args) -+#define pr_out(args...) fprintf(stdout, ##args) -+ -+static int _mnlg_socket_recv_run(struct mnlg_socket *nlg, -+ mnl_cb_t data_cb, void *data) -+{ -+ int err; -+ -+ err = mnlg_socket_recv_run(nlg, data_cb, data); -+ if (err < 0) { -+ pr_err("devlink answers: %s\n", strerror(errno)); -+ return -errno; -+ } -+ return 0; -+} -+ -+static int _mnlg_socket_sndrcv(struct mnlg_socket *nlg, -+ const struct nlmsghdr *nlh, -+ mnl_cb_t data_cb, void *data) -+{ -+ int err; -+ -+ err = mnlg_socket_send(nlg, nlh); -+ if (err < 0) { -+ pr_err("Failed to call mnlg_socket_send\n"); -+ return -errno; -+ } -+ return _mnlg_socket_recv_run(nlg, data_cb, data); -+} -+ -+static int _mnlg_socket_group_add(struct mnlg_socket *nlg, -+ const char *group_name) -+{ -+ int err; -+ -+ err = mnlg_socket_group_add(nlg, group_name); -+ if (err < 0) { -+ pr_err("Failed to call mnlg_socket_group_add\n"); -+ return -errno; -+ } -+ return 0; -+} -+ -+struct ifname_map { -+ struct list_head list; -+ char *bus_name; -+ char *dev_name; -+ uint32_t port_index; -+ char *ifname; -+}; -+ -+static struct ifname_map *ifname_map_alloc(const char *bus_name, -+ const char *dev_name, -+ uint32_t port_index, -+ const char *ifname) -+{ -+ struct ifname_map *ifname_map; -+ -+ ifname_map = calloc(1, sizeof(*ifname_map)); -+ if (!ifname_map) -+ return NULL; -+ ifname_map->bus_name = strdup(bus_name); -+ ifname_map->dev_name = strdup(dev_name); -+ ifname_map->port_index = port_index; -+ ifname_map->ifname = strdup(ifname); -+ if (!ifname_map->bus_name || !ifname_map->dev_name || -+ !ifname_map->ifname) { -+ free(ifname_map->ifname); -+ free(ifname_map->dev_name); -+ free(ifname_map->bus_name); -+ free(ifname_map); -+ return NULL; -+ } -+ return ifname_map; -+} -+ -+static void ifname_map_free(struct ifname_map *ifname_map) -+{ -+ free(ifname_map->ifname); -+ free(ifname_map->dev_name); -+ free(ifname_map->bus_name); -+ free(ifname_map); -+} -+ -+struct dl { -+ struct mnlg_socket *nlg; -+ struct list_head ifname_map_list; -+ int argc; -+ char **argv; -+}; -+ -+static int dl_argc(struct dl *dl) -+{ -+ return dl->argc; -+} -+ -+static char *dl_argv(struct dl *dl) -+{ -+ if (dl_argc(dl) == 0) -+ return NULL; -+ return *dl->argv; -+} -+ -+static void dl_arg_inc(struct dl *dl) -+{ -+ if (dl_argc(dl) == 0) -+ return; -+ dl->argc--; -+ dl->argv++; -+} -+ -+static char *dl_argv_next(struct dl *dl) -+{ -+ char *ret; -+ -+ if (dl_argc(dl) == 0) -+ return NULL; -+ -+ ret = *dl->argv; -+ dl_arg_inc(dl); -+ return ret; -+} -+ -+static char *dl_argv_index(struct dl *dl, unsigned int index) -+{ -+ if (index >= dl_argc(dl)) -+ return NULL; -+ return dl->argv[index]; -+} -+ -+static int strcmpx(const char *str1, const char *str2) -+{ -+ if (strlen(str1) > strlen(str2)) -+ return -1; -+ return strncmp(str1, str2, strlen(str1)); -+} -+ -+static bool dl_argv_match(struct dl *dl, const char *pattern) -+{ -+ if (dl_argc(dl) == 0) -+ return false; -+ return strcmpx(dl_argv(dl), pattern) == 0; -+} -+ -+static bool dl_no_arg(struct dl *dl) -+{ -+ return dl_argc(dl) == 0; -+} -+ -+static int attr_cb(const struct nlattr *attr, void *data) -+{ -+ const struct nlattr **tb = data; -+ int type; -+ -+ type = mnl_attr_get_type(attr); -+ -+ if (mnl_attr_type_valid(attr, DEVLINK_ATTR_MAX) < 0) -+ return MNL_CB_ERROR; -+ -+ if (type == DEVLINK_ATTR_BUS_NAME && -+ mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_DEV_NAME && -+ mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_PORT_INDEX && -+ mnl_attr_validate(attr, MNL_TYPE_U32) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_PORT_TYPE && -+ mnl_attr_validate(attr, MNL_TYPE_U16) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_PORT_DESIRED_TYPE && -+ mnl_attr_validate(attr, MNL_TYPE_U16) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_PORT_NETDEV_IFINDEX && -+ mnl_attr_validate(attr, MNL_TYPE_U32) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_PORT_NETDEV_NAME && -+ mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_PORT_IBDEV_NAME && -+ mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0) -+ return MNL_CB_ERROR; -+ tb[type] = attr; -+ return MNL_CB_OK; -+} -+ -+static int ifname_map_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ struct dl *dl = data; -+ struct ifname_map *ifname_map; -+ const char *bus_name; -+ const char *dev_name; -+ uint32_t port_ifindex; -+ const char *port_ifname; -+ -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || -+ !tb[DEVLINK_ATTR_PORT_INDEX]) -+ return MNL_CB_ERROR; -+ -+ if (!tb[DEVLINK_ATTR_PORT_NETDEV_NAME]) -+ return MNL_CB_OK; -+ -+ bus_name = mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]); -+ dev_name = mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME]); -+ port_ifindex = mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX]); -+ port_ifname = mnl_attr_get_str(tb[DEVLINK_ATTR_PORT_NETDEV_NAME]); -+ ifname_map = ifname_map_alloc(bus_name, dev_name, -+ port_ifindex, port_ifname); -+ if (!ifname_map) -+ return MNL_CB_ERROR; -+ list_add(&ifname_map->list, &dl->ifname_map_list); -+ -+ return MNL_CB_OK; -+} -+ -+static void ifname_map_fini(struct dl *dl) -+{ -+ struct ifname_map *ifname_map, *tmp; -+ -+ list_for_each_entry_safe(ifname_map, tmp, -+ &dl->ifname_map_list, list) { -+ list_del(&ifname_map->list); -+ ifname_map_free(ifname_map); -+ } -+} -+ -+static int ifname_map_init(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ int err; -+ -+ INIT_LIST_HEAD(&dl->ifname_map_list); -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_PORT_GET, -+ NLM_F_REQUEST | NLM_F_ACK | NLM_F_DUMP); -+ -+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, ifname_map_cb, dl); -+ if (err) { -+ ifname_map_fini(dl); -+ return err; -+ } -+ return 0; -+} -+ -+static int ifname_map_lookup(struct dl *dl, const char *ifname, -+ char **p_bus_name, char **p_dev_name, -+ uint32_t *p_port_index) -+{ -+ struct ifname_map *ifname_map; -+ -+ list_for_each_entry(ifname_map, &dl->ifname_map_list, list) { -+ if (strcmp(ifname, ifname_map->ifname) == 0) { -+ *p_bus_name = ifname_map->bus_name; -+ *p_dev_name = ifname_map->dev_name; -+ *p_port_index = ifname_map->port_index; -+ return 0; -+ } -+ } -+ return -ENOENT; -+} -+ -+static unsigned int strslashcount(char *str) -+{ -+ unsigned int count = 0; -+ char *pos = str; -+ -+ while ((pos = strchr(pos, '/'))) { -+ count++; -+ pos++; -+ } -+ return count; -+} -+ -+static int strslashrsplit(char *str, char **before, char **after) -+{ -+ char *slash; -+ -+ slash = strrchr(str, '/'); -+ if (!slash) -+ return -EINVAL; -+ *slash = '\0'; -+ *before = str; -+ *after = slash + 1; -+ return 0; -+} -+ -+static int strtouint32_t(const char *str, uint32_t *p_val) -+{ -+ char *endptr; -+ unsigned long int val; -+ -+ val = strtoul(str, &endptr, 10); -+ if (endptr == str || *endptr != '\0') -+ return -EINVAL; -+ if (val > UINT_MAX) -+ return -ERANGE; -+ *p_val = val; -+ return 0; -+} -+ -+static int dl_argv_put_handle(struct nlmsghdr *nlh, struct dl *dl) -+{ -+ char *str = dl_argv_next(dl); -+ char *bus_name = bus_name; -+ char *dev_name = dev_name; -+ -+ if (!str) { -+ pr_err("Devlink identification (\"bus_name/dev_name\") expected\n"); -+ return -EINVAL; -+ } -+ if (strslashcount(str) != 1) { -+ pr_err("Wrong devlink identification string format.\n"); -+ pr_err("Expected \"bus_name/dev_name\".\n"); -+ return -EINVAL; -+ } -+ -+ strslashrsplit(str, &bus_name, &dev_name); -+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_BUS_NAME, bus_name); -+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_DEV_NAME, dev_name); -+ return 0; -+} -+ -+static int dl_argv_put_handle_port(struct nlmsghdr *nlh, struct dl *dl) -+{ -+ char *str = dl_argv_next(dl); -+ unsigned int slash_count; -+ char *bus_name = bus_name; -+ char *dev_name = dev_name; -+ uint32_t port_index = port_index; -+ int err; -+ -+ if (!str) { -+ pr_err("Port identification (\"bus_name/dev_name/port_index\" or \"netdev ifname\") expected.\n"); -+ return -EINVAL; -+ } -+ slash_count = strslashcount(str); -+ if (slash_count != 2 && slash_count != 0) { -+ pr_err("Wrong port identification string format.\n"); -+ pr_err("Expected \"bus_name/dev_name/port_index\" or \"netdev_ifname\".\n"); -+ return -EINVAL; -+ } -+ -+ if (slash_count == 2) { -+ char *handlestr = handlestr; -+ char *portstr = portstr; -+ -+ err = strslashrsplit(str, &handlestr, &portstr); -+ err = strtouint32_t(portstr, &port_index); -+ if (err) { -+ pr_err("Port index \"%s\" is not a number or not within range\n", -+ portstr); -+ return err; -+ } -+ strslashrsplit(handlestr, &bus_name, &dev_name); -+ } else if (slash_count == 0) { -+ err = ifname_map_lookup(dl, str, &bus_name, &dev_name, -+ &port_index); -+ if (err) { -+ pr_err("Netdevice \"%s\" not found\n", str); -+ return err; -+ } -+ } -+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_BUS_NAME, bus_name); -+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_DEV_NAME, dev_name); -+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_PORT_INDEX, port_index); -+ return 0; -+} -+ -+static int dl_argv_uint32_t(struct dl *dl, uint32_t *p_val) -+{ -+ char *str = dl_argv_next(dl); -+ int err; -+ -+ if (!str) { -+ pr_err("Unsigned number argument expected\n"); -+ return -EINVAL; -+ } -+ -+ err = strtouint32_t(str, p_val); -+ if (err) { -+ pr_err("\"%s\" is not a number or not within range\n", str); -+ return err; -+ } -+ return 0; -+} -+ -+static int dl_argv_str(struct dl *dl, const char **p_str) -+{ -+ const char *str = dl_argv_next(dl); -+ -+ if (!str) { -+ pr_err("String parameter expected\n"); -+ return -EINVAL; -+ } -+ *p_str = str; -+ return 0; -+} -+ -+static int port_type_get(const char *typestr, enum devlink_port_type *p_type) -+{ -+ if (strcmp(typestr, "auto") == 0) { -+ *p_type = DEVLINK_PORT_TYPE_AUTO; -+ } else if (strcmp(typestr, "eth") == 0) { -+ *p_type = DEVLINK_PORT_TYPE_ETH; -+ } else if (strcmp(typestr, "ib") == 0) { -+ *p_type = DEVLINK_PORT_TYPE_IB; -+ } else { -+ pr_err("Unknown port type \"%s\"\n", typestr); -+ return -EINVAL; -+ } -+ return 0; -+} -+ -+#define BIT(nr) (1UL << (nr)) -+#define DL_OPT_HANDLE BIT(0) -+#define DL_OPT_HANDLEP BIT(1) -+#define DL_OPT_PORT_TYPE BIT(2) -+#define DL_OPT_PORT_COUNT BIT(3) -+ -+static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl, -+ uint32_t o_required, uint32_t o_optional) -+{ -+ uint32_t o_all = o_required | o_optional; -+ uint32_t o_found = 0; -+ int err; -+ -+ if (o_required & DL_OPT_HANDLE) { -+ err = dl_argv_put_handle(nlh, dl); -+ if (err) -+ return err; -+ } else if (o_required & DL_OPT_HANDLEP) { -+ err = dl_argv_put_handle_port(nlh, dl); -+ if (err) -+ return err; -+ } -+ -+ while (dl_argc(dl)) { -+ if (dl_argv_match(dl, "type") && -+ (o_all & DL_OPT_PORT_TYPE)) { -+ enum devlink_port_type port_type; -+ const char *typestr; -+ -+ dl_arg_inc(dl); -+ err = dl_argv_str(dl, &typestr); -+ if (err) -+ return err; -+ err = port_type_get(typestr, &port_type); -+ if (err) -+ return err; -+ mnl_attr_put_u16(nlh, DEVLINK_ATTR_PORT_TYPE, -+ port_type); -+ o_found |= DL_OPT_PORT_TYPE; -+ } else if (dl_argv_match(dl, "count") && -+ (o_all & DL_OPT_PORT_COUNT)) { -+ uint32_t count; -+ -+ dl_arg_inc(dl); -+ err = dl_argv_uint32_t(dl, &count); -+ if (err) -+ return err; -+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_PORT_SPLIT_COUNT, -+ count); -+ o_found |= DL_OPT_PORT_COUNT; -+ } else { -+ pr_err("Unknown option \"%s\"\n", dl_argv(dl)); -+ return -EINVAL; -+ } -+ } -+ -+ if ((o_required & DL_OPT_PORT_TYPE) && !(o_found & DL_OPT_PORT_TYPE)) { -+ pr_err("Port type option expected.\n"); -+ return -EINVAL; -+ } -+ -+ if ((o_required & DL_OPT_PORT_COUNT) && -+ !(o_found & DL_OPT_PORT_COUNT)) { -+ pr_err("Port split count option expected.\n"); -+ return -EINVAL; -+ } -+ -+ return 0; -+} -+ -+static void cmd_dev_help(void) -+{ -+ pr_out("Usage: devlink dev show [ DEV ]\n"); -+} -+ -+static void pr_out_handle(struct nlattr **tb) -+{ -+ pr_out("%s/%s", mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]), -+ mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME])); -+} -+ -+static void pr_out_dev(struct nlattr **tb) -+{ -+ pr_out_handle(tb); -+ pr_out("\n"); -+} -+ -+static int cmd_dev_show_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME]) -+ return MNL_CB_ERROR; -+ pr_out_dev(tb); -+ return MNL_CB_OK; -+} -+ -+static int cmd_dev_show(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK; -+ int err; -+ -+ if (dl_argc(dl) == 0) -+ flags |= NLM_F_DUMP; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_GET, flags); -+ -+ if (dl_argc(dl) > 0) { -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, 0); -+ if (err) -+ return err; -+ } -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_dev_show_cb, NULL); -+} -+ -+static int cmd_dev(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help")) { -+ cmd_dev_help(); -+ return 0; -+ } else if (dl_argv_match(dl, "show") || -+ dl_argv_match(dl, "list") || dl_no_arg(dl)) { -+ dl_arg_inc(dl); -+ return cmd_dev_show(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ -+static void cmd_port_help(void) -+{ -+ pr_out("Usage: devlink port show [ DEV/PORT_INDEX ]\n"); -+ pr_out(" dl port set DEV/PORT_INDEX [ type { eth | ib | auto} ]\n"); -+ pr_out(" dl port split DEV/PORT_INDEX count COUNT\n"); -+ pr_out(" dl port unsplit DEV/PORT_INDEX\n"); -+} -+ -+static const char *port_type_name(uint32_t type) -+{ -+ switch (type) { -+ case DEVLINK_PORT_TYPE_NOTSET: return "notset"; -+ case DEVLINK_PORT_TYPE_AUTO: return "auto"; -+ case DEVLINK_PORT_TYPE_ETH: return "eth"; -+ case DEVLINK_PORT_TYPE_IB: return "ib"; -+ default: return "<unknown type>"; -+ } -+} -+ -+static void pr_out_port(struct nlattr **tb) -+{ -+ struct nlattr *pt_attr = tb[DEVLINK_ATTR_PORT_TYPE]; -+ struct nlattr *dpt_attr = tb[DEVLINK_ATTR_PORT_DESIRED_TYPE]; -+ -+ pr_out_handle(tb); -+ pr_out("/%d:", mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX])); -+ if (pt_attr) { -+ uint16_t port_type = mnl_attr_get_u16(pt_attr); -+ -+ pr_out(" type %s", port_type_name(port_type)); -+ if (dpt_attr) { -+ uint16_t des_port_type = mnl_attr_get_u16(dpt_attr); -+ -+ if (port_type != des_port_type) -+ pr_out("(%s)", port_type_name(des_port_type)); -+ } -+ } -+ if (tb[DEVLINK_ATTR_PORT_NETDEV_NAME]) -+ pr_out(" netdev %s", -+ mnl_attr_get_str(tb[DEVLINK_ATTR_PORT_NETDEV_NAME])); -+ if (tb[DEVLINK_ATTR_PORT_IBDEV_NAME]) -+ pr_out(" ibdev %s", -+ mnl_attr_get_str(tb[DEVLINK_ATTR_PORT_IBDEV_NAME])); -+ if (tb[DEVLINK_ATTR_PORT_SPLIT_GROUP]) -+ pr_out(" split_group %u", -+ mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_SPLIT_GROUP])); -+ pr_out("\n"); -+} -+ -+static int cmd_port_show_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || -+ !tb[DEVLINK_ATTR_PORT_INDEX]) -+ return MNL_CB_ERROR; -+ pr_out_port(tb); -+ return MNL_CB_OK; -+} -+ -+static int cmd_port_show(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK; -+ int err; -+ -+ if (dl_argc(dl) == 0) -+ flags |= NLM_F_DUMP; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_PORT_GET, flags); -+ -+ if (dl_argc(dl) > 0) { -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP, 0); -+ if (err) -+ return err; -+ } -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_port_show_cb, NULL); -+} -+ -+static int cmd_port_set(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ int err; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_PORT_SET, -+ NLM_F_REQUEST | NLM_F_ACK); -+ -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP | DL_OPT_PORT_TYPE, 0); -+ if (err) -+ return err; -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); -+} -+ -+static int cmd_port_split(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ int err; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_PORT_SPLIT, -+ NLM_F_REQUEST | NLM_F_ACK); -+ -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP | DL_OPT_PORT_COUNT, 0); -+ if (err) -+ return err; -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); -+} -+ -+static int cmd_port_unsplit(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ int err; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_PORT_UNSPLIT, -+ NLM_F_REQUEST | NLM_F_ACK); -+ -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP, 0); -+ if (err) -+ return err; -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); -+} -+ -+static int cmd_port(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help")) { -+ cmd_port_help(); -+ return 0; -+ } else if (dl_argv_match(dl, "show") || -+ dl_argv_match(dl, "list") || dl_no_arg(dl)) { -+ dl_arg_inc(dl); -+ return cmd_port_show(dl); -+ } else if (dl_argv_match(dl, "set")) { -+ dl_arg_inc(dl); -+ return cmd_port_set(dl); -+ } else if (dl_argv_match(dl, "split")) { -+ dl_arg_inc(dl); -+ return cmd_port_split(dl); -+ } else if (dl_argv_match(dl, "unsplit")) { -+ dl_arg_inc(dl); -+ return cmd_port_unsplit(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ -+static const char *cmd_name(uint8_t cmd) -+{ -+ switch (cmd) { -+ case DEVLINK_CMD_UNSPEC: return "unspec"; -+ case DEVLINK_CMD_GET: return "get"; -+ case DEVLINK_CMD_SET: return "set"; -+ case DEVLINK_CMD_NEW: return "new"; -+ case DEVLINK_CMD_DEL: return "del"; -+ case DEVLINK_CMD_PORT_GET: return "get"; -+ case DEVLINK_CMD_PORT_SET: return "set"; -+ case DEVLINK_CMD_PORT_NEW: return "net"; -+ case DEVLINK_CMD_PORT_DEL: return "del"; -+ default: return "<unknown cmd>"; -+ } -+} -+ -+static const char *cmd_obj(uint8_t cmd) -+{ -+ switch (cmd) { -+ case DEVLINK_CMD_UNSPEC: return "unspec"; -+ case DEVLINK_CMD_GET: -+ case DEVLINK_CMD_SET: -+ case DEVLINK_CMD_NEW: -+ case DEVLINK_CMD_DEL: -+ return "dev"; -+ case DEVLINK_CMD_PORT_GET: -+ case DEVLINK_CMD_PORT_SET: -+ case DEVLINK_CMD_PORT_NEW: -+ case DEVLINK_CMD_PORT_DEL: -+ return "port"; -+ default: return "<unknown obj>"; -+ } -+} -+ -+static void pr_out_mon_header(uint8_t cmd) -+{ -+ pr_out("[%s,%s] ", cmd_obj(cmd), cmd_name(cmd)); -+} -+ -+static bool cmd_filter_check(struct dl *dl, uint8_t cmd) -+{ -+ const char *obj = cmd_obj(cmd); -+ unsigned int index = 0; -+ const char *cur_obj; -+ -+ if (dl_no_arg(dl)) -+ return true; -+ while ((cur_obj = dl_argv_index(dl, index++))) { -+ if (strcmp(cur_obj, obj) == 0 || strcmp(cur_obj, "all") == 0) -+ return true; -+ } -+ return false; -+} -+ -+static int cmd_mon_show_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct dl *dl = data; -+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ uint8_t cmd = genl->cmd; -+ -+ if (!cmd_filter_check(dl, cmd)) -+ return MNL_CB_OK; -+ -+ switch (cmd) { -+ case DEVLINK_CMD_GET: /* fall through */ -+ case DEVLINK_CMD_SET: /* fall through */ -+ case DEVLINK_CMD_NEW: /* fall through */ -+ case DEVLINK_CMD_DEL: -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME]) -+ return MNL_CB_ERROR; -+ pr_out_mon_header(genl->cmd); -+ pr_out_dev(tb); -+ break; -+ case DEVLINK_CMD_PORT_GET: /* fall through */ -+ case DEVLINK_CMD_PORT_SET: /* fall through */ -+ case DEVLINK_CMD_PORT_NEW: /* fall through */ -+ case DEVLINK_CMD_PORT_DEL: -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || -+ !tb[DEVLINK_ATTR_PORT_INDEX]) -+ return MNL_CB_ERROR; -+ pr_out_mon_header(genl->cmd); -+ pr_out_port(tb); -+ break; -+ } -+ return MNL_CB_OK; -+} -+ -+static int cmd_mon_show(struct dl *dl) -+{ -+ int err; -+ unsigned int index = 0; -+ const char *cur_obj; -+ -+ while ((cur_obj = dl_argv_index(dl, index++))) { -+ if (strcmp(cur_obj, "all") != 0 && -+ strcmp(cur_obj, "dev") != 0 && -+ strcmp(cur_obj, "port") != 0) { -+ pr_err("Unknown object \"%s\"\n", cur_obj); -+ return -EINVAL; -+ } -+ } -+ err = _mnlg_socket_group_add(dl->nlg, DEVLINK_GENL_MCGRP_CONFIG_NAME); -+ if (err) -+ return err; -+ err = _mnlg_socket_recv_run(dl->nlg, cmd_mon_show_cb, dl); -+ if (err) -+ return err; -+ return 0; -+} -+ -+static void cmd_mon_help(void) -+{ -+ pr_out("Usage: devlink monitor [ all | OBJECT-LIST ]\n" -+ "where OBJECT-LIST := { dev | port }\n"); -+} -+ -+static int cmd_mon(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help")) { -+ cmd_mon_help(); -+ return 0; -+ } else if (dl_no_arg(dl)) { -+ dl_arg_inc(dl); -+ return cmd_mon_show(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ -+static void help(void) -+{ -+ pr_out("Usage: devlink [ OPTIONS ] OBJECT { COMMAND | help }\n" -+ "where OBJECT := { dev | port | monitor }\n" -+ " OPTIONS := { -V[ersion] }\n"); -+} -+ -+static int dl_cmd(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) { -+ help(); -+ return 0; -+ } else if (dl_argv_match(dl, "dev")) { -+ dl_arg_inc(dl); -+ return cmd_dev(dl); -+ } else if (dl_argv_match(dl, "port")) { -+ dl_arg_inc(dl); -+ return cmd_port(dl); -+ } else if (dl_argv_match(dl, "monitor")) { -+ dl_arg_inc(dl); -+ return cmd_mon(dl); -+ } -+ pr_err("Object \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ -+static int dl_init(struct dl *dl, int argc, char **argv) -+{ -+ int err; -+ -+ dl->argc = argc; -+ dl->argv = argv; -+ -+ dl->nlg = mnlg_socket_open(DEVLINK_GENL_NAME, DEVLINK_GENL_VERSION); -+ if (!dl->nlg) { -+ pr_err("Failed to connect to devlink Netlink\n"); -+ return -errno; -+ } -+ -+ err = ifname_map_init(dl); -+ if (err) { -+ pr_err("Failed to create index map\n"); -+ goto err_ifname_map_create; -+ } -+ return 0; -+ -+err_ifname_map_create: -+ mnlg_socket_close(dl->nlg); -+ return err; -+} -+ -+static void dl_fini(struct dl *dl) -+{ -+ ifname_map_fini(dl); -+ mnlg_socket_close(dl->nlg); -+} -+ -+static struct dl *dl_alloc(void) -+{ -+ struct dl *dl; -+ -+ dl = calloc(1, sizeof(*dl)); -+ if (!dl) -+ return NULL; -+ return dl; -+} -+ -+static void dl_free(struct dl *dl) -+{ -+ free(dl); -+} -+ -+int main(int argc, char **argv) -+{ -+ static const struct option long_options[] = { -+ { "Version", no_argument, NULL, 'V' }, -+ { NULL, 0, NULL, 0 } -+ }; -+ struct dl *dl; -+ int opt; -+ int err; -+ int ret; -+ -+ while ((opt = getopt_long(argc, argv, "V", -+ long_options, NULL)) >= 0) { -+ -+ switch (opt) { -+ case 'V': -+ printf("devlink utility, iproute2-ss%s\n", SNAPSHOT); -+ return EXIT_SUCCESS; -+ default: -+ pr_err("Unknown option.\n"); -+ help(); -+ return EXIT_FAILURE; -+ } -+ } -+ -+ argc -= optind; -+ argv += optind; -+ -+ dl = dl_alloc(); -+ if (!dl) { -+ pr_err("Failed to allocate memory for devlink\n"); -+ return EXIT_FAILURE; -+ } -+ -+ err = dl_init(dl, argc, argv); -+ if (err) { -+ ret = EXIT_FAILURE; -+ goto dl_free; -+ } -+ -+ err = dl_cmd(dl); -+ if (err) { -+ ret = EXIT_FAILURE; -+ goto dl_fini; -+ } -+ -+ ret = EXIT_SUCCESS; -+ -+dl_fini: -+ dl_fini(dl); -+dl_free: -+ dl_free(dl); -+ -+ return ret; -+} -diff --git a/devlink/mnlg.c b/devlink/mnlg.c -new file mode 100644 -index 0000000..9e27de2 ---- /dev/null -+++ b/devlink/mnlg.c -@@ -0,0 +1,274 @@ -+/* -+ * mnlg.c Generic Netlink helpers for libmnl -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Jiri Pirko <jiri@mellanox.com> -+ */ -+ -+#include <stdlib.h> -+#include <stdbool.h> -+#include <string.h> -+#include <errno.h> -+#include <unistd.h> -+#include <time.h> -+#include <libmnl/libmnl.h> -+#include <linux/genetlink.h> -+ -+#include "mnlg.h" -+ -+struct mnlg_socket { -+ struct mnl_socket *nl; -+ char *buf; -+ uint32_t id; -+ uint8_t version; -+ unsigned int seq; -+ unsigned int portid; -+}; -+ -+static struct nlmsghdr *__mnlg_msg_prepare(struct mnlg_socket *nlg, uint8_t cmd, -+ uint16_t flags, uint32_t id, -+ uint8_t version) -+{ -+ struct nlmsghdr *nlh; -+ struct genlmsghdr *genl; -+ -+ nlh = mnl_nlmsg_put_header(nlg->buf); -+ nlh->nlmsg_type = id; -+ nlh->nlmsg_flags = flags; -+ nlg->seq = time(NULL); -+ nlh->nlmsg_seq = nlg->seq; -+ -+ genl = mnl_nlmsg_put_extra_header(nlh, sizeof(struct genlmsghdr)); -+ genl->cmd = cmd; -+ genl->version = version; -+ -+ return nlh; -+} -+ -+struct nlmsghdr *mnlg_msg_prepare(struct mnlg_socket *nlg, uint8_t cmd, -+ uint16_t flags) -+{ -+ return __mnlg_msg_prepare(nlg, cmd, flags, nlg->id, nlg->version); -+} -+ -+int mnlg_socket_send(struct mnlg_socket *nlg, const struct nlmsghdr *nlh) -+{ -+ return mnl_socket_sendto(nlg->nl, nlh, nlh->nlmsg_len); -+} -+ -+int mnlg_socket_recv_run(struct mnlg_socket *nlg, mnl_cb_t data_cb, void *data) -+{ -+ int err; -+ -+ do { -+ err = mnl_socket_recvfrom(nlg->nl, nlg->buf, -+ MNL_SOCKET_BUFFER_SIZE); -+ if (err <= 0) -+ break; -+ err = mnl_cb_run(nlg->buf, err, nlg->seq, nlg->portid, -+ data_cb, data); -+ } while (err > 0); -+ -+ return err; -+} -+ -+struct group_info { -+ bool found; -+ uint32_t id; -+ const char *name; -+}; -+ -+static int parse_mc_grps_cb(const struct nlattr *attr, void *data) -+{ -+ const struct nlattr **tb = data; -+ int type = mnl_attr_get_type(attr); -+ -+ if (mnl_attr_type_valid(attr, CTRL_ATTR_MCAST_GRP_MAX) < 0) -+ return MNL_CB_OK; -+ -+ switch (type) { -+ case CTRL_ATTR_MCAST_GRP_ID: -+ if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) -+ return MNL_CB_ERROR; -+ break; -+ case CTRL_ATTR_MCAST_GRP_NAME: -+ if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) -+ return MNL_CB_ERROR; -+ break; -+ } -+ tb[type] = attr; -+ return MNL_CB_OK; -+} -+ -+static void parse_genl_mc_grps(struct nlattr *nested, -+ struct group_info *group_info) -+{ -+ struct nlattr *pos; -+ const char *name; -+ -+ mnl_attr_for_each_nested(pos, nested) { -+ struct nlattr *tb[CTRL_ATTR_MCAST_GRP_MAX + 1] = {}; -+ -+ mnl_attr_parse_nested(pos, parse_mc_grps_cb, tb); -+ if (!tb[CTRL_ATTR_MCAST_GRP_NAME] || -+ !tb[CTRL_ATTR_MCAST_GRP_ID]) -+ continue; -+ -+ name = mnl_attr_get_str(tb[CTRL_ATTR_MCAST_GRP_NAME]); -+ if (strcmp(name, group_info->name) != 0) -+ continue; -+ -+ group_info->id = mnl_attr_get_u32(tb[CTRL_ATTR_MCAST_GRP_ID]); -+ group_info->found = true; -+ } -+} -+ -+static int get_group_id_attr_cb(const struct nlattr *attr, void *data) -+{ -+ const struct nlattr **tb = data; -+ int type = mnl_attr_get_type(attr); -+ -+ if (mnl_attr_type_valid(attr, CTRL_ATTR_MAX) < 0) -+ return MNL_CB_ERROR; -+ -+ if (type == CTRL_ATTR_MCAST_GROUPS && -+ mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) -+ return MNL_CB_ERROR; -+ tb[type] = attr; -+ return MNL_CB_OK; -+} -+ -+static int get_group_id_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct group_info *group_info = data; -+ struct nlattr *tb[CTRL_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ -+ mnl_attr_parse(nlh, sizeof(*genl), get_group_id_attr_cb, tb); -+ if (!tb[CTRL_ATTR_MCAST_GROUPS]) -+ return MNL_CB_ERROR; -+ parse_genl_mc_grps(tb[CTRL_ATTR_MCAST_GROUPS], group_info); -+ return MNL_CB_OK; -+} -+ -+int mnlg_socket_group_add(struct mnlg_socket *nlg, const char *group_name) -+{ -+ struct nlmsghdr *nlh; -+ struct group_info group_info; -+ int err; -+ -+ nlh = __mnlg_msg_prepare(nlg, CTRL_CMD_GETFAMILY, -+ NLM_F_REQUEST | NLM_F_ACK, GENL_ID_CTRL, 1); -+ mnl_attr_put_u32(nlh, CTRL_ATTR_FAMILY_ID, nlg->id); -+ -+ err = mnlg_socket_send(nlg, nlh); -+ if (err < 0) -+ return err; -+ -+ group_info.found = false; -+ group_info.name = group_name; -+ err = mnlg_socket_recv_run(nlg, get_group_id_cb, &group_info); -+ if (err < 0) -+ return err; -+ -+ if (!group_info.found) { -+ errno = ENOENT; -+ return -1; -+ } -+ -+ err = mnl_socket_setsockopt(nlg->nl, NETLINK_ADD_MEMBERSHIP, -+ &group_info.id, sizeof(group_info.id)); -+ if (err < 0) -+ return err; -+ -+ return 0; -+} -+ -+static int get_family_id_attr_cb(const struct nlattr *attr, void *data) -+{ -+ const struct nlattr **tb = data; -+ int type = mnl_attr_get_type(attr); -+ -+ if (mnl_attr_type_valid(attr, CTRL_ATTR_MAX) < 0) -+ return MNL_CB_ERROR; -+ -+ if (type == CTRL_ATTR_FAMILY_ID && -+ mnl_attr_validate(attr, MNL_TYPE_U16) < 0) -+ return MNL_CB_ERROR; -+ tb[type] = attr; -+ return MNL_CB_OK; -+} -+ -+static int get_family_id_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ uint32_t *p_id = data; -+ struct nlattr *tb[CTRL_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ -+ mnl_attr_parse(nlh, sizeof(*genl), get_family_id_attr_cb, tb); -+ if (!tb[CTRL_ATTR_FAMILY_ID]) -+ return MNL_CB_ERROR; -+ *p_id = mnl_attr_get_u16(tb[CTRL_ATTR_FAMILY_ID]); -+ return MNL_CB_OK; -+} -+ -+struct mnlg_socket *mnlg_socket_open(const char *family_name, uint8_t version) -+{ -+ struct mnlg_socket *nlg; -+ struct nlmsghdr *nlh; -+ int err; -+ -+ nlg = malloc(sizeof(*nlg)); -+ if (!nlg) -+ return NULL; -+ -+ nlg->buf = malloc(MNL_SOCKET_BUFFER_SIZE); -+ if (!nlg->buf) -+ goto err_buf_alloc; -+ -+ nlg->nl = mnl_socket_open(NETLINK_GENERIC); -+ if (!nlg->nl) -+ goto err_mnl_socket_open; -+ -+ err = mnl_socket_bind(nlg->nl, 0, MNL_SOCKET_AUTOPID); -+ if (err < 0) -+ goto err_mnl_socket_bind; -+ -+ nlg->portid = mnl_socket_get_portid(nlg->nl); -+ -+ nlh = __mnlg_msg_prepare(nlg, CTRL_CMD_GETFAMILY, -+ NLM_F_REQUEST | NLM_F_ACK, GENL_ID_CTRL, 1); -+ mnl_attr_put_strz(nlh, CTRL_ATTR_FAMILY_NAME, family_name); -+ -+ err = mnlg_socket_send(nlg, nlh); -+ if (err < 0) -+ goto err_mnlg_socket_send; -+ -+ err = mnlg_socket_recv_run(nlg, get_family_id_cb, &nlg->id); -+ if (err < 0) -+ goto err_mnlg_socket_recv_run; -+ -+ nlg->version = version; -+ return nlg; -+ -+err_mnlg_socket_recv_run: -+err_mnlg_socket_send: -+err_mnl_socket_bind: -+ mnl_socket_close(nlg->nl); -+err_mnl_socket_open: -+ free(nlg->buf); -+err_buf_alloc: -+ free(nlg); -+ return NULL; -+} -+ -+void mnlg_socket_close(struct mnlg_socket *nlg) -+{ -+ mnl_socket_close(nlg->nl); -+ free(nlg->buf); -+ free(nlg); -+} -diff --git a/devlink/mnlg.h b/devlink/mnlg.h -new file mode 100644 -index 0000000..4d1babf ---- /dev/null -+++ b/devlink/mnlg.h -@@ -0,0 +1,27 @@ -+/* -+ * mnlg.h Generic Netlink helpers for libmnl -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Jiri Pirko <jiri@mellanox.com> -+ */ -+ -+#ifndef _MNLG_H_ -+#define _MNLG_H_ -+ -+#include <libmnl/libmnl.h> -+ -+struct mnlg_socket; -+ -+struct nlmsghdr *mnlg_msg_prepare(struct mnlg_socket *nlg, uint8_t cmd, -+ uint16_t flags); -+int mnlg_socket_send(struct mnlg_socket *nlg, const struct nlmsghdr *nlh); -+int mnlg_socket_recv_run(struct mnlg_socket *nlg, mnl_cb_t data_cb, void *data); -+int mnlg_socket_group_add(struct mnlg_socket *nlg, const char *group_name); -+struct mnlg_socket *mnlg_socket_open(const char *family_name, uint8_t version); -+void mnlg_socket_close(struct mnlg_socket *nlg); -+ -+#endif /* _MNLG_H_ */ -diff --git a/man/man8/devlink-dev.8 b/man/man8/devlink-dev.8 -new file mode 100644 -index 0000000..7878d89 ---- /dev/null -+++ b/man/man8/devlink-dev.8 -@@ -0,0 +1,58 @@ -+.TH DEVLINK\-DEV 8 "14 Mar 2016" "iproute2" "Linux" -+.SH NAME -+devlink-dev \- devlink device configuration -+.SH SYNOPSIS -+.sp -+.ad l -+.in +8 -+.ti -8 -+.B devlink -+.RI "[ " OPTIONS " ]" -+.B dev -+.RI " { " COMMAND " | " -+.BR help " }" -+.sp -+ -+.ti -8 -+.IR OPTIONS " := { " -+\fB\-V\fR[\fIersion\fR] | -+ -+.ti -8 -+.B devlink dev show -+.RI "[ " DEV " ]" -+ -+.ti -8 -+.B devlink dev help -+ -+.SH "DESCRIPTION" -+.SS devlink dev show - display devlink device attributes -+ -+.PP -+.I "DEV" -+- specifies the devlink device to show. -+If this argument is omitted all devices are listed. -+ -+.in +4 -+Format is: -+.in +2 -+BUS_NAME/BUS_ADDRESS -+ -+.SH "EXAMPLES" -+.PP -+devlink dev show -+.RS 4 -+Shows the state of all devlink devices on the system. -+.RE -+.PP -+devlink dev show pci/0000:01:00.0 -+.RS 4 -+Shows the state of specified devlink device. -+ -+.SH SEE ALSO -+.BR devlink (8), -+.BR devlink-port (8), -+.BR devlink-monitor (8), -+.br -+ -+.SH AUTHOR -+Jiri Pirko <jiri@mellanox.com> -diff --git a/man/man8/devlink-monitor.8 b/man/man8/devlink-monitor.8 -new file mode 100644 -index 0000000..98134c3 ---- /dev/null -+++ b/man/man8/devlink-monitor.8 -@@ -0,0 +1,36 @@ -+.TH DEVLINK\-MONITOR 8 "14 Mar 2016" "iproute2" "Linux" -+.SH "NAME" -+devlink-monitor \- state monitoring -+.SH SYNOPSIS -+.sp -+.ad l -+.in +8 -+.ti -8 -+.BR "devlink monitor" " [ " all " |" -+.IR OBJECT-LIST " ]" -+.sp -+ -+.SH DESCRIPTION -+The -+.B devlink -+utility can monitor the state of devlink devices and ports -+continuously. This option has a slightly different format. Namely, the -+.B monitor -+command is the first in the command line and then the object list. -+ -+.I OBJECT-LIST -+is the list of object types that we want to monitor. -+It may contain -+.BR dev ", " port ". -+ -+.B devlink -+opens Devlink Netlink socket, listens on it and dumps state changes. -+ -+.SH SEE ALSO -+.BR devlink (8), -+.BR devlink-dev (8), -+.BR devlink-port (8), -+.br -+ -+.SH AUTHOR -+Jiri Pirko <jiri@mellanox.com> -diff --git a/man/man8/devlink-port.8 b/man/man8/devlink-port.8 -new file mode 100644 -index 0000000..e6ae686 ---- /dev/null -+++ b/man/man8/devlink-port.8 -@@ -0,0 +1,126 @@ -+.TH DEVLINK\-PORT 8 "14 Mar 2016" "iproute2" "Linux" -+.SH NAME -+devlink-port \- devlink port configuration -+.SH SYNOPSIS -+.sp -+.ad l -+.in +8 -+.ti -8 -+.B devlink -+.RI "[ " OPTIONS " ]" -+.B port -+.RI " { " COMMAND " | " -+.BR help " }" -+.sp -+ -+.ti -8 -+.IR OPTIONS " := { " -+\fB\-V\fR[\fIersion\fR] | -+ -+.ti -8 -+.BR "devlink port set " -+.IR DEV/PORT_INDEX -+.RI "[ " -+.BR type " { " eth " | " ib " | " auto " }" -+.RI "]" -+ -+.ti -8 -+.BR "devlink port split " -+.IR DEV/PORT_INDEX -+.BR count -+.IR COUNT -+ -+.ti -8 -+.BR "devlink port unsplit " -+.IR DEV/PORT_INDEX -+ -+.ti -8 -+.B devlink port show -+.RI "[ " DEV/PORT_INDEX " ]" -+ -+.ti -8 -+.B devlink port help -+ -+.SH "DESCRIPTION" -+.SS devlink port set - change devlink port attributes -+ -+.PP -+.B "DEV/PORT_INDEX" -+- specifies the devlink port to operate on. -+ -+.in +4 -+Format is: -+.in +2 -+BUS_NAME/BUS_ADDRESS/PORT_INDEX -+ -+.TP -+.BR type " { " eth " | " ib " | " auto " } " -+set port type -+ -+.I eth -+- Ethernet -+ -+.I ib -+- Infiniband -+ -+.I auto -+- autoselect -+ -+.SS devlink port split - split devlink port into more -+ -+.PP -+.B "DEV/PORT_INDEX" -+- specifies the devlink port to operate on. -+ -+.TP -+.BI count " COUNT" -+number of ports to split to. -+ -+.SS devlink port unsplit - unsplit previously split devlink port -+Could be performed on any split port of the same split group. -+ -+.PP -+.B "DEV/PORT_INDEX" -+- specifies the devlink port to operate on. -+ -+.SS devlink port show - display devlink port attributes -+ -+.PP -+.I "DEV/PORT_INDEX" -+- specifies the devlink port to show. -+If this argument is omitted all ports are listed. -+ -+.SH "EXAMPLES" -+.PP -+devlink port show -+.RS 4 -+Shows the state of all devlink ports on the system. -+.RE -+.PP -+devlink port show pci/0000:01:00.0/1 -+.RS 4 -+Shows the state of specified devlink port. -+.RE -+.PP -+devlink port set pci/0000:01:00.0/1 type eth -+.RS 4 -+Set type of specified devlink port to Ethernet. -+.RE -+.PP -+devlink port split pci/0000:01:00.0/1 count 4 -+.RS 4 -+Split the specified devlink port into four ports. -+.RE -+.PP -+devlink port unsplit pci/0000:01:00.0/1 -+.RS 4 -+Unplit the specified previously split devlink port. -+ -+.SH SEE ALSO -+.BR devlink (8), -+.BR devlink-dev (8), -+.BR devlink-monitor (8), -+.br -+ -+.SH AUTHOR -+Jiri Pirko <jiri@mellanox.com> -diff --git a/man/man8/devlink.8 b/man/man8/devlink.8 -new file mode 100644 -index 0000000..f608ccc ---- /dev/null -+++ b/man/man8/devlink.8 -@@ -0,0 +1,83 @@ -+.TH DEVLINK 8 "14 Mar 2016" "iproute2" "Linux" -+.SH NAME -+devlink \- Devlink tool -+.SH SYNOPSIS -+.sp -+.ad l -+.in +8 -+.ti -8 -+.B devlink -+.RI "[ " OPTIONS " ] " OBJECT " { " COMMAND " | " -+.BR help " }" -+.sp -+ -+.ti -8 -+.IR OBJECT " := { " -+.BR dev " | " port " | " monitor " }" -+.sp -+ -+.ti -8 -+.IR OPTIONS " := { " -+\fB\-V\fR[\fIersion\fR] | -+ -+.SH OPTIONS -+ -+.TP -+.BR "\-V" , " -Version" -+Print the version of the -+.B devlink -+utility and exit. -+ -+.SS -+.I OBJECT -+ -+.TP -+.B dev -+- devlink device. -+ -+.TP -+.B port -+- devlink port. -+ -+.TP -+.B monitor -+- watch for netlink messages. -+ -+.SS -+.I COMMAND -+ -+Specifies the action to perform on the object. -+The set of possible actions depends on the object type. -+As a rule, it is possible to -+.B show -+(or -+.B list -+) objects, but some objects do not allow all of these operations -+or have some additional commands. The -+.B help -+command is available for all objects. It prints -+out a list of available commands and argument syntax conventions. -+.sp -+If no command is given, some default command is assumed. -+Usually it is -+.B list -+or, if the objects of this class cannot be listed, -+.BR "help" . -+ -+.SH EXIT STATUS -+Exit status is 0 if command was successful or a positive integer upon failure. -+ -+.SH SEE ALSO -+.BR devlink-dev (8), -+.BR devlink-port (8), -+.BR devlink-monitor (8), -+.br -+ -+.SH REPORTING BUGS -+Report any bugs to the Network Developers mailing list -+.B <netdev@vger.kernel.org> -+where the development and maintenance is primarily done. -+You do not have to be subscribed to the list to send a message there. -+ -+.SH AUTHOR -+Jiri Pirko <jiri@mellanox.com> --- -1.8.3.1 - diff --git a/SOURCES/0185-devlink-ignore-build-result.patch b/SOURCES/0185-devlink-ignore-build-result.patch deleted file mode 100644 index 72ea9b4..0000000 --- a/SOURCES/0185-devlink-ignore-build-result.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 2fed35a92358b7c1e068c191867b34c47911bd63 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:01 +0200 -Subject: [PATCH] devlink: ignore build result - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit 3273e3c13258a - -commit 3273e3c13258a1845d1bc7eaa012c4824f4b47cb -Author: Stephen Hemminger <stephen@networkplumber.org> -Date: Mon Apr 11 13:32:22 2016 -0700 - - devlink: ignore build result - - devlink binary is built ---- - devlink/.gitignore | 1 + - 1 file changed, 1 insertion(+) - create mode 100644 devlink/.gitignore - -diff --git a/devlink/.gitignore b/devlink/.gitignore -new file mode 100644 -index 0000000..08d175f ---- /dev/null -+++ b/devlink/.gitignore -@@ -0,0 +1 @@ -+devlink --- -1.8.3.1 - diff --git a/SOURCES/0186-devlink-fix-devlink-port-help-message.patch b/SOURCES/0186-devlink-fix-devlink-port-help-message.patch deleted file mode 100644 index f31be02..0000000 --- a/SOURCES/0186-devlink-fix-devlink-port-help-message.patch +++ /dev/null @@ -1,41 +0,0 @@ -From affa0ba82aa12faf331686866f8a95f9dbc1b9fb Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] devlink: fix "devlink port" help message - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit ec7513faa9598 - -commit ec7513faa959811e3a68aed0836d949dd924afca -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:43 2016 +0200 - - devlink: fix "devlink port" help message - - "dl" -> "devlink" - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - devlink/devlink.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/devlink/devlink.c b/devlink/devlink.c -index c2da850..39f423a 100644 ---- a/devlink/devlink.c -+++ b/devlink/devlink.c -@@ -578,9 +578,9 @@ static int cmd_dev(struct dl *dl) - static void cmd_port_help(void) - { - pr_out("Usage: devlink port show [ DEV/PORT_INDEX ]\n"); -- pr_out(" dl port set DEV/PORT_INDEX [ type { eth | ib | auto} ]\n"); -- pr_out(" dl port split DEV/PORT_INDEX count COUNT\n"); -- pr_out(" dl port unsplit DEV/PORT_INDEX\n"); -+ pr_out(" devlink port set DEV/PORT_INDEX [ type { eth | ib | auto} ]\n"); -+ pr_out(" devlink port split DEV/PORT_INDEX count COUNT\n"); -+ pr_out(" devlink port unsplit DEV/PORT_INDEX\n"); - } - - static const char *port_type_name(uint32_t type) --- -1.8.3.1 - diff --git a/SOURCES/0187-list-add-list_for_each_entry_reverse-macro.patch b/SOURCES/0187-list-add-list_for_each_entry_reverse-macro.patch deleted file mode 100644 index 44527f2..0000000 --- a/SOURCES/0187-list-add-list_for_each_entry_reverse-macro.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 04bba6707f56d8b5dd53d6b452240a634f823003 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] list: add list_for_each_entry_reverse macro - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit f1239ca1f96c7 - -commit f1239ca1f96c76fbc0742ca0d0c7e87b9b15d437 -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:44 2016 +0200 - - list: add list_for_each_entry_reverse macro - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - include/list.h | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/include/list.h b/include/list.h -index cdebe4d..b549c3e 100644 ---- a/include/list.h -+++ b/include/list.h -@@ -50,9 +50,15 @@ static inline void list_del(struct list_head *entry) - #define list_first_entry(ptr, type, member) \ - list_entry((ptr)->next, type, member) - -+#define list_last_entry(ptr, type, member) \ -+ list_entry((ptr)->prev, type, member) -+ - #define list_next_entry(pos, member) \ - list_entry((pos)->member.next, typeof(*(pos)), member) - -+#define list_prev_entry(pos, member) \ -+ list_entry((pos)->member.prev, typeof(*(pos)), member) -+ - #define list_for_each_entry(pos, head, member) \ - for (pos = list_first_entry(head, typeof(*pos), member); \ - &pos->member != (head); \ -@@ -64,6 +70,11 @@ static inline void list_del(struct list_head *entry) - &pos->member != (head); \ - pos = n, n = list_next_entry(n, member)) - -+#define list_for_each_entry_reverse(pos, head, member) \ -+ for (pos = list_last_entry(head, typeof(*pos), member); \ -+ &pos->member != (head); \ -+ pos = list_prev_entry(pos, member)) -+ - struct hlist_head { - struct hlist_node *first; - }; --- -1.8.3.1 - diff --git a/SOURCES/0188-list-add-list_add_tail-helper.patch b/SOURCES/0188-list-add-list_add_tail-helper.patch deleted file mode 100644 index 13a40ed..0000000 --- a/SOURCES/0188-list-add-list_add_tail-helper.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 1fb2dabb962200cb88b5ab9d22ebe89cdfab22c4 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] list: add list_add_tail helper - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit ebaf76b55ea50 - -commit ebaf76b55ea509bcfb8845e4c40a9ecd3e8377f5 -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:45 2016 +0200 - - list: add list_add_tail helper - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - include/list.h | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/include/list.h b/include/list.h -index b549c3e..5b529dc 100644 ---- a/include/list.h -+++ b/include/list.h -@@ -33,6 +33,11 @@ static inline void list_add(struct list_head *new, struct list_head *head) - __list_add(new, head, head->next); - } - -+static inline void list_add_tail(struct list_head *new, struct list_head *head) -+{ -+ __list_add(new, head->prev, head); -+} -+ - static inline void __list_del(struct list_head *prev, struct list_head *next) - { - next->prev = prev; --- -1.8.3.1 - diff --git a/SOURCES/0189-devlink-introduce-pr_out_port_handle-helper.patch b/SOURCES/0189-devlink-introduce-pr_out_port_handle-helper.patch deleted file mode 100644 index c3e2601..0000000 --- a/SOURCES/0189-devlink-introduce-pr_out_port_handle-helper.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 8a2d81a5e49d22ee486c16864ae3462bd037e8ed Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] devlink: introduce pr_out_port_handle helper - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit 68cab0ba763f9 - -commit 68cab0ba763f9d80740d171e1882ad4f262ca6e1 -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:46 2016 +0200 - - devlink: introduce pr_out_port_handle helper - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - devlink/devlink.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/devlink/devlink.c b/devlink/devlink.c -index 39f423a..0904e07 100644 ---- a/devlink/devlink.c -+++ b/devlink/devlink.c -@@ -523,6 +523,12 @@ static void pr_out_handle(struct nlattr **tb) - mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME])); - } - -+static void pr_out_port_handle(struct nlattr **tb) -+{ -+ pr_out_handle(tb); -+ pr_out("/%d", mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX])); -+} -+ - static void pr_out_dev(struct nlattr **tb) - { - pr_out_handle(tb); -@@ -599,8 +605,8 @@ static void pr_out_port(struct nlattr **tb) - struct nlattr *pt_attr = tb[DEVLINK_ATTR_PORT_TYPE]; - struct nlattr *dpt_attr = tb[DEVLINK_ATTR_PORT_DESIRED_TYPE]; - -- pr_out_handle(tb); -- pr_out("/%d:", mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX])); -+ pr_out_port_handle(tb); -+ pr_out(":"); - if (pt_attr) { - uint16_t port_type = mnl_attr_get_u16(pt_attr); - --- -1.8.3.1 - diff --git a/SOURCES/0190-devlink-introduce-helper-to-print-out-nice-names-ifn.patch b/SOURCES/0190-devlink-introduce-helper-to-print-out-nice-names-ifn.patch deleted file mode 100644 index 740c111..0000000 --- a/SOURCES/0190-devlink-introduce-helper-to-print-out-nice-names-ifn.patch +++ /dev/null @@ -1,231 +0,0 @@ -From 8dfa9a148b54fb2c7d58a5a391c8477fc75d9061 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] devlink: introduce helper to print out nice names (ifnames) - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit 43f35be4ebb63 - -commit 43f35be4ebb63bf5dea9cc0570ba8d15458d2457 -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:47 2016 +0200 - - devlink: introduce helper to print out nice names (ifnames) - - By default, ifnames will be printed out. User can turn that off using - "-n" option on the command line. - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - devlink/devlink.c | 90 +++++++++++++++++++++++++++++++++++++++++++------ - man/man8/devlink-dev.8 | 1 + - man/man8/devlink-port.8 | 1 + - man/man8/devlink.8 | 5 +++ - 4 files changed, 86 insertions(+), 11 deletions(-) - -diff --git a/devlink/devlink.c b/devlink/devlink.c -index 0904e07..5e08666 100644 ---- a/devlink/devlink.c -+++ b/devlink/devlink.c -@@ -114,6 +114,7 @@ struct dl { - struct list_head ifname_map_list; - int argc; - char **argv; -+ bool no_nice_names; - }; - - static int dl_argc(struct dl *dl) -@@ -290,6 +291,23 @@ static int ifname_map_lookup(struct dl *dl, const char *ifname, - return -ENOENT; - } - -+static int ifname_map_rev_lookup(struct dl *dl, const char *bus_name, -+ const char *dev_name, uint32_t port_index, -+ char **p_ifname) -+{ -+ struct ifname_map *ifname_map; -+ -+ list_for_each_entry(ifname_map, &dl->ifname_map_list, list) { -+ if (strcmp(bus_name, ifname_map->bus_name) == 0 && -+ strcmp(dev_name, ifname_map->dev_name) == 0 && -+ port_index == ifname_map->port_index) { -+ *p_ifname = ifname_map->ifname; -+ return 0; -+ } -+ } -+ return -ENOENT; -+} -+ - static unsigned int strslashcount(char *str) - { - unsigned int count = 0; -@@ -517,16 +535,62 @@ static void cmd_dev_help(void) - pr_out("Usage: devlink dev show [ DEV ]\n"); - } - -+static void __pr_out_handle(const char *bus_name, const char *dev_name) -+{ -+ pr_out("%s/%s", bus_name, dev_name); -+} -+ - static void pr_out_handle(struct nlattr **tb) - { -- pr_out("%s/%s", mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]), -+ __pr_out_handle(mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]), - mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME])); - } - -+static void __pr_out_port_handle(const char *bus_name, const char *dev_name, -+ uint32_t port_index) -+{ -+ __pr_out_handle(bus_name, dev_name); -+ pr_out("/%d", port_index); -+} -+ - static void pr_out_port_handle(struct nlattr **tb) - { -- pr_out_handle(tb); -- pr_out("/%d", mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX])); -+ __pr_out_port_handle(mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]), -+ mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME]), -+ mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX])); -+} -+ -+static void __pr_out_port_handle_nice(struct dl *dl, const char *bus_name, -+ const char *dev_name, uint32_t port_index) -+{ -+ char *ifname; -+ int err; -+ -+ if (dl->no_nice_names) -+ goto no_nice_names; -+ -+ err = ifname_map_rev_lookup(dl, bus_name, dev_name, -+ port_index, &ifname); -+ if (err) -+ goto no_nice_names; -+ pr_out("%s", ifname); -+ return; -+ -+no_nice_names: -+ __pr_out_port_handle(bus_name, dev_name, port_index); -+} -+ -+static void pr_out_port_handle_nice(struct dl *dl, struct nlattr **tb) -+{ -+ const char *bus_name; -+ const char *dev_name; -+ uint32_t port_index; -+ -+ bus_name = mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]); -+ dev_name = mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME]); -+ port_index = mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX]); -+ -+ __pr_out_port_handle_nice(dl, bus_name, dev_name, port_index); - } - - static void pr_out_dev(struct nlattr **tb) -@@ -867,7 +931,7 @@ static void help(void) - { - pr_out("Usage: devlink [ OPTIONS ] OBJECT { COMMAND | help }\n" - "where OBJECT := { dev | port | monitor }\n" -- " OPTIONS := { -V[ersion] }\n"); -+ " OPTIONS := { -V[ersion] | -n[no-nice-names] }\n"); - } - - static int dl_cmd(struct dl *dl) -@@ -939,6 +1003,7 @@ int main(int argc, char **argv) - { - static const struct option long_options[] = { - { "Version", no_argument, NULL, 'V' }, -+ { "no-nice-names", no_argument, NULL, 'n' }, - { NULL, 0, NULL, 0 } - }; - struct dl *dl; -@@ -946,13 +1011,22 @@ int main(int argc, char **argv) - int err; - int ret; - -- while ((opt = getopt_long(argc, argv, "V", -+ dl = dl_alloc(); -+ if (!dl) { -+ pr_err("Failed to allocate memory for devlink\n"); -+ return EXIT_FAILURE; -+ } -+ -+ while ((opt = getopt_long(argc, argv, "Vn", - long_options, NULL)) >= 0) { - - switch (opt) { - case 'V': - printf("devlink utility, iproute2-ss%s\n", SNAPSHOT); - return EXIT_SUCCESS; -+ case 'n': -+ dl->no_nice_names = true; -+ break; - default: - pr_err("Unknown option.\n"); - help(); -@@ -963,12 +1037,6 @@ int main(int argc, char **argv) - argc -= optind; - argv += optind; - -- dl = dl_alloc(); -- if (!dl) { -- pr_err("Failed to allocate memory for devlink\n"); -- return EXIT_FAILURE; -- } -- - err = dl_init(dl, argc, argv); - if (err) { - ret = EXIT_FAILURE; -diff --git a/man/man8/devlink-dev.8 b/man/man8/devlink-dev.8 -index 7878d89..af96a29 100644 ---- a/man/man8/devlink-dev.8 -+++ b/man/man8/devlink-dev.8 -@@ -16,6 +16,7 @@ devlink-dev \- devlink device configuration - .ti -8 - .IR OPTIONS " := { " - \fB\-V\fR[\fIersion\fR] | -+\fB\-n\fR[\fIno-nice-names\fR] } - - .ti -8 - .B devlink dev show -diff --git a/man/man8/devlink-port.8 b/man/man8/devlink-port.8 -index e6ae686..d78837c 100644 ---- a/man/man8/devlink-port.8 -+++ b/man/man8/devlink-port.8 -@@ -16,6 +16,7 @@ devlink-port \- devlink port configuration - .ti -8 - .IR OPTIONS " := { " - \fB\-V\fR[\fIersion\fR] | -+\fB\-n\fR[\fIno-nice-names\fR] } - - .ti -8 - .BR "devlink port set " -diff --git a/man/man8/devlink.8 b/man/man8/devlink.8 -index f608ccc..df00f4f 100644 ---- a/man/man8/devlink.8 -+++ b/man/man8/devlink.8 -@@ -19,6 +19,7 @@ devlink \- Devlink tool - .ti -8 - .IR OPTIONS " := { " - \fB\-V\fR[\fIersion\fR] | -+\fB\-n\fR[\fIno-nice-names\fR] } - - .SH OPTIONS - -@@ -28,6 +29,10 @@ Print the version of the - .B devlink - utility and exit. - -+.TP -+.BR "\-n" , " -no-nice-names" -+Turn off printing out nice names, for example netdevice ifnames instead of devlink port identification. -+ - .SS - .I OBJECT - --- -1.8.3.1 - diff --git a/SOURCES/0191-devlink-split-dl_argv_parse_put-to-parse-and-put-par.patch b/SOURCES/0191-devlink-split-dl_argv_parse_put-to-parse-and-put-par.patch deleted file mode 100644 index 5993eec..0000000 --- a/SOURCES/0191-devlink-split-dl_argv_parse_put-to-parse-and-put-par.patch +++ /dev/null @@ -1,239 +0,0 @@ -From 4b03d06db283f11e3301e22e75b714abb7c446df Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] devlink: split dl_argv_parse_put to parse and put parts - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit 6563a6eb539ba - -commit 6563a6eb539ba5c3f9fa262bc302190abb7e5f39 -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:48 2016 +0200 - - devlink: split dl_argv_parse_put to parse and put parts - - It is handy to have parsed cmdline data stored so they can be used for - dumps filtering. So split original dl_argv_parse_put into parse and put - parts. - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - devlink/devlink.c | 105 +++++++++++++++++++++++++++++++++++------------------- - 1 file changed, 69 insertions(+), 36 deletions(-) - -diff --git a/devlink/devlink.c b/devlink/devlink.c -index 5e08666..0c2132f 100644 ---- a/devlink/devlink.c -+++ b/devlink/devlink.c -@@ -109,12 +109,28 @@ static void ifname_map_free(struct ifname_map *ifname_map) - free(ifname_map); - } - -+#define BIT(nr) (1UL << (nr)) -+#define DL_OPT_HANDLE BIT(0) -+#define DL_OPT_HANDLEP BIT(1) -+#define DL_OPT_PORT_TYPE BIT(2) -+#define DL_OPT_PORT_COUNT BIT(3) -+ -+struct dl_opts { -+ uint32_t present; /* flags of present items */ -+ char *bus_name; -+ char *dev_name; -+ uint32_t port_index; -+ enum devlink_port_type port_type; -+ uint32_t port_count; -+}; -+ - struct dl { - struct mnlg_socket *nlg; - struct list_head ifname_map_list; - int argc; - char **argv; - bool no_nice_names; -+ struct dl_opts opts; - }; - - static int dl_argc(struct dl *dl) -@@ -347,11 +363,9 @@ static int strtouint32_t(const char *str, uint32_t *p_val) - return 0; - } - --static int dl_argv_put_handle(struct nlmsghdr *nlh, struct dl *dl) -+static int dl_argv_handle(struct dl *dl, char **p_bus_name, char **p_dev_name) - { - char *str = dl_argv_next(dl); -- char *bus_name = bus_name; -- char *dev_name = dev_name; - - if (!str) { - pr_err("Devlink identification (\"bus_name/dev_name\") expected\n"); -@@ -363,19 +377,15 @@ static int dl_argv_put_handle(struct nlmsghdr *nlh, struct dl *dl) - return -EINVAL; - } - -- strslashrsplit(str, &bus_name, &dev_name); -- mnl_attr_put_strz(nlh, DEVLINK_ATTR_BUS_NAME, bus_name); -- mnl_attr_put_strz(nlh, DEVLINK_ATTR_DEV_NAME, dev_name); -+ strslashrsplit(str, p_bus_name, p_dev_name); - return 0; - } - --static int dl_argv_put_handle_port(struct nlmsghdr *nlh, struct dl *dl) -+static int dl_argv_handle_port(struct dl *dl, char **p_bus_name, -+ char **p_dev_name, uint32_t *p_port_index) - { - char *str = dl_argv_next(dl); - unsigned int slash_count; -- char *bus_name = bus_name; -- char *dev_name = dev_name; -- uint32_t port_index = port_index; - int err; - - if (!str) { -@@ -394,24 +404,21 @@ static int dl_argv_put_handle_port(struct nlmsghdr *nlh, struct dl *dl) - char *portstr = portstr; - - err = strslashrsplit(str, &handlestr, &portstr); -- err = strtouint32_t(portstr, &port_index); -+ err = strtouint32_t(portstr, p_port_index); - if (err) { - pr_err("Port index \"%s\" is not a number or not within range\n", - portstr); - return err; - } -- strslashrsplit(handlestr, &bus_name, &dev_name); -+ strslashrsplit(handlestr, p_bus_name, p_dev_name); - } else if (slash_count == 0) { -- err = ifname_map_lookup(dl, str, &bus_name, &dev_name, -- &port_index); -+ err = ifname_map_lookup(dl, str, p_bus_name, p_dev_name, -+ p_port_index); - if (err) { - pr_err("Netdevice \"%s\" not found\n", str); - return err; - } - } -- mnl_attr_put_strz(nlh, DEVLINK_ATTR_BUS_NAME, bus_name); -- mnl_attr_put_strz(nlh, DEVLINK_ATTR_DEV_NAME, dev_name); -- mnl_attr_put_u32(nlh, DEVLINK_ATTR_PORT_INDEX, port_index); - return 0; - } - -@@ -460,55 +467,46 @@ static int port_type_get(const char *typestr, enum devlink_port_type *p_type) - return 0; - } - --#define BIT(nr) (1UL << (nr)) --#define DL_OPT_HANDLE BIT(0) --#define DL_OPT_HANDLEP BIT(1) --#define DL_OPT_PORT_TYPE BIT(2) --#define DL_OPT_PORT_COUNT BIT(3) -- --static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl, -- uint32_t o_required, uint32_t o_optional) -+static int dl_argv_parse(struct dl *dl, uint32_t o_required, -+ uint32_t o_optional) - { -+ struct dl_opts *opts = &dl->opts; - uint32_t o_all = o_required | o_optional; - uint32_t o_found = 0; - int err; - - if (o_required & DL_OPT_HANDLE) { -- err = dl_argv_put_handle(nlh, dl); -+ err = dl_argv_handle(dl, &opts->bus_name, &opts->dev_name); - if (err) - return err; -+ o_found |= DL_OPT_HANDLE; - } else if (o_required & DL_OPT_HANDLEP) { -- err = dl_argv_put_handle_port(nlh, dl); -+ err = dl_argv_handle_port(dl, &opts->bus_name, &opts->dev_name, -+ &opts->port_index); - if (err) - return err; -+ o_found |= DL_OPT_HANDLEP; - } - - while (dl_argc(dl)) { - if (dl_argv_match(dl, "type") && - (o_all & DL_OPT_PORT_TYPE)) { -- enum devlink_port_type port_type; - const char *typestr; - - dl_arg_inc(dl); - err = dl_argv_str(dl, &typestr); - if (err) - return err; -- err = port_type_get(typestr, &port_type); -+ err = port_type_get(typestr, &opts->port_type); - if (err) - return err; -- mnl_attr_put_u16(nlh, DEVLINK_ATTR_PORT_TYPE, -- port_type); - o_found |= DL_OPT_PORT_TYPE; - } else if (dl_argv_match(dl, "count") && - (o_all & DL_OPT_PORT_COUNT)) { -- uint32_t count; -- - dl_arg_inc(dl); -- err = dl_argv_uint32_t(dl, &count); -+ err = dl_argv_uint32_t(dl, &opts->port_count); - if (err) - return err; -- mnl_attr_put_u32(nlh, DEVLINK_ATTR_PORT_SPLIT_COUNT, -- count); - o_found |= DL_OPT_PORT_COUNT; - } else { - pr_err("Unknown option \"%s\"\n", dl_argv(dl)); -@@ -516,6 +514,8 @@ static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl, - } - } - -+ opts->present = o_found; -+ - if ((o_required & DL_OPT_PORT_TYPE) && !(o_found & DL_OPT_PORT_TYPE)) { - pr_err("Port type option expected.\n"); - return -EINVAL; -@@ -530,6 +530,39 @@ static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl, - return 0; - } - -+static void dl_opts_put(struct nlmsghdr *nlh, struct dl *dl) -+{ -+ struct dl_opts *opts = &dl->opts; -+ -+ if (opts->present & DL_OPT_HANDLE) { -+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_BUS_NAME, opts->bus_name); -+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_DEV_NAME, opts->dev_name); -+ } else if (opts->present & DL_OPT_HANDLEP) { -+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_BUS_NAME, opts->bus_name); -+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_DEV_NAME, opts->dev_name); -+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_PORT_INDEX, -+ opts->port_index); -+ } -+ if (opts->present & DL_OPT_PORT_TYPE) -+ mnl_attr_put_u16(nlh, DEVLINK_ATTR_PORT_TYPE, -+ opts->port_type); -+ if (opts->present & DL_OPT_PORT_COUNT) -+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_PORT_SPLIT_COUNT, -+ opts->port_count); -+} -+ -+static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl, -+ uint32_t o_required, uint32_t o_optional) -+{ -+ int err; -+ -+ err = dl_argv_parse(dl, o_required, o_optional); -+ if (err) -+ return err; -+ dl_opts_put(nlh, dl); -+ return 0; -+} -+ - static void cmd_dev_help(void) - { - pr_out("Usage: devlink dev show [ DEV ]\n"); --- -1.8.3.1 - diff --git a/SOURCES/0192-devlink-introduce-dump-filtering-function.patch b/SOURCES/0192-devlink-introduce-dump-filtering-function.patch deleted file mode 100644 index 22398a4..0000000 --- a/SOURCES/0192-devlink-introduce-dump-filtering-function.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 548573fb441d1b7752cb54065841c3d30aff8cc2 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] devlink: introduce dump filtering function - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit 707a91c549496 - -commit 707a91c5494962e3f5b358fc866ebb79dc28c3e3 -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:49 2016 +0200 - - devlink: introduce dump filtering function - - This function is to be used from dump callbacks to decide if the output - currect output should be filtered off or not. Filtering is based on - previously parsed and stored command line options. - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - devlink/devlink.c | 30 ++++++++++++++++++++++++++++++ - 1 file changed, 30 insertions(+) - -diff --git a/devlink/devlink.c b/devlink/devlink.c -index 0c2132f..d436bbf 100644 ---- a/devlink/devlink.c -+++ b/devlink/devlink.c -@@ -563,6 +563,36 @@ static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl, - return 0; - } - -+static bool dl_dump_filter(struct dl *dl, struct nlattr **tb) -+{ -+ struct dl_opts *opts = &dl->opts; -+ struct nlattr *attr_bus_name = tb[DEVLINK_ATTR_BUS_NAME]; -+ struct nlattr *attr_dev_name = tb[DEVLINK_ATTR_DEV_NAME]; -+ struct nlattr *attr_port_index = tb[DEVLINK_ATTR_PORT_INDEX]; -+ -+ if (opts->present & DL_OPT_HANDLE && -+ attr_bus_name && attr_dev_name) { -+ const char *bus_name = mnl_attr_get_str(attr_bus_name); -+ const char *dev_name = mnl_attr_get_str(attr_dev_name); -+ -+ if (strcmp(bus_name, opts->bus_name) != 0 || -+ strcmp(dev_name, opts->dev_name) != 0) -+ return false; -+ } -+ if (opts->present & DL_OPT_HANDLEP && -+ attr_bus_name && attr_dev_name && attr_port_index) { -+ const char *bus_name = mnl_attr_get_str(attr_bus_name); -+ const char *dev_name = mnl_attr_get_str(attr_dev_name); -+ uint32_t port_index = mnl_attr_get_u32(attr_port_index); -+ -+ if (strcmp(bus_name, opts->bus_name) != 0 || -+ strcmp(dev_name, opts->dev_name) != 0 || -+ port_index != opts->port_index) -+ return false; -+ } -+ return true; -+} -+ - static void cmd_dev_help(void) - { - pr_out("Usage: devlink dev show [ DEV ]\n"); --- -1.8.3.1 - diff --git a/SOURCES/0193-devlink-allow-to-parse-both-devlink-and-port-handle-.patch b/SOURCES/0193-devlink-allow-to-parse-both-devlink-and-port-handle-.patch deleted file mode 100644 index ecaac1c..0000000 --- a/SOURCES/0193-devlink-allow-to-parse-both-devlink-and-port-handle-.patch +++ /dev/null @@ -1,179 +0,0 @@ -From 01194858b0ee630c56b7988b3e911ccf008b89ff Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] devlink: allow to parse both devlink and port handle in the - same time - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit 2f85a9c535874 - -commit 2f85a9c535874e721cfc8b8743325afc93a8b1fa -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:50 2016 +0200 - - devlink: allow to parse both devlink and port handle in the same time - - For filtering purposes, it makes sense for used to either specify - devlink handle of port handle. - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - devlink/devlink.c | 109 ++++++++++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 90 insertions(+), 19 deletions(-) - -diff --git a/devlink/devlink.c b/devlink/devlink.c -index d436bbf..e2e0413 100644 ---- a/devlink/devlink.c -+++ b/devlink/devlink.c -@@ -363,6 +363,12 @@ static int strtouint32_t(const char *str, uint32_t *p_val) - return 0; - } - -+static int __dl_argv_handle(char *str, char **p_bus_name, char **p_dev_name) -+{ -+ strslashrsplit(str, p_bus_name, p_dev_name); -+ return 0; -+} -+ - static int dl_argv_handle(struct dl *dl, char **p_bus_name, char **p_dev_name) - { - char *str = dl_argv_next(dl); -@@ -376,8 +382,40 @@ static int dl_argv_handle(struct dl *dl, char **p_bus_name, char **p_dev_name) - pr_err("Expected \"bus_name/dev_name\".\n"); - return -EINVAL; - } -+ return __dl_argv_handle(str, p_bus_name, p_dev_name); -+} - -- strslashrsplit(str, p_bus_name, p_dev_name); -+static int __dl_argv_handle_port(char *str, -+ char **p_bus_name, char **p_dev_name, -+ uint32_t *p_port_index) -+{ -+ char *handlestr = handlestr; -+ char *portstr = portstr; -+ int err; -+ -+ strslashrsplit(str, &handlestr, &portstr); -+ err = strtouint32_t(portstr, p_port_index); -+ if (err) { -+ pr_err("Port index \"%s\" is not a number or not within range\n", -+ portstr); -+ return err; -+ } -+ strslashrsplit(handlestr, p_bus_name, p_dev_name); -+ return 0; -+} -+ -+static int __dl_argv_handle_port_ifname(struct dl *dl, char *str, -+ char **p_bus_name, char **p_dev_name, -+ uint32_t *p_port_index) -+{ -+ int err; -+ -+ err = ifname_map_lookup(dl, str, p_bus_name, p_dev_name, -+ p_port_index); -+ if (err) { -+ pr_err("Netdevice \"%s\" not found\n", str); -+ return err; -+ } - return 0; - } - -@@ -386,7 +424,6 @@ static int dl_argv_handle_port(struct dl *dl, char **p_bus_name, - { - char *str = dl_argv_next(dl); - unsigned int slash_count; -- int err; - - if (!str) { - pr_err("Port identification (\"bus_name/dev_name/port_index\" or \"netdev ifname\") expected.\n"); -@@ -398,26 +435,52 @@ static int dl_argv_handle_port(struct dl *dl, char **p_bus_name, - pr_err("Expected \"bus_name/dev_name/port_index\" or \"netdev_ifname\".\n"); - return -EINVAL; - } -- - if (slash_count == 2) { -- char *handlestr = handlestr; -- char *portstr = portstr; -- -- err = strslashrsplit(str, &handlestr, &portstr); -- err = strtouint32_t(portstr, p_port_index); -- if (err) { -- pr_err("Port index \"%s\" is not a number or not within range\n", -- portstr); -+ return __dl_argv_handle_port(str, p_bus_name, -+ p_dev_name, p_port_index); -+ } else if (slash_count == 0) { -+ return __dl_argv_handle_port_ifname(dl, str, p_bus_name, -+ p_dev_name, p_port_index); -+ } -+ return 0; -+} -+ -+static int dl_argv_handle_both(struct dl *dl, char **p_bus_name, -+ char **p_dev_name, uint32_t *p_port_index, -+ uint32_t *p_handle_bit) -+{ -+ char *str = dl_argv_next(dl); -+ unsigned int slash_count; -+ int err; -+ -+ if (!str) { -+ pr_err("One of following identifications expected:\n" -+ "Devlink identification (\"bus_name/dev_name\")\n" -+ "Port identification (\"bus_name/dev_name/port_index\" or \"netdev ifname\")\n"); -+ return -EINVAL; -+ } -+ slash_count = strslashcount(str); -+ if (slash_count == 1) { -+ err = __dl_argv_handle(str, p_bus_name, p_dev_name); -+ if (err) - return err; -- } -- strslashrsplit(handlestr, p_bus_name, p_dev_name); -+ *p_handle_bit = DL_OPT_HANDLE; -+ } else if (slash_count == 2) { -+ err = __dl_argv_handle_port(str, p_bus_name, -+ p_dev_name, p_port_index); -+ if (err) -+ return err; -+ *p_handle_bit = DL_OPT_HANDLEP; - } else if (slash_count == 0) { -- err = ifname_map_lookup(dl, str, p_bus_name, p_dev_name, -- p_port_index); -- if (err) { -- pr_err("Netdevice \"%s\" not found\n", str); -+ err = __dl_argv_handle_port_ifname(dl, str, p_bus_name, -+ p_dev_name, p_port_index); -+ if (err) - return err; -- } -+ *p_handle_bit = DL_OPT_HANDLEP; -+ } else { -+ pr_err("Wrong port identification string format.\n"); -+ pr_err("Expected \"bus_name/dev_name\" or \"bus_name/dev_name/port_index\" or \"netdev_ifname\".\n"); -+ return -EINVAL; - } - return 0; - } -@@ -475,7 +538,15 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required, - uint32_t o_found = 0; - int err; - -- if (o_required & DL_OPT_HANDLE) { -+ if (o_required & DL_OPT_HANDLE && o_required & DL_OPT_HANDLEP) { -+ uint32_t handle_bit = handle_bit; -+ -+ err = dl_argv_handle_both(dl, &opts->bus_name, &opts->dev_name, -+ &opts->port_index, &handle_bit); -+ if (err) -+ return err; -+ o_found |= handle_bit; -+ } else if (o_required & DL_OPT_HANDLE) { - err = dl_argv_handle(dl, &opts->bus_name, &opts->dev_name); - if (err) - return err; --- -1.8.3.1 - diff --git a/SOURCES/0194-devlink-implement-shared-buffer-support.patch b/SOURCES/0194-devlink-implement-shared-buffer-support.patch deleted file mode 100644 index d75e27e..0000000 --- a/SOURCES/0194-devlink-implement-shared-buffer-support.patch +++ /dev/null @@ -1,807 +0,0 @@ -From ae919a21446e668c06b5abb440b412487e60ece6 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] devlink: implement shared buffer support - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit b56700bf8add4 - -commit b56700bf8add4ebb2fe451c85f50602b58a886a2 -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:51 2016 +0200 - - devlink: implement shared buffer support - - Implement kernel devlink shared buffer interface. Introduce new object - "sb" and allow to browse the shared buffer parameters and also change - configuration. - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - devlink/devlink.c | 603 +++++++++++++++++++++++++++++++++++++++++++++++- - include/linux/devlink.h | 57 +++++ - 2 files changed, 659 insertions(+), 1 deletion(-) - -diff --git a/devlink/devlink.c b/devlink/devlink.c -index e2e0413..228807f 100644 ---- a/devlink/devlink.c -+++ b/devlink/devlink.c -@@ -114,6 +114,13 @@ static void ifname_map_free(struct ifname_map *ifname_map) - #define DL_OPT_HANDLEP BIT(1) - #define DL_OPT_PORT_TYPE BIT(2) - #define DL_OPT_PORT_COUNT BIT(3) -+#define DL_OPT_SB BIT(4) -+#define DL_OPT_SB_POOL BIT(5) -+#define DL_OPT_SB_SIZE BIT(6) -+#define DL_OPT_SB_TYPE BIT(7) -+#define DL_OPT_SB_THTYPE BIT(8) -+#define DL_OPT_SB_TH BIT(9) -+#define DL_OPT_SB_TC BIT(10) - - struct dl_opts { - uint32_t present; /* flags of present items */ -@@ -122,6 +129,13 @@ struct dl_opts { - uint32_t port_index; - enum devlink_port_type port_type; - uint32_t port_count; -+ uint32_t sb_index; -+ uint16_t sb_pool_index; -+ uint32_t sb_pool_size; -+ enum devlink_sb_pool_type sb_pool_type; -+ enum devlink_sb_threshold_type sb_pool_thtype; -+ uint32_t sb_threshold; -+ uint16_t sb_tc_index; - }; - - struct dl { -@@ -225,6 +239,42 @@ static int attr_cb(const struct nlattr *attr, void *data) - if (type == DEVLINK_ATTR_PORT_IBDEV_NAME && - mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0) - return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_INDEX && -+ mnl_attr_validate(attr, MNL_TYPE_U32) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_SIZE && -+ mnl_attr_validate(attr, MNL_TYPE_U32) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_INGRESS_POOL_COUNT && -+ mnl_attr_validate(attr, MNL_TYPE_U16) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_EGRESS_POOL_COUNT && -+ mnl_attr_validate(attr, MNL_TYPE_U16) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_INGRESS_TC_COUNT && -+ mnl_attr_validate(attr, MNL_TYPE_U16) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_EGRESS_TC_COUNT && -+ mnl_attr_validate(attr, MNL_TYPE_U16) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_POOL_INDEX && -+ mnl_attr_validate(attr, MNL_TYPE_U16) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_POOL_TYPE && -+ mnl_attr_validate(attr, MNL_TYPE_U8) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_POOL_SIZE && -+ mnl_attr_validate(attr, MNL_TYPE_U32) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE && -+ mnl_attr_validate(attr, MNL_TYPE_U8) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_THRESHOLD && -+ mnl_attr_validate(attr, MNL_TYPE_U32) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_TC_INDEX && -+ mnl_attr_validate(attr, MNL_TYPE_U16) < 0) -+ return MNL_CB_ERROR; - tb[type] = attr; - return MNL_CB_OK; - } -@@ -363,6 +413,20 @@ static int strtouint32_t(const char *str, uint32_t *p_val) - return 0; - } - -+static int strtouint16_t(const char *str, uint16_t *p_val) -+{ -+ char *endptr; -+ unsigned long int val; -+ -+ val = strtoul(str, &endptr, 10); -+ if (endptr == str || *endptr != '\0') -+ return -EINVAL; -+ if (val > USHRT_MAX) -+ return -ERANGE; -+ *p_val = val; -+ return 0; -+} -+ - static int __dl_argv_handle(char *str, char **p_bus_name, char **p_dev_name) - { - strslashrsplit(str, p_bus_name, p_dev_name); -@@ -503,6 +567,24 @@ static int dl_argv_uint32_t(struct dl *dl, uint32_t *p_val) - return 0; - } - -+static int dl_argv_uint16_t(struct dl *dl, uint16_t *p_val) -+{ -+ char *str = dl_argv_next(dl); -+ int err; -+ -+ if (!str) { -+ pr_err("Unsigned number argument expected\n"); -+ return -EINVAL; -+ } -+ -+ err = strtouint16_t(str, p_val); -+ if (err) { -+ pr_err("\"%s\" is not a number or not within range\n", str); -+ return err; -+ } -+ return 0; -+} -+ - static int dl_argv_str(struct dl *dl, const char **p_str) - { - const char *str = dl_argv_next(dl); -@@ -530,6 +612,33 @@ static int port_type_get(const char *typestr, enum devlink_port_type *p_type) - return 0; - } - -+static int pool_type_get(const char *typestr, enum devlink_sb_pool_type *p_type) -+{ -+ if (strcmp(typestr, "ingress") == 0) { -+ *p_type = DEVLINK_SB_POOL_TYPE_INGRESS; -+ } else if (strcmp(typestr, "egress") == 0) { -+ *p_type = DEVLINK_SB_POOL_TYPE_EGRESS; -+ } else { -+ pr_err("Unknown pool type \"%s\"\n", typestr); -+ return -EINVAL; -+ } -+ return 0; -+} -+ -+static int threshold_type_get(const char *typestr, -+ enum devlink_sb_threshold_type *p_type) -+{ -+ if (strcmp(typestr, "static") == 0) { -+ *p_type = DEVLINK_SB_THRESHOLD_TYPE_STATIC; -+ } else if (strcmp(typestr, "dynamic") == 0) { -+ *p_type = DEVLINK_SB_THRESHOLD_TYPE_DYNAMIC; -+ } else { -+ pr_err("Unknown threshold type \"%s\"\n", typestr); -+ return -EINVAL; -+ } -+ return 0; -+} -+ - static int dl_argv_parse(struct dl *dl, uint32_t o_required, - uint32_t o_optional) - { -@@ -579,6 +688,66 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required, - if (err) - return err; - o_found |= DL_OPT_PORT_COUNT; -+ } else if (dl_argv_match(dl, "sb") && -+ (o_all & DL_OPT_SB)) { -+ dl_arg_inc(dl); -+ err = dl_argv_uint32_t(dl, &opts->sb_index); -+ if (err) -+ return err; -+ o_found |= DL_OPT_SB; -+ } else if (dl_argv_match(dl, "pool") && -+ (o_all & DL_OPT_SB_POOL)) { -+ dl_arg_inc(dl); -+ err = dl_argv_uint16_t(dl, &opts->sb_pool_index); -+ if (err) -+ return err; -+ o_found |= DL_OPT_SB_POOL; -+ } else if (dl_argv_match(dl, "size") && -+ (o_all & DL_OPT_SB_SIZE)) { -+ dl_arg_inc(dl); -+ err = dl_argv_uint32_t(dl, &opts->sb_pool_size); -+ if (err) -+ return err; -+ o_found |= DL_OPT_SB_SIZE; -+ } else if (dl_argv_match(dl, "type") && -+ (o_all & DL_OPT_SB_TYPE)) { -+ const char *typestr; -+ -+ dl_arg_inc(dl); -+ err = dl_argv_str(dl, &typestr); -+ if (err) -+ return err; -+ err = pool_type_get(typestr, &opts->sb_pool_type); -+ if (err) -+ return err; -+ o_found |= DL_OPT_SB_TYPE; -+ } else if (dl_argv_match(dl, "thtype") && -+ (o_all & DL_OPT_SB_THTYPE)) { -+ const char *typestr; -+ -+ dl_arg_inc(dl); -+ err = dl_argv_str(dl, &typestr); -+ if (err) -+ return err; -+ err = threshold_type_get(typestr, -+ &opts->sb_pool_thtype); -+ if (err) -+ return err; -+ o_found |= DL_OPT_SB_THTYPE; -+ } else if (dl_argv_match(dl, "th") && -+ (o_all & DL_OPT_SB_TH)) { -+ dl_arg_inc(dl); -+ err = dl_argv_uint32_t(dl, &opts->sb_threshold); -+ if (err) -+ return err; -+ o_found |= DL_OPT_SB_TH; -+ } else if (dl_argv_match(dl, "tc") && -+ (o_all & DL_OPT_SB_TC)) { -+ dl_arg_inc(dl); -+ err = dl_argv_uint16_t(dl, &opts->sb_tc_index); -+ if (err) -+ return err; -+ o_found |= DL_OPT_SB_TC; - } else { - pr_err("Unknown option \"%s\"\n", dl_argv(dl)); - return -EINVAL; -@@ -587,6 +756,11 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required, - - opts->present = o_found; - -+ if ((o_optional & DL_OPT_SB) && !(o_found & DL_OPT_SB)) { -+ opts->sb_index = 0; -+ opts->present |= DL_OPT_SB; -+ } -+ - if ((o_required & DL_OPT_PORT_TYPE) && !(o_found & DL_OPT_PORT_TYPE)) { - pr_err("Port type option expected.\n"); - return -EINVAL; -@@ -598,6 +772,35 @@ static int dl_argv_parse(struct dl *dl, uint32_t o_required, - return -EINVAL; - } - -+ if ((o_required & DL_OPT_SB_POOL) && !(o_found & DL_OPT_SB_POOL)) { -+ pr_err("Pool index option expected.\n"); -+ return -EINVAL; -+ } -+ -+ if ((o_required & DL_OPT_SB_SIZE) && !(o_found & DL_OPT_SB_SIZE)) { -+ pr_err("Pool size option expected.\n"); -+ return -EINVAL; -+ } -+ -+ if ((o_required & DL_OPT_SB_TYPE) && !(o_found & DL_OPT_SB_TYPE)) { -+ pr_err("Pool type option expected.\n"); -+ return -EINVAL; -+ } -+ -+ if ((o_required & DL_OPT_SB_THTYPE) && !(o_found & DL_OPT_SB_THTYPE)) { -+ pr_err("Pool threshold type option expected.\n"); -+ return -EINVAL; -+ } -+ -+ if ((o_required & DL_OPT_SB_TH) && !(o_found & DL_OPT_SB_TH)) { -+ pr_err("Threshold option expected.\n"); -+ return -EINVAL; -+ } -+ -+ if ((o_required & DL_OPT_SB_TC) && !(o_found & DL_OPT_SB_TC)) { -+ pr_err("TC index option expected.\n"); -+ return -EINVAL; -+ } - return 0; - } - -@@ -620,6 +823,27 @@ static void dl_opts_put(struct nlmsghdr *nlh, struct dl *dl) - if (opts->present & DL_OPT_PORT_COUNT) - mnl_attr_put_u32(nlh, DEVLINK_ATTR_PORT_SPLIT_COUNT, - opts->port_count); -+ if (opts->present & DL_OPT_SB) -+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_SB_INDEX, -+ opts->sb_index); -+ if (opts->present & DL_OPT_SB_POOL) -+ mnl_attr_put_u16(nlh, DEVLINK_ATTR_SB_POOL_INDEX, -+ opts->sb_pool_index); -+ if (opts->present & DL_OPT_SB_SIZE) -+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_SB_POOL_SIZE, -+ opts->sb_pool_size); -+ if (opts->present & DL_OPT_SB_TYPE) -+ mnl_attr_put_u8(nlh, DEVLINK_ATTR_SB_POOL_TYPE, -+ opts->sb_pool_type); -+ if (opts->present & DL_OPT_SB_THTYPE) -+ mnl_attr_put_u8(nlh, DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE, -+ opts->sb_pool_thtype); -+ if (opts->present & DL_OPT_SB_TH) -+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_SB_THRESHOLD, -+ opts->sb_threshold); -+ if (opts->present & DL_OPT_SB_TC) -+ mnl_attr_put_u16(nlh, DEVLINK_ATTR_SB_TC_INDEX, -+ opts->sb_tc_index); - } - - static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl, -@@ -929,6 +1153,380 @@ static int cmd_port(struct dl *dl) - return -ENOENT; - } - -+static void cmd_sb_help(void) -+{ -+ pr_out("Usage: devlink sb show [ DEV [ sb SB_INDEX ] ]\n"); -+ pr_out(" devlink sb pool show [ DEV [ sb SB_INDEX ] pool POOL_INDEX ]\n"); -+ pr_out(" devlink sb pool set DEV [ sb SB_INDEX ] pool POOL_INDEX\n"); -+ pr_out(" size POOL_SIZE thtype { static | dynamic }\n"); -+ pr_out(" devlink sb port pool show [ DEV/PORT_INDEX [ sb SB_INDEX ]\n"); -+ pr_out(" pool POOL_INDEX ]\n"); -+ pr_out(" devlink sb port pool set DEV/PORT_INDEX [ sb SB_INDEX ]\n"); -+ pr_out(" pool POOL_INDEX th THRESHOLD\n"); -+ pr_out(" devlink sb tc bind show [ DEV/PORT_INDEX [ sb SB_INDEX ] tc TC_INDEX\n"); -+ pr_out(" type { ingress | egress } ]\n"); -+ pr_out(" devlink sb tc bind set DEV/PORT_INDEX [ sb SB_INDEX ] tc TC_INDEX\n"); -+ pr_out(" type { ingress | egress } pool POOL_INDEX\n"); -+ pr_out(" th THRESHOLD\n"); -+} -+ -+static void pr_out_sb(struct nlattr **tb) -+{ -+ pr_out_handle(tb); -+ pr_out(": sb %u size %u ing_pools %u eg_pools %u ing_tcs %u eg_tcs %u\n", -+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_INDEX]), -+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_SIZE]), -+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_INGRESS_POOL_COUNT]), -+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_EGRESS_POOL_COUNT]), -+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_INGRESS_TC_COUNT]), -+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_EGRESS_TC_COUNT])); -+} -+ -+static int cmd_sb_show_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || -+ !tb[DEVLINK_ATTR_SB_INDEX] || !tb[DEVLINK_ATTR_SB_SIZE] || -+ !tb[DEVLINK_ATTR_SB_INGRESS_POOL_COUNT] || -+ !tb[DEVLINK_ATTR_SB_EGRESS_POOL_COUNT] || -+ !tb[DEVLINK_ATTR_SB_INGRESS_TC_COUNT] || -+ !tb[DEVLINK_ATTR_SB_EGRESS_TC_COUNT]) -+ return MNL_CB_ERROR; -+ pr_out_sb(tb); -+ return MNL_CB_OK; -+} -+ -+static int cmd_sb_show(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK; -+ int err; -+ -+ if (dl_argc(dl) == 0) -+ flags |= NLM_F_DUMP; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_GET, flags); -+ -+ if (dl_argc(dl) > 0) { -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, DL_OPT_SB); -+ if (err) -+ return err; -+ } -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_sb_show_cb, NULL); -+} -+ -+static const char *pool_type_name(uint8_t type) -+{ -+ switch (type) { -+ case DEVLINK_SB_POOL_TYPE_INGRESS: return "ingress"; -+ case DEVLINK_SB_POOL_TYPE_EGRESS: return "egress"; -+ default: return "<unknown type>"; -+ } -+} -+ -+static const char *threshold_type_name(uint8_t type) -+{ -+ switch (type) { -+ case DEVLINK_SB_THRESHOLD_TYPE_STATIC: return "static"; -+ case DEVLINK_SB_THRESHOLD_TYPE_DYNAMIC: return "dynamic"; -+ default: return "<unknown type>"; -+ } -+} -+ -+static void pr_out_sb_pool(struct nlattr **tb) -+{ -+ pr_out_handle(tb); -+ pr_out(": sb %u pool %u type %s size %u thtype %s\n", -+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_INDEX]), -+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_POOL_INDEX]), -+ pool_type_name(mnl_attr_get_u8(tb[DEVLINK_ATTR_SB_POOL_TYPE])), -+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_POOL_SIZE]), -+ threshold_type_name(mnl_attr_get_u8(tb[DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE]))); -+} -+ -+static int cmd_sb_pool_show_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || -+ !tb[DEVLINK_ATTR_SB_INDEX] || !tb[DEVLINK_ATTR_SB_POOL_INDEX] || -+ !tb[DEVLINK_ATTR_SB_POOL_TYPE] || !tb[DEVLINK_ATTR_SB_POOL_SIZE] || -+ !tb[DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE]) -+ return MNL_CB_ERROR; -+ pr_out_sb_pool(tb); -+ return MNL_CB_OK; -+} -+ -+static int cmd_sb_pool_show(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK; -+ int err; -+ -+ if (dl_argc(dl) == 0) -+ flags |= NLM_F_DUMP; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_POOL_GET, flags); -+ -+ if (dl_argc(dl) > 0) { -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE | DL_OPT_SB_POOL, -+ DL_OPT_SB); -+ if (err) -+ return err; -+ } -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_sb_pool_show_cb, NULL); -+} -+ -+static int cmd_sb_pool_set(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ int err; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_POOL_SET, -+ NLM_F_REQUEST | NLM_F_ACK); -+ -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE | DL_OPT_SB_POOL | -+ DL_OPT_SB_SIZE | DL_OPT_SB_THTYPE, DL_OPT_SB); -+ if (err) -+ return err; -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); -+} -+ -+static int cmd_sb_pool(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help")) { -+ cmd_sb_help(); -+ return 0; -+ } else if (dl_argv_match(dl, "show") || -+ dl_argv_match(dl, "list") || dl_no_arg(dl)) { -+ dl_arg_inc(dl); -+ return cmd_sb_pool_show(dl); -+ } else if (dl_argv_match(dl, "set")) { -+ dl_arg_inc(dl); -+ return cmd_sb_pool_set(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ -+static void pr_out_sb_port_pool(struct dl *dl, struct nlattr **tb) -+{ -+ pr_out_port_handle_nice(dl, tb); -+ pr_out(": sb %u pool %u threshold %u\n", -+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_INDEX]), -+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_POOL_INDEX]), -+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_THRESHOLD])); -+} -+ -+static int cmd_sb_port_pool_show_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct dl *dl = data; -+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || -+ !tb[DEVLINK_ATTR_PORT_INDEX] || !tb[DEVLINK_ATTR_SB_INDEX] || -+ !tb[DEVLINK_ATTR_SB_POOL_INDEX] || !tb[DEVLINK_ATTR_SB_THRESHOLD]) -+ return MNL_CB_ERROR; -+ pr_out_sb_port_pool(dl, tb); -+ return MNL_CB_OK; -+} -+ -+static int cmd_sb_port_pool_show(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK; -+ int err; -+ -+ if (dl_argc(dl) == 0) -+ flags |= NLM_F_DUMP; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_PORT_POOL_GET, flags); -+ -+ if (dl_argc(dl) > 0) { -+ err = dl_argv_parse_put(nlh, dl, -+ DL_OPT_HANDLEP | DL_OPT_SB_POOL, -+ DL_OPT_SB); -+ if (err) -+ return err; -+ } -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_sb_port_pool_show_cb, dl); -+} -+ -+static int cmd_sb_port_pool_set(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ int err; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_PORT_POOL_SET, -+ NLM_F_REQUEST | NLM_F_ACK); -+ -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP | DL_OPT_SB_POOL | -+ DL_OPT_SB_TH, DL_OPT_SB); -+ if (err) -+ return err; -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); -+} -+ -+static int cmd_sb_port_pool(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help")) { -+ cmd_sb_help(); -+ return 0; -+ } else if (dl_argv_match(dl, "show") || -+ dl_argv_match(dl, "list") || dl_no_arg(dl)) { -+ dl_arg_inc(dl); -+ return cmd_sb_port_pool_show(dl); -+ } else if (dl_argv_match(dl, "set")) { -+ dl_arg_inc(dl); -+ return cmd_sb_port_pool_set(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ -+static int cmd_sb_port(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) { -+ cmd_sb_help(); -+ return 0; -+ } else if (dl_argv_match(dl, "pool")) { -+ dl_arg_inc(dl); -+ return cmd_sb_port_pool(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ -+static void pr_out_sb_tc_bind(struct dl *dl, struct nlattr **tb) -+{ -+ pr_out_port_handle_nice(dl, tb); -+ pr_out(": sb %u tc %u type %s pool %u threshold %u\n", -+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_INDEX]), -+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_TC_INDEX]), -+ pool_type_name(mnl_attr_get_u8(tb[DEVLINK_ATTR_SB_POOL_TYPE])), -+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_POOL_INDEX]), -+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_THRESHOLD])); -+} -+ -+static int cmd_sb_tc_bind_show_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct dl *dl = data; -+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || -+ !tb[DEVLINK_ATTR_PORT_INDEX] || !tb[DEVLINK_ATTR_SB_INDEX] || -+ !tb[DEVLINK_ATTR_SB_TC_INDEX] || !tb[DEVLINK_ATTR_SB_POOL_TYPE] || -+ !tb[DEVLINK_ATTR_SB_POOL_INDEX] || !tb[DEVLINK_ATTR_SB_THRESHOLD]) -+ return MNL_CB_ERROR; -+ pr_out_sb_tc_bind(dl, tb); -+ return MNL_CB_OK; -+} -+ -+static int cmd_sb_tc_bind_show(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK; -+ int err; -+ -+ if (dl_argc(dl) == 0) -+ flags |= NLM_F_DUMP; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_TC_POOL_BIND_GET, flags); -+ -+ if (dl_argc(dl) > 0) { -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP | DL_OPT_SB_TC | -+ DL_OPT_SB_TYPE, DL_OPT_SB); -+ if (err) -+ return err; -+ } -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_sb_tc_bind_show_cb, dl); -+} -+ -+static int cmd_sb_tc_bind_set(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ int err; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_TC_POOL_BIND_SET, -+ NLM_F_REQUEST | NLM_F_ACK); -+ -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP | DL_OPT_SB_TC | -+ DL_OPT_SB_TYPE | DL_OPT_SB_POOL | DL_OPT_SB_TH, -+ DL_OPT_SB); -+ if (err) -+ return err; -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); -+} -+ -+static int cmd_sb_tc_bind(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help")) { -+ cmd_sb_help(); -+ return 0; -+ } else if (dl_argv_match(dl, "show") || -+ dl_argv_match(dl, "list") || dl_no_arg(dl)) { -+ dl_arg_inc(dl); -+ return cmd_sb_tc_bind_show(dl); -+ } else if (dl_argv_match(dl, "set")) { -+ dl_arg_inc(dl); -+ return cmd_sb_tc_bind_set(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ -+static int cmd_sb_tc(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) { -+ cmd_sb_help(); -+ return 0; -+ } else if (dl_argv_match(dl, "bind")) { -+ dl_arg_inc(dl); -+ return cmd_sb_tc_bind(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ -+static int cmd_sb(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help")) { -+ cmd_sb_help(); -+ return 0; -+ } else if (dl_argv_match(dl, "show") || -+ dl_argv_match(dl, "list") || dl_no_arg(dl)) { -+ dl_arg_inc(dl); -+ return cmd_sb_show(dl); -+ } else if (dl_argv_match(dl, "pool")) { -+ dl_arg_inc(dl); -+ return cmd_sb_pool(dl); -+ } else if (dl_argv_match(dl, "port")) { -+ dl_arg_inc(dl); -+ return cmd_sb_port(dl); -+ } else if (dl_argv_match(dl, "tc")) { -+ dl_arg_inc(dl); -+ return cmd_sb_tc(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ - static const char *cmd_name(uint8_t cmd) - { - switch (cmd) { -@@ -1064,7 +1662,7 @@ static int cmd_mon(struct dl *dl) - static void help(void) - { - pr_out("Usage: devlink [ OPTIONS ] OBJECT { COMMAND | help }\n" -- "where OBJECT := { dev | port | monitor }\n" -+ "where OBJECT := { dev | port | sb | monitor }\n" - " OPTIONS := { -V[ersion] | -n[no-nice-names] }\n"); - } - -@@ -1079,6 +1677,9 @@ static int dl_cmd(struct dl *dl) - } else if (dl_argv_match(dl, "port")) { - dl_arg_inc(dl); - return cmd_port(dl); -+ } else if (dl_argv_match(dl, "sb")) { -+ dl_arg_inc(dl); -+ return cmd_sb(dl); - } else if (dl_argv_match(dl, "monitor")) { - dl_arg_inc(dl); - return cmd_mon(dl); -diff --git a/include/linux/devlink.h b/include/linux/devlink.h -index a96e1a0..d40699f 100644 ---- a/include/linux/devlink.h -+++ b/include/linux/devlink.h -@@ -33,6 +33,26 @@ enum devlink_command { - DEVLINK_CMD_PORT_SPLIT, - DEVLINK_CMD_PORT_UNSPLIT, - -+ DEVLINK_CMD_SB_GET, /* can dump */ -+ DEVLINK_CMD_SB_SET, -+ DEVLINK_CMD_SB_NEW, -+ DEVLINK_CMD_SB_DEL, -+ -+ DEVLINK_CMD_SB_POOL_GET, /* can dump */ -+ DEVLINK_CMD_SB_POOL_SET, -+ DEVLINK_CMD_SB_POOL_NEW, -+ DEVLINK_CMD_SB_POOL_DEL, -+ -+ DEVLINK_CMD_SB_PORT_POOL_GET, /* can dump */ -+ DEVLINK_CMD_SB_PORT_POOL_SET, -+ DEVLINK_CMD_SB_PORT_POOL_NEW, -+ DEVLINK_CMD_SB_PORT_POOL_DEL, -+ -+ DEVLINK_CMD_SB_TC_POOL_BIND_GET, /* can dump */ -+ DEVLINK_CMD_SB_TC_POOL_BIND_SET, -+ DEVLINK_CMD_SB_TC_POOL_BIND_NEW, -+ DEVLINK_CMD_SB_TC_POOL_BIND_DEL, -+ - /* add new commands above here */ - - __DEVLINK_CMD_MAX, -@@ -46,6 +66,31 @@ enum devlink_port_type { - DEVLINK_PORT_TYPE_IB, - }; - -+enum devlink_sb_pool_type { -+ DEVLINK_SB_POOL_TYPE_INGRESS, -+ DEVLINK_SB_POOL_TYPE_EGRESS, -+}; -+ -+/* static threshold - limiting the maximum number of bytes. -+ * dynamic threshold - limiting the maximum number of bytes -+ * based on the currently available free space in the shared buffer pool. -+ * In this mode, the maximum quota is calculated based -+ * on the following formula: -+ * max_quota = alpha / (1 + alpha) * Free_Buffer -+ * While Free_Buffer is the amount of none-occupied buffer associated to -+ * the relevant pool. -+ * The value range which can be passed is 0-20 and serves -+ * for computation of alpha by following formula: -+ * alpha = 2 ^ (passed_value - 10) -+ */ -+ -+enum devlink_sb_threshold_type { -+ DEVLINK_SB_THRESHOLD_TYPE_STATIC, -+ DEVLINK_SB_THRESHOLD_TYPE_DYNAMIC, -+}; -+ -+#define DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX 20 -+ - enum devlink_attr { - /* don't change the order or add anything between, this is ABI! */ - DEVLINK_ATTR_UNSPEC, -@@ -62,6 +107,18 @@ enum devlink_attr { - DEVLINK_ATTR_PORT_IBDEV_NAME, /* string */ - DEVLINK_ATTR_PORT_SPLIT_COUNT, /* u32 */ - DEVLINK_ATTR_PORT_SPLIT_GROUP, /* u32 */ -+ DEVLINK_ATTR_SB_INDEX, /* u32 */ -+ DEVLINK_ATTR_SB_SIZE, /* u32 */ -+ DEVLINK_ATTR_SB_INGRESS_POOL_COUNT, /* u16 */ -+ DEVLINK_ATTR_SB_EGRESS_POOL_COUNT, /* u16 */ -+ DEVLINK_ATTR_SB_INGRESS_TC_COUNT, /* u16 */ -+ DEVLINK_ATTR_SB_EGRESS_TC_COUNT, /* u16 */ -+ DEVLINK_ATTR_SB_POOL_INDEX, /* u16 */ -+ DEVLINK_ATTR_SB_POOL_TYPE, /* u8 */ -+ DEVLINK_ATTR_SB_POOL_SIZE, /* u32 */ -+ DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE, /* u8 */ -+ DEVLINK_ATTR_SB_THRESHOLD, /* u32 */ -+ DEVLINK_ATTR_SB_TC_INDEX, /* u16 */ - - /* add new attributes above here, update the policy in devlink.c */ - --- -1.8.3.1 - diff --git a/SOURCES/0195-devlink-implement-shared-buffer-occupancy-control.patch b/SOURCES/0195-devlink-implement-shared-buffer-occupancy-control.patch deleted file mode 100644 index 103e564..0000000 --- a/SOURCES/0195-devlink-implement-shared-buffer-occupancy-control.patch +++ /dev/null @@ -1,453 +0,0 @@ -From fbd89ab4f4ffdcbda971a3a4ea6096cc4971d04e Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] devlink: implement shared buffer occupancy control - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit a60ebcb6f34f4 - -commit a60ebcb6f34f4c43cba092f52b1150d7fb1deec5 -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:52 2016 +0200 - - devlink: implement shared buffer occupancy control - - Use kernel shared buffer occupancy control commands to make snapshot and - clear occupancy watermarks. Also, allow to show occupancy values in a - nice way. - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - devlink/devlink.c | 349 ++++++++++++++++++++++++++++++++++++++++++++++++ - include/linux/devlink.h | 6 + - 2 files changed, 355 insertions(+) - -diff --git a/devlink/devlink.c b/devlink/devlink.c -index 228807f..ffefa86 100644 ---- a/devlink/devlink.c -+++ b/devlink/devlink.c -@@ -27,6 +27,12 @@ - - #define pr_err(args...) fprintf(stderr, ##args) - #define pr_out(args...) fprintf(stdout, ##args) -+#define pr_out_sp(num, args...) \ -+ do { \ -+ int ret = fprintf(stdout, ##args); \ -+ if (ret < num) \ -+ fprintf(stdout, "%*s", num - ret, ""); \ -+ } while (0) - - static int _mnlg_socket_recv_run(struct mnlg_socket *nlg, - mnl_cb_t data_cb, void *data) -@@ -275,6 +281,12 @@ static int attr_cb(const struct nlattr *attr, void *data) - if (type == DEVLINK_ATTR_SB_TC_INDEX && - mnl_attr_validate(attr, MNL_TYPE_U16) < 0) - return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_OCC_CUR && -+ mnl_attr_validate(attr, MNL_TYPE_U32) < 0) -+ return MNL_CB_ERROR; -+ if (type == DEVLINK_ATTR_SB_OCC_MAX && -+ mnl_attr_validate(attr, MNL_TYPE_U32) < 0) -+ return MNL_CB_ERROR; - tb[type] = attr; - return MNL_CB_OK; - } -@@ -864,6 +876,7 @@ static bool dl_dump_filter(struct dl *dl, struct nlattr **tb) - struct nlattr *attr_bus_name = tb[DEVLINK_ATTR_BUS_NAME]; - struct nlattr *attr_dev_name = tb[DEVLINK_ATTR_DEV_NAME]; - struct nlattr *attr_port_index = tb[DEVLINK_ATTR_PORT_INDEX]; -+ struct nlattr *attr_sb_index = tb[DEVLINK_ATTR_SB_INDEX]; - - if (opts->present & DL_OPT_HANDLE && - attr_bus_name && attr_dev_name) { -@@ -885,6 +898,12 @@ static bool dl_dump_filter(struct dl *dl, struct nlattr **tb) - port_index != opts->port_index) - return false; - } -+ if (opts->present & DL_OPT_SB && attr_sb_index) { -+ uint32_t sb_index = mnl_attr_get_u32(attr_sb_index); -+ -+ if (sb_index != opts->sb_index) -+ return false; -+ } - return true; - } - -@@ -1168,6 +1187,9 @@ static void cmd_sb_help(void) - pr_out(" devlink sb tc bind set DEV/PORT_INDEX [ sb SB_INDEX ] tc TC_INDEX\n"); - pr_out(" type { ingress | egress } pool POOL_INDEX\n"); - pr_out(" th THRESHOLD\n"); -+ pr_out(" devlink sb occupancy show { DEV | DEV/PORT_INDEX } [ sb SB_INDEX ]\n"); -+ pr_out(" devlink sb occupancy snapshot DEV [ sb SB_INDEX ]\n"); -+ pr_out(" devlink sb occupancy clearmax DEV [ sb SB_INDEX ]\n"); - } - - static void pr_out_sb(struct nlattr **tb) -@@ -1504,6 +1526,330 @@ static int cmd_sb_tc(struct dl *dl) - return -ENOENT; - } - -+struct occ_item { -+ struct list_head list; -+ uint32_t index; -+ uint32_t cur; -+ uint32_t max; -+ uint32_t bound_pool_index; -+}; -+ -+struct occ_port { -+ struct list_head list; -+ char *bus_name; -+ char *dev_name; -+ uint32_t port_index; -+ uint32_t sb_index; -+ struct list_head pool_list; -+ struct list_head ing_tc_list; -+ struct list_head eg_tc_list; -+}; -+ -+struct occ_show { -+ struct dl *dl; -+ int err; -+ struct list_head port_list; -+}; -+ -+static struct occ_item *occ_item_alloc(void) -+{ -+ return calloc(1, sizeof(struct occ_item)); -+} -+ -+static void occ_item_free(struct occ_item *occ_item) -+{ -+ free(occ_item); -+} -+ -+static struct occ_port *occ_port_alloc(uint32_t port_index) -+{ -+ struct occ_port *occ_port; -+ -+ occ_port = calloc(1, sizeof(*occ_port)); -+ if (!occ_port) -+ return NULL; -+ occ_port->port_index = port_index; -+ INIT_LIST_HEAD(&occ_port->pool_list); -+ INIT_LIST_HEAD(&occ_port->ing_tc_list); -+ INIT_LIST_HEAD(&occ_port->eg_tc_list); -+ return occ_port; -+} -+ -+static void occ_port_free(struct occ_port *occ_port) -+{ -+ struct occ_item *occ_item, *tmp; -+ -+ list_for_each_entry_safe(occ_item, tmp, &occ_port->pool_list, list) -+ occ_item_free(occ_item); -+ list_for_each_entry_safe(occ_item, tmp, &occ_port->ing_tc_list, list) -+ occ_item_free(occ_item); -+ list_for_each_entry_safe(occ_item, tmp, &occ_port->eg_tc_list, list) -+ occ_item_free(occ_item); -+} -+ -+static struct occ_show *occ_show_alloc(struct dl *dl) -+{ -+ struct occ_show *occ_show; -+ -+ occ_show = calloc(1, sizeof(*occ_show)); -+ if (!occ_show) -+ return NULL; -+ occ_show->dl = dl; -+ INIT_LIST_HEAD(&occ_show->port_list); -+ return occ_show; -+} -+ -+static void occ_show_free(struct occ_show *occ_show) -+{ -+ struct occ_port *occ_port, *tmp; -+ -+ list_for_each_entry_safe(occ_port, tmp, &occ_show->port_list, list) -+ occ_port_free(occ_port); -+} -+ -+static struct occ_port *occ_port_get(struct occ_show *occ_show, -+ struct nlattr **tb) -+{ -+ struct occ_port *occ_port; -+ uint32_t port_index; -+ -+ port_index = mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX]); -+ -+ list_for_each_entry_reverse(occ_port, &occ_show->port_list, list) { -+ if (occ_port->port_index == port_index) -+ return occ_port; -+ } -+ occ_port = occ_port_alloc(port_index); -+ if (!occ_port) -+ return NULL; -+ list_add_tail(&occ_port->list, &occ_show->port_list); -+ return occ_port; -+} -+ -+static void pr_out_occ_show_item_list(const char *label, struct list_head *list, -+ bool bound_pool) -+{ -+ struct occ_item *occ_item; -+ int i = 1; -+ -+ pr_out_sp(7, " %s:", label); -+ list_for_each_entry(occ_item, list, list) { -+ if ((i - 1) % 4 == 0 && i != 1) -+ pr_out_sp(7, " "); -+ if (bound_pool) -+ pr_out_sp(7, "%2u(%u):", occ_item->index, -+ occ_item->bound_pool_index); -+ else -+ pr_out_sp(7, "%2u:", occ_item->index); -+ pr_out_sp(15, "%7u/%u", occ_item->cur, occ_item->max); -+ if (i++ % 4 == 0) -+ pr_out("\n"); -+ } -+ if ((i - 1) % 4 != 0) -+ pr_out("\n"); -+} -+ -+static void pr_out_occ_show_port(struct occ_port *occ_port) -+{ -+ pr_out_occ_show_item_list("pool", &occ_port->pool_list, false); -+ pr_out_occ_show_item_list("itc", &occ_port->ing_tc_list, true); -+ pr_out_occ_show_item_list("etc", &occ_port->eg_tc_list, true); -+} -+ -+static void pr_out_occ_show(struct occ_show *occ_show) -+{ -+ struct dl *dl = occ_show->dl; -+ struct dl_opts *opts = &dl->opts; -+ struct occ_port *occ_port; -+ -+ list_for_each_entry(occ_port, &occ_show->port_list, list) { -+ __pr_out_port_handle_nice(dl, opts->bus_name, opts->dev_name, -+ occ_port->port_index); -+ pr_out(":\n"); -+ pr_out_occ_show_port(occ_port); -+ } -+} -+ -+static void cmd_sb_occ_port_pool_process(struct occ_show *occ_show, -+ struct nlattr **tb) -+{ -+ struct occ_port *occ_port; -+ struct occ_item *occ_item; -+ -+ if (occ_show->err || !dl_dump_filter(occ_show->dl, tb)) -+ return; -+ -+ occ_port = occ_port_get(occ_show, tb); -+ if (!occ_port) { -+ occ_show->err = -ENOMEM; -+ return; -+ } -+ -+ occ_item = occ_item_alloc(); -+ if (!occ_item) { -+ occ_show->err = -ENOMEM; -+ return; -+ } -+ occ_item->index = mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_POOL_INDEX]); -+ occ_item->cur = mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_OCC_CUR]); -+ occ_item->max = mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_OCC_MAX]); -+ list_add_tail(&occ_item->list, &occ_port->pool_list); -+} -+ -+static int cmd_sb_occ_port_pool_process_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct occ_show *occ_show = data; -+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || -+ !tb[DEVLINK_ATTR_PORT_INDEX] || !tb[DEVLINK_ATTR_SB_INDEX] || -+ !tb[DEVLINK_ATTR_SB_POOL_INDEX] || -+ !tb[DEVLINK_ATTR_SB_OCC_CUR] || !tb[DEVLINK_ATTR_SB_OCC_MAX]) -+ return MNL_CB_ERROR; -+ cmd_sb_occ_port_pool_process(occ_show, tb); -+ return MNL_CB_OK; -+} -+ -+static void cmd_sb_occ_tc_pool_process(struct occ_show *occ_show, -+ struct nlattr **tb) -+{ -+ struct occ_port *occ_port; -+ struct occ_item *occ_item; -+ uint8_t pool_type; -+ -+ if (occ_show->err || !dl_dump_filter(occ_show->dl, tb)) -+ return; -+ -+ occ_port = occ_port_get(occ_show, tb); -+ if (!occ_port) { -+ occ_show->err = -ENOMEM; -+ return; -+ } -+ -+ occ_item = occ_item_alloc(); -+ if (!occ_item) { -+ occ_show->err = -ENOMEM; -+ return; -+ } -+ occ_item->index = mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_TC_INDEX]); -+ occ_item->cur = mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_OCC_CUR]); -+ occ_item->max = mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_OCC_MAX]); -+ occ_item->bound_pool_index = -+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_POOL_INDEX]); -+ pool_type = mnl_attr_get_u8(tb[DEVLINK_ATTR_SB_POOL_TYPE]); -+ if (pool_type == DEVLINK_SB_POOL_TYPE_INGRESS) -+ list_add_tail(&occ_item->list, &occ_port->ing_tc_list); -+ else if (pool_type == DEVLINK_SB_POOL_TYPE_EGRESS) -+ list_add_tail(&occ_item->list, &occ_port->eg_tc_list); -+ else -+ occ_item_free(occ_item); -+} -+ -+static int cmd_sb_occ_tc_pool_process_cb(const struct nlmsghdr *nlh, void *data) -+{ -+ struct occ_show *occ_show = data; -+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; -+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); -+ -+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); -+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || -+ !tb[DEVLINK_ATTR_PORT_INDEX] || !tb[DEVLINK_ATTR_SB_INDEX] || -+ !tb[DEVLINK_ATTR_SB_TC_INDEX] || !tb[DEVLINK_ATTR_SB_POOL_TYPE] || -+ !tb[DEVLINK_ATTR_SB_POOL_INDEX] || -+ !tb[DEVLINK_ATTR_SB_OCC_CUR] || !tb[DEVLINK_ATTR_SB_OCC_MAX]) -+ return MNL_CB_ERROR; -+ cmd_sb_occ_tc_pool_process(occ_show, tb); -+ return MNL_CB_OK; -+} -+ -+static int cmd_sb_occ_show(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ struct occ_show *occ_show; -+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_DUMP; -+ int err; -+ -+ err = dl_argv_parse(dl, DL_OPT_HANDLE | DL_OPT_HANDLEP, DL_OPT_SB); -+ if (err) -+ return err; -+ -+ occ_show = occ_show_alloc(dl); -+ if (!occ_show) -+ return -ENOMEM; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_PORT_POOL_GET, flags); -+ -+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, -+ cmd_sb_occ_port_pool_process_cb, occ_show); -+ if (err) -+ goto out; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_TC_POOL_BIND_GET, flags); -+ -+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, -+ cmd_sb_occ_tc_pool_process_cb, occ_show); -+ if (err) -+ goto out; -+ -+ pr_out_occ_show(occ_show); -+ -+out: -+ occ_show_free(occ_show); -+ return err; -+} -+ -+static int cmd_sb_occ_snapshot(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ int err; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_OCC_SNAPSHOT, -+ NLM_F_REQUEST | NLM_F_ACK); -+ -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, DL_OPT_SB); -+ if (err) -+ return err; -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); -+} -+ -+static int cmd_sb_occ_clearmax(struct dl *dl) -+{ -+ struct nlmsghdr *nlh; -+ int err; -+ -+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_OCC_MAX_CLEAR, -+ NLM_F_REQUEST | NLM_F_ACK); -+ -+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, DL_OPT_SB); -+ if (err) -+ return err; -+ -+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); -+} -+ -+static int cmd_sb_occ(struct dl *dl) -+{ -+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) { -+ cmd_sb_help(); -+ return 0; -+ } else if (dl_argv_match(dl, "show") || -+ dl_argv_match(dl, "list")) { -+ dl_arg_inc(dl); -+ return cmd_sb_occ_show(dl); -+ } else if (dl_argv_match(dl, "snapshot")) { -+ dl_arg_inc(dl); -+ return cmd_sb_occ_snapshot(dl); -+ } else if (dl_argv_match(dl, "clearmax")) { -+ dl_arg_inc(dl); -+ return cmd_sb_occ_clearmax(dl); -+ } -+ pr_err("Command \"%s\" not found\n", dl_argv(dl)); -+ return -ENOENT; -+} -+ - static int cmd_sb(struct dl *dl) - { - if (dl_argv_match(dl, "help")) { -@@ -1522,6 +1868,9 @@ static int cmd_sb(struct dl *dl) - } else if (dl_argv_match(dl, "tc")) { - dl_arg_inc(dl); - return cmd_sb_tc(dl); -+ } else if (dl_argv_match(dl, "occupancy")) { -+ dl_arg_inc(dl); -+ return cmd_sb_occ(dl); - } - pr_err("Command \"%s\" not found\n", dl_argv(dl)); - return -ENOENT; -diff --git a/include/linux/devlink.h b/include/linux/devlink.h -index d40699f..0e21d00 100644 ---- a/include/linux/devlink.h -+++ b/include/linux/devlink.h -@@ -53,6 +53,10 @@ enum devlink_command { - DEVLINK_CMD_SB_TC_POOL_BIND_NEW, - DEVLINK_CMD_SB_TC_POOL_BIND_DEL, - -+ /* Shared buffer occupancy monitoring commands */ -+ DEVLINK_CMD_SB_OCC_SNAPSHOT, -+ DEVLINK_CMD_SB_OCC_MAX_CLEAR, -+ - /* add new commands above here */ - - __DEVLINK_CMD_MAX, -@@ -119,6 +123,8 @@ enum devlink_attr { - DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE, /* u8 */ - DEVLINK_ATTR_SB_THRESHOLD, /* u32 */ - DEVLINK_ATTR_SB_TC_INDEX, /* u16 */ -+ DEVLINK_ATTR_SB_OCC_CUR, /* u32 */ -+ DEVLINK_ATTR_SB_OCC_MAX, /* u32 */ - - /* add new attributes above here, update the policy in devlink.c */ - --- -1.8.3.1 - diff --git a/SOURCES/0196-devlink-add-manpage-for-shared-buffer.patch b/SOURCES/0196-devlink-add-manpage-for-shared-buffer.patch deleted file mode 100644 index 9f364a1..0000000 --- a/SOURCES/0196-devlink-add-manpage-for-shared-buffer.patch +++ /dev/null @@ -1,383 +0,0 @@ -From 8a5444de3226e5acb78307b79146f0456b4244cf Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Sat, 9 Jul 2016 11:33:14 +0200 -Subject: [PATCH] devlink: add manpage for shared buffer - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342515 -Upstream Status: iproute2.git commit 4bf138d6d2747 - -commit 4bf138d6d2747b198fc0a78f5fe4e1c9287e9e90 -Author: Jiri Pirko <jiri@mellanox.com> -Date: Fri Apr 15 09:51:53 2016 +0200 - - devlink: add manpage for shared buffer - - Manpage for devlink "sb" object. - - Signed-off-by: Jiri Pirko <jiri@mellanox.com> ---- - man/man8/devlink-dev.8 | 1 + - man/man8/devlink-monitor.8 | 1 + - man/man8/devlink-port.8 | 1 + - man/man8/devlink-sb.8 | 313 +++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 316 insertions(+) - create mode 100644 man/man8/devlink-sb.8 - -diff --git a/man/man8/devlink-dev.8 b/man/man8/devlink-dev.8 -index af96a29..62bcead 100644 ---- a/man/man8/devlink-dev.8 -+++ b/man/man8/devlink-dev.8 -@@ -52,6 +52,7 @@ Shows the state of specified devlink device. - .SH SEE ALSO - .BR devlink (8), - .BR devlink-port (8), -+.BR devlink-sb (8), - .BR devlink-monitor (8), - .br - -diff --git a/man/man8/devlink-monitor.8 b/man/man8/devlink-monitor.8 -index 98134c3..13fe641 100644 ---- a/man/man8/devlink-monitor.8 -+++ b/man/man8/devlink-monitor.8 -@@ -29,6 +29,7 @@ opens Devlink Netlink socket, listens on it and dumps state changes. - .SH SEE ALSO - .BR devlink (8), - .BR devlink-dev (8), -+.BR devlink-sb (8), - .BR devlink-port (8), - .br - -diff --git a/man/man8/devlink-port.8 b/man/man8/devlink-port.8 -index d78837c..a639d01 100644 ---- a/man/man8/devlink-port.8 -+++ b/man/man8/devlink-port.8 -@@ -120,6 +120,7 @@ Unplit the specified previously split devlink port. - .SH SEE ALSO - .BR devlink (8), - .BR devlink-dev (8), -+.BR devlink-sb (8), - .BR devlink-monitor (8), - .br - -diff --git a/man/man8/devlink-sb.8 b/man/man8/devlink-sb.8 -new file mode 100644 -index 0000000..ffb5553 ---- /dev/null -+++ b/man/man8/devlink-sb.8 -@@ -0,0 +1,313 @@ -+.TH DEVLINK\-SB 8 "14 Apr 2016" "iproute2" "Linux" -+.SH NAME -+devlink-sb \- devlink shared buffer configuration -+.SH SYNOPSIS -+.sp -+.ad l -+.in +8 -+.ti -8 -+.B devlink -+.RI "[ " OPTIONS " ]" -+.B sb -+.RI " { " COMMAND " | " -+.BR help " }" -+.sp -+ -+.ti -8 -+.IR OPTIONS " := { " -+\fB\-V\fR[\fIersion\fR] | -+\fB\-n\fR[\fIno-nice-names\fR] } -+ -+.ti -8 -+.BR "devlink sb show " -+.RI "[ " DEV " [ " -+.B sb -+.IR SB_INDEX " ] ]" -+ -+.ti -8 -+.BR "devlink sb pool show " -+.RI "[ " DEV " [ " -+.B sb -+.IR SB_INDEX " ] " -+.br -+.B pool -+.IR POOL_INDEX " ]" -+ -+.ti -8 -+.BI "devlink sb pool set " DEV " -+.RB "[ " sb -+.IR SB_INDEX " ] " -+.br -+.BI pool " POOL_INDEX " -+.br -+.BI size " POOL_SIZE " -+.br -+.BR thtype " { " static " | " dynamic " }" -+ -+.ti -8 -+.BR "devlink sb port pool show " -+.RI "[ " DEV/PORT_INDEX " [ " -+.B sb -+.IR SB_INDEX " ] " -+.br -+.B pool -+.IR POOL_INDEX " ]" -+ -+.ti -8 -+.BI "devlink sb port pool set " DEV/PORT_INDEX " -+.RB "[ " sb -+.IR SB_INDEX " ] " -+.br -+.BI pool " POOL_INDEX " -+.br -+.BI th " THRESHOLD " -+ -+.ti -8 -+.BR "devlink sb tc bind show " -+.RI "[ " DEV/PORT_INDEX " [ " -+.B sb -+.IR SB_INDEX " ] " -+.br -+.BI tc " TC_INDEX " -+.br -+.B type -+.RB "{ " ingress " | " egress " } ]" -+ -+.ti -8 -+.BI "devlink sb tc bind set " DEV/PORT_INDEX " -+.RB "[ " sb -+.IR SB_INDEX " ] " -+.br -+.BI tc " TC_INDEX " -+.br -+.BR type " { " ingress " | " egress " }" -+.br -+.BI pool " POOL_INDEX " -+.br -+.BI th " THRESHOLD " -+ -+.ti -8 -+.BR "devlink sb occupancy show " -+.RI "{ " DEV " | " DEV/PORT_INDEX " } [ " -+.B sb -+.IR SB_INDEX " ] " -+ -+.ti -8 -+.BR "devlink sb occupancy snapshot " -+.IR DEV " [ " -+.B sb -+.IR SB_INDEX " ]" -+ -+.ti -8 -+.BR "devlink sb occupancy clearmax " -+.IR DEV " [ " -+.B sb -+.IR SB_INDEX " ]" -+ -+.ti -8 -+.B devlink sb help -+ -+.SH "DESCRIPTION" -+.SS devlink sb show - display available shared buffers and their attributes -+ -+.PP -+.I "DEV" -+- specifies the devlink device to show shared buffers. -+If this argument is omitted all shared buffers of all devices are listed. -+ -+.PP -+.I "SB_INDEX" -+- specifies the shared buffer. -+If this argument is omitted shared buffer with index 0 is selected. -+Behaviour of this argument it the same for every command. -+ -+.SS devlink sb pool show - display available pools and their attributes -+ -+.PP -+.I "DEV" -+- specifies the devlink device to show pools. -+If this argument is omitted all pools of all devices are listed. -+ -+.SS devlink sb pool set - set attributes of pool -+ -+.PP -+.I "DEV" -+- specifies the devlink device to set pool. -+ -+.TP -+.BI size " POOL_SIZE" -+size of the pool in Bytes. -+ -+.TP -+.BR thtype " { " static " | " dynamic " } " -+pool threshold type. -+ -+.I static -+- Threshold values for the pool will be passed in Bytes. -+ -+.I dynamic -+- Threshold values ("to_alpha") for the pool will be used to compute alpha parameter according to formula: -+.br -+.in +16 -+alpha = 2 ^ (to_alpha - 10) -+.in -16 -+ -+.in +10 -+The range of the passed value is between 0 to 20. The computed alpha is used to determine the maximum usage of the flow: -+.in -10 -+.br -+.in +16 -+max_usage = alpha / (1 + alpha) * Free_Buffer -+.in -16 -+ -+.SS devlink sb port pool show - display port-pool combinations and threshold for each -+.I "DEV/PORT_INDEX" -+- specifies the devlink port. -+ -+.TP -+.BI pool " POOL_INDEX" -+pool index. -+ -+.SS devlink sb port pool set - set port-pool threshold -+.I "DEV/PORT_INDEX" -+- specifies the devlink port. -+ -+.TP -+.BI pool " POOL_INDEX" -+pool index. -+ -+.TP -+.BI th " THRESHOLD" -+threshold value. Type of the value is either Bytes or "to_alpha", depends on -+.B thtype -+set for the pool. -+ -+.SS devlink sb tc bind show - display port-TC to pool bindings and threshold for each -+ -+.I "DEV/PORT_INDEX" -+- specifies the devlink port. -+ -+.TP -+.BI tc " TC_INDEX" -+index of either ingress or egress TC, usually in range 0 to 8 (depends on device). -+ -+.TP -+.BR type " { " ingress " | " egress " } " -+TC type. -+ -+.SS devlink sb tc bind set - set port-TC to pool binding with specified threshold -+ -+.I "DEV/PORT_INDEX" -+- specifies the devlink port. -+ -+.TP -+.BI tc " TC_INDEX" -+index of either ingress or egress TC, usually in range 0 to 8 (depends on device). -+ -+.TP -+.BR type " { " ingress " | " egress " } " -+TC type. -+ -+.TP -+.BI pool " POOL_INDEX" -+index of pool to bind this to. -+ -+.TP -+.BI th " THRESHOLD" -+threshold value. Type of the value is either Bytes or "to_alpha", depends on -+.B thtype -+set for the pool. -+ -+.SS devlink sb occupancy show - display shared buffer occupancy values for device or port -+ -+.PP -+This command is used to browse shared buffer occupancy values. Values are showed for every port-pool combination as well as for all port-TC combinations (with pool this port-TC is bound to). Format of value is: -+.br -+.in +16 -+current_value/max_value -+.in -16 -+Note that before showing values, one has to issue -+.b occupancy snapshot -+command first. -+ -+.PP -+.I "DEV" -+- specifies the devlink device to show occupancy values for. -+ -+.I "DEV/PORT_INDEX" -+- specifies the devlink port to show occupancy values for. -+ -+.SS devlink sb occupancy snapshot - take occupancy snapshot of shared buffer for device -+This command is used to take a snapshot of shared buffer occupancy values. After that, the values can be showed using -+.B occupancy show -+command. -+ -+.PP -+.I "DEV" -+- specifies the devlink device to take occupancy snapshot on. -+ -+.SS devlink sb occupancy clearmax - clear occupancy watermarks of shared buffer for device -+This command is used to reset maximal occupancy values reached for whole device. Note that before browsing reset values, one has to issue -+.B occupancy snapshot -+command. -+ -+.PP -+.I "DEV" -+- specifies the devlink device to clear occupancy watermarks on. -+ -+.SH "EXAMPLES" -+.PP -+devlink sb show -+.RS 4 -+List available share buffers. -+.RE -+.PP -+devlink sb pool show -+.RS 4 -+List available pools and their config. -+.RE -+.PP -+devlink sb port pool show pci/0000:03:00.0/1 pool 0 -+.RS 4 -+Show port-pool setup for specified port and pool. -+.RE -+.PP -+sudo devlink sb port pool set pci/0000:03:00.0/1 pool 0 th 15 -+.RS 4 -+Change threshold for port specified port and pool. -+.RE -+.PP -+devlink sb tc bind show pci/0000:03:00.0/1 tc 0 type ingress -+.RS 4 -+Show pool binding and threshold for specified port and TC. -+.RE -+.PP -+sudo devlink sb tc bind set pci/0000:03:00.0/1 tc 0 type ingress pool 0 th 9 -+.RS 4 -+Set pool binding and threshold for specified port and TC. -+.RE -+.PP -+sudo devlink sb occupancy snapshot pci/0000:03:00.0 -+.RS 4 -+Make a snapshot of occupancy of shared buffer for specified devlink device. -+.RE -+.PP -+devlink sb occupancy show pci/0000:03:00.0/1 -+.RS 4 -+Show occupancy for specified port from the snapshot. -+.RE -+.PP -+sudo devlink sb occupancy clearmax pci/0000:03:00.0 -+.RS 4 -+Clear watermarks for shared buffer of specified devlink device. -+ -+ -+.SH SEE ALSO -+.BR devlink (8), -+.BR devlink-dev (8), -+.BR devlink-port (8), -+.BR devlink-monitor (8), -+.br -+ -+.SH AUTHOR -+Jiri Pirko <jiri@mellanox.com> --- -1.8.3.1 - diff --git a/SOURCES/0197-ip-route-restore-route-entries-in-correct-order.patch b/SOURCES/0197-ip-route-restore-route-entries-in-correct-order.patch deleted file mode 100644 index aa8f935..0000000 --- a/SOURCES/0197-ip-route-restore-route-entries-in-correct-order.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 3cdde59a38727b58edb9e165fcbb9befa5025f43 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 21:31:37 +0200 -Subject: [PATCH] ip route: restore route entries in correct order - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1348133 -Upstream Status: iproute2.git commit 74af8dd9620e4 - -commit 74af8dd9620e4322babf9d2a936b1d333a4e37e0 -Author: Xin Long <lucien.xin@gmail.com> -Date: Tue Jul 12 21:37:58 2016 +0800 - - ip route: restore route entries in correct order - - Sometimes we cannot restore route entries, because in kernel - [1] fib_check_nh() - [2] fib_valid_prefsrc() - cause some routes to depend on existence of others while adding. - - For example, we saved all the routes, and flushed all tables - [a] default via 192.168.122.1 dev eth0 - [b] 192.168.122.0/24 dev eth0 src 192.168.122.21 - [c] broadcast 127.0.0.0 dev lo table local src 127.0.0.1 - [d] local 127.0.0.0/8 dev lo table local src 127.0.0.1 - [e] local 127.0.0.1 dev lo table local src 127.0.0.1 - [f] broadcast 127.255.255.255 dev lo table local src 127.0.0.1 - [g] broadcast 192.168.122.0 dev eth0 table local src 192.168.122.21 - [h] local 192.168.122.21 dev eth0 table local src 192.168.122.21 - [i] broadcast 192.168.122.255 dev eth0 table local src 192.168.122.21 - - Now start to restore them: - If we want to add [a], we have to add [b] first, as [1] and - 'via 192.168.122.1' in [a]. - If we want to add [b], we have to add [h] first, as [2] and - 'src 192.168.122.21' in [b]. - - So the correct order to restore should be like: - [e][h] -> [b][c][d][f][g][i] -> [a] - - This patch fixes it by traversing the file 3 times, it only restores - part of them in each run according to the following conditions, to - make sure every entry can be restored successfully. - 1. !gw && (!fib_prefsrc || fib_prefsrc == cfg->fc_dst) - 2. !gw && (fib_prefsrc != cfg->fc_dst) - 3. gw - - Signed-off-by: Xin Long <lucien.xin@gmail.com> - Acked-by: Phil Sutter <phil@nwl.cc> ---- - ip/iproute.c | 47 +++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 45 insertions(+), 2 deletions(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index 74599e4..fca5802 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -1585,12 +1585,42 @@ static int iproute_get(int argc, char **argv) - exit(0); - } - -+static int rtattr_cmp(struct rtattr *rta1, struct rtattr *rta2) -+{ -+ if (!rta1 || !rta2 || rta1->rta_len != rta2->rta_len) -+ return 1; -+ -+ return memcmp(RTA_DATA(rta1), RTA_DATA(rta2), RTA_PAYLOAD(rta1)); -+} -+ - static int restore_handler(const struct sockaddr_nl *nl, - struct rtnl_ctrl_data *ctrl, - struct nlmsghdr *n, void *arg) - { -- int ret; -+ struct rtmsg *r = NLMSG_DATA(n); -+ struct rtattr *tb[RTA_MAX+1]; -+ int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)); -+ int ret, prio = *(int *)arg; -+ -+ parse_rtattr(tb, RTA_MAX, RTM_RTA(r), len); - -+ /* Restore routes in correct order: -+ * 0. ones for local addresses, -+ * 1. ones for local networks, -+ * 2. others (remote networks/hosts). -+ */ -+ if (!prio && !tb[RTA_GATEWAY] && (!tb[RTA_PREFSRC] || -+ !rtattr_cmp(tb[RTA_PREFSRC], tb[RTA_DST]))) -+ goto restore; -+ else if (prio == 1 && !tb[RTA_GATEWAY] && -+ rtattr_cmp(tb[RTA_PREFSRC], tb[RTA_DST])) -+ goto restore; -+ else if (prio == 2 && tb[RTA_GATEWAY]) -+ goto restore; -+ -+ return 0; -+ -+restore: - n->nlmsg_flags |= NLM_F_REQUEST | NLM_F_CREATE | NLM_F_ACK; - - ll_init_map(&rth); -@@ -1623,10 +1653,23 @@ static int route_dump_check_magic(void) - - static int iproute_restore(void) - { -+ int pos, prio; -+ - if (route_dump_check_magic()) - exit(-1); - -- exit(rtnl_from_file(stdin, &restore_handler, NULL)); -+ pos = ftell(stdin); -+ for (prio = 0; prio < 3; prio++) { -+ int err; -+ -+ err = rtnl_from_file(stdin, &restore_handler, &prio); -+ if (err) -+ exit(err); -+ -+ fseek(stdin, pos, SEEK_SET); -+ } -+ -+ exit(0); - } - - static int show_handler(const struct sockaddr_nl *nl, --- -1.8.3.1 - diff --git a/SOURCES/0198-iproute-constify-rtattr_cmp.patch b/SOURCES/0198-iproute-constify-rtattr_cmp.patch deleted file mode 100644 index 37f21d7..0000000 --- a/SOURCES/0198-iproute-constify-rtattr_cmp.patch +++ /dev/null @@ -1,33 +0,0 @@ -From cdfa6872b71e63e4b2fe0ae6fd9b87be06d9ed53 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 21:31:37 +0200 -Subject: [PATCH] iproute: constify rtattr_cmp - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1348133 -Upstream Status: iproute2.git commit 79f4a39365361 - -commit 79f4a39365361732622e114dbc86bc90ed32d25f -Author: Stephen Hemminger <shemming@brocade.com> -Date: Fri Jul 15 11:34:45 2016 -0700 - - iproute: constify rtattr_cmp ---- - ip/iproute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index fca5802..94dacbb 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -1585,7 +1585,7 @@ static int iproute_get(int argc, char **argv) - exit(0); - } - --static int rtattr_cmp(struct rtattr *rta1, struct rtattr *rta2) -+static int rtattr_cmp(const struct rtattr *rta1, const struct rtattr *rta2) - { - if (!rta1 || !rta2 || rta1->rta_len != rta2->rta_len) - return 1; --- -1.8.3.1 - diff --git a/SOURCES/0199-ip-link-Add-group-in-usage-for-ip-link-delete.patch b/SOURCES/0199-ip-link-Add-group-in-usage-for-ip-link-delete.patch deleted file mode 100644 index dbf0c4d..0000000 --- a/SOURCES/0199-ip-link-Add-group-in-usage-for-ip-link-delete.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9502dd16d7623bd5c40b34a38dae7c8118bba9e6 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:54:33 +0200 -Subject: [PATCH] ip link: Add group in usage() for 'ip link delete' - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 8916ccf66cec5 - -commit 8916ccf66cec59e4e1c1bd4d79a9342b0569d89c -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Fri May 1 22:26:52 2015 +0300 - - ip link: Add group in usage() for 'ip link delete' - - Show deleting by group in 'ip link help' output: - - ... - ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ] - ... - - Also show separately DEVICE option in { } list. - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> ---- - ip/iplink.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index 0e2390d..619556c 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -53,9 +53,9 @@ void iplink_usage(void) - fprintf(stderr, " [ numtxqueues QUEUE_COUNT ]\n"); - fprintf(stderr, " [ numrxqueues QUEUE_COUNT ]\n"); - fprintf(stderr, " type TYPE [ ARGS ]\n"); -- fprintf(stderr, " ip link delete DEV type TYPE [ ARGS ]\n"); -+ fprintf(stderr, " ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]\n"); - fprintf(stderr, "\n"); -- fprintf(stderr, " ip link set { dev DEVICE | group DEVGROUP } [ { up | down } ]\n"); -+ fprintf(stderr, " ip link set { DEVICE | dev DEVICE | group DEVGROUP } [ { up | down } ]\n"); - } else - fprintf(stderr, "Usage: ip link set DEVICE [ { up | down } ]\n"); - --- -1.8.3.1 - diff --git a/SOURCES/0200-iplink-List-valid-type-argument-in-ip-link-help-text.patch b/SOURCES/0200-iplink-List-valid-type-argument-in-ip-link-help-text.patch deleted file mode 100644 index 7d6d0e5..0000000 --- a/SOURCES/0200-iplink-List-valid-type-argument-in-ip-link-help-text.patch +++ /dev/null @@ -1,37 +0,0 @@ -From cb18b1973836de6baf786912af560d1f7086cea9 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:54:33 +0200 -Subject: [PATCH] iplink: List valid 'type' argument in ip link help text - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 771a24289044c - -commit 771a24289044c264cfe7b83040c2b35459b4227d -Author: Phil Sutter <phil@nwl.cc> -Date: Sat Jul 9 11:22:45 2016 +0200 - - iplink: List valid 'type' argument in ip link help text - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - ip/iplink.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index 619556c..0098443 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -55,7 +55,9 @@ void iplink_usage(void) - fprintf(stderr, " type TYPE [ ARGS ]\n"); - fprintf(stderr, " ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]\n"); - fprintf(stderr, "\n"); -- fprintf(stderr, " ip link set { DEVICE | dev DEVICE | group DEVGROUP } [ { up | down } ]\n"); -+ fprintf(stderr, " ip link set { DEVICE | dev DEVICE | group DEVGROUP }\n"); -+ fprintf(stderr, " [ { up | down } ]\n"); -+ fprintf(stderr, " [ type TYPE ARGS ]\n"); - } else - fprintf(stderr, "Usage: ip link set DEVICE [ { up | down } ]\n"); - --- -1.8.3.1 - diff --git a/SOURCES/0201-iplink-bond_slave-Add-missing-help-functions.patch b/SOURCES/0201-iplink-bond_slave-Add-missing-help-functions.patch deleted file mode 100644 index 45e5ddd..0000000 --- a/SOURCES/0201-iplink-bond_slave-Add-missing-help-functions.patch +++ /dev/null @@ -1,75 +0,0 @@ -From b2958475a62de444f8bf0e756406f7097a415a4b Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:54:33 +0200 -Subject: [PATCH] iplink: bond_slave: Add missing help functions - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 25c93faa58806 - -commit 25c93faa58806479ea73bc2d5ceb545e5e932867 -Author: Phil Sutter <phil@nwl.cc> -Date: Sat Jul 9 11:22:46 2016 +0200 - - iplink: bond_slave: Add missing help functions - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - ip/iplink_bond_slave.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/ip/iplink_bond_slave.c b/ip/iplink_bond_slave.c -index 2f3364e..5a802b1 100644 ---- a/ip/iplink_bond_slave.c -+++ b/ip/iplink_bond_slave.c -@@ -17,6 +17,16 @@ - #include "utils.h" - #include "ip_common.h" - -+static void print_explain(FILE *f) -+{ -+ fprintf(f, "Usage: ... bond_slave [ queue_id ID ]\n"); -+} -+ -+static void explain(void) -+{ -+ print_explain(stderr); -+} -+ - static const char *slave_states[] = { - [BOND_STATE_ACTIVE] = "ACTIVE", - [BOND_STATE_BACKUP] = "BACKUP", -@@ -99,6 +109,13 @@ static int bond_slave_parse_opt(struct link_util *lu, int argc, char **argv, - if (get_u16(&queue_id, *argv, 0)) - invarg("queue_id is invalid", *argv); - addattr16(n, 1024, IFLA_BOND_SLAVE_QUEUE_ID, queue_id); -+ } else { -+ if (matches(*argv, "help") != 0) -+ fprintf(stderr, -+ "bond_slave: unknown option \"%s\"?\n", -+ *argv); -+ explain(); -+ return -1; - } - argc--, argv++; - } -@@ -106,10 +123,17 @@ static int bond_slave_parse_opt(struct link_util *lu, int argc, char **argv, - return 0; - } - -+static void bond_slave_print_help(struct link_util *lu, int argc, char **argv, -+ FILE *f) -+{ -+ print_explain(f); -+} -+ - struct link_util bond_slave_link_util = { - .id = "bond", - .maxattr = IFLA_BOND_SLAVE_MAX, - .print_opt = bond_slave_print_opt, - .parse_opt = bond_slave_parse_opt, -+ .print_help = bond_slave_print_help, - .slave = true, - }; --- -1.8.3.1 - diff --git a/SOURCES/0202-man-ip-link-Add-deleting-links-by-group.patch b/SOURCES/0202-man-ip-link-Add-deleting-links-by-group.patch deleted file mode 100644 index 03822b1..0000000 --- a/SOURCES/0202-man-ip-link-Add-deleting-links-by-group.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 3c5f4d7b71df13bdbb11733a4969274ffaa965fd Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:54:33 +0200 -Subject: [PATCH] man ip-link: Add deleting links by group - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 7f74cf6de03a3 -Conflicts: Context changes due to previously added GENEVE support. - -commit 7f74cf6de03a35cb15761d5b507a4d37bc1af64e -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Fri May 1 21:46:41 2015 +0300 - - man ip-link: Add deleting links by group - - Indicate possibility deleting virtual links by group. - - Also changed the alignment of 'ip link delete' args - descriptions, to look like similary to 'ip link set'. - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> ---- - man/man8/ip-link.8.in | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index ac3bb77..59a5699 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -64,7 +64,10 @@ ip-link \- network device configuration - .BR geneve " ]" - - .ti -8 --.BI "ip link delete " DEVICE -+.BR "ip link delete " { -+.IR DEVICE " | " -+.BI "group " GROUP -+} - .BI type " TYPE" - .RI "[ " ARGS " ]" - -@@ -843,6 +846,11 @@ the following additional arguments are supported: - specifies the virtual device to act operate on. - - .TP -+.BI group " GROUP " -+specifies the group of virtual links to delete. Group 0 is not allowed to be -+deleted since it is the default group. -+ -+.TP - .BI type " TYPE " - specifies the type of the device. - --- -1.8.3.1 - diff --git a/SOURCES/0203-man-ip-link-Add-short-description-about-group.patch b/SOURCES/0203-man-ip-link-Add-short-description-about-group.patch deleted file mode 100644 index aafd1a3..0000000 --- a/SOURCES/0203-man-ip-link-Add-short-description-about-group.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 68ba1fcc05e8ee70267ae967b83d6236b9d2c5f5 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:55:48 +0200 -Subject: [PATCH] man ip-link: Add short description about 'group' - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 032b4f4d19e1d - -commit 032b4f4d19e1d0880f800a0becfd05025206bb7d -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Sat Mar 7 15:43:37 2015 +0200 - - man ip-link: Add short description about 'group' - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> ---- - man/man8/ip-link.8.in | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 59a5699..d820e69 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -1082,6 +1082,12 @@ output. - .I "TYPE" - specifies which help of link type to dislpay. - -+.SS -+.I GROUP -+may be a number or a string from the file -+.B /etc/iproute2/group -+which can be manually filled. -+ - .SH "EXAMPLES" - .PP - ip link show --- -1.8.3.1 - diff --git a/SOURCES/0204-man-ip-link-Remove-extra-GROUP-explanation.patch b/SOURCES/0204-man-ip-link-Remove-extra-GROUP-explanation.patch deleted file mode 100644 index d936882..0000000 --- a/SOURCES/0204-man-ip-link-Remove-extra-GROUP-explanation.patch +++ /dev/null @@ -1,50 +0,0 @@ -From baceb17b65e029f473d3df3215d9a3d5f035b63f Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:55:49 +0200 -Subject: [PATCH] man ip-link: Remove extra GROUP explanation - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 699589f6df02a - -commit 699589f6df02a6173e09202887a692967bb4e7d1 -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Wed May 13 18:03:51 2015 +0300 - - man ip-link: Remove extra GROUP explanation - - Remove double explanation of GROUP option from 'ip link set' section. - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> ---- - man/man8/ip-link.8.in | 8 +------- - 1 file changed, 1 insertion(+), 7 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index d820e69..ca0d955 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -957,12 +957,6 @@ tool can be used. But it allows to change network namespace only for physical de - give the device a symbolic name for easy reference. - - .TP --.BI group " GROUP" --specify the group the device belongs to. --The available groups are listed in file --.BR "@SYSCONFDIR@/group" . -- --.TP - .BI vf " NUM" - specify a Virtual Function device to be configured. The associated PF device - must be specified using the -@@ -1085,7 +1079,7 @@ specifies which help of link type to dislpay. - .SS - .I GROUP - may be a number or a string from the file --.B /etc/iproute2/group -+.B @SYSCONFDIR@/group - which can be manually filled. - - .SH "EXAMPLES" --- -1.8.3.1 - diff --git a/SOURCES/0205-ip-link.8-Extend-type-list-in-synopsis.patch b/SOURCES/0205-ip-link.8-Extend-type-list-in-synopsis.patch deleted file mode 100644 index 704290d..0000000 --- a/SOURCES/0205-ip-link.8-Extend-type-list-in-synopsis.patch +++ /dev/null @@ -1,121 +0,0 @@ -From 2e254c04052152cb014d83ce9175f31916da07f2 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:55:49 +0200 -Subject: [PATCH] ip-link.8: Extend type list in synopsis - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 657426c5060ac -Conflicts: Patch adjusted to missing HSR, lowpan and VRF support. - -commit 657426c5060ace22197397fbcaa6ac2c60d2ebec -Author: Phil Sutter <phil@nwl.cc> -Date: Sat Jul 9 11:22:47 2016 +0200 - - ip-link.8: Extend type list in synopsis - - 'ip link set' supports passing a type to set type-specific parameters. - Add this missing piece of information to the synopsis section. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-link.8.in | 65 +++++++++++++++++++++++++++++---------------------- - 1 file changed, 37 insertions(+), 28 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index ca0d955..7bf3d47 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -38,32 +38,6 @@ ip-link \- network device configuration - .RI "[ " ARGS " ]" - - .ti -8 --.IR TYPE " := [ " --.BR bridge " | " --.BR bond " | " --.BR can " | " --.BR dummy " | " --.BR ifb " | " --.BR ipoib " |" --.BR macvlan " | " --.BR macvtap " | " --.BR vcan " | " --.BR veth " | " --.BR vlan " | " --.BR vxlan " |" --.BR ip6tnl " |" --.BR ipip " |" --.BR sit " |" --.BR gre " |" --.BR gretap " |" --.BR ip6gre " |" --.BR ip6gretap " |" --.BR vti " |" --.BR nlmon " |" --.BR ipvlan " |" --.BR geneve " ]" -- --.ti -8 - .BR "ip link delete " { - .IR DEVICE " | " - .BI "group " GROUP -@@ -75,7 +49,12 @@ ip-link \- network device configuration - .BR "ip link set " { - .IR DEVICE " | " - .BI "group " GROUP --.RB "} [ { " up " | " down " } ]" -+} -+.br -+.RB "[ { " up " | " down " } ]" -+.br -+.RB "[ " type -+.IR "ETYPE TYPE_ARGS" " ]" - .br - .RB "[ " arp " { " on " | " off " } ]" - .br -@@ -151,12 +130,42 @@ ip-link \- network device configuration - .B master - .IR DEVICE " ] [" - .B type --.IR TYPE " ]" -+.IR ETYPE " ]" - - .ti -8 - .B ip link help - .RI "[ " TYPE " ]" - -+.ti -8 -+.IR TYPE " := [ " -+.BR bridge " | " -+.BR bond " | " -+.BR can " | " -+.BR dummy " | " -+.BR ifb " | " -+.BR ipoib " |" -+.BR macvlan " | " -+.BR macvtap " | " -+.BR vcan " | " -+.BR veth " | " -+.BR vlan " | " -+.BR vxlan " |" -+.BR ip6tnl " |" -+.BR ipip " |" -+.BR sit " |" -+.BR gre " |" -+.BR gretap " |" -+.BR ip6gre " |" -+.BR ip6gretap " |" -+.BR vti " |" -+.BR nlmon " |" -+.BR ipvlan " |" -+.BR geneve " ]" -+ -+.ti -8 -+.IR ETYPE " := [ " TYPE " |" -+.BR bridge_slave " | " bond_slave " ]" -+ - .SH "DESCRIPTION" - .SS ip link add - add virtual link - --- -1.8.3.1 - diff --git a/SOURCES/0206-ip-link.8-Place-ip-link-set-warning-more-prominently.patch b/SOURCES/0206-ip-link.8-Place-ip-link-set-warning-more-prominently.patch deleted file mode 100644 index 47db533..0000000 --- a/SOURCES/0206-ip-link.8-Place-ip-link-set-warning-more-prominently.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 38d81434a8b2f6354936ea3c9cb787cef002e3f1 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:56:22 +0200 -Subject: [PATCH] ip-link.8: Place 'ip link set' warning more prominently - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit f9e9f92881fcd - -commit f9e9f92881fcd8e2241e2f5c6afcdbfb9398bf89 -Author: Phil Sutter <phil@nwl.cc> -Date: Sat Jul 9 11:22:48 2016 +0200 - - ip-link.8: Place 'ip link set' warning more prominently - - This moves the warning to the beginning of the section about 'ip link - set' which makes it still stand out after adding more text to it's end. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-link.8.in | 24 ++++++++++++------------ - 1 file changed, 12 insertions(+), 12 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 7bf3d47..53d287a 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -865,6 +865,18 @@ specifies the type of the device. - - .SS ip link set - change device attributes - -+.PP -+.B Warning: -+If multiple parameter changes are requested, -+.B ip -+aborts immediately after any of the changes have failed. -+This is the only case when -+.B ip -+can move the system to an unpredictable state. The solution -+is to avoid changing several parameters with one -+.B ip link set -+call. -+ - .TP - .BI dev " DEVICE " - .I DEVICE -@@ -1034,18 +1046,6 @@ set IPv6 address generation mode - .BR "link-netnsid " - set peer netnsid for a cross-netns interface - --.PP --.B Warning: --If multiple parameter changes are requested, --.B ip --aborts immediately after any of the changes have failed. --This is the only case when --.B ip --can move the system to an unpredictable state. The solution --is to avoid changing several parameters with one --.B ip link set --call. -- - .SS ip link show - display device attributes - - .TP --- -1.8.3.1 - diff --git a/SOURCES/0207-ip-link.8-Add-slave-type-option-descriptions.patch b/SOURCES/0207-ip-link.8-Add-slave-type-option-descriptions.patch deleted file mode 100644 index a27c813..0000000 --- a/SOURCES/0207-ip-link.8-Add-slave-type-option-descriptions.patch +++ /dev/null @@ -1,162 +0,0 @@ -From 9535f2ada08243db6212d5a19664afafb640b151 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:56:23 +0200 -Subject: [PATCH] ip-link.8: Add slave type option descriptions - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 3dd4b8936bd8c - -commit 3dd4b8936bd8c07eaf0f9e410a1b0cebaef77e40 -Author: Phil Sutter <phil@nwl.cc> -Date: Sat Jul 9 11:22:49 2016 +0200 - - ip-link.8: Add slave type option descriptions - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-link.8.in | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 129 insertions(+) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 53d287a..25faebc 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -1046,6 +1046,135 @@ set IPv6 address generation mode - .BR "link-netnsid " - set peer netnsid for a cross-netns interface - -+.TP -+.BI type " ETYPE TYPE_ARGS" -+Change type-specific settings. For a list of supported types and arguments refer -+to the description of -+.B "ip link add" -+above. In addition to that, it is possible to manipulate settings to slave -+devices: -+ -+.TP -+Bridge Slave Support -+For a link with master -+.B bridge -+the following additional arguments are supported: -+ -+.B "ip link set type bridge_slave" -+[ -+.BI state " STATE" -+] [ -+.BI priority " PRIO" -+] [ -+.BI cost " COST" -+] [ -+.BR guard " { " on " | " off " }" -+] [ -+.BR hairpin " { " on " | " off " }" -+] [ -+.BR fastleave " { " on " | " off " }" -+] [ -+.BR root_block " { " on " | " off " }" -+] [ -+.BR learning " { " on " | " off " }" -+] [ -+.BR flood " { " on " | " off " }" -+] [ -+.BR proxy_arp " { " on " | " off " }" -+] [ -+.BR proxy_arp_wifi " { " on " | " off " }" -+] [ -+.BI mcast_router " MULTICAST_ROUTER" -+] [ -+.BR mcast_fast_leave " { " on " | " off "} ]" -+ -+.in +8 -+.sp -+.BI state " STATE" -+- Set port state. -+.I STATE -+is a number representing the following states: -+.BR 0 " (disabled)," -+.BR 1 " (listening)," -+.BR 2 " (learning)," -+.BR 3 " (forwarding)," -+.BR 4 " (blocking)." -+ -+.BI priority " PRIO" -+- set port priority (a 16bit unsigned value). -+ -+.BI cost " COST" -+- set port cost (a 32bit unsigned value). -+ -+.BR guard " { " on " | " off " }" -+- block incoming BPDU packets on this port. -+ -+.BR hairpin " { " on " | " off " }" -+- enable hairpin mode on this port. This will allow incoming packets on this -+port to be reflected back. -+ -+.BR fastleave " { " on " | " off " }" -+- enable multicast fast leave on this port. -+ -+.BR root_block " { " on " | " off " }" -+- block this port from becoming the bridge's root port. -+ -+.BR learning " { " on " | " off " }" -+- allow MAC address learning on this port. -+ -+.BR flood " { " on " | " off " }" -+- open the flood gates on this port, i.e. forward all unicast frames to this -+port also. Requires -+.BR proxy_arp " and " proxy_arp_wifi -+to be turned off. -+ -+.BR proxy_arp " { " on " | " off " }" -+- enable proxy ARP on this port. -+ -+.BR proxy_arp_wifi " { " on " | " off " }" -+- enable proxy ARP on this port which meets extended requirements by IEEE -+802.11 and Hotspot 2.0 specifications. -+ -+.BI mcast_router " MULTICAST_ROUTER" -+- configure this port for having multicast routers attached. A port with a -+multicast router will receive all multicast traffic. -+.I MULTICAST_ROUTER -+may be either -+.B 0 -+to disable multicast routers on this port, -+.B 1 -+to let the system detect the presence of of routers (this is the default), -+.B 2 -+to permanently enable multicast traffic forwarding on this port or -+.B 3 -+to enable multicast routers temporarily on this port, not depending on incoming -+queries. -+ -+.BR mcast_fast_leave " { " on " | " off " }" -+- this is a synonym to the -+.B fastleave -+option above. -+ -+.in -8 -+ -+.TP -+Bonding Slave Support -+For a link with master -+.B bond -+the following additional arguments are supported: -+ -+.B "ip link set type bond_slave" -+[ -+.BI queue_id " ID" -+] -+ -+.in +8 -+.sp -+.BI queue_id " ID" -+- set the slave's queue ID (a 16bit unsigned value). -+ -+.in -8 -+ - .SS ip link show - display device attributes - - .TP --- -1.8.3.1 - diff --git a/SOURCES/0208-ip-link-fix-unterminated-string-in-manpage.patch b/SOURCES/0208-ip-link-fix-unterminated-string-in-manpage.patch deleted file mode 100644 index cb74379..0000000 --- a/SOURCES/0208-ip-link-fix-unterminated-string-in-manpage.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 696a9399c6782dfda428c5160df9decd64820153 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:56:23 +0200 -Subject: [PATCH] ip-link: fix unterminated string in manpage - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit f66611d823465 - -commit f66611d8234657a6ddebb98e8596a1ac866d0047 -Author: Stephen Hemminger <shemming@brocade.com> -Date: Wed Dec 3 19:35:36 2014 -0800 - - ip-link: fix unterminated string in manpage - - Missing " ---- - man/man8/ip-link.8.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 25faebc..b764019 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -327,7 +327,7 @@ For a link of type - the following additional arguments are supported: - - .BI "ip link add " DEVICE --.BI type " vxlan " id " ID -+.BI type " vxlan " id " ID" - .R " [ " - .BI dev " PHYS_DEV " - .RB " ] [ { " group " | " remote " } " --- -1.8.3.1 - diff --git a/SOURCES/0209-vxlan-fix-help-and-man-text.patch b/SOURCES/0209-vxlan-fix-help-and-man-text.patch deleted file mode 100644 index aaa4769..0000000 --- a/SOURCES/0209-vxlan-fix-help-and-man-text.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 00739d4e137e1a8aa637666ba0c6dbfdb308fcc2 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:56:33 +0200 -Subject: [PATCH] vxlan: fix help and man text - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 5cd64c979f97a - -commit 5cd64c979f97ac1590e7bf28ae9b1adbd7673d3a -Author: Thomas Faivre <thomas.faivre@6wind.com> -Date: Thu Jan 14 18:10:19 2016 +0100 - - vxlan: fix help and man text - - Options 'group' and 'remote' cannot take 'any' as value but 'local' can. - - Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com> - Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> ---- - ip/iplink_vxlan.c | 2 +- - man/man8/ip-link.8.in | 3 ++- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c -index 2ca97a4..015d7d9 100644 ---- a/ip/iplink_vxlan.c -+++ b/ip/iplink_vxlan.c -@@ -23,7 +23,7 @@ - - static void print_explain(FILE *f) - { -- fprintf(f, "Usage: ... vxlan id VNI [ { group | remote } ADDR ] [ local ADDR ]\n"); -+ fprintf(f, "Usage: ... vxlan id VNI [ { group | remote } IP_ADDRESS ] [ local ADDR ]\n"); - fprintf(f, " [ ttl TTL ] [ tos TOS ] [ dev PHYS_DEV ]\n"); - fprintf(f, " [ dstport PORT ] [ srcport MIN MAX ]\n"); - fprintf(f, " [ [no]learning ] [ [no]proxy ] [ [no]rsc ]\n"); -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index b764019..3ee1ad6 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -333,7 +333,8 @@ the following additional arguments are supported: - .RB " ] [ { " group " | " remote " } " - .I IPADDR - .R " ] [ " --.BI local " IPADDR " -+.B local -+.RI "{ "IPADDR " | "any " } " - .R " ] [ " - .BI ttl " TTL " - .R " ] [ " --- -1.8.3.1 - diff --git a/SOURCES/0210-ip-link-fix-man-page-warnings.patch b/SOURCES/0210-ip-link-fix-man-page-warnings.patch deleted file mode 100644 index b00d696..0000000 --- a/SOURCES/0210-ip-link-fix-man-page-warnings.patch +++ /dev/null @@ -1,220 +0,0 @@ -From cca57c0deaee5dd9ac0a4dac4e8ed89bf8b57945 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:56:33 +0200 -Subject: [PATCH] ip-link: fix man page warnings - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 1ab0f02f465b7 -Conflicts: Context changes due to previously applied patch 29bb2373a8777 - ("geneve: add support to set flow label"). - -commit 1ab0f02f465b7bcc09798645d19236a500742e90 -Author: Thomas Faivre <thomas.faivre@6wind.com> -Date: Thu Jan 14 18:10:20 2016 +0100 - - ip-link: fix man page warnings - - grff wrapper returns warnings when parsing the ip-link.8.in file. - - How to reproduce: - $ man --warnings ip-link > /dev/null - `R' is a string (producing the registered sign), not a macro. - [...] - - Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com> - Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> ---- - man/man8/ip-link.8.in | 104 +++++++++++++++++++++++++------------------------- - 1 file changed, 52 insertions(+), 52 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 3ee1ad6..be572f6 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -270,28 +270,28 @@ the following additional arguments are supported: - .BI link " DEVICE " - .BI name " NAME " - .BI type " vlan " --.R " [ " -+[ - .BI protocol " VLAN_PROTO " --.R " ] " -+] - .BI id " VLANID " --.R " [ " -+[ - .BR reorder_hdr " { " on " | " off " } " --.R " ] " --.R " [ " -+] -+[ - .BR gvrp " { " on " | " off " } " --.R " ] " --.R " [ " -+] -+[ - .BR mvrp " { " on " | " off " } " --.R " ] " --.R " [ " -+] -+[ - .BR loose_binding " { " on " | " off " } " --.R " ] " --.R " [ " -+] -+[ - .BI ingress-qos-map " QOS-MAP " --.R " ] " --.R " [ " -+] -+[ - .BI egress-qos-map " QOS-MAP " --.R " ] " -+] - - .in +8 - .sp -@@ -328,44 +328,44 @@ the following additional arguments are supported: - - .BI "ip link add " DEVICE - .BI type " vxlan " id " ID" --.R " [ " -+[ - .BI dev " PHYS_DEV " - .RB " ] [ { " group " | " remote " } " - .I IPADDR --.R " ] [ " -+] [ - .B local - .RI "{ "IPADDR " | "any " } " --.R " ] [ " -+] [ - .BI ttl " TTL " --.R " ] [ " -+] [ - .BI tos " TOS " --.R " ] [ " -+] [ - .BI dstport " PORT " --.R " ] [ " -+] [ - .BI srcport " MIN MAX " --.R " ] [ " -+] [ - .I "[no]learning " --.R " ] [ " -+] [ - .I "[no]proxy " --.R " ] [ " -+] [ - .I "[no]rsc " --.R " ] [ " -+] [ - .I "[no]l2miss " --.R " ] [ " -+] [ - .I "[no]l3miss " --.R " ] [ " -+] [ - .I "[no]udpcsum " --.R " ] [ " -+] [ - .I "[no]udp6zerocsumtx " --.R " ] [ " -+] [ - .I "[no]udp6zerocsumrx " --.R " ] [ " -+] [ - .BI ageing " SECONDS " --.R " ] [ " -+] [ - .BI maxaddress " NUMBER " --.R " ] [ " -+] [ - .B gbp --.R " ]" -+] - - .in +8 - .sp -@@ -507,17 +507,17 @@ the following additional arguments are supported: - .BI "ip link add " DEVICE - .BR type " { gre | ipip | sit } " - .BI " remote " ADDR " local " ADDR --.R " [ " -+[ - .BR encap " { fou | gue | none } " --.R " ] [ " -+] [ - .BI "encap-sport { " PORT " | auto } " --.R " ] [ " -+] [ - .BI "encap-dport " PORT --.R " ] [ " -+] [ - .I " [no]encap-csum " --.R " ] [ " -+] [ - .I " [no]encap-remcsum " --.R " ]" -+] - - .in +8 - .sp -@@ -563,25 +563,25 @@ the following additional arguments are supported: - - .BI "ip link add " DEVICE - .BI type " { ip6gre | ip6gretap } " remote " ADDR " local " ADDR --.R " [ " -+[ - .I "[i|o]seq]" --.R " ] [ " -+] [ - .I "[i|o]key" KEY --.R " ] [ " -+] [ - .I " [i|o]csum " --.R " ] [ " -+] [ - .BI hoplimit " TTL " --.R " ] [ " -+] [ - .BI encaplimit " ELIM " --.R " ] [ " -+] [ - .BI tclass " TCLASS " --.R " ] [ " -+] [ - .BI flowlabel " FLOWLABEL " --.R " ] [ " -+] [ - .BI "dscp inherit" --.R " ] [ " -+] [ - .BI dev " PHYS_DEV " --.R " ]" -+] - - .in +8 - .sp -@@ -686,13 +686,13 @@ the following additional arguments are supported: - - .BI "ip link add " DEVICE - .BI type " geneve " id " ID " remote " IPADDR" --.R " [ " -+[ - .BI ttl " TTL " --.R " ] [ " -+] [ - .BI tos " TOS " --.R " ] [ " -+] [ - .BI flowlabel " FLOWLABEL " --.R " ]" -+] - - .in +8 - .sp --- -1.8.3.1 - diff --git a/SOURCES/0211-ip-link.8-Fix-font-choices.patch b/SOURCES/0211-ip-link.8-Fix-font-choices.patch deleted file mode 100644 index ef1ebcc..0000000 --- a/SOURCES/0211-ip-link.8-Fix-font-choices.patch +++ /dev/null @@ -1,249 +0,0 @@ -From cc76a807b3215f06674cc613a8d492111eea949a Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:57:10 +0200 -Subject: [PATCH] ip-link.8: Fix font choices - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269528 -Upstream Status: iproute2.git commit 52a5986980527 -Conflicts: Context changes due to missing support for 'external' VXLAN - flag and missing HSR support. - -commit 52a598698052773857a2ca590b81940367774fce -Author: Phil Sutter <phil@nwl.cc> -Date: Sat Jul 9 11:22:50 2016 +0200 - - ip-link.8: Fix font choices - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-link.8.in | 76 ++++++++++++++++++++++++++------------------------- - 1 file changed, 39 insertions(+), 37 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index be572f6..1d2fcb0 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -269,7 +269,7 @@ the following additional arguments are supported: - .BI "ip link add - .BI link " DEVICE " - .BI name " NAME " --.BI type " vlan " -+.B "type vlan" - [ - .BI protocol " VLAN_PROTO " - ] -@@ -327,7 +327,7 @@ For a link of type - the following additional arguments are supported: - - .BI "ip link add " DEVICE --.BI type " vxlan " id " ID" -+.BI type " vxlan " id " VNI" - [ - .BI dev " PHYS_DEV " - .RB " ] [ { " group " | " remote " } " -@@ -344,21 +344,21 @@ the following additional arguments are supported: - ] [ - .BI srcport " MIN MAX " - ] [ --.I "[no]learning " -+.RB [ no ] learning - ] [ --.I "[no]proxy " -+.RB [ no ] proxy - ] [ --.I "[no]rsc " -+.RB [ no ] rsc - ] [ --.I "[no]l2miss " -+.RB [ no ] l2miss - ] [ --.I "[no]l3miss " -+.RB [ no ] l3miss - ] [ --.I "[no]udpcsum " -+.RB [ no ] udpcsum - ] [ --.I "[no]udp6zerocsumtx " -+.RB [ no ] udp6zerocsumtx - ] [ --.I "[no]udp6zerocsumrx " -+.RB [ no ] udp6zerocsumrx - ] [ - .BI ageing " SECONDS " - ] [ -@@ -413,36 +413,36 @@ parameter. - source ports to communicate to the remote VXLAN tunnel endpoint. - - .sp --.I [no]learning -+.RB [ no ] learning - - specifies if unknown source link layer addresses and IP addresses - are entered into the VXLAN device forwarding database. - - .sp --.I [no]rsc -+.RB [ no ] rsc - - specifies if route short circuit is turned on. - - .sp --.I [no]proxy -+.RB [ no ] proxy - - specifies ARP proxy is turned on. - - .sp --.I [no]l2miss -+.RB [ no ] l2miss - - specifies if netlink LLADDR miss notifications are generated. - - .sp --.I [no]l3miss -+.RB [ no ] l3miss - - specifies if netlink IP ADDR miss notifications are generated. - - .sp --.I [no]udpcsum -+.RB [ no ] udpcsum - - specifies if UDP checksum is calculated for transmitted packets over IPv4. - - .sp --.I [no]udp6zerocsumtx -+.RB [ no ] udp6zerocsumtx - - skip UDP checksum calculation for transmitted packets over IPv6. - - .sp --.I [no]udp6zerocsumrx -+.RB [ no ] udp6zerocsumrx - - allow incoming UDP packets over IPv6 with zero checksum field. - - .sp -@@ -505,18 +505,18 @@ For a link of types - the following additional arguments are supported: - - .BI "ip link add " DEVICE --.BR type " { gre | ipip | sit } " -+.BR type " { " gre " | " ipip " | " sit " }" - .BI " remote " ADDR " local " ADDR - [ --.BR encap " { fou | gue | none } " -+.BR encap " { " fou " | " gue " | " none " }" - ] [ --.BI "encap-sport { " PORT " | auto } " -+.BR encap-sport " { " \fIPORT " | " auto " }" - ] [ - .BI "encap-dport " PORT - ] [ --.I " [no]encap-csum " -+.RB [ no ] encap-csum - ] [ --.I " [no]encap-remcsum " -+.RB [ no ] encap-remcsum - ] - - .in +8 -@@ -530,12 +530,12 @@ the following additional arguments are supported: - It must be an address on another interface on this host. - - .sp --.BR encap " { fou | gue | none } " -+.BR encap " { " fou " | " gue " | " none " }" - - specifies type of secondary UDP encapsulation. "fou" indicates - Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation. - - .sp --.BI "encap-sport { " PORT " | auto } " -+.BR encap-sport " { " \fIPORT " | " auto " }" - - specifies the source port in UDP encapsulation. - .IR PORT - indicates the port by number, "auto" -@@ -544,12 +544,12 @@ indicates that the port number should be chosen automatically - encapsulated packet). - - .sp --.I [no]encap-csum -+.RB [ no ] encap-csum - - specifies if UDP checksums are enabled in the secondary - encapsulation. - - .sp --.I [no]encap-remcsum -+.RB [ no ] encap-remcsum - - specifies if Remote Checksum Offload is enabled. This is only - applicable for Generic UDP Encapsulation. - -@@ -562,13 +562,15 @@ For a link of type - the following additional arguments are supported: - - .BI "ip link add " DEVICE --.BI type " { ip6gre | ip6gretap } " remote " ADDR " local " ADDR -+.BR type " { " ip6gre " | " ip6gretap " }" -+.BI remote " ADDR " local " ADDR" - [ --.I "[i|o]seq]" -+.RB [ i | o ] seq - ] [ --.I "[i|o]key" KEY -+.RB [ i | o ] key -+.I KEY - ] [ --.I " [i|o]csum " -+.RB [ i | o ] csum - ] [ - .BI hoplimit " TTL " - ] [ -@@ -594,7 +596,7 @@ the following additional arguments are supported: - It must be an address on another interface on this host. - - .sp --.BI [i|o]seq -+.RB [ i | o ] seq - - serialize packets. - The - .B oseq -@@ -604,7 +606,7 @@ The - flag requires that all input packets are serialized. - - .sp --.BI [i|o]key " KEY" -+.RB [ i | o ] key " \fIKEY" - - use keyed GRE with key - .IR KEY ". "KEY - is either a number or an IPv4 address-like dotted quad. -@@ -616,7 +618,7 @@ The - parameters specify different keys for input and output. - - .sp --.BI [i|o]csum -+.RB [ i | o ] csum - - generate/require checksums for tunneled packets. - The - .B ocsum -@@ -668,7 +670,7 @@ For a link of type - the following additional arguments are supported: - - .BI "ip link add " DEVICE " name " NAME --.BI type " ipoib [ " pkey " PKEY ] [" mode " MODE " ] -+.BR "type ipoib " [ " pkey \fIPKEY" " ] [ " mode " \fIMODE \fR]" - - .in +8 - .sp -@@ -685,7 +687,7 @@ For a link of type - the following additional arguments are supported: - - .BI "ip link add " DEVICE --.BI type " geneve " id " ID " remote " IPADDR" -+.BI type " geneve " id " VNI " remote " IPADDR" - [ - .BI ttl " TTL " - ] [ -@@ -728,7 +730,7 @@ the following additional arguments are supported: - .BI "ip link add link " DEVICE " name " NAME - .BR type " { " macvlan " | " macvtap " } " - .BR mode " { " private " | " vepa " | " bridge " | " passthru --.BR " [ " nopromisc " ] } " -+.RB " [ " nopromisc " ] } " - - .in +8 - .sp --- -1.8.3.1 - diff --git a/SOURCES/0212-ip-address.8-Document-autojoin-flag.patch b/SOURCES/0212-ip-address.8-Document-autojoin-flag.patch deleted file mode 100644 index d91b0e4..0000000 --- a/SOURCES/0212-ip-address.8-Document-autojoin-flag.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 88f9c8ccf815fdc170e0f160335acdaacadc669e Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 22:59:33 +0200 -Subject: [PATCH] ip-address.8: Document autojoin flag - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1333513 -Upstream Status: iproute2.git commit 6acf086c2bf3e - -commit 6acf086c2bf3e94ceed984acd39936e216342e16 -Author: Phil Sutter <phil@nwl.cc> -Date: Tue Jul 12 09:56:16 2016 +0200 - - ip-address.8: Document autojoin flag - - Description copied from related kernel support commit message with a - little tailoring to fit. - - While at it, fix font of non-terminal CONFFLAG-LIST in synopsis. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-address.8.in | 25 +++++++++++++++++++++++-- - 1 file changed, 23 insertions(+), 2 deletions(-) - -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index 8d34adb..c954ab3 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -75,14 +75,15 @@ ip-address \- protocol address management - .IR FLAG " := " - .RB "[ " permanent " | " dynamic " | " secondary " | " primary " |" - .RB [ - ] tentative " | [" - ] deprecated " | [" - ] dadfailed " |" --.BR temporary " | " CONFFLAG-LIST " ]" -+.BR temporary " |" -+.IR CONFFLAG-LIST " ]" - - .ti -8 - .IR CONFFLAG-LIST " := [ " CONFFLAG-LIST " ] " CONFFLAG - - .ti -8 - .IR CONFFLAG " := " --.RB "[ " home " | " mngtmpaddr " | " nodad " | " noprefixroute " ]" -+.RB "[ " home " | " mngtmpaddr " | " nodad " | " noprefixroute " | " autojoin " ]" - - .ti -8 - .IR LIFETIME " := [ " -@@ -244,6 +245,26 @@ address, and don't search for one to delete when removing the address. Changing - an address to add this flag will remove the automatically added prefix route, - changing it to remove this flag will create the prefix route automatically. - -+.TP -+.B autojoin -+Joining multicast groups on Ethernet level via -+.B "ip maddr" -+command does not work if connected to an Ethernet switch that does IGMP -+snooping since the switch would not replicate multicast packets on ports that -+did not have IGMP reports for the multicast addresses. -+ -+Linux VXLAN interfaces created via -+.B "ip link add vxlan" -+have the -+.B group -+option that enables them to do the required join. -+ -+Using the -+.B autojoin -+flag when adding a multicast address enables similar functionality for -+Openvswitch VXLAN interfaces as well as other tunneling mechanisms that need to -+receive multicast traffic. -+ - .SS ip address delete - delete protocol address - .B Arguments: - coincide with the arguments of --- -1.8.3.1 - diff --git a/SOURCES/0213-route-allow-routes-to-be-configured-with-expire-valu.patch b/SOURCES/0213-route-allow-routes-to-be-configured-with-expire-valu.patch deleted file mode 100644 index 88f7949..0000000 --- a/SOURCES/0213-route-allow-routes-to-be-configured-with-expire-valu.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 9c5c3d0a9c58d8385424193fbd3467c29483d3d2 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 20:45:56 +0200 -Subject: [PATCH] route: allow routes to be configured with expire values - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1357020 -Upstream Status: iproute2.git commit 68eede2505005 -Conflicts: Context changes due to missing commits: - * 194e9b855d053 ("ip: support RFC4191 router preference") - * f638e9f7c8718 ("mpls: always set type RTN_UNICAST and scope - RT_SCOPE_UNIVERSE for") - -commit 68eede2505005ea919e2fb43afc91bad0601faea -Author: Hangbin Liu <liuhangbin@gmail.com> -Date: Mon Dec 21 16:29:36 2015 +0800 - - route: allow routes to be configured with expire values - - Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> ---- - ip/iproute.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/ip/iproute.c b/ip/iproute.c -index 94dacbb..a13e6f3 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -82,6 +82,7 @@ static void usage(void) - fprintf(stderr, " [ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]\n"); - fprintf(stderr, " [ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]\n"); - fprintf(stderr, " [ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]\n"); -+ fprintf(stderr, " [ expires TIME ]\n"); - fprintf(stderr, "TYPE := { unicast | local | broadcast | multicast | throw |\n"); - fprintf(stderr, " unreachable | prohibit | blackhole | nat }\n"); - fprintf(stderr, "TABLE_ID := [ local | main | default | all | NUMBER ]\n"); -@@ -746,6 +747,7 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - int scope_ok = 0; - int table_ok = 0; - int raw = 0; -+ static int hz; - - memset(&req, 0, sizeof(req)); - -@@ -797,6 +799,14 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - if (rtnl_dsfield_a2n(&tos, *argv)) - invarg("\"tos\" value is invalid\n", *argv); - req.r.rtm_tos = tos; -+ } else if (strcmp(*argv, "expires") == 0 ) { -+ __u32 expires; -+ NEXT_ARG(); -+ if (get_u32(&expires, *argv, 0)) -+ invarg("\"expires\" value is invalid\n", *argv); -+ if (!hz) -+ hz = get_user_hz(); -+ addattr32(&req.n, sizeof(req), RTA_EXPIRES, expires*hz); - } else if (matches(*argv, "metric") == 0 || - matches(*argv, "priority") == 0 || - matches(*argv, "preference") == 0) { --- -1.8.3.1 - diff --git a/SOURCES/0214-ip-route-timeout-for-routes-has-to-be-set-in-seconds.patch b/SOURCES/0214-ip-route-timeout-for-routes-has-to-be-set-in-seconds.patch deleted file mode 100644 index 7b03340..0000000 --- a/SOURCES/0214-ip-route-timeout-for-routes-has-to-be-set-in-seconds.patch +++ /dev/null @@ -1,59 +0,0 @@ -From fcb76a6f2bd281e956dc736fb63dc1fa238ce220 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 20 Jul 2016 20:48:14 +0200 -Subject: [PATCH] ip route: timeout for routes has to be set in seconds - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1357020 -Upstream Status: iproute2.git commit eecc006952d6f -Conflicts: Changed context due to missing commit f638e9f7c8718 - ("mpls: always set type RTN_UNICAST and scope - RT_SCOPE_UNIVERSE for") - -commit eecc006952d6f3992b632974d0f04f995d2a176e -Author: Andrew Vagin <avagin@virtuozzo.com> -Date: Wed Jun 29 02:27:14 2016 +0300 - - ip route: timeout for routes has to be set in seconds - - Currently a timeout is multiplied by HZ in user-space and - then it multiplied by HZ in kernel-space. - - $ ./ip/ip r add 2002::0/64 dev veth1 expires 10 - $ ./ip/ip -6 r - 2002::/64 dev veth1 metric 1024 linkdown expires 996sec pref medium - - Cc: Xin Long <lucien.xin@gmail.com> - Cc: Hangbin Liu <liuhangbin@gmail.com> - Cc: Stephen Hemminger <shemming@brocade.com> - Fixes: 68eede250500 ("route: allow routes to be configured with expire values") - Signed-off-by: Andrew Vagin <avagin@virtuozzo.com> ---- - ip/iproute.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index a13e6f3..094566a 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -747,7 +747,6 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - int scope_ok = 0; - int table_ok = 0; - int raw = 0; -- static int hz; - - memset(&req, 0, sizeof(req)); - -@@ -804,9 +803,7 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - NEXT_ARG(); - if (get_u32(&expires, *argv, 0)) - invarg("\"expires\" value is invalid\n", *argv); -- if (!hz) -- hz = get_user_hz(); -- addattr32(&req.n, sizeof(req), RTA_EXPIRES, expires*hz); -+ addattr32(&req.n, sizeof(req), RTA_EXPIRES, expires); - } else if (matches(*argv, "metric") == 0 || - matches(*argv, "priority") == 0 || - matches(*argv, "preference") == 0) { --- -1.8.3.1 - diff --git a/SOURCES/0215-iproute2-ip-route.8.in-Add-expires-option-for-ip-rou.patch b/SOURCES/0215-iproute2-ip-route.8.in-Add-expires-option-for-ip-rou.patch deleted file mode 100644 index b66de89..0000000 --- a/SOURCES/0215-iproute2-ip-route.8.in-Add-expires-option-for-ip-rou.patch +++ /dev/null @@ -1,52 +0,0 @@ -From b1a374e69efdde93f7c64ccbfb53415a9d344ec4 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Fri, 22 Jul 2016 15:15:58 +0200 -Subject: [PATCH] iproute2: ip-route.8.in: Add expires option for ip route - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1357020 -Upstream Status: iproute2.git commit 3fbe7ca847367 -Conflicts: Patch adjusted for missing commit 194e9b855d053 - ("ip: support RFC4191 router preference") - -commit 3fbe7ca847367d0f9c3861283767ae702c2a19ab -Author: Hangbin Liu <liuhangbin@gmail.com> -Date: Fri Dec 25 11:12:16 2015 +0800 - - iproute2: ip-route.8.in: Add expires option for ip route - - Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> ---- - man/man8/ip-route.8.in | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/man/man8/ip-route.8.in b/man/man8/ip-route.8.in -index ec4a5b2..dcaca2b 100644 ---- a/man/man8/ip-route.8.in -+++ b/man/man8/ip-route.8.in -@@ -118,7 +118,9 @@ replace " } " - .B quickack - .IR BOOL " ] [ " - .B congctl --.IR NAME " ]" -+.IR NAME " ] [ " -+.B expires -+.IR TIME " ]" - - .ti -8 - .IR TYPE " := [ " -@@ -554,6 +556,12 @@ even if it does not match any interface prefix. - .RE - - .TP -+.BI expires " TIME " "(4.4+ only)" -+the route will be deleted after the expires time. -+.B Only -+support IPv6 at present. -+ -+.TP - ip route delete - delete route - .RS --- -1.8.3.1 - diff --git a/SOURCES/0216-ipneigh-List-all-nud-states-in-help-output.patch b/SOURCES/0216-ipneigh-List-all-nud-states-in-help-output.patch deleted file mode 100644 index 76ccd72..0000000 --- a/SOURCES/0216-ipneigh-List-all-nud-states-in-help-output.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b5c4868b391cac0956205526223bbd34fb40dffc Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 21 Jul 2016 17:01:09 +0200 -Subject: [PATCH] ipneigh: List all nud states in help output - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1276661 -Upstream Status: iproute2.git commit 03a0cf20b4511 - -commit 03a0cf20b451105ab13f0593fe57144bd6b25c3b -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 20:07:21 2016 +0100 - - ipneigh: List all nud states in help output - - To not make the output overly confusing, list them in a definition of - the STATE placeholder which is already used in the show/flush syntax but - wasn't explained before. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - ip/ipneigh.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/ip/ipneigh.c b/ip/ipneigh.c -index 2dbd537..472555d 100644 ---- a/ip/ipneigh.c -+++ b/ip/ipneigh.c -@@ -45,10 +45,11 @@ static void usage(void) __attribute__((noreturn)); - - static void usage(void) - { -- fprintf(stderr, "Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ]\n" -- " [ nud { permanent | noarp | stale | reachable } ]\n" -- " | proxy ADDR } [ dev DEV ]\n"); -- fprintf(stderr, " ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n"); -+ fprintf(stderr, "Usage: ip neigh { add | del | change | replace }\n" -+ " { ADDR [ lladdr LLADDR ] [ nud STATE ] | proxy ADDR } [ dev DEV ]\n"); -+ fprintf(stderr, " ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n\n"); -+ fprintf(stderr, "STATE := { permanent | noarp | stale | reachable | none |\n" -+ " incomplete | delay | probe | failed }\n"); - exit(-1); - } - --- -1.8.3.1 - diff --git a/SOURCES/0217-Document-VF-link-state-control-in-the-ip-link-man-pa.patch b/SOURCES/0217-Document-VF-link-state-control-in-the-ip-link-man-pa.patch deleted file mode 100644 index cbd8e72..0000000 --- a/SOURCES/0217-Document-VF-link-state-control-in-the-ip-link-man-pa.patch +++ /dev/null @@ -1,98 +0,0 @@ -From a858036c46f6887ac0dc5211f5884876913fb432 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Fri, 22 Jul 2016 12:08:03 +0200 -Subject: [PATCH] Document VF link state control in the ip-link man page - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1264146 -Upstream Status: iproute2.git commit 63f60e3ab3655 -Conflicts: Multiple due to mistakes when resolving conflicts while - backporting commit ca611d6408c9b ("man: ip-link.8: Fix and - improve synopsis"). - -This commit is strictly speaking not related to bz#1264146, but it helps -preventing conflicts with the real fix for that BZ. Also it was -forgotten when backporting for bz#1061593 so it adds missing -documentation bits about a feature we already have. - -commit 63f60e3ab3655b5d1b62d3a9f641ef7b638d2361 -Author: Or Gerlitz <ogerlitz@mellanox.com> -Date: Sun May 11 09:22:19 2014 +0300 - - Document VF link state control in the ip-link man page - - Document the support added by commit 07fa9c1 "Add VF link state - control" in the ip-link man page. - - Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> ---- - man/man8/ip-link.8.in | 20 +++++++++++++------- - 1 file changed, 13 insertions(+), 7 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 1d2fcb0..d98fe91 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -101,16 +101,16 @@ ip-link \- network device configuration - .RB "[ " vlan - .IR VLANID " [ " - .B qos --.IR VLAN-QOS " ] ] [" --.B trust { on | off } --] | -+.IR VLAN-QOS " ] ]" - .br - .RB "[ " rate - .IR TXRATE " ]" - .br - .RB "[ " spoofchk " { " on " | " off " } ]" - .br --.RB "[ " state " { " auto " | " enable " | " disable " } ] ]" -+.RB "[ " state " { " auto " | " enable " | " disable " } ]" -+.br -+.RB "[ " trust " { " on " | " off " } ] ]" - .br - .in -9 - .RB "[ " master -@@ -322,7 +322,7 @@ the following additional arguments are supported: - - .TP - VXLAN Type Support --For a link of type -+For a link of type - .I VXLAN - the following additional arguments are supported: - -@@ -557,7 +557,7 @@ applicable for Generic UDP Encapsulation. - - .TP - IP6GRE/IP6GRETAP Type Support --For a link of type -+For a link of type - .I IP6GRE/IP6GRETAP - the following additional arguments are supported: - -@@ -641,7 +641,7 @@ flag is equivalent to the combination - - .sp - .BI flowlabel " FLOWLABEL" --- specifies a fixed flowlabel. -+- specifies a fixed flowlabel. - - .sp - .BI tclass " TCLASS" -@@ -1028,6 +1028,12 @@ parameter must be specified. - .BI spoofchk " on|off" - - turn packet spoof checking on or off for the specified VF. - .sp -+.BI state " auto|enable|disable" -+- set the virtual link state as seen by the specified VF. Setting to auto means a -+reflection of the PF link state, enable lets the VF to communicate with other VFs on -+this host even if the PF link state is down, disable causes the HW to drop any packets -+sent by the VF. -+.sp - .BI trust " on|off" - - trust the specified VF user. This enables that VF user can set a specific feature - which may impact security and/or performance. (e.g. VF multicast promiscuous mode) --- -1.8.3.1 - diff --git a/SOURCES/0218-man-ip-link-Document-query_rss-option.patch b/SOURCES/0218-man-ip-link-Document-query_rss-option.patch deleted file mode 100644 index e219da2..0000000 --- a/SOURCES/0218-man-ip-link-Document-query_rss-option.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 648dee9a042d08c669537d72b5bdcd31b99f6c74 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Fri, 22 Jul 2016 14:53:00 +0200 -Subject: [PATCH] man: ip-link: Document query_rss option - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1264146 -Upstream Status: iproute2.git commit 8e45e44b7923a - -commit 8e45e44b7923a30c97ea50e43f72db6688c6175e -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Jun 10 16:39:50 2016 +0200 - - man: ip-link: Document query_rss option - - Doc text shamelessly stolen from the introducing commit's message - (6c55c8c4617c5 ['ip link set vf: Added "query_rss" command']). - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-link.8.in | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index d98fe91..33172e5 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -108,6 +108,8 @@ ip-link \- network device configuration - .br - .RB "[ " spoofchk " { " on " | " off " } ]" - .br -+.RB "[ " query_rss " { " on " | " off " } ]" -+.br - .RB "[ " state " { " auto " | " enable " | " disable " } ]" - .br - .RB "[ " trust " { " on " | " off " } ] ]" -@@ -1028,6 +1030,9 @@ parameter must be specified. - .BI spoofchk " on|off" - - turn packet spoof checking on or off for the specified VF. - .sp -+.BI query_rss " on|off" -+- toggle the ability of querying the RSS configuration of a specific VF. VF RSS information like RSS hash key may be considered sensitive on some devices where this information is shared between VF and PF and thus its querying may be prohibited by default. -+.sp - .BI state " auto|enable|disable" - - set the virtual link state as seen by the specified VF. Setting to auto means a - reflection of the PF link state, enable lets the VF to communicate with other VFs on --- -1.8.3.1 - diff --git a/SOURCES/0219-Add-support-to-configure-SR-IOV-VF-minimum-and-maxim.patch b/SOURCES/0219-Add-support-to-configure-SR-IOV-VF-minimum-and-maxim.patch deleted file mode 100644 index 8a2403b..0000000 --- a/SOURCES/0219-Add-support-to-configure-SR-IOV-VF-minimum-and-maxim.patch +++ /dev/null @@ -1,327 +0,0 @@ -From ed60b38f294c5f950d125384af8e430388929c51 Mon Sep 17 00:00:00 2001 -From: Jakub Sitnicki <jkbs@redhat.com> -Date: Wed, 27 Jul 2016 15:56:14 +0200 -Subject: [PATCH] Add support to configure SR-IOV VF minimum and maximum Tx - rate through ip tool - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1340914 -Upstream Status: iproute2.git commit f89a2a0 -Conflicts: -* context in iplink_parse() because we already have - ccdcbf35f120 ("iplink: add support of IFLA_LINK_NETNSID attribute") -* we already have a partial backport of ca611d6408c9 ("man: ip-link.8: - Fix and improve synopsis"), so fast-forward the synopsis to it's - current form - -commit f89a2a05ffa94ac5bec9f50751f761215356092b -Author: Sucheta Chakraborty <sucheta.chakraborty@qlogic.com> -Date: Thu May 22 09:59:37 2014 -0400 - - Add support to configure SR-IOV VF minimum and maximum Tx rate through ip tool - - o "min_tx_rate" option has been added for minimum Tx rate. Hence, for - consistent naming, "max_tx_rate" option has been introduced for maximum - Tx rate. - - o Change in v2: "rate" can be used along with "max_tx_rate". - When both are specified, "max_tx_rate" should override. - - o Change in v3: - * IFLA_VF_RATE: When IFLA_VF_RATE is used, and user has given only one of - min_tx_rate or max_tx_rate, reading of previous rate limits is done in - userspace instead of in kernel space before ndo_set_vf_rate. - - * IFLA_VF_TX_RATE: When IFLA_VF_TX_RATE is used, min_tx_rate is always read - in kernel space. This takes care of below scenarios: - (1) when old tool sends "rate" but kernel is new (expects min and max) - (2) when new tool sends only "rate" but kernel is old (expects only "rate") - - o Change in v4 as suggested by Stephen Hemminger: - * As per iproute policy, input and output formats should match. Changing display - of max_tx_rate and min_tx_rate options accordingly. - ./ip/ip link show p3p1 - 8: p3p1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 - link/ether 00:0e:1e:16:ce:40 brd ff:ff:ff:ff:ff:ff - vf 0 MAC 2a:18:8f:4d:3d:d4, tx rate 700 (Mbps), max_tx_rate 700Mbps, min_tx_rate 200Mbps - vf 1 MAC 72:dc:ba:f9:df:fd - - Signed-off-by: Sucheta Chakraborty <sucheta.chakraborty@qlogic.com> ---- - ip/ip_common.h | 1 + - ip/ipaddress.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++ - ip/iplink.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++--- - man/man8/ip-link.8.in | 26 +++++++++++++++++++-- - 4 files changed, 148 insertions(+), 5 deletions(-) - -diff --git a/ip/ip_common.h b/ip/ip_common.h -index c3e7fda..286f61f 100644 ---- a/ip/ip_common.h -+++ b/ip/ip_common.h -@@ -17,6 +17,7 @@ extern int iproute_monitor(int argc, char **argv); - extern void iplink_usage(void) __attribute__((noreturn)); - extern void iproute_reset_filter(void); - extern void ipmroute_reset_filter(void); -+void ipaddr_get_vf_rate(int, int *, int *, int); - extern void ipaddr_reset_filter(int); - extern void ipneigh_reset_filter(void); - extern void ipntable_reset_filter(void); -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 05e0da9..11ff34d 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -290,6 +290,7 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) - { - struct ifla_vf_mac *vf_mac; - struct ifla_vf_vlan *vf_vlan; -+ struct ifla_vf_rate *vf_rate; - struct ifla_vf_tx_rate *vf_tx_rate; - struct ifla_vf_spoofchk *vf_spoofchk; - struct ifla_vf_link_state *vf_linkstate; -@@ -307,6 +308,7 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) - vf_mac = RTA_DATA(vf[IFLA_VF_MAC]); - vf_vlan = RTA_DATA(vf[IFLA_VF_VLAN]); - vf_tx_rate = RTA_DATA(vf[IFLA_VF_TX_RATE]); -+ vf_rate = RTA_DATA(vf[IFLA_VF_RATE]); - - /* Check if the spoof checking vf info type is supported by - * this kernel. -@@ -342,6 +344,10 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) - fprintf(fp, ", qos %d", vf_vlan->qos); - if (vf_tx_rate->rate) - fprintf(fp, ", tx rate %d (Mbps)", vf_tx_rate->rate); -+ if (vf_rate->max_tx_rate) -+ fprintf(fp, ", max_tx_rate %dMbps", vf_rate->max_tx_rate); -+ if (vf_rate->min_tx_rate) -+ fprintf(fp, ", min_tx_rate %dMbps", vf_rate->min_tx_rate); - if (vf_spoofchk && vf_spoofchk->setting != -1) { - if (vf_spoofchk->setting) - fprintf(fp, ", spoof checking on"); -@@ -1450,6 +1456,63 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) - return 0; - } - -+static void -+ipaddr_loop_each_vf(struct rtattr *tb[], int vfnum, int *min, int *max) -+{ -+ struct rtattr *vflist = tb[IFLA_VFINFO_LIST]; -+ struct rtattr *i, *vf[IFLA_VF_MAX+1]; -+ struct ifla_vf_rate *vf_rate; -+ int rem; -+ -+ rem = RTA_PAYLOAD(vflist); -+ -+ for (i = RTA_DATA(vflist); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) { -+ parse_rtattr_nested(vf, IFLA_VF_MAX, i); -+ vf_rate = RTA_DATA(vf[IFLA_VF_RATE]); -+ if (vf_rate->vf == vfnum) { -+ *min = vf_rate->min_tx_rate; -+ *max = vf_rate->max_tx_rate; -+ return; -+ } -+ } -+ fprintf(stderr, "Cannot find VF %d\n", vfnum); -+ exit(1); -+} -+ -+void ipaddr_get_vf_rate(int vfnum, int *min, int *max, int idx) -+{ -+ struct nlmsg_chain linfo = { NULL, NULL}; -+ struct rtattr *tb[IFLA_MAX+1]; -+ struct ifinfomsg *ifi; -+ struct nlmsg_list *l; -+ struct nlmsghdr *n; -+ int len; -+ -+ if (rtnl_wilddump_request(&rth, AF_UNSPEC, RTM_GETLINK) < 0) { -+ perror("Cannot send dump request"); -+ exit(1); -+ } -+ if (rtnl_dump_filter(&rth, store_nlmsg, &linfo) < 0) { -+ fprintf(stderr, "Dump terminated\n"); -+ exit(1); -+ } -+ for (l = linfo.head; l; l = l->next) { -+ n = &l->h; -+ ifi = NLMSG_DATA(n); -+ -+ len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*ifi)); -+ if (len < 0 || idx && idx != ifi->ifi_index) -+ continue; -+ -+ parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len); -+ -+ if ((tb[IFLA_VFINFO_LIST] && tb[IFLA_NUM_VF])) { -+ ipaddr_loop_each_vf(tb, vfnum, min, max); -+ return; -+ } -+ } -+} -+ - int ipaddr_list_link(int argc, char **argv) - { - preferred_family = AF_PACKET; -diff --git a/ip/iplink.c b/ip/iplink.c -index 0098443..bce5ba0 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -233,16 +233,40 @@ struct iplink_req { - }; - - static int iplink_parse_vf(int vf, int *argcp, char ***argvp, -- struct iplink_req *req) -+ struct iplink_req *req, int dev_index) - { -+ char new_rate_api = 0, count = 0, override_legacy_rate = 0; -+ struct ifla_vf_rate tivt; - int len, argc = *argcp; - char **argv = *argvp; - struct rtattr *vfinfo; - -+ tivt.min_tx_rate = -1; -+ tivt.max_tx_rate = -1; -+ - vfinfo = addattr_nest(&req->n, sizeof(*req), IFLA_VF_INFO); - - while (NEXT_ARG_OK()) { - NEXT_ARG(); -+ count++; -+ if (!matches(*argv, "max_tx_rate")) { -+ /* new API in use */ -+ new_rate_api = 1; -+ /* override legacy rate */ -+ override_legacy_rate = 1; -+ } else if (!matches(*argv, "min_tx_rate")) { -+ /* new API in use */ -+ new_rate_api = 1; -+ } -+ } -+ -+ while (count--) { -+ /* rewind arg */ -+ PREV_ARG(); -+ } -+ -+ while (NEXT_ARG_OK()) { -+ NEXT_ARG(); - if (matches(*argv, "mac") == 0) { - struct ifla_vf_mac ivm; - NEXT_ARG(); -@@ -279,7 +303,25 @@ static int iplink_parse_vf(int vf, int *argcp, char ***argvp, - invarg("Invalid \"rate\" value\n", *argv); - } - ivt.vf = vf; -- addattr_l(&req->n, sizeof(*req), IFLA_VF_TX_RATE, &ivt, sizeof(ivt)); -+ if (!new_rate_api) -+ addattr_l(&req->n, sizeof(*req), -+ IFLA_VF_TX_RATE, &ivt, sizeof(ivt)); -+ else if (!override_legacy_rate) -+ tivt.max_tx_rate = ivt.rate; -+ -+ } else if (matches(*argv, "max_tx_rate") == 0) { -+ NEXT_ARG(); -+ if (get_unsigned(&tivt.max_tx_rate, *argv, 0)) -+ invarg("Invalid \"max tx rate\" value\n", -+ *argv); -+ tivt.vf = vf; -+ -+ } else if (matches(*argv, "min_tx_rate") == 0) { -+ NEXT_ARG(); -+ if (get_unsigned(&tivt.min_tx_rate, *argv, 0)) -+ invarg("Invalid \"min tx rate\" value\n", -+ *argv); -+ tivt.vf = vf; - - } else if (matches(*argv, "spoofchk") == 0) { - struct ifla_vf_spoofchk ivs; -@@ -337,6 +379,19 @@ static int iplink_parse_vf(int vf, int *argcp, char ***argvp, - } - } - -+ if (new_rate_api) { -+ int tmin, tmax; -+ if (tivt.min_tx_rate == -1 || tivt.max_tx_rate == -1) { -+ ipaddr_get_vf_rate(tivt.vf, &tmin, &tmax, dev_index); -+ if (tivt.min_tx_rate == -1) -+ tivt.min_tx_rate = tmin; -+ if (tivt.max_tx_rate == -1) -+ tivt.max_tx_rate = tmax; -+ } -+ addattr_l(&req->n, sizeof(*req), IFLA_VF_RATE, &tivt, -+ sizeof(tivt)); -+ } -+ - if (argc == *argcp) - incomplete_command(); - -@@ -358,6 +413,7 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - int vf = -1; - int numtxqueues = -1; - int numrxqueues = -1; -+ int dev_index; - int link_netnsid = -1; - - *group = -1; -@@ -468,7 +524,7 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - } - vflist = addattr_nest(&req->n, sizeof(*req), - IFLA_VFINFO_LIST); -- len = iplink_parse_vf(vf, &argc, &argv, req); -+ len = iplink_parse_vf(vf, &argc, &argv, req, dev_index); - if (len < 0) - return -1; - addattr_nest_end(&req->n, vflist); -@@ -570,6 +626,7 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - if (*dev) - duparg2("dev", *argv); - *dev = *argv; -+ dev_index = ll_name_to_index(*dev); - } - argc--; argv++; - } -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 33172e5..741922f 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -106,6 +106,12 @@ ip-link \- network device configuration - .RB "[ " rate - .IR TXRATE " ]" - .br -+.RB "[ " max_tx_rate -+.IR TXRATE " ]" -+.br -+.RB "[ " min_tx_rate -+.IR TXRATE " ]" -+.br - .RB "[ " spoofchk " { " on " | " off " } ]" - .br - .RB "[ " query_rss " { " on " | " off " } ]" -@@ -1021,8 +1027,24 @@ as 0 disables VLAN tagging and filtering for the VF. - - .sp - .BI rate " TXRATE" --- change the allowed transmit bandwidth, in Mbps, for the specified VF. --Setting this parameter to 0 disables rate limiting. The -+-- change the allowed transmit bandwidth, in Mbps, for the specified VF. -+Setting this parameter to 0 disables rate limiting. -+.B vf -+parameter must be specified. -+Please use new API -+.B "max_tx_rate" -+option instead. -+ -+.sp -+.BI max_tx_rate " TXRATE" -+- change the allowed maximum transmit bandwidth, in Mbps, for the specified VF. -+.B vf -+parameter must be specified. -+ -+.sp -+.BI min_tx_rate " TXRATE" -+- change the allowed minimum transmit bandwidth, in Mbps, for the specified VF. -+Minimum TXRATE should be always <= Maximum TXRATE. - .B vf - parameter must be specified. - --- -1.8.3.1 - diff --git a/SOURCES/0220-ip-check-for-missing-dev-arg-when-doing-VF-rate.patch b/SOURCES/0220-ip-check-for-missing-dev-arg-when-doing-VF-rate.patch deleted file mode 100644 index 3d25dd8..0000000 --- a/SOURCES/0220-ip-check-for-missing-dev-arg-when-doing-VF-rate.patch +++ /dev/null @@ -1,66 +0,0 @@ -From e9c1b5f32fd39ee8a29035fd49e4aea8daa59cf3 Mon Sep 17 00:00:00 2001 -From: Jakub Sitnicki <jkbs@redhat.com> -Date: Wed, 27 Jul 2016 15:56:15 +0200 -Subject: [PATCH] ip: check for missing dev arg when doing VF rate - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1340914 -Upstream Status: iproute2.git commit 9a02651 -Conflicts: -* context in iplink_parse() because we already have - ccdcbf35f120 ("iplink: add support of IFLA_LINK_NETNSID attribute") - -commit 9a02651a87d0fd56e2e7eedd63921a050a42b3ec -Author: Stephen Hemminger <stephen@networkplumber.org> -Date: Mon Jul 14 12:08:05 2014 -0700 - - ip: check for missing dev arg when doing VF rate - - New VF rate code was not handling case where device not specified. - Caught by GCC warning about uninitialized variable. ---- - ip/iplink.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index bce5ba0..7ee015c 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -381,6 +381,7 @@ static int iplink_parse_vf(int vf, int *argcp, char ***argvp, - - if (new_rate_api) { - int tmin, tmax; -+ - if (tivt.min_tx_rate == -1 || tivt.max_tx_rate == -1) { - ipaddr_get_vf_rate(tivt.vf, &tmin, &tmax, dev_index); - if (tivt.min_tx_rate == -1) -@@ -413,7 +414,7 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - int vf = -1; - int numtxqueues = -1; - int numrxqueues = -1; -- int dev_index; -+ int dev_index = 0; - int link_netnsid = -1; - - *group = -1; -@@ -524,6 +525,9 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - } - vflist = addattr_nest(&req->n, sizeof(*req), - IFLA_VFINFO_LIST); -+ if (dev_index == 0) -+ missarg("dev"); -+ - len = iplink_parse_vf(vf, &argc, &argv, req, dev_index); - if (len < 0) - return -1; -@@ -627,6 +631,8 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - duparg2("dev", *argv); - *dev = *argv; - dev_index = ll_name_to_index(*dev); -+ if (dev_index == 0) -+ invarg("Unknown device", *argv); - } - argc--; argv++; - } --- -1.8.3.1 - diff --git a/SOURCES/0221-ip-link-Remove-unnecessary-device-checking.patch b/SOURCES/0221-ip-link-Remove-unnecessary-device-checking.patch deleted file mode 100644 index 66e9928..0000000 --- a/SOURCES/0221-ip-link-Remove-unnecessary-device-checking.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 95a0e54cd3b045b9cd1128c0c8ad00e78f1d61c4 Mon Sep 17 00:00:00 2001 -From: Jakub Sitnicki <jkbs@redhat.com> -Date: Wed, 27 Jul 2016 15:56:16 +0200 -Subject: [PATCH] ip link: Remove unnecessary device checking - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1340914 -Upstream Status: iproute2.git commit f1b66ff - -commit f1b66ff83a0babbe99fef81b3a960d7a4ce8dbc6 -Author: vadimk <vadim4j@gmail.com> -Date: Sat Aug 30 15:06:00 2014 +0300 - - ip link: Remove unnecessary device checking - - The real checking is performed later in iplink_modify(..) func which - checks device existence if NLM_F_CREATE flag is set. - - Also it fixes the case when impossible to add veth link which was - caused by 9a02651a87 (ip: check for missing dev arg when doing VF rate) - because these devices are not exist yet. - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> - Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> - Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> ---- - ip/iplink.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index 7ee015c..461dc95 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -631,8 +631,6 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - duparg2("dev", *argv); - *dev = *argv; - dev_index = ll_name_to_index(*dev); -- if (dev_index == 0) -- invarg("Unknown device", *argv); - } - argc--; argv++; - } --- -1.8.3.1 - diff --git a/SOURCES/0222-ip-link-Fix-crash-on-older-kernels-when-show-VF-dev.patch b/SOURCES/0222-ip-link-Fix-crash-on-older-kernels-when-show-VF-dev.patch deleted file mode 100644 index 64d47d6..0000000 --- a/SOURCES/0222-ip-link-Fix-crash-on-older-kernels-when-show-VF-dev.patch +++ /dev/null @@ -1,73 +0,0 @@ -From ef78dba44078e9e3f4d995bd04faecacc7dd045e Mon Sep 17 00:00:00 2001 -From: Jakub Sitnicki <jkbs@redhat.com> -Date: Wed, 27 Jul 2016 15:56:17 +0200 -Subject: [PATCH] ip link: Fix crash on older kernels when show VF dev - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1340914 -Upstream Status: iproute2.git commit 8c29ae7 - -commit 8c29ae7cc2494e251520584e83698c1a9f1912e5 -Author: Vadim Kochan <vadim4j@gmail.com> -Date: Fri Jan 9 21:24:31 2015 +0200 - - ip link: Fix crash on older kernels when show VF dev - - The issue was caused that ifla_vf_rate does not exist on - older kernels and should be checked if it exists as nested attr. - - Signed-off-by: Vadim Kochan <vadim4j@gmail.com> - Reported-by: William Dauchy <william@gandi.net> - Tested-by: William Dauchy <william@gandi.net> ---- - ip/ipaddress.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 11ff34d..45e747b 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -290,11 +290,10 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) - { - struct ifla_vf_mac *vf_mac; - struct ifla_vf_vlan *vf_vlan; -- struct ifla_vf_rate *vf_rate; - struct ifla_vf_tx_rate *vf_tx_rate; - struct ifla_vf_spoofchk *vf_spoofchk; - struct ifla_vf_link_state *vf_linkstate; -- struct rtattr *vf[IFLA_VF_MAX+1]; -+ struct rtattr *vf[IFLA_VF_MAX + 1] = {}; - struct rtattr *tmp; - SPRINT_BUF(b1); - -@@ -308,7 +307,6 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) - vf_mac = RTA_DATA(vf[IFLA_VF_MAC]); - vf_vlan = RTA_DATA(vf[IFLA_VF_VLAN]); - vf_tx_rate = RTA_DATA(vf[IFLA_VF_TX_RATE]); -- vf_rate = RTA_DATA(vf[IFLA_VF_RATE]); - - /* Check if the spoof checking vf info type is supported by - * this kernel. -@@ -344,10 +342,16 @@ static void print_vfinfo(FILE *fp, struct rtattr *vfinfo) - fprintf(fp, ", qos %d", vf_vlan->qos); - if (vf_tx_rate->rate) - fprintf(fp, ", tx rate %d (Mbps)", vf_tx_rate->rate); -- if (vf_rate->max_tx_rate) -- fprintf(fp, ", max_tx_rate %dMbps", vf_rate->max_tx_rate); -- if (vf_rate->min_tx_rate) -- fprintf(fp, ", min_tx_rate %dMbps", vf_rate->min_tx_rate); -+ -+ if (vf[IFLA_VF_RATE]) { -+ struct ifla_vf_rate *vf_rate = RTA_DATA(vf[IFLA_VF_RATE]); -+ -+ if (vf_rate->max_tx_rate) -+ fprintf(fp, ", max_tx_rate %dMbps", vf_rate->max_tx_rate); -+ if (vf_rate->min_tx_rate) -+ fprintf(fp, ", min_tx_rate %dMbps", vf_rate->min_tx_rate); -+ } -+ - if (vf_spoofchk && vf_spoofchk->setting != -1) { - if (vf_spoofchk->setting) - fprintf(fp, ", spoof checking on"); --- -1.8.3.1 - diff --git a/SOURCES/0223-iplink-Add-missing-variable-initialization.patch b/SOURCES/0223-iplink-Add-missing-variable-initialization.patch deleted file mode 100644 index 41ad031..0000000 --- a/SOURCES/0223-iplink-Add-missing-variable-initialization.patch +++ /dev/null @@ -1,42 +0,0 @@ -From d3f086bcbaf690e311df10f867005c2b97231231 Mon Sep 17 00:00:00 2001 -From: Jakub Sitnicki <jkbs@redhat.com> -Date: Wed, 27 Jul 2016 15:56:18 +0200 -Subject: [PATCH] iplink: Add missing variable initialization - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1253767 - https://bugzilla.redhat.com/show_bug.cgi?id=1271580 -Upstream Status: iproute2.git commit a89193a -Conflicts: -* context in iplink_parse_vf() because we don't have - 6c5ffb9a2c3d ("iplink: cleanup whitespace and checkpatch issues") - -commit a89193a7d68f59c1ce3bf47a32ff7b73661f1c54 -Author: Phil Sutter <phil@nwl.cc> -Date: Thu Jun 16 16:19:39 2016 +0200 - - iplink: Add missing variable initialization - - Without this, we might feed garbage to the kernel when the address is - shorter than expected. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - ip/iplink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index 461dc95..7b070f4 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -268,7 +268,7 @@ static int iplink_parse_vf(int vf, int *argcp, char ***argvp, - while (NEXT_ARG_OK()) { - NEXT_ARG(); - if (matches(*argv, "mac") == 0) { -- struct ifla_vf_mac ivm; -+ struct ifla_vf_mac ivm = { 0 }; - NEXT_ARG(); - ivm.vf = vf; - len = ll_addr_a2n((char *)ivm.mac, 32, *argv); --- -1.8.3.1 - diff --git a/SOURCES/0224-iplink-Check-address-length-via-netlink.patch b/SOURCES/0224-iplink-Check-address-length-via-netlink.patch deleted file mode 100644 index 2418a59..0000000 --- a/SOURCES/0224-iplink-Check-address-length-via-netlink.patch +++ /dev/null @@ -1,136 +0,0 @@ -From 7bfe1d25875b2fef1cfd679fdd8c4a999928bb80 Mon Sep 17 00:00:00 2001 -From: Jakub Sitnicki <jkbs@redhat.com> -Date: Wed, 27 Jul 2016 15:56:19 +0200 -Subject: [PATCH] iplink: Check address length via netlink - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1253767 - https://bugzilla.redhat.com/show_bug.cgi?id=1271580 -Upstream Status: iproute2.git commit 8fe58d5 -Conflicts: -* context in iplink_parse_vf() because we don't have - 6c5ffb9a2c3d ("iplink: cleanup whitespace and checkpatch issues") - -commit 8fe58d58941f440140986f444c3d040b5e350c87 -Author: Phil Sutter <phil@nwl.cc> -Date: Thu Jun 16 16:19:40 2016 +0200 - - iplink: Check address length via netlink - - This is a feature which was lost during the conversion to netlink - interface: If the device exists and a user tries to change the link - layer address, query the kernel for the old address first and reject the - new one if sizes differ. - - This patch adds the same check when setting VF address by assuming same - length as PF device. - - Note that at least for VFs the check can't be done in kernel space since - struct ifla_vf_mac lacks a length field and due to netlink padding the - exact size can't be communicated to the kernel. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - ip/iplink.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 50 insertions(+), 2 deletions(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index 7b070f4..a8bcc09 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -232,6 +232,36 @@ struct iplink_req { - char buf[1024]; - }; - -+static int nl_get_ll_addr_len(unsigned int dev_index) -+{ -+ int len; -+ struct iplink_req req = { -+ .n = { -+ .nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)), -+ .nlmsg_type = RTM_GETLINK, -+ .nlmsg_flags = NLM_F_REQUEST -+ }, -+ .i = { -+ .ifi_family = preferred_family, -+ .ifi_index = dev_index, -+ } -+ }; -+ struct rtattr *tb[IFLA_MAX+1]; -+ -+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) -+ return -1; -+ -+ len = req.n.nlmsg_len - NLMSG_LENGTH(sizeof(req.i)); -+ if (len < 0) -+ return -1; -+ -+ parse_rtattr_flags(tb, IFLA_MAX, IFLA_RTA(&req.i), len, NLA_F_NESTED); -+ if (!tb[IFLA_ADDRESS]) -+ return -1; -+ -+ return RTA_PAYLOAD(tb[IFLA_ADDRESS]); -+} -+ - static int iplink_parse_vf(int vf, int *argcp, char ***argvp, - struct iplink_req *req, int dev_index) - { -@@ -269,11 +299,18 @@ static int iplink_parse_vf(int vf, int *argcp, char ***argvp, - NEXT_ARG(); - if (matches(*argv, "mac") == 0) { - struct ifla_vf_mac ivm = { 0 }; -+ int halen = nl_get_ll_addr_len(dev_index); - NEXT_ARG(); - ivm.vf = vf; - len = ll_addr_a2n((char *)ivm.mac, 32, *argv); - if (len < 0) - return -1; -+ if (halen > 0 && len != halen) { -+ fprintf(stderr, -+ "Invalid address length %d - must be %d bytes\n", -+ len, halen); -+ return -1; -+ } - addattr_l(&req->n, sizeof(*req), IFLA_VF_MAC, &ivm, sizeof(ivm)); - } else if (matches(*argv, "vlan") == 0) { - struct ifla_vf_vlan ivv; -@@ -416,6 +453,7 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - int numrxqueues = -1; - int dev_index = 0; - int link_netnsid = -1; -+ int addr_len = 0; - - *group = -1; - ret = argc; -@@ -435,10 +473,10 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - *link = *argv; - } else if (matches(*argv, "address") == 0) { - NEXT_ARG(); -- len = ll_addr_a2n(abuf, sizeof(abuf), *argv); -+ addr_len = ll_addr_a2n(abuf, sizeof(abuf), *argv); - if (len < 0) - return -1; -- addattr_l(&req->n, sizeof(*req), IFLA_ADDRESS, abuf, len); -+ addattr_l(&req->n, sizeof(*req), IFLA_ADDRESS, abuf, addr_len); - } else if (matches(*argv, "broadcast") == 0 || - strcmp(*argv, "brd") == 0) { - NEXT_ARG(); -@@ -635,6 +673,16 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - argc--; argv++; - } - -+ if (dev_index && addr_len) { -+ int halen = nl_get_ll_addr_len(dev_index); -+ if (halen >= 0 && halen != addr_len) { -+ fprintf(stderr, -+ "Invalid address length %d - must be %d bytes\n", -+ addr_len, halen); -+ return -1; -+ } -+ } -+ - return ret - argc; - } - --- -1.8.3.1 - diff --git a/SOURCES/0225-Fix-MAC-address-length-check.patch b/SOURCES/0225-Fix-MAC-address-length-check.patch deleted file mode 100644 index 740f8fb..0000000 --- a/SOURCES/0225-Fix-MAC-address-length-check.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b6e8abac9c09c000f0b3f20ec3855f30aa1a4135 Mon Sep 17 00:00:00 2001 -From: Jakub Sitnicki <jkbs@redhat.com> -Date: Wed, 27 Jul 2016 15:56:20 +0200 -Subject: [PATCH] Fix MAC address length check - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1253767 - https://bugzilla.redhat.com/show_bug.cgi?id=1271580 -Upstream Status: iproute2.git commit 0aae234 - -commit 0aae23468ac57924c040ef4588ecd6b6dcb33075 -Author: Phil Sutter <phil@nwl.cc> -Date: Wed Jun 22 12:05:38 2016 +0200 - - Fix MAC address length check - - I forgot to change the variable in the conditional, too. - - Fixes: 8fe58d58941f4 ("iplink: Check address length via netlink") - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - ip/iplink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iplink.c b/ip/iplink.c -index a8bcc09..f49b32e 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -474,7 +474,7 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, - } else if (matches(*argv, "address") == 0) { - NEXT_ARG(); - addr_len = ll_addr_a2n(abuf, sizeof(abuf), *argv); -- if (len < 0) -+ if (addr_len < 0) - return -1; - addattr_l(&req->n, sizeof(*req), IFLA_ADDRESS, abuf, addr_len); - } else if (matches(*argv, "broadcast") == 0 || --- -1.8.3.1 - diff --git a/SOURCES/0226-ip-add-paren-to-silence-warning.patch b/SOURCES/0226-ip-add-paren-to-silence-warning.patch deleted file mode 100644 index 1eb2976..0000000 --- a/SOURCES/0226-ip-add-paren-to-silence-warning.patch +++ /dev/null @@ -1,35 +0,0 @@ -From e711f1b53b6d8cb7d067935d3bddccf289fe486e Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 27 Jul 2016 17:26:55 +0200 -Subject: [PATCH] ip: add paren to silence warning - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1340914 -Upstream Status: iproute2.git commit 1199c4f569175 - -commit 1199c4f569175e09a33bf6b1af3a8faadbf9dc04 -Author: Stephen Hemminger <stephen@networkplumber.org> -Date: Mon Jul 14 12:06:52 2014 -0700 - - ip: add paren to silence warning - - Gcc doesn't like mixed || and && in same conditional. ---- - ip/ipaddress.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 45e747b..112c34b 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -1505,7 +1505,7 @@ void ipaddr_get_vf_rate(int vfnum, int *min, int *max, int idx) - ifi = NLMSG_DATA(n); - - len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*ifi)); -- if (len < 0 || idx && idx != ifi->ifi_index) -+ if (len < 0 || (idx && idx != ifi->ifi_index)) - continue; - - parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len); --- -1.8.3.1 - diff --git a/SOURCES/0227-doc-man-ip-rule-Remove-incorrect-statement-about-rul.patch b/SOURCES/0227-doc-man-ip-rule-Remove-incorrect-statement-about-rul.patch deleted file mode 100644 index e4568d1..0000000 --- a/SOURCES/0227-doc-man-ip-rule-Remove-incorrect-statement-about-rul.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 8d15023372324cddbb517976e57a7cee76ab9bbb Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Tue, 2 Aug 2016 18:08:20 +0200 -Subject: [PATCH] doc, man: ip-rule: Remove incorrect statement about rule 0 - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1362561 -Upstream Status: iproute2.git commit 0ce05841d58b4 - -commit 0ce05841d58b42ef39ce7144dc31e77970e5d2e0 -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Mar 4 12:52:41 2016 +0100 - - doc, man: ip-rule: Remove incorrect statement about rule 0 - - The documentation is wrong here: it is indeed possible to remove policy - rule 0 and recreate it afterwards. Therefore remove these statements. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - doc/ip-cref.tex | 3 --- - man/man8/ip-rule.8 | 2 -- - 2 files changed, 5 deletions(-) - -diff --git a/doc/ip-cref.tex b/doc/ip-cref.tex -index d8fed66..bdd3010 100644 ---- a/doc/ip-cref.tex -+++ b/doc/ip-cref.tex -@@ -2003,9 +2003,6 @@ table \verb|local| (ID 255). - The \verb|local| table is a special routing table containing - high priority control routes for local and broadcast addresses. - --Rule 0 is special. It cannot be deleted or overridden. -- -- - \item Priority: 32766, Selector: match anything, Action: lookup routing - table \verb|main| (ID 254). - The \verb|main| table is the normal routing table containing all non-policy -diff --git a/man/man8/ip-rule.8 b/man/man8/ip-rule.8 -index 0661061..5274ef0 100644 ---- a/man/man8/ip-rule.8 -+++ b/man/man8/ip-rule.8 -@@ -111,8 +111,6 @@ The - .B local - table is a special routing table containing - high priority control routes for local and broadcast addresses. --.sp --Rule 0 is special. It cannot be deleted or overridden. - - .TP - 2. --- -1.8.3.1 - diff --git a/SOURCES/0228-man-ip-link-ip-address-Drop-references-to-ipvlan.patch b/SOURCES/0228-man-ip-link-ip-address-Drop-references-to-ipvlan.patch deleted file mode 100644 index dcd9d07..0000000 --- a/SOURCES/0228-man-ip-link-ip-address-Drop-references-to-ipvlan.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 216b8610970df1369d4459105fcc15658d1bf029 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 3 Aug 2016 13:12:05 +0200 -Subject: [PATCH] man: ip-link, ip-address: Drop references to ipvlan - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: RHEL only - -Since we don't support ipvlan in RHEL, remove all references to this -interface type which were added by accident. ---- - man/man8/ip-address.8.in | 1 - - man/man8/ip-link.8.in | 4 ---- - 2 files changed, 5 deletions(-) - -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index c954ab3..08a79ec 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -120,7 +120,6 @@ ip-address \- protocol address management - .BR ip6gretap " |" - .BR vti " |" - .BR nlmon " |" --.BR ipvlan " |" - .BR lowpan " |" - .BR geneve " ]" - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 741922f..dc9728c 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -167,7 +167,6 @@ ip-link \- network device configuration - .BR ip6gretap " |" - .BR vti " |" - .BR nlmon " |" --.BR ipvlan " |" - .BR geneve " ]" - - .ti -8 -@@ -250,9 +249,6 @@ Link types: - .BR nlmon - - Netlink monitoring device - .sp --.BR ipvlan --- Interface for L3 (IPv6/IPv4) based VLANs --.sp - .BR geneve - - GEneric NEtwork Virtualization Encapsulation - .sp --- -1.8.3.1 - diff --git a/SOURCES/0229-man-ip-link-Drop-fou-and-gue-related-documentation.patch b/SOURCES/0229-man-ip-link-Drop-fou-and-gue-related-documentation.patch deleted file mode 100644 index 057a061..0000000 --- a/SOURCES/0229-man-ip-link-Drop-fou-and-gue-related-documentation.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 53c41b7d2b6e2a37065e7963fa9c0938b9d936d2 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 3 Aug 2016 13:19:05 +0200 -Subject: [PATCH] man: ip-link: Drop fou and gue related documentation - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013584 -Upstream Status: RHEL only - -This is a partial revert of commit 90f1df715eb38 ("iproute: Descriptions -of fou and gue options in ip-link man pages") which, besides useful -additions, also documents options not supported in iproute as shipped -with RHEL7. ---- - man/man8/ip-link.8.in | 44 -------------------------------------------- - 1 file changed, 44 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index dc9728c..b9d9933 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -511,17 +511,6 @@ the following additional arguments are supported: - .BI "ip link add " DEVICE - .BR type " { " gre " | " ipip " | " sit " }" - .BI " remote " ADDR " local " ADDR --[ --.BR encap " { " fou " | " gue " | " none " }" --] [ --.BR encap-sport " { " \fIPORT " | " auto " }" --] [ --.BI "encap-dport " PORT --] [ --.RB [ no ] encap-csum --] [ --.RB [ no ] encap-remcsum --] - - .in +8 - .sp -@@ -533,30 +522,6 @@ the following additional arguments are supported: - - specifies the fixed local address for tunneled packets. - It must be an address on another interface on this host. - --.sp --.BR encap " { " fou " | " gue " | " none " }" --- specifies type of secondary UDP encapsulation. "fou" indicates --Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation. -- --.sp --.BR encap-sport " { " \fIPORT " | " auto " }" --- specifies the source port in UDP encapsulation. --.IR PORT --indicates the port by number, "auto" --indicates that the port number should be chosen automatically --(the kernel picks a flow based on the flow hash of the --encapsulated packet). -- --.sp --.RB [ no ] encap-csum --- specifies if UDP checksums are enabled in the secondary --encapsulation. -- --.sp --.RB [ no ] encap-remcsum --- specifies if Remote Checksum Offload is enabled. This is only --applicable for Generic UDP Encapsulation. -- - .in -8 - - .TP -@@ -1293,15 +1258,6 @@ ip link help gre - .RS 4 - Display help for the gre link type. - .RE --.PP --ip link add name tun1 type ipip remote 192.168.1.1 --local 192.168.1.2 ttl 225 encap gue encap-sport auto --encap-dport 5555 encap-csum encap-remcsum --.RS 4 --Creates an IPIP that is encapsulated with Generic UDP Encapsulation, --and the outer UDP checksum and remote checksum offload are enabled. -- --.RE - - .SH SEE ALSO - .br --- -1.8.3.1 - diff --git a/SOURCES/0230-Revert-ip-fix-exit-code-for-rule-failures.patch b/SOURCES/0230-Revert-ip-fix-exit-code-for-rule-failures.patch deleted file mode 100644 index 701570c..0000000 --- a/SOURCES/0230-Revert-ip-fix-exit-code-for-rule-failures.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 97a3579120732908e937505fa91966e9fc5098a6 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 3 Aug 2016 13:25:08 +0200 -Subject: [PATCH] Revert "ip: fix exit code for rule failures" - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 - -This reverts commit edc209d4479b6b89aed9cb5b661002cf27031bea. ---- - ip/iprule.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iprule.c b/ip/iprule.c -index 2a153f5..63d7fcc 100644 ---- a/ip/iprule.c -+++ b/ip/iprule.c -@@ -358,7 +358,7 @@ static int iprule_modify(int cmd, int argc, char **argv) - req.r.rtm_table = RT_TABLE_MAIN; - - if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) -- return -2; -+ return 2; - - return 0; - } --- -1.8.3.1 - diff --git a/SOURCES/0231-Revert-ip-return-correct-exit-code-on-route-failure.patch b/SOURCES/0231-Revert-ip-return-correct-exit-code-on-route-failure.patch deleted file mode 100644 index 41bfe19..0000000 --- a/SOURCES/0231-Revert-ip-return-correct-exit-code-on-route-failure.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6bcd2f4cc935039d7360fba0cb5a55de5131199d Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 3 Aug 2016 13:26:25 +0200 -Subject: [PATCH] Revert "ip: return correct exit code on route failure" - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 - -This reverts commit daba15cd1437d136cfd3f09bd42d7c79ffa3d517. ---- - ip/iproute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index 094566a..378bdba 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -1083,7 +1083,7 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - req.r.rtm_family = AF_INET; - - if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) -- return -2; -+ return -1; - - return 0; - } --- -1.8.3.1 - diff --git a/SOURCES/0232-Revert-link-dump-filter.patch b/SOURCES/0232-Revert-link-dump-filter.patch deleted file mode 100644 index 440353e..0000000 --- a/SOURCES/0232-Revert-link-dump-filter.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 79b2060582ed044feb9d703e9f13c620fb64c389 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 3 Aug 2016 13:28:09 +0200 -Subject: [PATCH] Revert "link dump filter" - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 - -This reverts commit 83e4e4b09ca5ca91ab54fe983c1786e04b7ba41b. ---- - ip/ip_common.h | 1 - - ip/ipaddress.c | 13 ------------- - ip/iplink.c | 35 ----------------------------------- - 3 files changed, 49 deletions(-) - -diff --git a/ip/ip_common.h b/ip/ip_common.h -index 286f61f..42eda66 100644 ---- a/ip/ip_common.h -+++ b/ip/ip_common.h -@@ -56,7 +56,6 @@ extern int do_ipl2tp(int argc, char **argv); - extern int do_tcp_metrics(int argc, char **argv); - extern int do_ipnetconf(int argc, char **argv); - extern int do_iptoken(int argc, char **argv); --extern int iplink_get(unsigned int flags, char *name, __u32 filt_mask); - - static inline int rtm_get_table(struct rtmsg *r, struct rtattr **tb) - { -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 112c34b..97a8f2f 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -1400,19 +1400,6 @@ static int ipaddr_list_flush_or_save(int argc, char **argv, int action) - exit(0); - } - -- /* -- * If only filter_dev present and none of the other -- * link filters are present, use RTM_GETLINK to get -- * the link device -- */ -- if (filter_dev && filter.group == -1 && do_link == 1) { -- if (iplink_get(0, filter_dev, RTEXT_FILTER_VF) < 0) { -- perror("Cannot send link get request"); -- exit(1); -- } -- exit(0); -- } -- - if (rtnl_wilddump_request(&rth, preferred_family, RTM_GETLINK) < 0) { - perror("Cannot send dump request"); - exit(1); -diff --git a/ip/iplink.c b/ip/iplink.c -index f49b32e..3dac893 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -827,41 +827,6 @@ static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv) - return 0; - } - --int iplink_get(unsigned int flags, char *name, __u32 filt_mask) --{ -- int len; -- struct iplink_req req; -- struct { -- struct nlmsghdr n; -- char buf[16384]; -- } answer; -- -- memset(&req, 0, sizeof(req)); -- -- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); -- req.n.nlmsg_flags = NLM_F_REQUEST|flags; -- req.n.nlmsg_type = RTM_GETLINK; -- req.i.ifi_family = preferred_family; -- -- if (name) { -- len = strlen(name) + 1; -- if (len == 1) -- invarg("\"\" is not a valid device identifier\n", -- "name"); -- if (len > IFNAMSIZ) -- invarg("\"name\" too long\n", name); -- addattr_l(&req.n, sizeof(req), IFLA_IFNAME, name, len); -- } -- addattr32(&req.n, sizeof(req), IFLA_EXT_MASK, filt_mask); -- -- if (rtnl_talk(&rth, &req.n, &answer.n, sizeof(answer)) < 0) -- return -2; -- -- print_linkinfo(NULL, &answer.n, stdout); -- -- return 0; --} -- - #if IPLINK_IOCTL_COMPAT - static int get_ctl_fd(void) - { --- -1.8.3.1 - diff --git a/SOURCES/0233-Revert-ip-fix-exit-code-for-addrlabel.patch b/SOURCES/0233-Revert-ip-fix-exit-code-for-addrlabel.patch deleted file mode 100644 index 5271b62..0000000 --- a/SOURCES/0233-Revert-ip-fix-exit-code-for-addrlabel.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d1481d4882f12d786afb9eb78a255ea78ea3a7c5 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 3 Aug 2016 13:29:11 +0200 -Subject: [PATCH] Revert "ip: fix exit code for addrlabel" - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 - -This reverts commit 205034e561dbc0e1fa380970130b28188870c265. ---- - ip/ipaddrlabel.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c -index 7f25f0b..a0b6e6f 100644 ---- a/ip/ipaddrlabel.c -+++ b/ip/ipaddrlabel.c -@@ -185,7 +185,7 @@ static int ipaddrlabel_modify(int cmd, int argc, char **argv) - req.ifal.ifal_family = AF_INET6; - - if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) -- return -2; -+ return 2; - - return 0; - } -@@ -234,12 +234,12 @@ static int ipaddrlabel_flush(int argc, char **argv) - - if (rtnl_wilddump_request(&rth, af, RTM_GETADDRLABEL) < 0) { - perror("Cannot send dump request"); -- return -1; -+ return 1; - } - - if (rtnl_dump_filter(&rth, flush_addrlabel, NULL) < 0) { - fprintf(stderr, "Flush terminated\n"); -- return -1; -+ return 1; - } - - return 0; --- -1.8.3.1 - diff --git a/SOURCES/0234-Revert-fix-ip-force-batch-to-continue-on-errors.patch b/SOURCES/0234-Revert-fix-ip-force-batch-to-continue-on-errors.patch deleted file mode 100644 index a195ee6..0000000 --- a/SOURCES/0234-Revert-fix-ip-force-batch-to-continue-on-errors.patch +++ /dev/null @@ -1,194 +0,0 @@ -From bfc6f79b96a6ce78c9ab57454d94ba983adb81a8 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 3 Aug 2016 13:31:13 +0200 -Subject: [PATCH] Revert "fix ip -force -batch to continue on errors" - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 - -This reverts commit 03f8f5811ebc0f8fac1c3ccb76c14007d250bd38. ---- - bridge/fdb.c | 6 +++--- - bridge/link.c | 18 +++++++++--------- - bridge/mdb.c | 8 ++++---- - bridge/vlan.c | 4 ++-- - ip/iproute.c | 2 +- - 5 files changed, 19 insertions(+), 19 deletions(-) - -diff --git a/bridge/fdb.c b/bridge/fdb.c -index 6dc3153..0191c76 100644 ---- a/bridge/fdb.c -+++ b/bridge/fdb.c -@@ -287,7 +287,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) - - if (d == NULL || addr == NULL) { - fprintf(stderr, "Device and address are required arguments.\n"); -- return -1; -+ exit(-1); - } - - /* Assume self */ -@@ -302,7 +302,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) - abuf, abuf+1, abuf+2, - abuf+3, abuf+4, abuf+5) != 6) { - fprintf(stderr, "Invalid mac address %s\n", addr); -- return -1; -+ exit(-1); - } - - addattr_l(&req.n, sizeof(req), NDA_LLADDR, abuf, ETH_ALEN); -@@ -330,7 +330,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) - } - - if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) -- return -1; -+ exit(2); - - return 0; - } -diff --git a/bridge/link.c b/bridge/link.c -index 02777d6..861100d 100644 ---- a/bridge/link.c -+++ b/bridge/link.c -@@ -268,19 +268,19 @@ static int brlink_modify(int argc, char **argv) - } else if (strcmp(*argv, "guard") == 0) { - NEXT_ARG(); - if (!on_off("guard", &bpdu_guard, *argv)) -- return -1; -+ exit(-1); - } else if (strcmp(*argv, "hairpin") == 0) { - NEXT_ARG(); - if (!on_off("hairping", &hairpin, *argv)) -- return -1; -+ exit(-1); - } else if (strcmp(*argv, "fastleave") == 0) { - NEXT_ARG(); - if (!on_off("fastleave", &fast_leave, *argv)) -- return -1; -+ exit(-1); - } else if (strcmp(*argv, "root_block") == 0) { - NEXT_ARG(); - if (!on_off("root_block", &root_block, *argv)) -- return -1; -+ exit(-1); - } else if (strcmp(*argv, "cost") == 0) { - NEXT_ARG(); - cost = atoi(*argv); -@@ -299,7 +299,7 @@ static int brlink_modify(int argc, char **argv) - if (state == nstates) { - fprintf(stderr, - "Error: invalid STP port state\n"); -- return -1; -+ exit(-1); - } - } - } else if (strcmp(*argv, "hwmode") == 0) { -@@ -313,7 +313,7 @@ static int brlink_modify(int argc, char **argv) - fprintf(stderr, - "Mode argument must be \"vepa\" or " - "\"veb\".\n"); -- return -1; -+ exit(-1); - } - } else { - usage(); -@@ -322,14 +322,14 @@ static int brlink_modify(int argc, char **argv) - } - if (d == NULL) { - fprintf(stderr, "Device is a required argument.\n"); -- return -1; -+ exit(-1); - } - - - req.ifm.ifi_index = ll_name_to_index(d); - if (req.ifm.ifi_index == 0) { - fprintf(stderr, "Cannot find bridge device \"%s\"\n", d); -- return -1; -+ exit(-1); - } - - /* Nested PROTINFO attribute. Contains: port flags, cost, priority and -@@ -377,7 +377,7 @@ static int brlink_modify(int argc, char **argv) - } - - if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) -- return -1; -+ exit(2); - - return 0; - } -diff --git a/bridge/mdb.c b/bridge/mdb.c -index 821f575..1cd03e0 100644 ---- a/bridge/mdb.c -+++ b/bridge/mdb.c -@@ -145,12 +145,12 @@ static int mdb_show(int argc, char **argv) - - if (rtnl_wilddump_request(&rth, PF_BRIDGE, RTM_GETMDB) < 0) { - perror("Cannot send dump request"); -- return -1; -+ exit(1); - } - - if (rtnl_dump_filter(&rth, print_mdb, stdout) < 0) { - fprintf(stderr, "Dump terminated\n"); -- return -1; -+ exit(1); - } - - return 0; -@@ -198,7 +198,7 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) - - if (d == NULL || grp == NULL || p == NULL) { - fprintf(stderr, "Device, group address and port name are required arguments.\n"); -- return -1; -+ exit(-1); - } - - req.bpm.ifindex = ll_name_to_index(d); -@@ -225,7 +225,7 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) - addattr_l(&req.n, sizeof(req), MDBA_SET_ENTRY, &entry, sizeof(entry)); - - if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) -- return -1; -+ exit(2); - - return 0; - } -diff --git a/bridge/vlan.c b/bridge/vlan.c -index b471bf7..54e10d0 100644 ---- a/bridge/vlan.c -+++ b/bridge/vlan.c -@@ -69,7 +69,7 @@ static int vlan_modify(int cmd, int argc, char **argv) - - if (d == NULL || vid == -1) { - fprintf(stderr, "Device and VLAN ID are required arguments.\n"); -- return -1; -+ exit(-1); - } - - req.ifm.ifi_index = ll_name_to_index(d); -@@ -96,7 +96,7 @@ static int vlan_modify(int cmd, int argc, char **argv) - addattr_nest_end(&req.n, afspec); - - if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) -- return -1; -+ exit(2); - - return 0; - } -diff --git a/ip/iproute.c b/ip/iproute.c -index 378bdba..b7057b3 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -1083,7 +1083,7 @@ static int iproute_modify(int cmd, unsigned flags, int argc, char **argv) - req.r.rtm_family = AF_INET; - - if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) -- return -1; -+ exit(2); - - return 0; - } --- -1.8.3.1 - diff --git a/SOURCES/0235-Revert-Allow-specifying-bridge-port-STP-state-by-nam.patch b/SOURCES/0235-Revert-Allow-specifying-bridge-port-STP-state-by-nam.patch deleted file mode 100644 index 16a32b8..0000000 --- a/SOURCES/0235-Revert-Allow-specifying-bridge-port-STP-state-by-nam.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 1ae6a8011c996122c66a9ea791a7540e8f541b1c Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Wed, 3 Aug 2016 13:31:51 +0200 -Subject: [PATCH] Revert "Allow specifying bridge port STP state by name rather - than number." - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 - -This reverts commit a5087426d103b65fcfd85dc0f71c5bedc3a23148. ---- - bridge/link.c | 14 +------------- - man/man8/bridge.8 | 4 +--- - 2 files changed, 2 insertions(+), 16 deletions(-) - -diff --git a/bridge/link.c b/bridge/link.c -index 861100d..19d0642 100644 ---- a/bridge/link.c -+++ b/bridge/link.c -@@ -289,19 +289,7 @@ static int brlink_modify(int argc, char **argv) - priority = atoi(*argv); - } else if (strcmp(*argv, "state") == 0) { - NEXT_ARG(); -- char *endptr; -- size_t nstates = sizeof(port_states) / sizeof(*port_states); -- state = strtol(*argv, &endptr, 10); -- if (!(**argv != '\0' && *endptr == '\0')) { -- for (state = 0; state < nstates; state++) -- if (strcmp(port_states[state], *argv) == 0) -- break; -- if (state == nstates) { -- fprintf(stderr, -- "Error: invalid STP port state\n"); -- exit(-1); -- } -- } -+ state = atoi(*argv); - } else if (strcmp(*argv, "hwmode") == 0) { - NEXT_ARG(); - flags = BRIDGE_FLAGS_SELF; -diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 -index 3cda7d6..4f48546 100644 ---- a/man/man8/bridge.8 -+++ b/man/man8/bridge.8 -@@ -204,9 +204,7 @@ droot port selectio algorithms. - .TP - .BI state " STATE " - the operation state of the port. This is primarily used by user space STP/RSTP --implementation. One may enter a lowercased port state name, or one of the --numbers below. Negative inputs are ignored, and unrecognized names return an --error. -+implementation. The following is a list of valid values: - - .B 0 - - port is DISABLED. Make this port completely inactive. --- -1.8.3.1 - diff --git a/SOURCES/0236-man-macsec-fix-macsec-related-typos.patch b/SOURCES/0236-man-macsec-fix-macsec-related-typos.patch deleted file mode 100644 index 42e28a7..0000000 --- a/SOURCES/0236-man-macsec-fix-macsec-related-typos.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 6e7aaccce27c114aad2ef88aa2bf11844ad0282c Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 3 Aug 2016 17:22:09 +0200 -Subject: [PATCH] man: macsec: fix macsec related typos - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1354702 -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1354319 -Upstream Status: iproute2.git commit c0ab80a4907a - -commit c0ab80a4907a102e48b3a8f4150e77671e5af81d -Author: Davide Caratti <dcaratti@redhat.com> -Date: Tue Jul 26 11:03:18 2016 +0200 - - man: macsec: fix macsec related typos - - - ip-macsec.8: fix wrong 'device' keyword in 'ip link add device eth0'; - add missing description of 'validate' keyword; remove spurious bracket - near 'encrypt' keyword; add missing reference to configuration of 'port' - and 'sci' - - ip-link.8 fix wrong 'es' and 'encoding' keywords in MACsec section - - Signed-off-by: Davide Caratti <dcaratti@redhat.com> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - man/man8/ip-link.8.in | 8 ++++---- - man/man8/ip-macsec.8 | 11 ++++++++--- - 2 files changed, 12 insertions(+), 7 deletions(-) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index b9d9933..9acb6b2 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -755,14 +755,14 @@ the following additional arguments are supported: - .BR encrypt " {" - .BR on " | " off " } ] [ " - .BR send_sci " { " on " | " off " } ] [" --.BR es " { " on " | " off " } ] [" -+.BR end_station " { " on " | " off " } ] [" - .BR scb " { " on " | " off " } ] [" - .BR protect " { " on " | " off " } ] [" - .BR replay " { " on " | " off " }" - .BR window " { " - .IR 0..2^32-1 " } ] [" - .BR validate " { " strict " | " check " | " disabled " } ] [" --.BR encoding " { " -+.BR encodingsa " { " - .IR 0..3 " } ]" - - .in +8 -@@ -787,7 +787,7 @@ the following additional arguments are supported: - - specifies whether the SCI is included in every packet, or only when it is necessary. - - .sp --.BR "es on " or " es off" -+.BR "end_station on " or " end_station off" - - sets the End Station bit. - - .sp -@@ -815,7 +815,7 @@ the following additional arguments are supported: - - sets the validation mode on the device. - - .sp --.BI encoding " AN " -+.BI encodingsa " AN " - - sets the active secure association for transmission. - - .in -8 -diff --git a/man/man8/ip-macsec.8 b/man/man8/ip-macsec.8 -index e8455d7..f928c43 100644 ---- a/man/man8/ip-macsec.8 -+++ b/man/man8/ip-macsec.8 -@@ -3,10 +3,14 @@ - ip-macsec \- MACsec device configuration - .SH "SYNOPSIS" - .BI "ip link add link " DEVICE " name " NAME " type macsec " --[ [ -+[ -+.BI port " PORT" -+| -+.BI sci " SCI" -+] [ [ - .BR cipher " { " default " | " gcm-aes-128 " } ] " - .BI icvlen " ICVLEN" --] [ [ -+] [ - .BR encrypt " { " on " | " off " } ] [" - .BR send_sci " { " on " | " off " } ] [" - .BR end_station " { " on " | " off " } ] [" -@@ -15,6 +19,7 @@ ip-macsec \- MACsec device configuration - .BR replay " { " on " | " off " } ] [" - .BI window " WINDOW" - ] [ -+.BR validate " { " strict " | " check " | " disabled " } ] [" - .BI encodingsa " SA" - ] - -@@ -74,7 +79,7 @@ type. - .PP - .SS Create a MACsec device on link eth0 - .nf --# ip link add device eth0 macsec0 type macsec port 11 encrypt on -+# ip link add link eth0 macsec0 type macsec port 11 encrypt on - .PP - .SS Configure a secure association on that device - .nf --- -1.8.3.1 - diff --git a/SOURCES/0237-ip-link-address-add-macsec-item-to-TYPE-list.patch b/SOURCES/0237-ip-link-address-add-macsec-item-to-TYPE-list.patch deleted file mode 100644 index 1a577af..0000000 --- a/SOURCES/0237-ip-link-address-add-macsec-item-to-TYPE-list.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 594bd9247ca5f02d46a8a94bc25f9edf2e82f6d3 Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 3 Aug 2016 17:22:10 +0200 -Subject: [PATCH] ip {link,address}: add 'macsec' item to TYPE list - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1354702 -Upstream Status: iproute2.git commit fd4df5b21180 -Conflicts: context conflicts in TYPE lists due to missing HSR, lowpan -and VRF support, and because of upstream commit 577cfe0b677e not yet -merged. - -commit fd4df5b21180f9b32259d859e6fcbbb08d0e03c4 -Author: Davide Caratti <dcaratti@redhat.com> -Date: Tue Jul 26 11:03:19 2016 +0200 - - ip {link,address}: add 'macsec' item to TYPE list - - fix output of "ip address help" and "ip link help". Update TYPE list in man - pages ip-address.8 and ip-link.8 as well. - - Signed-off-by: Davide Caratti <dcaratti@redhat.com> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - ip/ipaddress.c | 2 +- - ip/iplink.c | 2 +- - man/man8/ip-address.8.in | 3 ++- - man/man8/ip-link.8.in | 3 ++- - 4 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 97a8f2f..62a25bc 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -94,7 +94,7 @@ static void usage(void) - fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"); - fprintf(stderr, " bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |\n"); - fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti | nlmon |\n"); -- fprintf(stderr, " bond_slave | ipvlan | geneve | bridge_slave | vrf }\n"); -+ fprintf(stderr, " bond_slave | ipvlan | geneve | bridge_slave | vrf | macsec }\n"); - - exit(-1); - } -diff --git a/ip/iplink.c b/ip/iplink.c -index 3dac893..e9c2874 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -95,7 +95,7 @@ void iplink_usage(void) - fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"); - fprintf(stderr, " bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |\n"); - fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti | nlmon |\n"); -- fprintf(stderr, " bond_slave | geneve }\n"); -+ fprintf(stderr, " bond_slave | geneve | macsec }\n"); - } - exit(-1); - } -diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in -index 08a79ec..be514ca 100644 ---- a/man/man8/ip-address.8.in -+++ b/man/man8/ip-address.8.in -@@ -121,7 +121,8 @@ ip-address \- protocol address management - .BR vti " |" - .BR nlmon " |" - .BR lowpan " |" --.BR geneve " ]" -+.BR geneve " |" -+.BR macsec " ]" - - .SH "DESCRIPTION" - The -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 9acb6b2..2633521 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -167,7 +167,8 @@ ip-link \- network device configuration - .BR ip6gretap " |" - .BR vti " |" - .BR nlmon " |" --.BR geneve " ]" -+.BR geneve " |" -+.BR macsec " ]" - - .ti -8 - .IR ETYPE " := [ " TYPE " |" --- -1.8.3.1 - diff --git a/SOURCES/0238-macsec-cipher-and-icvlen-can-be-set-separately.patch b/SOURCES/0238-macsec-cipher-and-icvlen-can-be-set-separately.patch deleted file mode 100644 index d7ff890..0000000 --- a/SOURCES/0238-macsec-cipher-and-icvlen-can-be-set-separately.patch +++ /dev/null @@ -1,167 +0,0 @@ -From b669a186dc9a68efb82595d991726bb5e3cb51b6 Mon Sep 17 00:00:00 2001 -From: Davide Caratti <dcaratti@redhat.com> -Date: Wed, 3 Aug 2016 17:22:11 +0200 -Subject: [PATCH] macsec: cipher and icvlen can be set separately - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1354408 -Upstream Status: iproute2.git commit 89bb6e673a6a - -commit 89bb6e673a6ae9dd9b6845ed95358dd6653c167e -Author: Davide Caratti <dcaratti@redhat.com> -Date: Tue Jul 26 11:03:20 2016 +0200 - - macsec: cipher and icvlen can be set separately - - since kernel driver has valid default values for 'cipher' and 'icvlen', - there is no need for requiring users to specify both of them when a new - link is added. Also, prompt an error message and exit with appropriate - exit status in case of unsupported cipher suite. - - Signed-off-by: Davide Caratti <dcaratti@redhat.com> - -Signed-off-by: Davide Caratti <dcaratti@redhat.com> ---- - ip/ipmacsec.c | 52 +++++++++++++++++---------------------------------- - man/man8/ip-link.8.in | 6 ++++++ - man/man8/ip-macsec.8 | 4 ++-- - 3 files changed, 25 insertions(+), 37 deletions(-) - -diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c -index 34ba341..329be00 100644 ---- a/ip/ipmacsec.c -+++ b/ip/ipmacsec.c -@@ -1071,34 +1071,6 @@ static void macsec_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) - } - } - -- --static int do_cipher_suite(struct cipher_args *cipher, int *argcp, -- char ***argvp) --{ -- char **argv = *argvp; -- int argc = *argcp; -- -- if (argc == 0) -- return -1; -- -- if (strcmp(*argv, "default") == 0 || -- strcmp(*argv, "gcm-aes-128") == 0 || -- strcmp(*argv, "GCM-AES-128") == 0) -- cipher->id = MACSEC_DEFAULT_CIPHER_ID; -- NEXT_ARG(); -- -- if (strcmp(*argv, "icvlen") == 0) { -- NEXT_ARG(); -- if (cipher->icv_len != 0) -- duparg2("icvlen", "icvlen"); -- get_icvlen(&cipher->icv_len, *argv); -- } -- *argcp = argc; -- *argvp = argv; -- -- return 0; --} -- - static bool check_txsc_flags(bool es, bool scb, bool sci) - { - if (sci && (es || scb)) -@@ -1112,7 +1084,8 @@ static void usage(FILE *f) - { - fprintf(f, - "Usage: ... macsec [ port PORT | sci SCI ]\n" -- " [ cipher CIPHER_SUITE ]\n" -+ " [ cipher { default | gcm-aes-128 } ]\n" -+ " [ icvlen { 8..16 } ]\n" - " [ encrypt { on | off } ]\n" - " [ send_sci { on | off } ]\n" - " [ end_station { on | off } ]\n" -@@ -1122,7 +1095,6 @@ static void usage(FILE *f) - " [ validate { strict | check | disabled } ]\n" - " [ encodingsa { 0..3 } ]\n" - ); -- fprintf(f, "CIPHER_SUITE := [ default = gcm-aes-128 ] icvlen { 8..32 }\n"); - } - - static int macsec_parse_opt(struct link_util *lu, int argc, char **argv, -@@ -1154,11 +1126,21 @@ static int macsec_parse_opt(struct link_util *lu, int argc, char **argv, - - while (argc > 0) { - if (strcmp(*argv, "cipher") == 0) { -+ NEXT_ARG(); - if (cipher.id) -- duparg2("cipher", "cipher"); -+ duparg("cipher", *argv); -+ if (strcmp(*argv, "default") == 0 || -+ strcmp(*argv, "gcm-aes-128") == 0 || -+ strcmp(*argv, "GCM-AES-128") == 0) -+ cipher.id = MACSEC_DEFAULT_CIPHER_ID; -+ else -+ invarg("expected: default or gcm-aes-128", -+ *argv); -+ } else if (strcmp(*argv, "icvlen") == 0) { - NEXT_ARG(); -- if (do_cipher_suite(&cipher, &argc, &argv)) -- return -1; -+ if (cipher.icv_len) -+ duparg("icvlen", *argv); -+ get_icvlen(&cipher.icv_len, *argv); - } else if (strcmp(*argv, "encrypt") == 0) { - NEXT_ARG(); - int i; -@@ -1264,12 +1246,12 @@ static int macsec_parse_opt(struct link_util *lu, int argc, char **argv, - return -1; - } - -- if (cipher.id) { -+ if (cipher.id) - addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_CIPHER_SUITE, - &cipher.id, sizeof(cipher.id)); -+ if (cipher.icv_len) - addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_ICV_LEN, - &cipher.icv_len, sizeof(cipher.icv_len)); -- } - - if (replay_protect != -1) { - addattr32(hdr, MACSEC_BUFLEN, IFLA_MACSEC_WINDOW, window); -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 2633521..18c7040 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -753,6 +753,8 @@ the following additional arguments are supported: - ] [ - .BI cipher " CIPHER_SUITE" - ] [ -+.BR icvlen " { " -+.IR 8..16 " } ] [" - .BR encrypt " {" - .BR on " | " off " } ] [ " - .BR send_sci " { " on " | " off " } ] [" -@@ -780,6 +782,10 @@ the following additional arguments are supported: - - defines the cipher suite to use. - - .sp -+.BI icvlen " LENGTH " -+- sets the length of the Integrity Check Value (ICV). -+ -+.sp - .BR "encrypt on " or " encrypt off" - - switches between authenticated encryption, or authenticity mode only. - -diff --git a/man/man8/ip-macsec.8 b/man/man8/ip-macsec.8 -index f928c43..105aeec 100644 ---- a/man/man8/ip-macsec.8 -+++ b/man/man8/ip-macsec.8 -@@ -7,8 +7,8 @@ ip-macsec \- MACsec device configuration - .BI port " PORT" - | - .BI sci " SCI" --] [ [ --.BR cipher " { " default " | " gcm-aes-128 " } ] " -+] [ -+.BR cipher " { " default " | " gcm-aes-128 " } ] [" - .BI icvlen " ICVLEN" - ] [ - .BR encrypt " { " on " | " off " } ] [" --- -1.8.3.1 - diff --git a/SOURCES/0239-man-ip-link.8-Document-missing-geneve-options.patch b/SOURCES/0239-man-ip-link.8-Document-missing-geneve-options.patch deleted file mode 100644 index 6191966..0000000 --- a/SOURCES/0239-man-ip-link.8-Document-missing-geneve-options.patch +++ /dev/null @@ -1,86 +0,0 @@ -From f5daf2e2fa8afe3adb7eb9bb04fb41828144e562 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 18 Aug 2016 20:54:31 +0200 -Subject: [PATCH] man: ip-link.8: Document missing geneve options - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1339178 -Upstream Status: iproute2.git commit 7e33b093318cd - -commit 7e33b093318cd9281e3df3572ed64b57e12ba642 -Author: Phil Sutter <phil@nwl.cc> -Date: Fri Aug 12 01:17:12 2016 +0200 - - man: ip-link.8: Document missing geneve options - - This adds missing documentation of geneve type options: - - - dstport - - external - - udpcsum - - udp6zerocsumtx - - udp6zerocsumrx - - The bits for the last three was just copy and pasted from vxlan section. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - man/man8/ip-link.8.in | 36 ++++++++++++++++++++++++++++++++++++ - 1 file changed, 36 insertions(+) - -diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in -index 18c7040..8968cf2 100644 ---- a/man/man8/ip-link.8.in -+++ b/man/man8/ip-link.8.in -@@ -664,6 +664,16 @@ the following additional arguments are supported: - .BI tos " TOS " - ] [ - .BI flowlabel " FLOWLABEL " -+] [ -+.BI dstport " PORT" -+] [ -+.RB [ no ] external -+] [ -+.RB [ no ] udpcsum -+] [ -+.RB [ no ] udp6zerocsumtx -+] [ -+.RB [ no ] udp6zerocsumrx - ] - - .in +8 -@@ -687,6 +697,32 @@ the following additional arguments are supported: - .BI flowlabel " FLOWLABEL" - - specifies the flow label to use in outgoing packets. - -+.sp -+.BI dstport " PORT" -+- select a destination port other than the default of 6081. -+ -+.sp -+.RB [ no ] external -+- make this tunnel externally controlled (or not, which is the default). This -+flag is mutually exclusive with the -+.BR id , -+.BR remote , -+.BR ttl , -+.BR tos " and " flowlabel -+options. -+ -+.sp -+.RB [ no ] udpcsum -+- specifies if UDP checksum is calculated for transmitted packets over IPv4. -+ -+.sp -+.RB [ no ] udp6zerocsumtx -+- skip UDP checksum calculation for transmitted packets over IPv6. -+ -+.sp -+.RB [ no ] udp6zerocsumrx -+- allow incoming UDP packets over IPv6 with zero checksum field. -+ - .in -8 - - .TP --- -1.8.3.1 - diff --git a/SOURCES/0240-ip-link-add-missing-min-max-_tx_rate-to-help-text.patch b/SOURCES/0240-ip-link-add-missing-min-max-_tx_rate-to-help-text.patch deleted file mode 100644 index a87a5e6..0000000 --- a/SOURCES/0240-ip-link-add-missing-min-max-_tx_rate-to-help-text.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 5eac57fa0734790c5905dc1e0eb8fcab03fbfd3f Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 18 Aug 2016 20:56:09 +0200 -Subject: [PATCH] ip-link: add missing {min,max}_tx_rate to help text - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1340914 -Upstream Status: iproute2.git commit 08c0466b11b79 - -commit 08c0466b11b79107740226052a27279034eb3768 -Author: Phil Sutter <phil@nwl.cc> -Date: Tue Aug 16 16:08:38 2016 +0200 - - ip-link: add missing {min,max}_tx_rate to help text - - These vf options are described in man page already, they're just missing - in help output. - - Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - ip/iplink.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/ip/iplink.c b/ip/iplink.c -index e9c2874..e0e0fe9 100644 ---- a/ip/iplink.c -+++ b/ip/iplink.c -@@ -79,6 +79,8 @@ void iplink_usage(void) - fprintf(stderr, " [ vlan VLANID [ qos VLAN-QOS ] ]\n"); - - fprintf(stderr, " [ rate TXRATE ]\n"); -+ fprintf(stderr, " [ max_tx_rate TXRATE ]\n"); -+ fprintf(stderr, " [ min_tx_rate TXRATE ]\n"); - - fprintf(stderr, " [ spoofchk { on | off} ]\n"); - fprintf(stderr, " [ query_rss { on | off} ]\n"); --- -1.8.3.1 - diff --git a/SOURCES/0241-ip-route-restore_handler-should-check-tb-RTA_PREFSRC.patch b/SOURCES/0241-ip-route-restore_handler-should-check-tb-RTA_PREFSRC.patch deleted file mode 100644 index e35b86c..0000000 --- a/SOURCES/0241-ip-route-restore_handler-should-check-tb-RTA_PREFSRC.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 3bcd42253a598fe19892e418e15edea6cb87149e Mon Sep 17 00:00:00 2001 -From: Phil Sutter <psutter@redhat.com> -Date: Thu, 25 Aug 2016 16:47:35 +0200 -Subject: [PATCH] ip route: restore_handler should check tb[RTA_PREFSRC] for - local networks - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1362728 -Upstream Status: iproute2.git commit c85703bb9fb77 - -commit c85703bb9fb778ca94a3f84343406a251d23f9ba -Author: Xin Long <lucien.xin@gmail.com> -Date: Sun Aug 7 17:12:30 2016 +0800 - - ip route: restore_handler should check tb[RTA_PREFSRC] for local networks - - Prior to this patch, If one route entry's RTA_PREFSRC and RTA_GATEWAY - both were NULL, it was supposed to be restored ONLY as a local address. - - But as it didn't check tb[RTA_PREFSRC] when restoring local networks, - rtattr_cmp would return a success if it was NULL, this route entry would - be restored again as a local network. - - This patch is to add tb[RTA_PREFSRC] check when restoring local networks. - - Fixes: 74af8dd9620e ("ip route: restore route entries in correct order") - Signed-off-by: Xin Long <lucien.xin@gmail.com> - Tested-by: Phil Sutter <phil@nwl.cc> ---- - ip/iproute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index b7057b3..15e1a51 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -1619,7 +1619,7 @@ static int restore_handler(const struct sockaddr_nl *nl, - if (!prio && !tb[RTA_GATEWAY] && (!tb[RTA_PREFSRC] || - !rtattr_cmp(tb[RTA_PREFSRC], tb[RTA_DST]))) - goto restore; -- else if (prio == 1 && !tb[RTA_GATEWAY] && -+ else if (prio == 1 && !tb[RTA_GATEWAY] && tb[RTA_PREFSRC] && - rtattr_cmp(tb[RTA_PREFSRC], tb[RTA_DST])) - goto restore; - else if (prio == 2 && tb[RTA_GATEWAY]) --- -1.8.3.1 - diff --git a/SPECS/iproute.spec b/SPECS/iproute.spec index bc6fdd1..83991ef 100644 --- a/SPECS/iproute.spec +++ b/SPECS/iproute.spec @@ -1,8 +1,8 @@ %global cbq_version v0.7.3 %define rpmversion 3.10.0 -%define baserelease 55.el7 -%define specrelease 74%{?dist} +%define baserelease 74.el7 +%define specrelease 87%{?dist} %define pkg_release %{specrelease}%{?buildid} Summary: Advanced IP routing and network device configuration tools @@ -14,247 +14,175 @@ URL: http://kernel.org/pub/linux/utils/net/%{name}2/ Source0: %{name}-%{rpmversion}-%{baserelease}.tar.xz Source1: cbq-0000.example Source2: avpkt -Patch0: 0001-man-lnstat-rewrite-manpage.patch -Patch1: 0002-lnstat-fix-header-displaying-mechanism.patch -Patch2: 0003-iproute2-Ignore-EADDRNOTAVAIL-errors-during-address-.patch -Patch3: 0004-libnetlink-introduce-nc_flags.patch -Patch4: 0005-ipaddress-simplify-ipaddr_flush.patch -Patch5: 0006-ipaddress-fix-ipaddr_flush-for-Linux-3.1.patch -Patch6: 0007-bridge-drop-reference-to-unused-option-embedded-from.patch -Patch7: 0008-bridge-drop-man-page-fragment.patch -Patch8: 0009-bridge-fdb-add-use-option-to-set-NTF_USE-flag-in-fdb.patch -Patch9: 0010-ip-allow-ip-address-show-to-list-addresses-with-cert.patch -Patch10: 0011-ip-extend-ip-address-man-page-to-reflect-the-recent-.patch -Patch11: 0012-ip-address-fix-and-extend-documentation.patch -Patch12: 0013-ip-address.8.in-fix-BNF-syntax-error.patch -Patch13: 0014-man-ip-address-align-synopsis-with-help-output.patch -Patch14: 0015-man-ip-address-document-mngtmpaddr-and-noprefixroute.patch -Patch15: 0016-ss-return-1-if-an-unrecognized-option-was-given.patch -Patch16: 0017-ss-add-support-for-bytes_acked-bytes_received.patch -Patch17: 0018-ss-add-support-for-segs_in-and-segs_out.patch -Patch18: 0019-ip-address-fix-oneline-mode-for-interfaces-with-VF.patch -Patch19: 0020-neighbor-check-return-values.patch -Patch20: 0021-gre-raising-the-size-of-the-buffer-holding-nl-messag.patch -Patch21: 0022-Allow-specifying-bridge-port-STP-state-by-name-rathe.patch -Patch22: 0023-fix-ip-force-batch-to-continue-on-errors.patch -Patch23: 0024-ip-fix-exit-code-for-addrlabel.patch -Patch24: 0025-link-dump-filter.patch -Patch25: 0026-ip-return-correct-exit-code-on-route-failure.patch -Patch26: 0027-ip-fix-exit-code-for-rule-failures.patch -Patch27: 0028-libnetlink-add-size-argument-to-rtnl_talk.patch -Patch28: 0029-libnetlink-don-t-confuse-variables-in-rtnl_talk.patch -Patch29: 0030-man-ss-Fix-explanation-when-no-options-specified.patch -Patch30: 0031-iproute-restrict-hoplimit-values-to-be-in-range-0-25.patch -Patch31: 0032-iproute2-ip-route.8.in-minor-fixes.patch -Patch32: 0033-ip-route-enable-per-route-ecn-settings-via-features-.patch -Patch33: 0034-ip-route-add-congestion-control-metric.patch -Patch34: 0035-ip-link-remove-warning-message.patch -Patch35: 0036-route-ignore-RTAX_HOPLIMIT-of-value-1.patch -Patch36: 0037-route-Fix-printing-of-locked-entries.patch -Patch37: 0038-man-tc-add-man-page-for-fq-pacer.patch -Patch38: 0039-man-fix-whatis-for-fq.patch -Patch39: 0040-batch-support-quoted-strings.patch -Patch40: 0041-tc-add-a-man-page-for-basic-filter.patch -Patch41: 0042-tc-add-a-man-page-for-cgroup-filter.patch -Patch42: 0043-tc-add-a-man-page-for-flow-filter.patch -Patch43: 0044-tc-add-a-man-page-for-fw-filter.patch -Patch44: 0045-tc-add-a-man-page-for-route-filter.patch -Patch45: 0046-tc-add-a-man-page-for-tcindex-filter.patch -Patch46: 0047-tc-add-a-man-page-for-u32-filter.patch -Patch47: 0048-tc-ship-filter-man-pages-and-refer-to-them-in-tc.8.patch -Patch48: 0049-xfrm-add-command-for-configuring-SPD-hash-table.patch -Patch49: 0050-xfrm-revise-man-page-and-document-ip-xfrm-policy-set.patch -Patch50: 0051-iplink-update-available-type-list.patch -Patch51: 0052-iplink-add-support-for-bonding-netlink.patch -Patch52: 0053-iproute2-finish-support-for-bonding-attributes.patch -Patch53: 0054-introduce-support-for-slave-info-data.patch -Patch54: 0055-iplink-add-support-for-bonding-slave.patch -Patch55: 0056-iplink_bond-fix-arp_all_targets-parameter-name-in-ou.patch -Patch56: 0057-iplink_bond-fix-parameter-value-matching.patch -Patch57: 0058-iplink_bond_slave-show-mii_status-only-once.patch -Patch58: 0059-iplink-can-fix-help-text-and-man-page.patch -Patch59: 0060-ip-add-nlmon-as-a-device-type-to-help-message.patch -Patch60: 0061-iproute2-allow-to-change-slave-options-via-type_slav.patch -Patch61: 0062-add-help-command-to-bonding-master.patch -Patch62: 0063-ip-link-Shortify-printing-the-usage-of-link-type.patch -Patch63: 0064-iplink_bond-add-support-for-ad_actor-and-port_key-op.patch -Patch64: 0065-bonding-export-3ad-actor-and-partner-port-state.patch -Patch65: 0066-iplink-bonding-add-support-for-IFLA_BOND_TLB_DYNAMIC.patch -Patch66: 0067-bond-fix-return-after-invarg.patch -Patch67: 0068-ip-link-missing-options-in-bond-usage.patch -Patch68: 0069-ip-remove-extra-newlines-at-end-of-file.patch -Patch69: 0070-iplink-bond_slave-fix-ad_actor-partner_oper_port_sta.patch -Patch70: 0071-add-bridge_slave-device-support.patch -Patch71: 0072-add-bridge-master-device-support.patch -Patch72: 0073-iplink_bridge-add-support-for-ageing_time.patch -Patch73: 0074-iplink_bridge-add-support-for-stp_state.patch -Patch74: 0075-iplink_bridge-add-support-for-priority.patch -Patch75: 0076-iplink-use-the-short-format-to-print-help-info.patch -Patch76: 0077-iplink-shortify-printing-the-usage-of-link-type.patch -Patch77: 0078-iplink-add-ageing_time-stp_state-and-priority-for-br.patch -Patch78: 0079-ip-link-consolidate-macvlan-and-macvtap.patch -Patch79: 0080-ip-macvlan-support-MACVLAN_FLAG_NOPROMISC-flag.patch -Patch80: 0081-iproute2-ip6gre-update-man-pages.patch -Patch81: 0082-iproute-Descriptions-of-fou-and-gue-options-in-ip-li.patch -Patch82: 0083-ip-link-Document-IPoIB-link-type-in-the-man-page.patch -Patch83: 0084-iproute2-ip-link.8.in-Spelling-fixes.patch -Patch84: 0085-man-ip-link-Add-missing-link-types-vti-ipvlan-nlmon.patch -Patch85: 0086-man-ip-link-fix-a-typo.patch -Patch86: 0087-man-ip-link-document-MACVLAN-MACVTAP-interface-types.patch -Patch87: 0088-iplink-macvtap-fix-man-page.patch -Patch88: 0089-iprule-Align-help-text-with-man-page-synopsis.patch -Patch89: 0090-ipl2tp-Print-help-even-on-systems-without-l2tp-suppo.patch -Patch90: 0091-ip-align-help-text-with-manpage.patch -Patch91: 0092-ipaddrlabel-Improve-help-text-precision.patch -Patch92: 0093-iplink-fix-help-text-syntax.patch -Patch93: 0094-ipneigh-add-missing-proxy-keyword-to-help-text.patch -Patch94: 0095-ipntable-Fix-typo-in-help-text.patch -Patch95: 0096-iproute-TYPE-keyword-is-not-optional-fix-help-text-a.patch -Patch96: 0097-iprule-add-missing-nat-keyword-to-help-text.patch -Patch97: 0098-man-ip-address.8-Minor-syntax-fixes.patch -Patch98: 0099-man-ip-link.8-minor-font-fix.patch -Patch99: 0100-man-ip-link.8-Fix-and-improve-synopsis.patch -Patch100: 0101-man-ip-neighbour-Fix-for-missing-NUD_STATE-descripti.patch -Patch101: 0102-man-ip-netns.8-Clarify-synopsis-a-bit.patch -Patch102: 0103-man-ip-ntable.8-Review-synopsis-section.patch -Patch103: 0104-man-ip-rule.8-Review-synopsis-section.patch -Patch104: 0105-man-ip-token.8-Review-synopsis-section.patch -Patch105: 0106-add-vti-vti6-tunnel-modes-to-ip-tunnel-manual-page.patch -Patch106: 0107-man-ip-tunnel.8-Document-missing-6rd-action.patch -Patch107: 0108-man-ip-xfrm.8-Document-missing-parameters.patch -Patch108: 0109-man-ip-add-h-uman-readable-option.patch -Patch109: 0110-man-ip.8-Add-missing-flags-and-token-subcommand-desc.patch -Patch110: 0111-man-ip-l2tp.8-Fix-BNF-syntax.patch -Patch111: 0112-fix-spelling-of-Kuznetsov.patch -Patch112: 0113-man-Spelling-fixes.patch -Patch113: 0114-man-tc-htb-Fix-HRB-HTB-typo.patch -Patch114: 0115-TBF-man-page-fix-tbf-is-not-classless.patch -Patch115: 0116-man8-scrub-trailing-whitespace.patch -Patch116: 0117-man-ip-.8-drop-any-reference-to-generic-ip-options.patch -Patch117: 0118-fix-indentation-of-ip-neighbour-man-page.patch -Patch118: 0119-man-ip-neighbour.8-Document-all-known-nud-states.patch -Patch119: 0120-libnetlink-Double-the-dump-buffer-size.patch -Patch120: 0121-man-ip-link-Beef-up-VXLAN-csum-options-a-bit.patch -Patch121: 0122-fix-print_ipt-segfault-if-more-then-one-filter-with-.patch -Patch122: 0123-man-rtpr-add-minimal-manpage.patch -Patch123: 0124-tc-introduce-simple-action.patch -Patch124: 0125-simple-print-newline.patch -Patch125: 0126-tc-minor-spelling-fixes.patch -Patch126: 0127-whitespace-cleanup.patch -Patch127: 0128-tc-fix-compilation-warning-on-32bits-arch.patch -Patch128: 0129-man-Add-a-man-page-for-the-csum-action.patch -Patch129: 0130-man-Add-a-man-page-for-the-mirred-action.patch -Patch130: 0131-man-Add-a-man-page-for-the-nat-action.patch -Patch131: 0132-man-Add-a-man-page-for-the-pedit-action.patch -Patch132: 0133-man-Add-a-man-page-for-the-police-action.patch -Patch133: 0134-man-Add-a-man-page-for-the-simple-action.patch -Patch134: 0135-man-Add-a-man-page-for-the-skbedit-action.patch -Patch135: 0136-man-Add-a-man-page-for-the-xt-action.patch -Patch136: 0137-man-tc-u32-Minor-syntax-fix.patch -Patch137: 0138-tc-pedit-document-branch-control-in-help-output.patch -Patch138: 0139-tc-connmark-pedit-Rename-BRANCH-to-CONTROL.patch -Patch139: 0140-man-tc-csum.8-Add-an-example.patch -Patch140: 0141-man-tc-mirred.8-Reword-man-page-a-bit-add-generic-mi.patch -Patch141: 0142-man-tc-police.8-Emphasize-on-the-two-rate-control-me.patch -Patch142: 0143-man-tc-skbedit.8-Elaborate-a-bit-on-TX-queues.patch -Patch143: 0144-man-ship-action-man-pages.patch -Patch144: 0145-doc-Add-my-article-about-tc-filters-and-actions.patch -Patch145: 0146-doc-tc-filters.tex-Drop-overly-subjective-paragraphs.patch -Patch146: 0147-ss-Fix-wrong-filter-behaviour.patch -Patch147: 0148-ss-Drop-silly-assignment.patch -Patch148: 0149-ss-Fix-accidental-state-filter-override.patch -Patch149: 0150-ip-enable-configuring-multicast-group-autojoin.patch -Patch150: 0151-man-ip-ip-link-Fix-ip-option-location.patch -Patch151: 0152-ip-link-Allow-to-filter-devices-by-master-dev.patch -Patch152: 0153-ip-link-Show-devices-by-type.patch -Patch153: 0154-man-ip-link-Small-example-of-ip-link-show-master.patch -Patch154: 0155-ipaddress-Allow-listing-addresses-by-type.patch -Patch155: 0156-add-new-IFLA_VF_TRUST-netlink-attribute.patch -Patch156: 0157-iplink-Support-VF-Trust.patch -Patch157: 0158-ip-link-Support-printing-VF-trust-setting.patch -Patch158: 0159-man-ip-link.8-Fix-ip-link-delete-description.patch -Patch159: 0160-man-ip-address-ip-link-Document-type-quirk.patch -Patch160: 0161-iproute2-GENEVE-support.patch -Patch161: 0162-iproute2-update-ip-link.8-for-geneve-tunnels.patch -Patch162: 0163-iplink_geneve-add-ttl-configuration-at-link-creation.patch -Patch163: 0164-iplink_geneve-add-tos-configuration-at-link-creation.patch -Patch164: 0165-geneve-add-support-for-IPv6-link-partners.patch -Patch165: 0166-geneve-add-support-for-lwt-tunnel-creation-and-dst-p.patch -Patch166: 0167-geneve-Add-support-for-configuring-UDP-checksums.patch -Patch167: 0168-geneve-add-support-to-set-flow-label.patch -Patch168: 0169-geneve-fix-IPv6-remote-address-reporting.patch -Patch169: 0170-iproute2-utils-change-hexstring_n2a-and-hexstring_a2.patch -Patch170: 0171-iproute2-arpd-use-ll_addr_a2n-and-ll_addr_n2a.patch -Patch171: 0172-lib-ll_addr-improve-ll_addr_n2a-a-bit.patch -Patch172: 0173-utils-make-hexstring_a2n-provide-the-number-of-hex-d.patch -Patch173: 0174-utils-add-get_be-16-32-64-use-them-where-possible.patch -Patch174: 0175-utils-provide-get_hex-to-read-a-hex-digit-from-a-cha.patch -Patch175: 0176-ip-add-MACsec-support.patch -Patch176: 0177-utils-fix-hex-digits-parsing-in-hexstring_a2n.patch -Patch177: 0178-RH-INTERNAL-update-kernel-headers-to-v4.6.0.patch -Patch178: 0179-add-if_macsec-header.patch -Patch179: 0180-configure-Add-check-for-the-doc-tools.patch -Patch180: 0181-configure-Check-for-libmnl.patch -Patch181: 0182-configure-cleanup.patch -Patch182: 0183-include-add-linked-list-implementation-from-kernel.patch -Patch183: 0184-add-devlink-tool.patch -Patch184: 0185-devlink-ignore-build-result.patch -Patch185: 0186-devlink-fix-devlink-port-help-message.patch -Patch186: 0187-list-add-list_for_each_entry_reverse-macro.patch -Patch187: 0188-list-add-list_add_tail-helper.patch -Patch188: 0189-devlink-introduce-pr_out_port_handle-helper.patch -Patch189: 0190-devlink-introduce-helper-to-print-out-nice-names-ifn.patch -Patch190: 0191-devlink-split-dl_argv_parse_put-to-parse-and-put-par.patch -Patch191: 0192-devlink-introduce-dump-filtering-function.patch -Patch192: 0193-devlink-allow-to-parse-both-devlink-and-port-handle-.patch -Patch193: 0194-devlink-implement-shared-buffer-support.patch -Patch194: 0195-devlink-implement-shared-buffer-occupancy-control.patch -Patch195: 0196-devlink-add-manpage-for-shared-buffer.patch -Patch196: 0197-ip-route-restore-route-entries-in-correct-order.patch -Patch197: 0198-iproute-constify-rtattr_cmp.patch -Patch198: 0199-ip-link-Add-group-in-usage-for-ip-link-delete.patch -Patch199: 0200-iplink-List-valid-type-argument-in-ip-link-help-text.patch -Patch200: 0201-iplink-bond_slave-Add-missing-help-functions.patch -Patch201: 0202-man-ip-link-Add-deleting-links-by-group.patch -Patch202: 0203-man-ip-link-Add-short-description-about-group.patch -Patch203: 0204-man-ip-link-Remove-extra-GROUP-explanation.patch -Patch204: 0205-ip-link.8-Extend-type-list-in-synopsis.patch -Patch205: 0206-ip-link.8-Place-ip-link-set-warning-more-prominently.patch -Patch206: 0207-ip-link.8-Add-slave-type-option-descriptions.patch -Patch207: 0208-ip-link-fix-unterminated-string-in-manpage.patch -Patch208: 0209-vxlan-fix-help-and-man-text.patch -Patch209: 0210-ip-link-fix-man-page-warnings.patch -Patch210: 0211-ip-link.8-Fix-font-choices.patch -Patch211: 0212-ip-address.8-Document-autojoin-flag.patch -Patch212: 0213-route-allow-routes-to-be-configured-with-expire-valu.patch -Patch213: 0214-ip-route-timeout-for-routes-has-to-be-set-in-seconds.patch -Patch214: 0215-iproute2-ip-route.8.in-Add-expires-option-for-ip-rou.patch -Patch215: 0216-ipneigh-List-all-nud-states-in-help-output.patch -Patch216: 0217-Document-VF-link-state-control-in-the-ip-link-man-pa.patch -Patch217: 0218-man-ip-link-Document-query_rss-option.patch -Patch218: 0219-Add-support-to-configure-SR-IOV-VF-minimum-and-maxim.patch -Patch219: 0220-ip-check-for-missing-dev-arg-when-doing-VF-rate.patch -Patch220: 0221-ip-link-Remove-unnecessary-device-checking.patch -Patch221: 0222-ip-link-Fix-crash-on-older-kernels-when-show-VF-dev.patch -Patch222: 0223-iplink-Add-missing-variable-initialization.patch -Patch223: 0224-iplink-Check-address-length-via-netlink.patch -Patch224: 0225-Fix-MAC-address-length-check.patch -Patch225: 0226-ip-add-paren-to-silence-warning.patch -Patch226: 0227-doc-man-ip-rule-Remove-incorrect-statement-about-rul.patch -Patch227: 0228-man-ip-link-ip-address-Drop-references-to-ipvlan.patch -Patch228: 0229-man-ip-link-Drop-fou-and-gue-related-documentation.patch -Patch229: 0230-Revert-ip-fix-exit-code-for-rule-failures.patch -Patch230: 0231-Revert-ip-return-correct-exit-code-on-route-failure.patch -Patch231: 0232-Revert-link-dump-filter.patch -Patch232: 0233-Revert-ip-fix-exit-code-for-addrlabel.patch -Patch233: 0234-Revert-fix-ip-force-batch-to-continue-on-errors.patch -Patch234: 0235-Revert-Allow-specifying-bridge-port-STP-state-by-nam.patch -Patch235: 0236-man-macsec-fix-macsec-related-typos.patch -Patch236: 0237-ip-link-address-add-macsec-item-to-TYPE-list.patch -Patch237: 0238-macsec-cipher-and-icvlen-can-be-set-separately.patch -Patch238: 0239-man-ip-link.8-Document-missing-geneve-options.patch -Patch239: 0240-ip-link-add-missing-min-max-_tx_rate-to-help-text.patch -Patch240: 0241-ip-route-restore_handler-should-check-tb-RTA_PREFSRC.patch +Patch0: 0001-misc-ss-tcp-cwnd-should-be-unsigned.patch +Patch1: 0002-macsec-fix-input-of-port-improve-documentation-of-ad.patch +Patch2: 0003-macsec-fix-byte-ordering-on-input-display-of-sci.patch +Patch3: 0004-update-inet_diag.h-header.patch +Patch4: 0005-include-Add-linux-sctp.h.patch +Patch5: 0006-ss-Add-support-for-SCTP-protocol.patch +Patch6: 0007-remove-unnecessary-extern.patch +Patch7: 0008-utils-add-missing-return-value.patch +Patch8: 0009-libnetlink-introduce-rta_nest-and-u8-u16-u64-helpers.patch +Patch14: 0015-ip-route-Prevent-some-double-spaces-in-output.patch +Patch15: 0016-ipaddress-Simplify-vf_info-parsing.patch +Patch16: 0017-ipaddress-Print-IFLA_VF_QUERY_RSS_EN-setting.patch +Patch17: 0018-ip-vfinfo-remove-code-duplication-for-IFLA_VF_RSS_QU.patch +Patch18: 0019-macsec-fix-input-range-of-icvlen-parameter.patch +Patch19: 0020-iplink-bridge_slave-add-support-for-IFLA_BRPORT_MULT.patch +Patch20: 0021-iplink-bridge_slave-add-support-for-IFLA_BRPORT_FAST.patch +Patch21: 0022-man-ip-link-Remove-bits-about-proxy_arp-and-proxy_ar.patch +Patch22: 0023-iplink-add-missing-link-type.patch +Patch23: 0024-Revert-man-ip-link-Remove-bits-about-proxy_arp-and-p.patch +Patch24: 0025-iplink-bridge_slave-add-support-for-IFLA_BRPORT_PROX.patch +Patch25: 0026-iplink-bridge_slave-add-support-for-IFLA_BRPORT_PROX.patch +Patch26: 0027-bridge-fix-reporting-of-IPv6-addresses.patch +Patch27: 0028-iproute2-ipa-show-port-id.patch +Patch28: 0029-bridge-Add-learning-and-flood-support.patch +Patch29: 0030-bridge-Make-filter_index-match-in-signedness.patch +Patch30: 0031-link-dump-filter.patch +Patch31: 0032-iproute2-bridge-bring-to-above-par-with-brctl-show-m.patch +Patch32: 0033-bridge-fdb-fix-statistics-output-spacing.patch +Patch33: 0034-bridge-fdb-add-flag-indication-for-FDB-entry-synced-.patch +Patch34: 0035-bridge-link-add-option-self.patch +Patch35: 0036-bridge-link-add-learning_sync-policy-flag.patch +Patch36: 0037-iproute2-bridge-support-vlan-range-adds.patch +Patch37: 0038-iproute2-bridge-vlan-show-new-option-to-print-ranges.patch +Patch38: 0039-Allow-specifying-bridge-port-STP-state-by-name-rathe.patch +Patch39: 0040-bridge-link-add-support-to-specify-master.patch +Patch40: 0041-fix-ip-force-batch-to-continue-on-errors.patch +Patch41: 0042-route-label-externally-offloaded-routes.patch +Patch42: 0043-iproute2-unify-naming-for-entries-offloaded-to-hardw.patch +Patch43: 0044-ip-return-correct-exit-code-on-route-failure.patch +Patch44: 0045-iproute2-ipa-show-switch-id.patch +Patch45: 0046-ip-fix-all-the-checkpatch-warnings.patch +Patch46: 0047-bridge-mdb-add-support-for-router-add-del-notificati.patch +Patch47: 0048-ip-link-proto_down-config-and-display.patch +Patch48: 0049-bridge-mdb-add-support-for-vlans.patch +Patch49: 0050-bridge-mdb-add-deleted-when-monitoring-delmdb-event.patch +Patch50: 0051-iplink-add-support-for-IFLA_BR_VLAN_FILTERING-attrib.patch +Patch51: 0052-iplink-Add-support-for-IFLA_BR_VLAN_PROTOCOL-attribu.patch +Patch52: 0053-bridge-add-batch-command-support.patch +Patch53: 0054-ip-bridge-document-timestamp-option.patch +Patch54: 0055-bridge-add-calls-to-fflush-in-fdb-and-mdb-print-func.patch +Patch55: 0056-bridge-fdb-minor-syntax-fix-in-help-text.patch +Patch56: 0057-bridge.8-document-fdb-replace-command.patch +Patch57: 0058-bridge.8-minor-formatting-cleanup.patch +Patch58: 0059-bridge-support-for-static-fdb-entries.patch +Patch59: 0060-iplink-bridge-export-bridge_id-and-designated_root.patch +Patch60: 0061-iplink-bridge-export-root_-port-path_cost-topology_c.patch +Patch61: 0062-iplink-bridge-export-read-only-timers.patch +Patch62: 0063-iplink-bridge-add-support-for-IFLA_BR_GROUP_FWD_MASK.patch +Patch63: 0064-iplink-bridge-add-support-for-IFLA_BR_GROUP_ADDR.patch +Patch64: 0065-iplink-bridge-add-support-for-IFLA_BR_VLAN_DEFAULT_P.patch +Patch65: 0066-iplink-bridge-add-support-for-IFLA_BR_MCAST_ROUTER.patch +Patch66: 0067-iplink-bridge-add-support-for-IFLA_BR_MCAST_SNOOPING.patch +Patch67: 0068-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_US.patch +Patch68: 0069-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERIER.patch +Patch69: 0070-iplink-bridge-add-support-for-IFLA_BR_MCAST_HASH_ELA.patch +Patch70: 0071-iplink-bridge-add-support-for-IFLA_BR_MCAST_HASH_MAX.patch +Patch71: 0072-iplink-bridge-add-support-for-IFLA_BR_MCAST_LAST_MEM.patch +Patch72: 0073-iplink-bridge-add-support-for-IFLA_BR_MCAST_STARTUP_.patch +Patch73: 0074-iplink-bridge-add-support-for-IFLA_BR_MCAST_LAST_MEM.patch +Patch74: 0075-iplink-bridge-add-support-for-IFLA_BR_MCAST_MEMBERSH.patch +Patch75: 0076-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERIER_.patch +Patch76: 0077-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_IN.patch +Patch77: 0078-iplink-bridge-add-support-for-IFLA_BR_MCAST_QUERY_RE.patch +Patch78: 0079-iplink-bridge-add-support-for-IFLA_BR_MCAST_STARTUP_.patch +Patch79: 0080-iplink-bridge_slave-export-read-only-values.patch +Patch80: 0081-bridge-add-support-for-dynamic-fdb-entries.patch +Patch81: 0082-iplink-bridge-remove-unnecessary-returns.patch +Patch82: 0083-bridge-mdb-add-user-space-support-for-extended-attri.patch +Patch83: 0084-bridge-mdb-add-support-for-offloaded-mdb-entries.patch +Patch84: 0085-bridge-mdb-add-support-for-extended-router-port-info.patch +Patch85: 0086-bridge-code-cleanup.patch +Patch86: 0087-bridge-fdb-add-support-to-filter-by-vlan-id.patch +Patch87: 0088-bridge-mdb-add-support-to-filter-by-vlan-id.patch +Patch88: 0089-bridge-vlan-add-support-to-filter-by-vlan-id.patch +Patch89: 0090-bridge-vlan-fix-a-few-fdb-typos-in-vlan-doc.patch +Patch90: 0091-bridge-man-fix-brige-typo.patch +Patch91: 0092-bridge-man-fix-BPUD-typo.patch +Patch92: 0093-bridge-man-fix-STP-LISTENING-description.patch +Patch93: 0094-RH-INTERNAL-Update-kernel-headers-to-v4.10.0.patch +Patch94: 0095-bridge-add-support-for-the-multicast-flood-flag.patch +Patch95: 0096-change-of-rtnetlink-to-use-RTN_F_OFFLOAD.patch +Patch96: 0097-ip-make-resolve-addr-to-print-names-rather-than-addr.patch +Patch97: 0098-tc-add-support-for-Flower-classifier.patch +Patch98: 0099-tc-improve-filter-help-texts-a-bit.patch +Patch99: 0100-tc-add-a-man-page-for-flower-filter.patch +Patch100: 0101-tc-ship-filter-man-pages-and-refer-to-them-in-tc.8.patch +Patch101: 0102-ip6tunnel-print-local-remote-addresses-like-iptunnel.patch +Patch102: 0103-tc-flower-no-need-to-specify-the-ethertype.patch +Patch103: 0104-make-format_host-non-reentrant-by-default.patch +Patch104: 0105-utils-make-rt_addr_n2a-non-reentrant-by-default.patch +Patch105: 0106-lib-utils-introduce-rt_addr_n2a_rta.patch +Patch106: 0107-utils-add-get_be-16-32-64-use-them-where-possible.patch +Patch107: 0108-tc-flower-Add-skip_-hw-sw-support.patch +Patch108: 0109-tc-flower-Introduce-vlan-support.patch +Patch109: 0110-tc-flower-checkpatch-cleanups.patch +Patch110: 0111-tc-flower-Fix-usage-message.patch +Patch111: 0112-tc-flower-Support-matching-on-SCTP-ports.patch +Patch112: 0113-libnetlink-Introduce-rta_getattr_be.patch +Patch113: 0114-tc-cls_flower-Classify-packet-in-ip-tunnels.patch +Patch114: 0115-tc-flower-remove-references-to-eth_type-in-manpage.patch +Patch115: 0116-tc-flower-document-SCTP-ip_proto.patch +Patch116: 0117-tc-flower-correct-name-of-ip_proto-parameter-to-flow.patch +Patch117: 0118-tc-flower-make-use-of-flower_port_attr_type-safe-and.patch +Patch118: 0119-tc-flower-introduce-enum-flower_endpoint.patch +Patch119: 0120-tc-flower-support-matching-on-ICMP-type-and-code.patch +Patch120: 0121-tc-cls_flower-Add-dest-UDP-port-to-tunnel-params.patch +Patch121: 0122-tc-flower-Fix-typo-and-style-in-flower-man-page.patch +Patch122: 0123-tc-flower-document-that-_ip-parameters-take-a-PREFIX.patch +Patch123: 0124-tc-flower-Allow-_mac-options-to-accept-a-mask.patch +Patch124: 0125-tc-cls_flower-Add-to-the-usage-encapsulation-dest-UD.patch +Patch125: 0126-tc-flower-support-matching-flags.patch +Patch126: 0127-tc-flower-Update-dest-UDP-port-documentation.patch +Patch127: 0128-tc-flower-Fix-flower-output-for-src-and-dst-ports.patch +Patch128: 0129-tc-flower-Add-missing-err-check-when-parsing-flower-.patch +Patch129: 0130-tc-flower-Fix-incorrect-error-msg-about-eth-type.patch +Patch130: 0131-kernel-headers-update.patch +Patch131: 0132-tc-flower-Support-matching-ARP.patch +Patch132: 0133-tc-flower-Refactor-matching-flags-to-be-more-user-fr.patch +Patch133: 0134-f_flower-don-t-set-TCA_FLOWER_KEY_ETH_TYPE-for-proto.patch +Patch134: 0135-tc-flower-use-correct-type-when-calling-flower_icmp_.patch +Patch135: 0136-tc-flower-Update-documentation-to-indicate-ARP-takes.patch +Patch136: 0137-tc-flower-provide-generic-masked-u8-parser-helper.patch +Patch137: 0138-tc-flower-provide-generic-masked-u8-print-helper.patch +Patch138: 0139-tc-flower-support-masked-ICMP-code-and-type-match.patch +Patch139: 0140-tc-flower-Fix-parsing-ip-address.patch +Patch140: 0141-libgenl-introduce-genl_init_handle.patch +Patch141: 0142-macsec-show-usage-even-if-the-module-is-not-availabl.patch +Patch142: 0143-tc-don-t-accept-qdisc-handle-greater-than-ffff.patch +Patch143: 0144-ip-address-Support-filtering-by-slave-type-too.patch +Patch144: 0145-man-ss.8-Add-missing-protocols-to-description-of-A.patch +Patch145: 0146-xfrm-add-support-of-ESN-and-anti-replay-window.patch +Patch146: 0147-man-update-doc-after-support-of-ESN-and-anti-replay-.patch +Patch147: 0148-tc-m_xt-Prevent-segfault-with-standard-targets.patch +Patch148: 0149-tc-m_xt-Fix-segfault-when-adding-multiple-actions-at.patch +Patch149: 0150-tc-m_xt-Fix-indenting.patch +Patch150: 0151-tc-m_xt-Get-rid-of-one-indentation-level-in-parse_ip.patch +Patch151: 0152-tc-m_xt-Drop-unused-variable-fw-in-parse_ipt.patch +Patch152: 0153-tc-m_xt-Get-rid-of-rargc-in-parse_ipt.patch +Patch153: 0154-tc-m_xt-Get-rid-of-iargc-variable-in-parse_ipt.patch +Patch154: 0155-tc-m_xt-Simplify-argc-adjusting-in-parse_ipt.patch +Patch155: 0156-tc-m_xt-Introduce-get_xtables_target_opts.patch +Patch156: 0157-m_xt-whitespace-cleanup.patch +Patch157: 0158-tc-m_xt-Fix-segfault-with-iptables-1.6.0.patch +Patch158: 0159-tc-m_xt-Drop-needless-parentheses-from-if-checks.patch +Patch159: 0160-man-ip-link.8-document-bridge-options.patch +Patch160: 0161-man-ip-link-Specify-min-max-values-for-bridge-slave-.patch +Patch161: 0162-ip-route-Prevent-some-other-double-spaces-in-output.patch +Patch163: 0164-tc-Add-support-for-the-matchall-traffic-classifier.patch +Patch164: 0165-tc-man-Add-man-entry-for-the-matchall-classifier.patch +Patch165: 0166-tc-add-missing-limits.h-header.patch +Patch166: 0167-tc-man-matchall-Fix-example-indentation.patch +Patch167: 0168-tc-matchall-Print-skip-flags-when-dumping-a-filter.patch +Patch168: 0169-tc-clsact-add-clsact-frontend.patch +Patch169: 0170-devlink-Add-e-switch-support.patch +Patch170: 0171-devlink-whitespace-cleanup.patch +Patch171: 0172-devlink-Convert-conditional-in-dl_argv_handle_port-t.patch +Patch172: 0173-devlink-write-usage-help-messages-to-stderr.patch +Patch173: 0174-devlink-Add-usage-help-for-eswitch-subcommand.patch +Patch174: 0175-devlink-Call-dl_free-in-early-exit-case.patch License: GPLv2+ and Public Domain BuildRequires: bison BuildRequires: flex @@ -310,11 +238,6 @@ The libnetlink static library. %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 @@ -463,7 +386,6 @@ The libnetlink static library. %patch159 -p1 %patch160 -p1 %patch161 -p1 -%patch162 -p1 %patch163 -p1 %patch164 -p1 %patch165 -p1 @@ -476,72 +398,6 @@ The libnetlink static library. %patch172 -p1 %patch173 -p1 %patch174 -p1 -%patch175 -p1 -%patch176 -p1 -%patch177 -p1 -%patch178 -p1 -%patch179 -p1 -%patch180 -p1 -%patch181 -p1 -%patch182 -p1 -%patch183 -p1 -%patch184 -p1 -%patch185 -p1 -%patch186 -p1 -%patch187 -p1 -%patch188 -p1 -%patch189 -p1 -%patch190 -p1 -%patch191 -p1 -%patch192 -p1 -%patch193 -p1 -%patch194 -p1 -%patch195 -p1 -%patch196 -p1 -%patch197 -p1 -%patch198 -p1 -%patch199 -p1 -%patch200 -p1 -%patch201 -p1 -%patch202 -p1 -%patch203 -p1 -%patch204 -p1 -%patch205 -p1 -%patch206 -p1 -%patch207 -p1 -%patch208 -p1 -%patch209 -p1 -%patch210 -p1 -%patch211 -p1 -%patch212 -p1 -%patch213 -p1 -%patch214 -p1 -%patch215 -p1 -%patch216 -p1 -%patch217 -p1 -%patch218 -p1 -%patch219 -p1 -%patch220 -p1 -%patch221 -p1 -%patch222 -p1 -%patch223 -p1 -%patch224 -p1 -%patch225 -p1 -%patch226 -p1 -%patch227 -p1 -%patch228 -p1 -%patch229 -p1 -%patch230 -p1 -%patch231 -p1 -%patch232 -p1 -%patch233 -p1 -%patch234 -p1 -%patch235 -p1 -%patch236 -p1 -%patch237 -p1 -%patch238 -p1 -%patch239 -p1 -%patch240 -p1 sed -i 's/iproute-doc/%{name}-%{version}/' man/man8/lnstat.8 %build @@ -644,6 +500,211 @@ done %{_includedir}/libnetlink.h %changelog +* Tue Jun 13 2017 Sabrina Dubroca <sdubroca@redhat.com> [3.10.0-87.el7] +- devlink: Add e-switch support (Sabrina Dubroca) [1459772] +- devlink: whitespace cleanup (Sabrina Dubroca) [1459772] +- devlink: Convert conditional in dl_argv_handle_port() to switch() (Sabrina Dubroca) [1459772] +- devlink: write usage help messages to stderr (Sabrina Dubroca) [1459772] +- devlink: Add usage help for eswitch subcommand (Sabrina Dubroca) [1459772] +- devlink: Call dl_free in early exit case (Sabrina Dubroca) [1459772] + +* Mon Jun 12 2017 Eric Garver <egarver@redhat.com> [3.10.0-86.el7] +- Revert "ip-route man: add usage and description for lwtunnel encap attributes" (Eric Garver) [1459975] +- Revert "lwtunnel: implement support for ip6 encap" (Eric Garver) [1459975] +- Revert "lwtunnel: fix argument parsing" (Eric Garver) [1459975] +- Revert "lwtunnel: Add encapsulation support to ip route" (Eric Garver) [1459975] + +* Mon Jun 12 2017 Eric Garver <egarver@redhat.com> [3.10.0-85.el7] +- Revert "vxlan: Add support for remote checksum offload" (Eric Garver) [1459975] + +* Wed May 31 2017 Ivan Vecera <ivecera@redhat.com> [3.10.0-84.el7] +- tc: Add support for the matchall traffic classifier. (Ivan Vecera) [1435624] +- tc: man: Add man entry for the matchall classifier. (Ivan Vecera) [1435624] +- tc: add missing limits.h header (Ivan Vecera) [1435624] +- tc: man: matchall: Fix example indentation (Ivan Vecera) [1435624] +- tc: matchall: Print skip flags when dumping a filter (Ivan Vecera) [1435624] +- tc, clsact: add clsact frontend (Ivan Vecera) [1435624] + +* Thu May 18 2017 Phil Sutter <psutter@redhat.com> [3.10.0-83.el7] +- vxlan: Add support for remote checksum offload (Phil Sutter) [1446363] + +* Thu Apr 20 2017 Phil Sutter <psutter@redhat.com> [3.10.0-82.el7] +- ip-route: Prevent some other double spaces in output (Phil Sutter) [1374446] + +* Wed Apr 05 2017 Phil Sutter <psutter@redhat.com> [3.10.0-81.el7] +- man: ip-link: Specify min/max values for bridge slave priority and cost (Phil Sutter) [1374360] +- man: ip-link.8: document bridge options (Phil Sutter) [1373869] + +* Tue Apr 04 2017 Phil Sutter <psutter@redhat.com> [3.10.0-80.el7] +- tc: m_xt: Drop needless parentheses from #if checks (Phil Sutter) [1326726] +- tc: m_xt: Fix segfault with iptables-1.6.0 (Phil Sutter) [1326726] +- m_xt: whitespace cleanup (Phil Sutter) [1326726] +- tc: m_xt: Introduce get_xtables_target_opts() (Phil Sutter) [1326726] +- tc: m_xt: Simplify argc adjusting in parse_ipt() (Phil Sutter) [1326726] +- tc: m_xt: Get rid of iargc variable in parse_ipt() (Phil Sutter) [1326726] +- tc: m_xt: Get rid of rargc in parse_ipt() (Phil Sutter) [1326726] +- tc: m_xt: Drop unused variable fw in parse_ipt() (Phil Sutter) [1326726] +- tc: m_xt: Get rid of one indentation level in parse_ipt() (Phil Sutter) [1326726] +- tc: m_xt: Fix indenting (Phil Sutter) [1326726] +- tc: m_xt: Fix segfault when adding multiple actions at once (Phil Sutter) [1326726] +- tc: m_xt: Prevent segfault with standard targets (Phil Sutter) [1326726] +- man: update doc after support of ESN and anti-replay window (Phil Sutter) [1425059] +- xfrm: add support of ESN and anti-replay window (Phil Sutter) [1425059] + +* Fri Mar 17 2017 Phil Sutter <psutter@redhat.com> [3.10.0-79.el7] +- man: ss.8: Add missing protocols to description of -A (Phil Sutter) [1063934] + +* Fri Mar 17 2017 Phil Sutter <psutter@redhat.com> [3.10.0-78.el7] +- ip-address: Support filtering by slave type, too (Phil Sutter) [1375434] +- tc: don't accept qdisc 'handle' greater than ffff (Davide Caratti) [1375393] +- macsec: show usage even if the module is not available (Timothy Redaelli) [1367071] +- libgenl: introduce genl_init_handle (Timothy Redaelli) [1367071] +- tc: flower: Fix parsing ip address (Phil Sutter) [1422629] +- tc: flower: support masked ICMP code and type match (Phil Sutter) [1422629] +- tc: flower: provide generic masked u8 print helper (Phil Sutter) [1422629] +- tc: flower: provide generic masked u8 parser helper (Phil Sutter) [1422629] +- tc: flower: Update documentation to indicate ARP takes IPv4 prefixes (Phil Sutter) [1422629] +- tc: flower: use correct type when calling flower_icmp_attr_type (Phil Sutter) [1422629] +- f_flower: don't set TCA_FLOWER_KEY_ETH_TYPE for "protocol all" (Phil Sutter) [1422629] +- tc: flower: Refactor matching flags to be more user friendly (Phil Sutter) [1422629] +- tc: flower: Support matching ARP (Phil Sutter) [1422629] +- kernel headers update (Phil Sutter) [1422629] +- tc: flower: Fix incorrect error msg about eth type (Phil Sutter) [1422629] +- tc: flower: Add missing err check when parsing flower options (Phil Sutter) [1422629] +- tc: flower: Fix flower output for src and dst ports (Phil Sutter) [1422629] +- tc: flower: Update dest UDP port documentation (Phil Sutter) [1422629] +- tc: flower: support matching flags (Phil Sutter) [1422629] +- tc/cls_flower: Add to the usage encapsulation dest UDP port (Phil Sutter) [1422629] +- tc: flower: Allow *_mac options to accept a mask (Phil Sutter) [1422629] +- tc: flower: document that *_ip parameters take a PREFIX as an argument. (Phil Sutter) [1422629] +- tc: flower: Fix typo and style in flower man page (Phil Sutter) [1422629] +- tc/cls_flower: Add dest UDP port to tunnel params (Phil Sutter) [1422629] +- tc: flower: support matching on ICMP type and code (Phil Sutter) [1422629] +- tc: flower: introduce enum flower_endpoint (Phil Sutter) [1422629] +- tc: flower: make use of flower_port_attr_type() safe and silent (Phil Sutter) [1422629] +- tc: flower: correct name of ip_proto parameter to flower_parse_port() (Phil Sutter) [1422629] +- tc: flower: document SCTP ip_proto (Phil Sutter) [1422629] +- tc: flower: remove references to eth_type in manpage (Phil Sutter) [1422629] +- tc/cls_flower: Classify packet in ip tunnels (Phil Sutter) [1422629] +- libnetlink: Introduce rta_getattr_be*() (Phil Sutter) [1422629] +- tc: flower: Support matching on SCTP ports (Phil Sutter) [1422629] +- tc: flower: Fix usage message (Phil Sutter) [1422629] +- tc: flower checkpatch cleanups (Phil Sutter) [1422629] +- tc: flower: Introduce vlan support (Phil Sutter) [1422629] +- tc: flower: Add skip_{hw|sw} support (Phil Sutter) [1422629] +- utils: add get_be{16, 32, 64}, use them where possible (Phil Sutter) [1422629] +- lib/utils: introduce rt_addr_n2a_rta() (Phil Sutter) [1422629] +- utils: make rt_addr_n2a() non-reentrant by default (Phil Sutter) [1422629] +- make format_host non-reentrant by default (Phil Sutter) [1422629] +- tc: flower no need to specify the ethertype (Phil Sutter) [1422629] +- ip6tunnel: print local/remote addresses like iptunnel does (Phil Sutter) [1422629] +- tc: ship filter man pages and refer to them in tc.8 (Phil Sutter) [1422629] +- tc: add a man page for flower filter (Phil Sutter) [1422629] +- tc: improve filter help texts a bit (Phil Sutter) [1422629] +- tc: add support for Flower classifier (Phil Sutter) [1422629] +- ip: make -resolve addr to print names rather than addresses (Phil Sutter) [1422629] + +* Tue Feb 28 2017 Phil Sutter <psutter@redhat.com> [3.10.0-77.el7] +- change of rtnetlink to use RTN_F_OFFLOAD (Phil Sutter) [1417289] +- bridge: add support for the multicast flood flag (Phil Sutter) [1417289] +- RH-INTERNAL: Update kernel headers to v4.10.0 (Phil Sutter) [1417289] +- bridge: man: fix STP LISTENING description (Phil Sutter) [1417289] +- bridge: man: fix BPUD typo (Phil Sutter) [1417289] +- bridge: man: fix "brige" typo (Phil Sutter) [1417289] +- bridge: vlan: fix a few "fdb" typos in vlan doc (Phil Sutter) [1417289] +- bridge: vlan: add support to filter by vlan id (Phil Sutter) [1417289] +- bridge: mdb: add support to filter by vlan id (Phil Sutter) [1417289] +- bridge: fdb: add support to filter by vlan id (Phil Sutter) [1417289] +- bridge: code cleanup (Phil Sutter) [1417289] +- bridge: mdb: add support for extended router port information (Phil Sutter) [1417289] +- bridge: mdb: add support for offloaded mdb entries (Phil Sutter) [1417289] +- bridge: mdb: add user-space support for extended attributes (Phil Sutter) [1417289] +- iplink: bridge: remove unnecessary returns (Phil Sutter) [1417289] +- bridge: add support for dynamic fdb entries (Phil Sutter) [1417289] +- iplink: bridge_slave: export read-only values (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_STARTUP_QUERY_INTVL (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_QUERY_RESPONSE_INTVL (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_QUERY_INTVL (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_QUERIER_INTVL (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_MEMBERSHIP_INTVL (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_LAST_MEMBER_INTVL (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_STARTUP_QUERY_CNT (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_LAST_MEMBER_CNT (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_HASH_MAX (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_HASH_ELASTICITY (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_QUERIER (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_QUERY_USE_IFADDR (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_SNOOPING (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_MCAST_ROUTER (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_VLAN_DEFAULT_PVID (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_GROUP_ADDR (Phil Sutter) [1417289] +- iplink: bridge: add support for IFLA_BR_GROUP_FWD_MASK (Phil Sutter) [1417289] +- iplink: bridge: export read-only timers (Phil Sutter) [1417289] +- iplink: bridge: export root_(port|path_cost), topology_change and change_detected (Phil Sutter) [1417289] +- iplink: bridge: export bridge_id and designated_root (Phil Sutter) [1417289] +- bridge: support for static fdb entries (Phil Sutter) [1417289] +- bridge.8: minor formatting cleanup (Phil Sutter) [1417289] +- bridge.8: document fdb replace command (Phil Sutter) [1417289] +- bridge: fdb: minor syntax fix in help text (Phil Sutter) [1417289] +- bridge: add calls to fflush in fdb and mdb print functions (Phil Sutter) [1417289] +- ip, bridge: document -timestamp option (Phil Sutter) [1417289] +- bridge: add batch command support (Phil Sutter) [1417289] +- iplink: Add support for IFLA_BR_VLAN_PROTOCOL attribute (Phil Sutter) [1417289] +- iplink: add support for IFLA_BR_VLAN_FILTERING attribute (Phil Sutter) [1417289] +- bridge: mdb: add deleted when monitoring delmdb event (Phil Sutter) [1417289] +- bridge: mdb: add support for vlans (Phil Sutter) [1417289] +- ip link: proto_down config and display. (Phil Sutter) [1417289] +- bridge: mdb: add support for router add/del notifications monitoring (Phil Sutter) [1417289] +- ip: fix all the checkpatch warnings (Phil Sutter) [1417289] +- iproute2: ipa: show switch id (Phil Sutter) [1417289] +- ip: return correct exit code on route failure (Phil Sutter) [1417289] +- iproute2: unify naming for entries offloaded to hardware (Phil Sutter) [1417289] +- route: label externally offloaded routes (Phil Sutter) [1417289] +- fix ip -force -batch to continue on errors (Phil Sutter) [1417289] +- bridge link: add support to specify master (Phil Sutter) [1417289] +- Allow specifying bridge port STP state by name rather than number. (Phil Sutter) [1417289] +- iproute2: bridge vlan show new option to print ranges (Phil Sutter) [1417289] +- iproute2: bridge: support vlan range adds (Phil Sutter) [1417289] +- bridge/link: add learning_sync policy flag (Phil Sutter) [1417289] +- bridge link: add option 'self' (Phil Sutter) [1417289] +- bridge/fdb: add flag/indication for FDB entry synced from offload device (Phil Sutter) [1417289] +- bridge/fdb: fix statistics output spacing (Phil Sutter) [1417289] +- iproute2 bridge: bring to above par with brctl show macs (Phil Sutter) [1417289] +- link dump filter (Phil Sutter) [1417289] +- bridge: Make filter_index match in signedness (Phil Sutter) [1417289] +- bridge: Add learning and flood support (Phil Sutter) [1417289] +- iproute2: ipa: show port id (Phil Sutter) [1417289] +- bridge: fix reporting of IPv6 addresses (Phil Sutter) [1417289] +- iplink: bridge_slave: add support for IFLA_BRPORT_PROXYARP_WIFI (Phil Sutter) [1374360] +- iplink: bridge_slave: add support for IFLA_BRPORT_PROXYARP (Phil Sutter) [1374360] +- Revert "man: ip-link: Remove bits about proxy_arp and proxy_arp_wifi" (Phil Sutter) [1374360] + +* Tue Feb 21 2017 Phil Sutter <psutter@redhat.com> [3.10.0-76.el7] +- iplink: add missing link type (Phil Sutter) [1374493] +- man: ip-link: Remove bits about proxy_arp and proxy_arp_wifi (Phil Sutter) [1374360] +- iplink: bridge_slave: add support for IFLA_BRPORT_FAST_LEAVE (Phil Sutter) [1374360] +- iplink: bridge_slave: add support for IFLA_BRPORT_MULTICAST_ROUTER (Phil Sutter) [1374360] +- macsec: fix input range of 'icvlen' parameter (Phil Sutter) [1373121] + +* Tue Feb 21 2017 Phil Sutter <psutter@redhat.com> [3.10.0-75.el7] +- ip: vfinfo: remove code duplication for IFLA_VF_RSS_QUERY_EN (Timothy Redaelli) [1264149] +- ipaddress: Print IFLA_VF_QUERY_RSS_EN setting (Timothy Redaelli) [1264149] +- ipaddress: Simplify vf_info parsing (Timothy Redaelli) [1264149] +- ip-route: Prevent some double spaces in output (Timothy Redaelli) [1374446] +- ip-route man: add usage and description for lwtunnel encap attributes (Phil Sutter) [1329730] +- lwtunnel: implement support for ip6 encap (Phil Sutter) [1329730] +- lwtunnel: fix argument parsing (Phil Sutter) [1329730] +- lwtunnel: Add encapsulation support to ip route (Phil Sutter) [1329730] +- libnetlink: introduce rta_nest and u8, u16, u64 helpers for nesting within rtattr (Phil Sutter) [1329730] +- utils: add missing return value (Phil Sutter) [1329730] +- remove unnecessary extern (Phil Sutter) [1329730] +- ss: Add support for SCTP protocol (Phil Sutter) [1063934] +- include: Add linux/sctp.h (Phil Sutter) [1063934] +- update inet_diag.h header (Phil Sutter) [1063934] +- macsec: fix byte ordering on input/display of 'sci' (Davide Caratti) [1355629] +- macsec: fix input of 'port', improve documentation of 'address' (Davide Caratti) [1355629] +- misc/ss: tcp cwnd should be unsigned (Davide Caratti) [1375215] + * Thu Aug 25 2016 Phil Sutter <psutter@redhat.com> [3.10.0-74.el7] - ip route: restore_handler should check tb[RTA_PREFSRC] for local networks (Phil Sutter) [1362728]