From 74a1def487be43850f4a201245193ef54c834388 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 24 2021 22:29:28 +0000 Subject: import iproute-5.12.0-3.el8 --- diff --git a/SOURCES/0003-mptcp-add-support-for-port-based-endpoint.patch b/SOURCES/0003-mptcp-add-support-for-port-based-endpoint.patch new file mode 100644 index 0000000..1633cd0 --- /dev/null +++ b/SOURCES/0003-mptcp-add-support-for-port-based-endpoint.patch @@ -0,0 +1,123 @@ +From 0ccd2dbb3eca44a892a183db8c2e4221488ecf51 Mon Sep 17 00:00:00 2001 +Message-Id: <0ccd2dbb3eca44a892a183db8c2e4221488ecf51.1628790091.git.aclaudi@redhat.com> +In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Mon, 9 Aug 2021 15:18:11 +0200 +Subject: [PATCH] mptcp: add support for port based endpoint + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1984733 +Upstream Status: iproute2.git commit 42fbca91 + +commit 42fbca91cd616ae714c3f6aa2d4e2c3399498e38 +Author: Paolo Abeni +Date: Fri Feb 19 21:42:55 2021 +0100 + + mptcp: add support for port based endpoint + + The feature is supported by the kernel since 5.11-net-next, + let's allow user-space to use it. + + Just parse and dump an additional, per endpoint, u16 attribute + + Signed-off-by: Paolo Abeni + Signed-off-by: David Ahern + +Signed-off-by: Andrea Claudi +--- + ip/ipmptcp.c | 16 ++++++++++++++-- + man/man8/ip-mptcp.8 | 8 ++++++++ + 2 files changed, 22 insertions(+), 2 deletions(-) + +diff --git a/ip/ipmptcp.c b/ip/ipmptcp.c +index e1ffafb3..5f659b59 100644 +--- a/ip/ipmptcp.c ++++ b/ip/ipmptcp.c +@@ -17,7 +17,7 @@ static void usage(void) + { + fprintf(stderr, + "Usage: ip mptcp endpoint add ADDRESS [ dev NAME ] [ id ID ]\n" +- " [ FLAG-LIST ]\n" ++ " [ port NR ] [ FLAG-LIST ]\n" + " ip mptcp endpoint delete id ID\n" + " ip mptcp endpoint show [ id ID ]\n" + " ip mptcp endpoint flush\n" +@@ -97,6 +97,7 @@ static int mptcp_parse_opt(int argc, char **argv, struct nlmsghdr *n, + bool id_set = false; + __u32 index = 0; + __u32 flags = 0; ++ __u16 port = 0; + __u8 id = 0; + + ll_init_map(&rth); +@@ -123,6 +124,10 @@ static int mptcp_parse_opt(int argc, char **argv, struct nlmsghdr *n, + if (!index) + invarg("device does not exist\n", ifname); + ++ } else if (matches(*argv, "port") == 0) { ++ NEXT_ARG(); ++ if (get_u16(&port, *argv, 0)) ++ invarg("expected port", *argv); + } else if (get_addr(&address, *argv, AF_UNSPEC) == 0) { + addr_set = true; + } else { +@@ -145,6 +150,8 @@ static int mptcp_parse_opt(int argc, char **argv, struct nlmsghdr *n, + addattr32(n, MPTCP_BUFLEN, MPTCP_PM_ADDR_ATTR_FLAGS, flags); + if (index) + addattr32(n, MPTCP_BUFLEN, MPTCP_PM_ADDR_ATTR_IF_IDX, index); ++ if (port) ++ addattr16(n, MPTCP_BUFLEN, MPTCP_PM_ADDR_ATTR_PORT, port); + if (addr_set) { + int type; + +@@ -181,8 +188,8 @@ static int print_mptcp_addrinfo(struct rtattr *addrinfo) + __u8 family = AF_UNSPEC, addr_attr_type; + const char *ifname; + unsigned int flags; ++ __u16 id, port; + int index; +- __u16 id; + + parse_rtattr_nested(tb, MPTCP_PM_ADDR_ATTR_MAX, addrinfo); + +@@ -196,6 +203,11 @@ static int print_mptcp_addrinfo(struct rtattr *addrinfo) + print_string(PRINT_ANY, "address", "%s ", + format_host_rta(family, tb[addr_attr_type])); + } ++ if (tb[MPTCP_PM_ADDR_ATTR_PORT]) { ++ port = rta_getattr_u16(tb[MPTCP_PM_ADDR_ATTR_PORT]); ++ if (port) ++ print_uint(PRINT_ANY, "port", "port %u ", port); ++ } + if (tb[MPTCP_PM_ADDR_ATTR_ID]) { + id = rta_getattr_u8(tb[MPTCP_PM_ADDR_ATTR_ID]); + print_uint(PRINT_ANY, "id", "id %u ", id); +diff --git a/man/man8/ip-mptcp.8 b/man/man8/ip-mptcp.8 +index ef8409ea..98cb93b9 100644 +--- a/man/man8/ip-mptcp.8 ++++ b/man/man8/ip-mptcp.8 +@@ -20,6 +20,8 @@ ip-mptcp \- MPTCP path manager configuration + .ti -8 + .BR "ip mptcp endpoint add " + .IR IFADDR ++.RB "[ " port ++.IR PORT " ]" + .RB "[ " dev + .IR IFNAME " ]" + .RB "[ " id +@@ -87,6 +89,12 @@ ip mptcp endpoint flush flush all existing MPTCP endpoints + .TE + + .TP ++.IR PORT ++When a port number is specified, incoming MPTCP subflows for already ++established MPTCP sockets will be accepted on the specified port, regardless ++the original listener port accepting the first MPTCP subflow and/or ++this peer being actually on the client side. ++ + .IR ID + is a unique numeric identifier for the given endpoint + +-- +2.31.1 + diff --git a/SOURCES/0004-Update-kernel-headers.patch b/SOURCES/0004-Update-kernel-headers.patch new file mode 100644 index 0000000..7f5a9c6 --- /dev/null +++ b/SOURCES/0004-Update-kernel-headers.patch @@ -0,0 +1,986 @@ +From 2e5b8fd1e0e8fc4135bd6a162f32df5e624262b1 Mon Sep 17 00:00:00 2001 +Message-Id: <2e5b8fd1e0e8fc4135bd6a162f32df5e624262b1.1628790091.git.aclaudi@redhat.com> +In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Wed, 11 Aug 2021 12:55:14 +0200 +Subject: [PATCH] Update kernel headers + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1981393 +Upstream Status: iproute2.git commit a5b355c0 + +commit a5b355c08c62fb5b3a42d0e27ef05571c7b30e2e +Author: David Ahern +Date: Fri Mar 19 14:59:17 2021 +0000 + + Update kernel headers + + Update kernel headers to commit: + 38cb57602369 ("selftests: net: forwarding: Fix a typo") + + Signed-off-by: David Ahern + +Signed-off-by: Andrea Claudi +--- + include/uapi/linux/bpf.h | 764 ++++++++++++++++++++++++++++++++- + include/uapi/linux/btf.h | 5 +- + include/uapi/linux/nexthop.h | 47 +- + include/uapi/linux/pkt_cls.h | 2 + + include/uapi/linux/rtnetlink.h | 7 + + 5 files changed, 818 insertions(+), 7 deletions(-) + +diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h +index b1aba6af..502934f7 100644 +--- a/include/uapi/linux/bpf.h ++++ b/include/uapi/linux/bpf.h +@@ -93,7 +93,717 @@ union bpf_iter_link_info { + } map; + }; + +-/* BPF syscall commands, see bpf(2) man-page for details. */ ++/* BPF syscall commands, see bpf(2) man-page for more details. */ ++/** ++ * DOC: eBPF Syscall Preamble ++ * ++ * The operation to be performed by the **bpf**\ () system call is determined ++ * by the *cmd* argument. Each operation takes an accompanying argument, ++ * provided via *attr*, which is a pointer to a union of type *bpf_attr* (see ++ * below). The size argument is the size of the union pointed to by *attr*. ++ */ ++/** ++ * DOC: eBPF Syscall Commands ++ * ++ * BPF_MAP_CREATE ++ * Description ++ * Create a map and return a file descriptor that refers to the ++ * map. The close-on-exec file descriptor flag (see **fcntl**\ (2)) ++ * is automatically enabled for the new file descriptor. ++ * ++ * Applying **close**\ (2) to the file descriptor returned by ++ * **BPF_MAP_CREATE** will delete the map (but see NOTES). ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_MAP_LOOKUP_ELEM ++ * Description ++ * Look up an element with a given *key* in the map referred to ++ * by the file descriptor *map_fd*. ++ * ++ * The *flags* argument may be specified as one of the ++ * following: ++ * ++ * **BPF_F_LOCK** ++ * Look up the value of a spin-locked map without ++ * returning the lock. This must be specified if the ++ * elements contain a spinlock. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_MAP_UPDATE_ELEM ++ * Description ++ * Create or update an element (key/value pair) in a specified map. ++ * ++ * The *flags* argument should be specified as one of the ++ * following: ++ * ++ * **BPF_ANY** ++ * Create a new element or update an existing element. ++ * **BPF_NOEXIST** ++ * Create a new element only if it did not exist. ++ * **BPF_EXIST** ++ * Update an existing element. ++ * **BPF_F_LOCK** ++ * Update a spin_lock-ed map element. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * May set *errno* to **EINVAL**, **EPERM**, **ENOMEM**, ++ * **E2BIG**, **EEXIST**, or **ENOENT**. ++ * ++ * **E2BIG** ++ * The number of elements in the map reached the ++ * *max_entries* limit specified at map creation time. ++ * **EEXIST** ++ * If *flags* specifies **BPF_NOEXIST** and the element ++ * with *key* already exists in the map. ++ * **ENOENT** ++ * If *flags* specifies **BPF_EXIST** and the element with ++ * *key* does not exist in the map. ++ * ++ * BPF_MAP_DELETE_ELEM ++ * Description ++ * Look up and delete an element by key in a specified map. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_MAP_GET_NEXT_KEY ++ * Description ++ * Look up an element by key in a specified map and return the key ++ * of the next element. Can be used to iterate over all elements ++ * in the map. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * The following cases can be used to iterate over all elements of ++ * the map: ++ * ++ * * If *key* is not found, the operation returns zero and sets ++ * the *next_key* pointer to the key of the first element. ++ * * If *key* is found, the operation returns zero and sets the ++ * *next_key* pointer to the key of the next element. ++ * * If *key* is the last element, returns -1 and *errno* is set ++ * to **ENOENT**. ++ * ++ * May set *errno* to **ENOMEM**, **EFAULT**, **EPERM**, or ++ * **EINVAL** on error. ++ * ++ * BPF_PROG_LOAD ++ * Description ++ * Verify and load an eBPF program, returning a new file ++ * descriptor associated with the program. ++ * ++ * Applying **close**\ (2) to the file descriptor returned by ++ * **BPF_PROG_LOAD** will unload the eBPF program (but see NOTES). ++ * ++ * The close-on-exec file descriptor flag (see **fcntl**\ (2)) is ++ * automatically enabled for the new file descriptor. ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_OBJ_PIN ++ * Description ++ * Pin an eBPF program or map referred by the specified *bpf_fd* ++ * to the provided *pathname* on the filesystem. ++ * ++ * The *pathname* argument must not contain a dot ("."). ++ * ++ * On success, *pathname* retains a reference to the eBPF object, ++ * preventing deallocation of the object when the original ++ * *bpf_fd* is closed. This allow the eBPF object to live beyond ++ * **close**\ (\ *bpf_fd*\ ), and hence the lifetime of the parent ++ * process. ++ * ++ * Applying **unlink**\ (2) or similar calls to the *pathname* ++ * unpins the object from the filesystem, removing the reference. ++ * If no other file descriptors or filesystem nodes refer to the ++ * same object, it will be deallocated (see NOTES). ++ * ++ * The filesystem type for the parent directory of *pathname* must ++ * be **BPF_FS_MAGIC**. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_OBJ_GET ++ * Description ++ * Open a file descriptor for the eBPF object pinned to the ++ * specified *pathname*. ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_PROG_ATTACH ++ * Description ++ * Attach an eBPF program to a *target_fd* at the specified ++ * *attach_type* hook. ++ * ++ * The *attach_type* specifies the eBPF attachment point to ++ * attach the program to, and must be one of *bpf_attach_type* ++ * (see below). ++ * ++ * The *attach_bpf_fd* must be a valid file descriptor for a ++ * loaded eBPF program of a cgroup, flow dissector, LIRC, sockmap ++ * or sock_ops type corresponding to the specified *attach_type*. ++ * ++ * The *target_fd* must be a valid file descriptor for a kernel ++ * object which depends on the attach type of *attach_bpf_fd*: ++ * ++ * **BPF_PROG_TYPE_CGROUP_DEVICE**, ++ * **BPF_PROG_TYPE_CGROUP_SKB**, ++ * **BPF_PROG_TYPE_CGROUP_SOCK**, ++ * **BPF_PROG_TYPE_CGROUP_SOCK_ADDR**, ++ * **BPF_PROG_TYPE_CGROUP_SOCKOPT**, ++ * **BPF_PROG_TYPE_CGROUP_SYSCTL**, ++ * **BPF_PROG_TYPE_SOCK_OPS** ++ * ++ * Control Group v2 hierarchy with the eBPF controller ++ * enabled. Requires the kernel to be compiled with ++ * **CONFIG_CGROUP_BPF**. ++ * ++ * **BPF_PROG_TYPE_FLOW_DISSECTOR** ++ * ++ * Network namespace (eg /proc/self/ns/net). ++ * ++ * **BPF_PROG_TYPE_LIRC_MODE2** ++ * ++ * LIRC device path (eg /dev/lircN). Requires the kernel ++ * to be compiled with **CONFIG_BPF_LIRC_MODE2**. ++ * ++ * **BPF_PROG_TYPE_SK_SKB**, ++ * **BPF_PROG_TYPE_SK_MSG** ++ * ++ * eBPF map of socket type (eg **BPF_MAP_TYPE_SOCKHASH**). ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_PROG_DETACH ++ * Description ++ * Detach the eBPF program associated with the *target_fd* at the ++ * hook specified by *attach_type*. The program must have been ++ * previously attached using **BPF_PROG_ATTACH**. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_PROG_TEST_RUN ++ * Description ++ * Run the eBPF program associated with the *prog_fd* a *repeat* ++ * number of times against a provided program context *ctx_in* and ++ * data *data_in*, and return the modified program context ++ * *ctx_out*, *data_out* (for example, packet data), result of the ++ * execution *retval*, and *duration* of the test run. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * **ENOSPC** ++ * Either *data_size_out* or *ctx_size_out* is too small. ++ * **ENOTSUPP** ++ * This command is not supported by the program type of ++ * the program referred to by *prog_fd*. ++ * ++ * BPF_PROG_GET_NEXT_ID ++ * Description ++ * Fetch the next eBPF program currently loaded into the kernel. ++ * ++ * Looks for the eBPF program with an id greater than *start_id* ++ * and updates *next_id* on success. If no other eBPF programs ++ * remain with ids higher than *start_id*, returns -1 and sets ++ * *errno* to **ENOENT**. ++ * ++ * Return ++ * Returns zero on success. On error, or when no id remains, -1 ++ * is returned and *errno* is set appropriately. ++ * ++ * BPF_MAP_GET_NEXT_ID ++ * Description ++ * Fetch the next eBPF map currently loaded into the kernel. ++ * ++ * Looks for the eBPF map with an id greater than *start_id* ++ * and updates *next_id* on success. If no other eBPF maps ++ * remain with ids higher than *start_id*, returns -1 and sets ++ * *errno* to **ENOENT**. ++ * ++ * Return ++ * Returns zero on success. On error, or when no id remains, -1 ++ * is returned and *errno* is set appropriately. ++ * ++ * BPF_PROG_GET_FD_BY_ID ++ * Description ++ * Open a file descriptor for the eBPF program corresponding to ++ * *prog_id*. ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_MAP_GET_FD_BY_ID ++ * Description ++ * Open a file descriptor for the eBPF map corresponding to ++ * *map_id*. ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_OBJ_GET_INFO_BY_FD ++ * Description ++ * Obtain information about the eBPF object corresponding to ++ * *bpf_fd*. ++ * ++ * Populates up to *info_len* bytes of *info*, which will be in ++ * one of the following formats depending on the eBPF object type ++ * of *bpf_fd*: ++ * ++ * * **struct bpf_prog_info** ++ * * **struct bpf_map_info** ++ * * **struct bpf_btf_info** ++ * * **struct bpf_link_info** ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_PROG_QUERY ++ * Description ++ * Obtain information about eBPF programs associated with the ++ * specified *attach_type* hook. ++ * ++ * The *target_fd* must be a valid file descriptor for a kernel ++ * object which depends on the attach type of *attach_bpf_fd*: ++ * ++ * **BPF_PROG_TYPE_CGROUP_DEVICE**, ++ * **BPF_PROG_TYPE_CGROUP_SKB**, ++ * **BPF_PROG_TYPE_CGROUP_SOCK**, ++ * **BPF_PROG_TYPE_CGROUP_SOCK_ADDR**, ++ * **BPF_PROG_TYPE_CGROUP_SOCKOPT**, ++ * **BPF_PROG_TYPE_CGROUP_SYSCTL**, ++ * **BPF_PROG_TYPE_SOCK_OPS** ++ * ++ * Control Group v2 hierarchy with the eBPF controller ++ * enabled. Requires the kernel to be compiled with ++ * **CONFIG_CGROUP_BPF**. ++ * ++ * **BPF_PROG_TYPE_FLOW_DISSECTOR** ++ * ++ * Network namespace (eg /proc/self/ns/net). ++ * ++ * **BPF_PROG_TYPE_LIRC_MODE2** ++ * ++ * LIRC device path (eg /dev/lircN). Requires the kernel ++ * to be compiled with **CONFIG_BPF_LIRC_MODE2**. ++ * ++ * **BPF_PROG_QUERY** always fetches the number of programs ++ * attached and the *attach_flags* which were used to attach those ++ * programs. Additionally, if *prog_ids* is nonzero and the number ++ * of attached programs is less than *prog_cnt*, populates ++ * *prog_ids* with the eBPF program ids of the programs attached ++ * at *target_fd*. ++ * ++ * The following flags may alter the result: ++ * ++ * **BPF_F_QUERY_EFFECTIVE** ++ * Only return information regarding programs which are ++ * currently effective at the specified *target_fd*. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_RAW_TRACEPOINT_OPEN ++ * Description ++ * Attach an eBPF program to a tracepoint *name* to access kernel ++ * internal arguments of the tracepoint in their raw form. ++ * ++ * The *prog_fd* must be a valid file descriptor associated with ++ * a loaded eBPF program of type **BPF_PROG_TYPE_RAW_TRACEPOINT**. ++ * ++ * No ABI guarantees are made about the content of tracepoint ++ * arguments exposed to the corresponding eBPF program. ++ * ++ * Applying **close**\ (2) to the file descriptor returned by ++ * **BPF_RAW_TRACEPOINT_OPEN** will delete the map (but see NOTES). ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_BTF_LOAD ++ * Description ++ * Verify and load BPF Type Format (BTF) metadata into the kernel, ++ * returning a new file descriptor associated with the metadata. ++ * BTF is described in more detail at ++ * https://www.kernel.org/doc/html/latest/bpf/btf.html. ++ * ++ * The *btf* parameter must point to valid memory providing ++ * *btf_size* bytes of BTF binary metadata. ++ * ++ * The returned file descriptor can be passed to other **bpf**\ () ++ * subcommands such as **BPF_PROG_LOAD** or **BPF_MAP_CREATE** to ++ * associate the BTF with those objects. ++ * ++ * Similar to **BPF_PROG_LOAD**, **BPF_BTF_LOAD** has optional ++ * parameters to specify a *btf_log_buf*, *btf_log_size* and ++ * *btf_log_level* which allow the kernel to return freeform log ++ * output regarding the BTF verification process. ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_BTF_GET_FD_BY_ID ++ * Description ++ * Open a file descriptor for the BPF Type Format (BTF) ++ * corresponding to *btf_id*. ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_TASK_FD_QUERY ++ * Description ++ * Obtain information about eBPF programs associated with the ++ * target process identified by *pid* and *fd*. ++ * ++ * If the *pid* and *fd* are associated with a tracepoint, kprobe ++ * or uprobe perf event, then the *prog_id* and *fd_type* will ++ * be populated with the eBPF program id and file descriptor type ++ * of type **bpf_task_fd_type**. If associated with a kprobe or ++ * uprobe, the *probe_offset* and *probe_addr* will also be ++ * populated. Optionally, if *buf* is provided, then up to ++ * *buf_len* bytes of *buf* will be populated with the name of ++ * the tracepoint, kprobe or uprobe. ++ * ++ * The resulting *prog_id* may be introspected in deeper detail ++ * using **BPF_PROG_GET_FD_BY_ID** and **BPF_OBJ_GET_INFO_BY_FD**. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_MAP_LOOKUP_AND_DELETE_ELEM ++ * Description ++ * Look up an element with the given *key* in the map referred to ++ * by the file descriptor *fd*, and if found, delete the element. ++ * ++ * The **BPF_MAP_TYPE_QUEUE** and **BPF_MAP_TYPE_STACK** map types ++ * implement this command as a "pop" operation, deleting the top ++ * element rather than one corresponding to *key*. ++ * The *key* and *key_len* parameters should be zeroed when ++ * issuing this operation for these map types. ++ * ++ * This command is only valid for the following map types: ++ * * **BPF_MAP_TYPE_QUEUE** ++ * * **BPF_MAP_TYPE_STACK** ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_MAP_FREEZE ++ * Description ++ * Freeze the permissions of the specified map. ++ * ++ * Write permissions may be frozen by passing zero *flags*. ++ * Upon success, no future syscall invocations may alter the ++ * map state of *map_fd*. Write operations from eBPF programs ++ * are still possible for a frozen map. ++ * ++ * Not supported for maps of type **BPF_MAP_TYPE_STRUCT_OPS**. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_BTF_GET_NEXT_ID ++ * Description ++ * Fetch the next BPF Type Format (BTF) object currently loaded ++ * into the kernel. ++ * ++ * Looks for the BTF object with an id greater than *start_id* ++ * and updates *next_id* on success. If no other BTF objects ++ * remain with ids higher than *start_id*, returns -1 and sets ++ * *errno* to **ENOENT**. ++ * ++ * Return ++ * Returns zero on success. On error, or when no id remains, -1 ++ * is returned and *errno* is set appropriately. ++ * ++ * BPF_MAP_LOOKUP_BATCH ++ * Description ++ * Iterate and fetch multiple elements in a map. ++ * ++ * Two opaque values are used to manage batch operations, ++ * *in_batch* and *out_batch*. Initially, *in_batch* must be set ++ * to NULL to begin the batched operation. After each subsequent ++ * **BPF_MAP_LOOKUP_BATCH**, the caller should pass the resultant ++ * *out_batch* as the *in_batch* for the next operation to ++ * continue iteration from the current point. ++ * ++ * The *keys* and *values* are output parameters which must point ++ * to memory large enough to hold *count* items based on the key ++ * and value size of the map *map_fd*. The *keys* buffer must be ++ * of *key_size* * *count*. The *values* buffer must be of ++ * *value_size* * *count*. ++ * ++ * The *elem_flags* argument may be specified as one of the ++ * following: ++ * ++ * **BPF_F_LOCK** ++ * Look up the value of a spin-locked map without ++ * returning the lock. This must be specified if the ++ * elements contain a spinlock. ++ * ++ * On success, *count* elements from the map are copied into the ++ * user buffer, with the keys copied into *keys* and the values ++ * copied into the corresponding indices in *values*. ++ * ++ * If an error is returned and *errno* is not **EFAULT**, *count* ++ * is set to the number of successfully processed elements. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * May set *errno* to **ENOSPC** to indicate that *keys* or ++ * *values* is too small to dump an entire bucket during ++ * iteration of a hash-based map type. ++ * ++ * BPF_MAP_LOOKUP_AND_DELETE_BATCH ++ * Description ++ * Iterate and delete all elements in a map. ++ * ++ * This operation has the same behavior as ++ * **BPF_MAP_LOOKUP_BATCH** with two exceptions: ++ * ++ * * Every element that is successfully returned is also deleted ++ * from the map. This is at least *count* elements. Note that ++ * *count* is both an input and an output parameter. ++ * * Upon returning with *errno* set to **EFAULT**, up to ++ * *count* elements may be deleted without returning the keys ++ * and values of the deleted elements. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_MAP_UPDATE_BATCH ++ * Description ++ * Update multiple elements in a map by *key*. ++ * ++ * The *keys* and *values* are input parameters which must point ++ * to memory large enough to hold *count* items based on the key ++ * and value size of the map *map_fd*. The *keys* buffer must be ++ * of *key_size* * *count*. The *values* buffer must be of ++ * *value_size* * *count*. ++ * ++ * Each element specified in *keys* is sequentially updated to the ++ * value in the corresponding index in *values*. The *in_batch* ++ * and *out_batch* parameters are ignored and should be zeroed. ++ * ++ * The *elem_flags* argument should be specified as one of the ++ * following: ++ * ++ * **BPF_ANY** ++ * Create new elements or update a existing elements. ++ * **BPF_NOEXIST** ++ * Create new elements only if they do not exist. ++ * **BPF_EXIST** ++ * Update existing elements. ++ * **BPF_F_LOCK** ++ * Update spin_lock-ed map elements. This must be ++ * specified if the map value contains a spinlock. ++ * ++ * On success, *count* elements from the map are updated. ++ * ++ * If an error is returned and *errno* is not **EFAULT**, *count* ++ * is set to the number of successfully processed elements. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * May set *errno* to **EINVAL**, **EPERM**, **ENOMEM**, or ++ * **E2BIG**. **E2BIG** indicates that the number of elements in ++ * the map reached the *max_entries* limit specified at map ++ * creation time. ++ * ++ * May set *errno* to one of the following error codes under ++ * specific circumstances: ++ * ++ * **EEXIST** ++ * If *flags* specifies **BPF_NOEXIST** and the element ++ * with *key* already exists in the map. ++ * **ENOENT** ++ * If *flags* specifies **BPF_EXIST** and the element with ++ * *key* does not exist in the map. ++ * ++ * BPF_MAP_DELETE_BATCH ++ * Description ++ * Delete multiple elements in a map by *key*. ++ * ++ * The *keys* parameter is an input parameter which must point ++ * to memory large enough to hold *count* items based on the key ++ * size of the map *map_fd*, that is, *key_size* * *count*. ++ * ++ * Each element specified in *keys* is sequentially deleted. The ++ * *in_batch*, *out_batch*, and *values* parameters are ignored ++ * and should be zeroed. ++ * ++ * The *elem_flags* argument may be specified as one of the ++ * following: ++ * ++ * **BPF_F_LOCK** ++ * Look up the value of a spin-locked map without ++ * returning the lock. This must be specified if the ++ * elements contain a spinlock. ++ * ++ * On success, *count* elements from the map are updated. ++ * ++ * If an error is returned and *errno* is not **EFAULT**, *count* ++ * is set to the number of successfully processed elements. If ++ * *errno* is **EFAULT**, up to *count* elements may be been ++ * deleted. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_LINK_CREATE ++ * Description ++ * Attach an eBPF program to a *target_fd* at the specified ++ * *attach_type* hook and return a file descriptor handle for ++ * managing the link. ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_LINK_UPDATE ++ * Description ++ * Update the eBPF program in the specified *link_fd* to ++ * *new_prog_fd*. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_LINK_GET_FD_BY_ID ++ * Description ++ * Open a file descriptor for the eBPF Link corresponding to ++ * *link_id*. ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_LINK_GET_NEXT_ID ++ * Description ++ * Fetch the next eBPF link currently loaded into the kernel. ++ * ++ * Looks for the eBPF link with an id greater than *start_id* ++ * and updates *next_id* on success. If no other eBPF links ++ * remain with ids higher than *start_id*, returns -1 and sets ++ * *errno* to **ENOENT**. ++ * ++ * Return ++ * Returns zero on success. On error, or when no id remains, -1 ++ * is returned and *errno* is set appropriately. ++ * ++ * BPF_ENABLE_STATS ++ * Description ++ * Enable eBPF runtime statistics gathering. ++ * ++ * Runtime statistics gathering for the eBPF runtime is disabled ++ * by default to minimize the corresponding performance overhead. ++ * This command enables statistics globally. ++ * ++ * Multiple programs may independently enable statistics. ++ * After gathering the desired statistics, eBPF runtime statistics ++ * may be disabled again by calling **close**\ (2) for the file ++ * descriptor returned by this function. Statistics will only be ++ * disabled system-wide when all outstanding file descriptors ++ * returned by prior calls for this subcommand are closed. ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_ITER_CREATE ++ * Description ++ * Create an iterator on top of the specified *link_fd* (as ++ * previously created using **BPF_LINK_CREATE**) and return a ++ * file descriptor that can be used to trigger the iteration. ++ * ++ * If the resulting file descriptor is pinned to the filesystem ++ * using **BPF_OBJ_PIN**, then subsequent **read**\ (2) syscalls ++ * for that path will trigger the iterator to read kernel state ++ * using the eBPF program attached to *link_fd*. ++ * ++ * Return ++ * A new file descriptor (a nonnegative integer), or -1 if an ++ * error occurred (in which case, *errno* is set appropriately). ++ * ++ * BPF_LINK_DETACH ++ * Description ++ * Forcefully detach the specified *link_fd* from its ++ * corresponding attachment point. ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * BPF_PROG_BIND_MAP ++ * Description ++ * Bind a map to the lifetime of an eBPF program. ++ * ++ * The map identified by *map_fd* is bound to the program ++ * identified by *prog_fd* and only released when *prog_fd* is ++ * released. This may be used in cases where metadata should be ++ * associated with a program which otherwise does not contain any ++ * references to the map (for example, embedded in the eBPF ++ * program instructions). ++ * ++ * Return ++ * Returns zero on success. On error, -1 is returned and *errno* ++ * is set appropriately. ++ * ++ * NOTES ++ * eBPF objects (maps and programs) can be shared between processes. ++ * ++ * * After **fork**\ (2), the child inherits file descriptors ++ * referring to the same eBPF objects. ++ * * File descriptors referring to eBPF objects can be transferred over ++ * **unix**\ (7) domain sockets. ++ * * File descriptors referring to eBPF objects can be duplicated in the ++ * usual way, using **dup**\ (2) and similar calls. ++ * * File descriptors referring to eBPF objects can be pinned to the ++ * filesystem using the **BPF_OBJ_PIN** command of **bpf**\ (2). ++ * ++ * An eBPF object is deallocated only after all file descriptors referring ++ * to the object have been closed and no references remain pinned to the ++ * filesystem or attached (for example, bound to a program or device). ++ */ + enum bpf_cmd { + BPF_MAP_CREATE, + BPF_MAP_LOOKUP_ELEM, +@@ -393,6 +1103,15 @@ enum bpf_link_type { + * is struct/union. + */ + #define BPF_PSEUDO_BTF_ID 3 ++/* insn[0].src_reg: BPF_PSEUDO_FUNC ++ * insn[0].imm: insn offset to the func ++ * insn[1].imm: 0 ++ * insn[0].off: 0 ++ * insn[1].off: 0 ++ * ldimm64 rewrite: address of the function ++ * verifier type: PTR_TO_FUNC. ++ */ ++#define BPF_PSEUDO_FUNC 4 + + /* when bpf_call->src_reg == BPF_PSEUDO_CALL, bpf_call->imm == pc-relative + * offset to another bpf function +@@ -720,7 +1439,7 @@ union bpf_attr { + * parsed and used to produce a manual page. The workflow is the following, + * and requires the rst2man utility: + * +- * $ ./scripts/bpf_helpers_doc.py \ ++ * $ ./scripts/bpf_doc.py \ + * --filename include/uapi/linux/bpf.h > /tmp/bpf-helpers.rst + * $ rst2man /tmp/bpf-helpers.rst > /tmp/bpf-helpers.7 + * $ man /tmp/bpf-helpers.7 +@@ -1765,6 +2484,10 @@ union bpf_attr { + * Use with ENCAP_L3/L4 flags to further specify the tunnel + * type; *len* is the length of the inner MAC header. + * ++ * * **BPF_F_ADJ_ROOM_ENCAP_L2_ETH**: ++ * Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the ++ * L2 type as Ethernet. ++ * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be +@@ -3850,7 +4573,7 @@ union bpf_attr { + * + * long bpf_check_mtu(void *ctx, u32 ifindex, u32 *mtu_len, s32 len_diff, u64 flags) + * Description +- * Check packet size against exceeding MTU of net device (based ++ * Check ctx packet size against exceeding MTU of net device (based + * on *ifindex*). This helper will likely be used in combination + * with helpers that adjust/change the packet size. + * +@@ -3915,6 +4638,34 @@ union bpf_attr { + * * **BPF_MTU_CHK_RET_FRAG_NEEDED** + * * **BPF_MTU_CHK_RET_SEGS_TOOBIG** + * ++ * long bpf_for_each_map_elem(struct bpf_map *map, void *callback_fn, void *callback_ctx, u64 flags) ++ * Description ++ * For each element in **map**, call **callback_fn** function with ++ * **map**, **callback_ctx** and other map-specific parameters. ++ * The **callback_fn** should be a static function and ++ * the **callback_ctx** should be a pointer to the stack. ++ * The **flags** is used to control certain aspects of the helper. ++ * Currently, the **flags** must be 0. ++ * ++ * The following are a list of supported map types and their ++ * respective expected callback signatures: ++ * ++ * BPF_MAP_TYPE_HASH, BPF_MAP_TYPE_PERCPU_HASH, ++ * BPF_MAP_TYPE_LRU_HASH, BPF_MAP_TYPE_LRU_PERCPU_HASH, ++ * BPF_MAP_TYPE_ARRAY, BPF_MAP_TYPE_PERCPU_ARRAY ++ * ++ * long (\*callback_fn)(struct bpf_map \*map, const void \*key, void \*value, void \*ctx); ++ * ++ * For per_cpu maps, the map_value is the value on the cpu where the ++ * bpf_prog is running. ++ * ++ * If **callback_fn** return 0, the helper will continue to the next ++ * element. If return value is 1, the helper will skip the rest of ++ * elements and return. Other return values are not used now. ++ * ++ * Return ++ * The number of traversed map elements for success, **-EINVAL** for ++ * invalid **flags**. + */ + #define __BPF_FUNC_MAPPER(FN) \ + FN(unspec), \ +@@ -4081,6 +4832,7 @@ union bpf_attr { + FN(ima_inode_hash), \ + FN(sock_from_file), \ + FN(check_mtu), \ ++ FN(for_each_map_elem), \ + /* */ + + /* integer value in 'imm' field of BPF_CALL instruction selects which helper +@@ -4174,6 +4926,7 @@ enum { + BPF_F_ADJ_ROOM_ENCAP_L4_GRE = (1ULL << 3), + BPF_F_ADJ_ROOM_ENCAP_L4_UDP = (1ULL << 4), + BPF_F_ADJ_ROOM_NO_CSUM_RESET = (1ULL << 5), ++ BPF_F_ADJ_ROOM_ENCAP_L2_ETH = (1ULL << 6), + }; + + enum { +@@ -5211,7 +5964,10 @@ struct bpf_pidns_info { + + /* User accessible data for SK_LOOKUP programs. Add new fields at the end. */ + struct bpf_sk_lookup { +- __bpf_md_ptr(struct bpf_sock *, sk); /* Selected socket */ ++ union { ++ __bpf_md_ptr(struct bpf_sock *, sk); /* Selected socket */ ++ __u64 cookie; /* Non-zero if socket was selected in PROG_TEST_RUN */ ++ }; + + __u32 family; /* Protocol family (AF_INET, AF_INET6) */ + __u32 protocol; /* IP protocol (IPPROTO_TCP, IPPROTO_UDP) */ +diff --git a/include/uapi/linux/btf.h b/include/uapi/linux/btf.h +index 4a42eb48..2c42dcac 100644 +--- a/include/uapi/linux/btf.h ++++ b/include/uapi/linux/btf.h +@@ -52,7 +52,7 @@ struct btf_type { + }; + }; + +-#define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) ++#define BTF_INFO_KIND(info) (((info) >> 24) & 0x1f) + #define BTF_INFO_VLEN(info) ((info) & 0xffff) + #define BTF_INFO_KFLAG(info) ((info) >> 31) + +@@ -72,7 +72,8 @@ struct btf_type { + #define BTF_KIND_FUNC_PROTO 13 /* Function Proto */ + #define BTF_KIND_VAR 14 /* Variable */ + #define BTF_KIND_DATASEC 15 /* Section */ +-#define BTF_KIND_MAX BTF_KIND_DATASEC ++#define BTF_KIND_FLOAT 16 /* Floating point */ ++#define BTF_KIND_MAX BTF_KIND_FLOAT + #define NR_BTF_KINDS (BTF_KIND_MAX + 1) + + /* For some specific BTF_KIND, "struct btf_type" is immediately +diff --git a/include/uapi/linux/nexthop.h b/include/uapi/linux/nexthop.h +index b0a56139..37b14b4e 100644 +--- a/include/uapi/linux/nexthop.h ++++ b/include/uapi/linux/nexthop.h +@@ -21,7 +21,10 @@ struct nexthop_grp { + }; + + enum { +- NEXTHOP_GRP_TYPE_MPATH, /* default type if not specified */ ++ NEXTHOP_GRP_TYPE_MPATH, /* hash-threshold nexthop group ++ * default type if not specified ++ */ ++ NEXTHOP_GRP_TYPE_RES, /* resilient nexthop group */ + __NEXTHOP_GRP_TYPE_MAX, + }; + +@@ -52,8 +55,50 @@ enum { + NHA_FDB, /* flag; nexthop belongs to a bridge fdb */ + /* if NHA_FDB is added, OIF, BLACKHOLE, ENCAP cannot be set */ + ++ /* nested; resilient nexthop group attributes */ ++ NHA_RES_GROUP, ++ /* nested; nexthop bucket attributes */ ++ NHA_RES_BUCKET, ++ + __NHA_MAX, + }; + + #define NHA_MAX (__NHA_MAX - 1) ++ ++enum { ++ NHA_RES_GROUP_UNSPEC, ++ /* Pad attribute for 64-bit alignment. */ ++ NHA_RES_GROUP_PAD = NHA_RES_GROUP_UNSPEC, ++ ++ /* u16; number of nexthop buckets in a resilient nexthop group */ ++ NHA_RES_GROUP_BUCKETS, ++ /* clock_t as u32; nexthop bucket idle timer (per-group) */ ++ NHA_RES_GROUP_IDLE_TIMER, ++ /* clock_t as u32; nexthop unbalanced timer */ ++ NHA_RES_GROUP_UNBALANCED_TIMER, ++ /* clock_t as u64; nexthop unbalanced time */ ++ NHA_RES_GROUP_UNBALANCED_TIME, ++ ++ __NHA_RES_GROUP_MAX, ++}; ++ ++#define NHA_RES_GROUP_MAX (__NHA_RES_GROUP_MAX - 1) ++ ++enum { ++ NHA_RES_BUCKET_UNSPEC, ++ /* Pad attribute for 64-bit alignment. */ ++ NHA_RES_BUCKET_PAD = NHA_RES_BUCKET_UNSPEC, ++ ++ /* u16; nexthop bucket index */ ++ NHA_RES_BUCKET_INDEX, ++ /* clock_t as u64; nexthop bucket idle time */ ++ NHA_RES_BUCKET_IDLE_TIME, ++ /* u32; nexthop id assigned to the nexthop bucket */ ++ NHA_RES_BUCKET_NH_ID, ++ ++ __NHA_RES_BUCKET_MAX, ++}; ++ ++#define NHA_RES_BUCKET_MAX (__NHA_RES_BUCKET_MAX - 1) ++ + #endif +diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h +index 7ea59cfe..025c40fe 100644 +--- a/include/uapi/linux/pkt_cls.h ++++ b/include/uapi/linux/pkt_cls.h +@@ -190,6 +190,8 @@ enum { + TCA_POLICE_PAD, + TCA_POLICE_RATE64, + TCA_POLICE_PEAKRATE64, ++ TCA_POLICE_PKTRATE64, ++ TCA_POLICE_PKTBURST64, + __TCA_POLICE_MAX + #define TCA_POLICE_RESULT TCA_POLICE_RESULT + }; +diff --git a/include/uapi/linux/rtnetlink.h b/include/uapi/linux/rtnetlink.h +index b34b9add..f62cccc1 100644 +--- a/include/uapi/linux/rtnetlink.h ++++ b/include/uapi/linux/rtnetlink.h +@@ -178,6 +178,13 @@ enum { + RTM_GETVLAN, + #define RTM_GETVLAN RTM_GETVLAN + ++ RTM_NEWNEXTHOPBUCKET = 116, ++#define RTM_NEWNEXTHOPBUCKET RTM_NEWNEXTHOPBUCKET ++ RTM_DELNEXTHOPBUCKET, ++#define RTM_DELNEXTHOPBUCKET RTM_DELNEXTHOPBUCKET ++ RTM_GETNEXTHOPBUCKET, ++#define RTM_GETNEXTHOPBUCKET RTM_GETNEXTHOPBUCKET ++ + __RTM_MAX, + #define RTM_MAX (((__RTM_MAX + 3) & ~3) - 1) + }; +-- +2.31.1 + diff --git a/SOURCES/0005-police-add-support-for-packet-per-second-rate-limiti.patch b/SOURCES/0005-police-add-support-for-packet-per-second-rate-limiti.patch new file mode 100644 index 0000000..9d19b45 --- /dev/null +++ b/SOURCES/0005-police-add-support-for-packet-per-second-rate-limiti.patch @@ -0,0 +1,221 @@ +From b061aeba93b1c730b7dafeece6b90aad2e7afce8 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Wed, 11 Aug 2021 12:55:14 +0200 +Subject: [PATCH] police: add support for packet-per-second rate limiting + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1981393 +Upstream Status: iproute2.git commit cf9ae1bd + +commit cf9ae1bd31187d8ae62bc1bb408e443dbc8bd6a0 +Author: Baowen Zheng +Date: Fri Mar 26 13:50:18 2021 +0100 + + police: add support for packet-per-second rate limiting + + Allow a policer action to enforce a rate-limit based on packets-per-second, + configurable using a packet-per-second rate and burst parameters. + + e.g. + # $TC actions add action police pkts_rate 1000 pkts_burst 200 index 1 + # $TC actions ls action police + total acts 1 + + action order 0: police 0x1 rate 0bit burst 0b mtu 4096Mb pkts_rate 1000 pkts_burst 200 + ref 1 bind 0 + + Signed-off-by: Baowen Zheng + Signed-off-by: Simon Horman + Signed-off-by: Louis Peens + Signed-off-by: David Ahern + +Signed-off-by: Andrea Claudi +--- + man/man8/tc-police.8 | 35 ++++++++++++++++++++++++------- + tc/m_police.c | 50 +++++++++++++++++++++++++++++++++++++++++--- + 2 files changed, 75 insertions(+), 10 deletions(-) + +diff --git a/man/man8/tc-police.8 b/man/man8/tc-police.8 +index 52279755..86e263bb 100644 +--- a/man/man8/tc-police.8 ++++ b/man/man8/tc-police.8 +@@ -5,9 +5,11 @@ police - policing action + .SH SYNOPSIS + .in +8 + .ti -8 +-.BR tc " ... " "action police" ++.BR tc " ... " "action police [" + .BI rate " RATE " burst +-.IR BYTES [\fB/ BYTES "] [" ++.IR BYTES [\fB/ BYTES "] ] [" ++.BI pkts_rate " RATE " pkts_burst ++.IR PACKETS "] [" + .B mtu + .IR BYTES [\fB/ BYTES "] ] [" + .BI peakrate " RATE" +@@ -34,19 +36,29 @@ police - policing action + .SH DESCRIPTION + The + .B police +-action allows to limit bandwidth of traffic matched by the filter it is +-attached to. Basically there are two different algorithms available to measure +-the packet rate: The first one uses an internal dual token bucket and is +-configured using the ++action allows limiting of the byte or packet rate of traffic matched by the ++filter it is attached to. ++.P ++There are two different algorithms available to measure the byte rate: The ++first one uses an internal dual token bucket and is configured using the + .BR rate ", " burst ", " mtu ", " peakrate ", " overhead " and " linklayer + parameters. The second one uses an in-kernel sampling mechanism. It can be + fine-tuned using the + .B estimator + filter parameter. ++.P ++There is one algorithm available to measure packet rate and it is similar to ++the first algorithm described for byte rate. It is configured using the ++.BR pkt_rate " and " pkt_burst ++parameters. ++.P ++At least one of the ++.BR rate " and " pkt_rate " ++parameters must be configured. + .SH OPTIONS + .TP + .BI rate " RATE" +-The maximum traffic rate of packets passing this action. Those exceeding it will ++The maximum byte rate of packets passing this action. Those exceeding it will + be treated as defined by the + .B conform-exceed + option. +@@ -55,6 +67,15 @@ option. + Set the maximum allowed burst in bytes, optionally followed by a slash ('/') + sign and cell size which must be a power of 2. + .TP ++.BI pkt_rate " RATE" ++The maximum packet rate or packets passing this action. Those exceeding it will ++be treated as defined by the ++.B conform-exceed ++option. ++.TP ++.BI pkt_burst " PACKETS" ++Set the maximum allowed burst in packets. ++.TP + .BI mtu " BYTES\fR[\fB/\fIBYTES\fR]" + This is the maximum packet size handled by the policer (larger ones will be + handled like they exceeded the configured rate). Setting this value correctly +diff --git a/tc/m_police.c b/tc/m_police.c +index bb51df68..9ef0e40b 100644 +--- a/tc/m_police.c ++++ b/tc/m_police.c +@@ -38,7 +38,8 @@ struct action_util police_action_util = { + static void usage(void) + { + fprintf(stderr, +- "Usage: ... police rate BPS burst BYTES[/BYTES] [ mtu BYTES[/BYTES] ]\n" ++ "Usage: ... police [ rate BPS burst BYTES[/BYTES] ] \n" ++ " [ pkts_rate RATE pkts_burst PACKETS ] [ mtu BYTES[/BYTES] ]\n" + " [ peakrate BPS ] [ avrate BPS ] [ overhead BYTES ]\n" + " [ linklayer TYPE ] [ CONTROL ]\n" + "Where: CONTROL := conform-exceed [/NOTEXCEEDACT]\n" +@@ -67,6 +68,7 @@ static int act_parse_police(struct action_util *a, int *argc_p, char ***argv_p, + int Rcell_log = -1, Pcell_log = -1; + struct rtattr *tail; + __u64 rate64 = 0, prate64 = 0; ++ __u64 pps64 = 0, ppsburst64 = 0; + + if (a) /* new way of doing things */ + NEXT_ARG(); +@@ -144,6 +146,18 @@ static int act_parse_police(struct action_util *a, int *argc_p, char ***argv_p, + NEXT_ARG(); + if (get_linklayer(&linklayer, *argv)) + invarg("linklayer", *argv); ++ } else if (matches(*argv, "pkts_rate") == 0) { ++ NEXT_ARG(); ++ if (pps64) ++ duparg("pkts_rate", *argv); ++ if (get_u64(&pps64, *argv, 10)) ++ invarg("pkts_rate", *argv); ++ } else if (matches(*argv, "pkts_burst") == 0) { ++ NEXT_ARG(); ++ if (ppsburst64) ++ duparg("pkts_burst", *argv); ++ if (get_u64(&ppsburst64, *argv, 10)) ++ invarg("pkts_burst", *argv); + } else if (strcmp(*argv, "help") == 0) { + usage(); + } else { +@@ -161,8 +175,8 @@ action_ctrl_ok: + return -1; + + /* Must at least do late binding, use TB or ewma policing */ +- if (!rate64 && !avrate && !p.index && !mtu) { +- fprintf(stderr, "'rate' or 'avrate' or 'mtu' MUST be specified.\n"); ++ if (!rate64 && !avrate && !p.index && !mtu && !pps64) { ++ fprintf(stderr, "'rate' or 'avrate' or 'mtu' or 'pkts_rate' MUST be specified.\n"); + return -1; + } + +@@ -172,6 +186,18 @@ action_ctrl_ok: + return -1; + } + ++ /* When the packets TB policer is used, pkts_burst is required */ ++ if (pps64 && !ppsburst64) { ++ fprintf(stderr, "'pkts_burst' requires 'pkts_rate'.\n"); ++ return -1; ++ } ++ ++ /* forbid rate and pkts_rate in same action */ ++ if (pps64 && rate64) { ++ fprintf(stderr, "'rate' and 'pkts_rate' are not allowed in same action.\n"); ++ return -1; ++ } ++ + if (prate64) { + if (!rate64) { + fprintf(stderr, "'peakrate' requires 'rate'.\n"); +@@ -223,6 +249,12 @@ action_ctrl_ok: + if (presult) + addattr32(n, MAX_MSG, TCA_POLICE_RESULT, presult); + ++ if (pps64) { ++ addattr64(n, MAX_MSG, TCA_POLICE_PKTRATE64, pps64); ++ ppsburst64 = tc_calc_xmittime(pps64, ppsburst64); ++ addattr64(n, MAX_MSG, TCA_POLICE_PKTBURST64, ppsburst64); ++ } ++ + addattr_nest_end(n, tail); + res = 0; + +@@ -244,6 +276,7 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) + unsigned int buffer; + unsigned int linklayer; + __u64 rate64, prate64; ++ __u64 pps64, ppsburst64; + + if (arg == NULL) + return 0; +@@ -287,6 +320,17 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) + tc_print_rate(PRINT_FP, NULL, "avrate %s ", + rta_getattr_u32(tb[TCA_POLICE_AVRATE])); + ++ if ((tb[TCA_POLICE_PKTRATE64] && ++ RTA_PAYLOAD(tb[TCA_POLICE_PKTRATE64]) >= sizeof(pps64)) && ++ (tb[TCA_POLICE_PKTBURST64] && ++ RTA_PAYLOAD(tb[TCA_POLICE_PKTBURST64]) >= sizeof(ppsburst64))) { ++ pps64 = rta_getattr_u64(tb[TCA_POLICE_PKTRATE64]); ++ ppsburst64 = rta_getattr_u64(tb[TCA_POLICE_PKTBURST64]); ++ ppsburst64 = tc_calc_xmitsize(pps64, ppsburst64); ++ fprintf(f, "pkts_rate %llu ", pps64); ++ fprintf(f, "pkts_burst %llu ", ppsburst64); ++ } ++ + print_action_control(f, "action ", p->action, ""); + + if (tb[TCA_POLICE_RESULT]) { +-- +2.31.1 + diff --git a/SOURCES/0006-police-Add-support-for-json-output.patch b/SOURCES/0006-police-Add-support-for-json-output.patch new file mode 100644 index 0000000..1f11b9b --- /dev/null +++ b/SOURCES/0006-police-Add-support-for-json-output.patch @@ -0,0 +1,159 @@ +From 04b921c03a4680931df6660b88444f2478fb585c Mon Sep 17 00:00:00 2001 +Message-Id: <04b921c03a4680931df6660b88444f2478fb585c.1628790091.git.aclaudi@redhat.com> +In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Wed, 11 Aug 2021 12:55:14 +0200 +Subject: [PATCH] police: Add support for json output + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1981393 +Upstream Status: iproute2.git commit 0d5cf51e + +commit 0d5cf51e0d6c7bfdc51754381b85367b5f8e254a +Author: Roi Dayan +Date: Mon Jun 7 09:44:08 2021 +0300 + + police: Add support for json output + + Change to use the print wrappers instead of fprintf(). + + This is example output of the options part before this commit: + + "options": { + "handle": 1, + "in_hw": true, + "actions": [ { + "order": 1 police 0x2 , + "control_action": { + "type": "drop" + }, + "control_action": { + "type": "continue" + }overhead 0b linklayer unspec + ref 1 bind 1 + , + "used_hw_stats": [ "delayed" ] + } ] + } + + This is the output of the same dump with this commit: + + "options": { + "handle": 1, + "in_hw": true, + "actions": [ { + "order": 1, + "kind": "police", + "index": 2, + "control_action": { + "type": "drop" + }, + "control_action": { + "type": "continue" + }, + "overhead": 0, + "linklayer": "unspec", + "ref": 1, + "bind": 1, + "used_hw_stats": [ "delayed" ] + } ] + } + + Signed-off-by: Roi Dayan + Reviewed-by: Paul Blakey + Signed-off-by: David Ahern + +Signed-off-by: Andrea Claudi +--- + tc/m_police.c | 30 +++++++++++++++++------------- + 1 file changed, 17 insertions(+), 13 deletions(-) + +diff --git a/tc/m_police.c b/tc/m_police.c +index 9ef0e40b..2594c089 100644 +--- a/tc/m_police.c ++++ b/tc/m_police.c +@@ -278,18 +278,19 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) + __u64 rate64, prate64; + __u64 pps64, ppsburst64; + ++ print_string(PRINT_ANY, "kind", "%s", "police"); + if (arg == NULL) + return 0; + + parse_rtattr_nested(tb, TCA_POLICE_MAX, arg); + + if (tb[TCA_POLICE_TBF] == NULL) { +- fprintf(f, "[NULL police tbf]"); +- return 0; ++ fprintf(stderr, "[NULL police tbf]"); ++ return -1; + } + #ifndef STOOPID_8BYTE + if (RTA_PAYLOAD(tb[TCA_POLICE_TBF]) < sizeof(*p)) { +- fprintf(f, "[truncated police tbf]"); ++ fprintf(stderr, "[truncated police tbf]"); + return -1; + } + #endif +@@ -300,13 +301,13 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) + RTA_PAYLOAD(tb[TCA_POLICE_RATE64]) >= sizeof(rate64)) + rate64 = rta_getattr_u64(tb[TCA_POLICE_RATE64]); + +- fprintf(f, " police 0x%x ", p->index); ++ print_uint(PRINT_ANY, "index", "\t index %u ", p->index); + tc_print_rate(PRINT_FP, NULL, "rate %s ", rate64); + buffer = tc_calc_xmitsize(rate64, p->burst); + print_size(PRINT_FP, NULL, "burst %s ", buffer); + print_size(PRINT_FP, NULL, "mtu %s ", p->mtu); + if (show_raw) +- fprintf(f, "[%08x] ", p->burst); ++ print_hex(PRINT_FP, NULL, "[%08x] ", p->burst); + + prate64 = p->peakrate.rate; + if (tb[TCA_POLICE_PEAKRATE64] && +@@ -327,8 +328,8 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) + pps64 = rta_getattr_u64(tb[TCA_POLICE_PKTRATE64]); + ppsburst64 = rta_getattr_u64(tb[TCA_POLICE_PKTBURST64]); + ppsburst64 = tc_calc_xmitsize(pps64, ppsburst64); +- fprintf(f, "pkts_rate %llu ", pps64); +- fprintf(f, "pkts_burst %llu ", ppsburst64); ++ print_u64(PRINT_ANY, "pkts_rate", "pkts_rate %llu ", pps64); ++ print_u64(PRINT_ANY, "pkts_burst", "pkts_burst %llu ", ppsburst64); + } + + print_action_control(f, "action ", p->action, ""); +@@ -337,14 +338,17 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) + __u32 action = rta_getattr_u32(tb[TCA_POLICE_RESULT]); + + print_action_control(f, "/", action, " "); +- } else +- fprintf(f, " "); ++ } else { ++ print_string(PRINT_FP, NULL, " ", NULL); ++ } + +- fprintf(f, "overhead %ub ", p->rate.overhead); ++ print_uint(PRINT_ANY, "overhead", "overhead %u ", p->rate.overhead); + linklayer = (p->rate.linklayer & TC_LINKLAYER_MASK); + if (linklayer > TC_LINKLAYER_ETHERNET || show_details) +- fprintf(f, "linklayer %s ", sprint_linklayer(linklayer, b2)); +- fprintf(f, "\n\tref %d bind %d", p->refcnt, p->bindcnt); ++ print_string(PRINT_ANY, "linklayer", "linklayer %s ", ++ sprint_linklayer(linklayer, b2)); ++ print_int(PRINT_ANY, "ref", "ref %d ", p->refcnt); ++ print_int(PRINT_ANY, "bind", "bind %d ", p->bindcnt); + if (show_stats) { + if (tb[TCA_POLICE_TM]) { + struct tcf_t *tm = RTA_DATA(tb[TCA_POLICE_TM]); +@@ -352,7 +356,7 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) + print_tm(f, tm); + } + } +- fprintf(f, "\n"); ++ print_nl(); + + + return 0; +-- +2.31.1 + diff --git a/SOURCES/0007-police-Fix-normal-output-back-to-what-it-was.patch b/SOURCES/0007-police-Fix-normal-output-back-to-what-it-was.patch new file mode 100644 index 0000000..792cdbf --- /dev/null +++ b/SOURCES/0007-police-Fix-normal-output-back-to-what-it-was.patch @@ -0,0 +1,73 @@ +From 148b286b52aa8f38d8d7587b598522310067de7b Mon Sep 17 00:00:00 2001 +Message-Id: <148b286b52aa8f38d8d7587b598522310067de7b.1628790091.git.aclaudi@redhat.com> +In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Wed, 11 Aug 2021 12:55:14 +0200 +Subject: [PATCH] police: Fix normal output back to what it was + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1981393 +Upstream Status: iproute2.git commit 71d36000 + +commit 71d36000dc9ce8397fc45b680e0c0340df5a28e5 +Author: Roi Dayan +Date: Mon Jul 12 15:26:53 2021 +0300 + + police: Fix normal output back to what it was + + With the json support fix the normal output was + changed. set it back to what it was. + Print overhead with print_size(). + Print newline before ref. + + Fixes: 0d5cf51e0d6c ("police: Add support for json output") + Signed-off-by: Roi Dayan + Signed-off-by: Stephen Hemminger + +Signed-off-by: Andrea Claudi +--- + tc/m_police.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/tc/m_police.c b/tc/m_police.c +index 2594c089..f38ab90a 100644 +--- a/tc/m_police.c ++++ b/tc/m_police.c +@@ -278,7 +278,7 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) + __u64 rate64, prate64; + __u64 pps64, ppsburst64; + +- print_string(PRINT_ANY, "kind", "%s", "police"); ++ print_string(PRINT_JSON, "kind", "%s", "police"); + if (arg == NULL) + return 0; + +@@ -301,7 +301,8 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) + RTA_PAYLOAD(tb[TCA_POLICE_RATE64]) >= sizeof(rate64)) + rate64 = rta_getattr_u64(tb[TCA_POLICE_RATE64]); + +- print_uint(PRINT_ANY, "index", "\t index %u ", p->index); ++ print_hex(PRINT_FP, NULL, " police 0x%x ", p->index); ++ print_uint(PRINT_JSON, "index", NULL, p->index); + tc_print_rate(PRINT_FP, NULL, "rate %s ", rate64); + buffer = tc_calc_xmitsize(rate64, p->burst); + print_size(PRINT_FP, NULL, "burst %s ", buffer); +@@ -342,12 +343,13 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) + print_string(PRINT_FP, NULL, " ", NULL); + } + +- print_uint(PRINT_ANY, "overhead", "overhead %u ", p->rate.overhead); ++ print_size(PRINT_ANY, "overhead", "overhead %s ", p->rate.overhead); + linklayer = (p->rate.linklayer & TC_LINKLAYER_MASK); + if (linklayer > TC_LINKLAYER_ETHERNET || show_details) + print_string(PRINT_ANY, "linklayer", "linklayer %s ", + sprint_linklayer(linklayer, b2)); +- print_int(PRINT_ANY, "ref", "ref %d ", p->refcnt); ++ print_nl(); ++ print_int(PRINT_ANY, "ref", "\tref %d ", p->refcnt); + print_int(PRINT_ANY, "bind", "bind %d ", p->bindcnt); + if (show_stats) { + if (tb[TCA_POLICE_TM]) { +-- +2.31.1 + diff --git a/SOURCES/0008-tc-u32-Fix-key-folding-in-sample-option.patch b/SOURCES/0008-tc-u32-Fix-key-folding-in-sample-option.patch new file mode 100644 index 0000000..3aa5014 --- /dev/null +++ b/SOURCES/0008-tc-u32-Fix-key-folding-in-sample-option.patch @@ -0,0 +1,68 @@ +From 7fcfc0e4d6949ff32df3ed749bad8eb419cebbda Mon Sep 17 00:00:00 2001 +Message-Id: <7fcfc0e4d6949ff32df3ed749bad8eb419cebbda.1628790091.git.aclaudi@redhat.com> +In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Wed, 11 Aug 2021 14:49:33 +0200 +Subject: [PATCH] tc: u32: Fix key folding in sample option + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1979425 +Upstream Status: iproute2.git commit 9b7ea92b + +commit 9b7ea92b9e3feff2876f772ace01148b7406839c +Author: Phil Sutter +Date: Wed Aug 4 11:18:28 2021 +0200 + + tc: u32: Fix key folding in sample option + + In between Linux kernel 2.4 and 2.6, key folding for hash tables changed + in kernel space. When iproute2 dropped support for the older algorithm, + the wrong code was removed and kernel 2.4 folding method remained in + place. To get things functional for recent kernels again, restoring the + old code alone was not sufficient - additional byteorder fixes were + needed. + + While being at it, make use of ffs() and thereby align the code with how + kernel determines the shift width. + + Fixes: 267480f55383c ("Backout the 2.4 utsname hash patch.") + Signed-off-by: Phil Sutter + Signed-off-by: Stephen Hemminger + +Signed-off-by: Andrea Claudi +--- + tc/f_u32.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/tc/f_u32.c b/tc/f_u32.c +index 2ed5254a..a5747f67 100644 +--- a/tc/f_u32.c ++++ b/tc/f_u32.c +@@ -978,6 +978,13 @@ show_k: + goto show_k; + } + ++static __u32 u32_hash_fold(struct tc_u32_key *key) ++{ ++ __u8 fshift = key->mask ? ffs(ntohl(key->mask)) - 1 : 0; ++ ++ return ntohl(key->val & key->mask) >> fshift; ++} ++ + static int u32_parse_opt(struct filter_util *qu, char *handle, + int argc, char **argv, struct nlmsghdr *n) + { +@@ -1110,9 +1117,7 @@ static int u32_parse_opt(struct filter_util *qu, char *handle, + } + NEXT_ARG(); + } +- hash = sel2.keys[0].val & sel2.keys[0].mask; +- hash ^= hash >> 16; +- hash ^= hash >> 8; ++ hash = u32_hash_fold(&sel2.keys[0]); + htid = ((hash % divisor) << 12) | (htid & 0xFFF00000); + sample_ok = 1; + continue; +-- +2.31.1 + diff --git a/SOURCES/0009-tc-htb-improve-burst-error-messages.patch b/SOURCES/0009-tc-htb-improve-burst-error-messages.patch new file mode 100644 index 0000000..e3f18bb --- /dev/null +++ b/SOURCES/0009-tc-htb-improve-burst-error-messages.patch @@ -0,0 +1,84 @@ +From 0b66dc13c157f4d34518c06dd774ef39be0df271 Mon Sep 17 00:00:00 2001 +Message-Id: <0b66dc13c157f4d34518c06dd774ef39be0df271.1628790091.git.aclaudi@redhat.com> +In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> +From: Andrea Claudi +Date: Thu, 12 Aug 2021 18:26:39 +0200 +Subject: [PATCH] tc: htb: improve burst error messages + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1910745 +Upstream Status: iproute2.git commit e44786b2 + +commit e44786b26934e4fbf337b0af73a9e6f53d458a25 +Author: Andrea Claudi +Date: Thu May 6 12:42:06 2021 +0200 + + tc: htb: improve burst error messages + + When a wrong value is provided for "burst" or "cburst" parameters, the + resulting error message is unclear and can be misleading: + + $ tc class add dev dummy0 parent 1: classid 1:1 htb rate 100KBps burst errtrigger + Illegal "buffer" + + The message claims an illegal "buffer" is provided, but neither the + inline help nor the man page list "buffer" among the htb parameters, and + the only way to know that "burst", "maxburst" and "buffer" are synonyms + is to look into tc/q_htb.c. + + This commit tries to improve this simply changing the error string to + the parameter name provided in the user-given command, clearly pointing + out where the wrong value is. + + $ tc class add dev dummy0 parent 1: classid 1:1 htb rate 100KBps burst errtrigger + Illegal "burst" + + $ tc class add dev dummy0 parent 1: classid 1:1 htb rate 100Kbps maxburst errtrigger + Illegal "maxburst" + + Reported-by: Sebastian Mitterle + Signed-off-by: Andrea Claudi + Signed-off-by: David Ahern + +Signed-off-by: Andrea Claudi +--- + tc/q_htb.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/tc/q_htb.c b/tc/q_htb.c +index 42566355..b5f95f67 100644 +--- a/tc/q_htb.c ++++ b/tc/q_htb.c +@@ -125,6 +125,7 @@ static int htb_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str + unsigned int linklayer = LINKLAYER_ETHERNET; /* Assume ethernet */ + struct rtattr *tail; + __u64 ceil64 = 0, rate64 = 0; ++ char *param; + + while (argc > 0) { + if (matches(*argv, "prio") == 0) { +@@ -160,17 +161,19 @@ static int htb_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str + } else if (matches(*argv, "burst") == 0 || + strcmp(*argv, "buffer") == 0 || + strcmp(*argv, "maxburst") == 0) { ++ param = *argv; + NEXT_ARG(); + if (get_size_and_cell(&buffer, &cell_log, *argv) < 0) { +- explain1("buffer"); ++ explain1(param); + return -1; + } + } else if (matches(*argv, "cburst") == 0 || + strcmp(*argv, "cbuffer") == 0 || + strcmp(*argv, "cmaxburst") == 0) { ++ param = *argv; + NEXT_ARG(); + if (get_size_and_cell(&cbuffer, &ccell_log, *argv) < 0) { +- explain1("cbuffer"); ++ explain1(param); + return -1; + } + } else if (strcmp(*argv, "ceil") == 0) { +-- +2.31.1 + diff --git a/SOURCES/iproute2.sh b/SOURCES/iproute2.sh new file mode 100644 index 0000000..f13e1f0 --- /dev/null +++ b/SOURCES/iproute2.sh @@ -0,0 +1,5 @@ +# tc initialization script (sh) + +if [ -z "$TC_LIB_DIR" ]; then + export TC_LIB_DIR=/usr/lib64/tc +fi diff --git a/SPECS/iproute.spec b/SPECS/iproute.spec index c47c325..3950125 100644 --- a/SPECS/iproute.spec +++ b/SPECS/iproute.spec @@ -1,13 +1,21 @@ Summary: Advanced IP routing and network device configuration tools Name: iproute Version: 5.12.0 -Release: 2%{?dist}%{?buildid} +Release: 3%{?dist}%{?buildid} Group: Applications/System URL: http://kernel.org/pub/linux/utils/net/%{name}2/ Source0: http://kernel.org/pub/linux/utils/net/%{name}2/%{name}2-%{version}.tar.xz Source1: rt_dsfield.deprecated +Source2: iproute2.sh Patch0: 0001-tc-f_flower-Add-option-to-match-on-related-ct-state.patch Patch1: 0002-tc-f_flower-Add-missing-ct_state-flags-to-usage-desc.patch +Patch2: 0003-mptcp-add-support-for-port-based-endpoint.patch +Patch3: 0004-Update-kernel-headers.patch +Patch4: 0005-police-add-support-for-packet-per-second-rate-limiti.patch +Patch5: 0006-police-Add-support-for-json-output.patch +Patch6: 0007-police-Fix-normal-output-back-to-what-it-was.patch +Patch7: 0008-tc-u32-Fix-key-folding-in-sample-option.patch +Patch8: 0009-tc-htb-improve-burst-error-messages.patch License: GPLv2+ and Public Domain BuildRequires: bison BuildRequires: elfutils-libelf-devel @@ -92,6 +100,9 @@ rm -rf '%{buildroot}%{_docdir}' # Append deprecated values to rt_dsfield for compatibility reasons cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield +# use TC_LIB_DIR environment variable +install -D -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/iproute2.sh + %files %dir %{_sysconfdir}/iproute2 %{!?_licensedir:%global license %%doc} @@ -110,6 +121,7 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield %files tc %{!?_licensedir:%global license %%doc} %license COPYING +%{_sysconfdir}/profile.d/iproute2.sh %{_mandir}/man7/tc-* %{_mandir}/man8/tc* %{_mandir}/man8/cbq* @@ -134,6 +146,15 @@ cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield %{_includedir}/iproute2/bpf_elf.h %changelog +* Thu Aug 12 2021 Andrea Claudi [5.12.0-3.el8] +- tc: htb: improve burst error messages (Andrea Claudi) [1910745] +- tc: u32: Fix key folding in sample option (Andrea Claudi) [1979425] +- police: Fix normal output back to what it was (Andrea Claudi) [1981393] +- police: Add support for json output (Andrea Claudi) [1981393] +- police: add support for packet-per-second rate limiting (Andrea Claudi) [1981393] +- Update kernel headers (Andrea Claudi) [1981393] +- mptcp: add support for port based endpoint (Andrea Claudi) [1984733] + * Fri Aug 08 2021 Andrea Claudi [5.12.0-2.el8] - add build and run-time dependencies on libbpf (Andrea Claudi) [1990402]