Skip to content

I
iproute2
Switch branch/tag
  1. 18 Feb, 2016 2 commits
    • Nikolay Aleksandrov's avatar
      iplink: bridge_slave: export read-only values · 3069539f
      Nikolay Aleksandrov authored 
      Export all the read-only values that get returned about a bridge port
such as the timers, the ids, designated_port and cost,
topology_change_ack and config_pending. For the bridge ids the
br_dump_bridge_id function is exported from iplink_bridge.
Signed-off-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      3069539f
    • Nicolas Cavallari's avatar
      netns: Fix an off-by-one strcpy() in netns_map_add(). · a1b4a274
      Nicolas Cavallari authored 
      netns_map_add() does a malloc of (sizeof (struct nsid_cache) +
strlen(name)) and then proceed with strcpy() of name into the
zero-length member at the end of the nsid_cache structure.  The
nul-terminator is written outside of the allocated memory and may
overwrite the allocator's internal structure.

This can trigger a segmentation fault on i386 uclibc with names of size 8:
after the corruption occurs, the call to closedir() on netns_map_init()
crashes while freeing the DIR structure.

Here is the relevant valgrind output:

==1251== Memcheck, a memory error detector
==1251== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==1251== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright
info
==1251== Command: ./ip netns
==1251==
==1251== Invalid write of size 1
==1251==    at 0x4011975: strcpy (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==1251==    by 0x8058B00: netns_map_add (ipnetns.c:181)
==1251==    by 0x8058E2A: netns_map_init (ipnetns.c:226)
==1251==    by 0x8058E79: do_netns (ipnetns.c:776)
==1251==    by 0x804D9FF: do_cmd (ip.c:110)
==1251==    by 0x804D814: main (ip.c:300)
      a1b4a274
  3. 09 Feb, 2016 24 commits
  5. 07 Feb, 2016 5 commits
    • Roopa Prabhu's avatar
      bridge: support for static fdb entries · a1987cd1
      Roopa Prabhu authored 
      There is no intuitive option to add static fdb entries today.
'temp' seems to have a side effect of adding
'static' fdb entries. But the name and intent
of 'temp' does not say anything about it being static.

example:
bridge fdb add operates as follows:

$bridge fdb add 00:01:02:03:04:05 dev eth0 master
$bridge fdb add 00:01:02:03:04:06 dev eth0 master temp
$bridge fdb add 00:01:02:03:04:07 dev eth0 master local

$bridge fdb show
00:01:02:03:04:05 dev eth0 permanent
00:01:02:03:04:06 dev eth0 static
00:01:02:03:04:07 dev eth0 permanent
00:01:02:03:04:08 dev eth0 <<== dynamic, ageable learned mac

This patch adds a new bridge fdb type 'static' which
makes sure NUD_NOARP and NUD_REACHABLE is set for static
entries. This effectively is nothing but what 'temp'
does today. But the name 'temp' is misleading.

After the patch:
$bridge fdb add 00:01:02:03:04:06 dev eth0 master static

$bridge fdb show
00:01:02:03:04:06 dev eth0 static

'temp' could ideally be a dynamic mac that can age (ie just
NUD_REACHABLE). But, 'temp' sets 'NUD_NOARP' and 'NUD_REACHABLE'.
Too late to change 'temp' now. But, we are thinking of introduing a
'dynamic' keyword after this patch that only sets NUD_REACHABLE.
Signed-off-by: default avatarWilson Kok <wkok@cumulusnetworks.com>
Signed-off-by: default avatarRoopa Prabhu <roopa@cumulusnetworks.com>
      a1987cd1
    • Daniel Borkmann's avatar
      tc, bpf: use bind/type macros from gelf · 5230a2ed
      Daniel Borkmann authored 
      Don't reimplement them and rather use the macros from the gelf header,
that is, GELF_ST_BIND()/GELF_ST_TYPE().
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      5230a2ed
    • Daniel Borkmann's avatar
      tc, bpf: give some more hints wrt false relos · a576c6b9
      Daniel Borkmann authored 
      Provide some more hints to the user/developer when relos have been found
that don't point to ld64 imm instruction. Ran couple of times into relos
generated by clang [1], where the compiler tried to uninline inlined
functions with eBPF and emitted BPF_JMP | BPF_CALL opcodes. If this seems
the case, give a hint that the user should do a work-around to use
always_inline annotation.

  [1] https://llvm.org/bugs/show_bug.cgi?id=26243#c3Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      a576c6b9
    • Daniel Borkmann's avatar
      tc, bpf: improve verifier logging · f31645d1
      Daniel Borkmann authored 
      With a bit larger, branchy eBPF programs f.e. already ~BPF_MAXINSNS/7 in
size, it happens rather quickly that bpf(2) rejects also valid programs
when only the verifier log buffer size we have in tc is too small.

Change that, so by default we don't do any logging, and only in error
case we retry with logging enabled. If we should fail providing a
reasonable dump of the verifier analysis, retry few times with a larger
log buffer so that we can at least give the user a chance to debug the
program.
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Acked-by: default avatarJohn Fastabend <john.r.fastabend@intel.com>
      f31645d1
    • Daniel Borkmann's avatar
      tc, bpf, examples: further bpf_api improvements · 92a36995
      Daniel Borkmann authored 
      Add a couple of improvements to tc's BPF api, that facilitate program
development.
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      92a36995
  7. 05 Feb, 2016 3 commits
  9. 02 Feb, 2016 4 commits
  11. 18 Jan, 2016 2 commits
    • Lorenzo Colitti's avatar
      ss: support closing inet sockets via SOCK_DESTROY. · fb2594c1
      Lorenzo Colitti authored 
      This patch adds a -K / --kill option to ss that attempts to
forcibly close matching sockets using SOCK_DESTROY.

Because ss typically prints sockets instead of acting on them,
and because the kernel only supports forcibly closing some types
of sockets, the output of -K is as follows:

- If closing the socket succeeds, the socket is printed.
- If the kernel does not support forcibly closing this type of
  socket (e.g., if it's a UDP socket, or a TIME_WAIT socket),
  the socket is silently skipped.
- If an error occurs (e.g., permission denied), the error is
  reported and ss exits.
Signed-off-by: default avatarLorenzo Colitti <lorenzo@google.com>
      fb2594c1
    • Lorenzo Colitti's avatar
      libnetlink: don't print NETLINK_SOCK_DIAG errors in rtnl_talk · 57fdf2d4
      Lorenzo Colitti authored 
      This change is a no-op, as currently no code uses rtnl_talk on
NETLINK_SOCK_DIAG_BY_FAMILY sockets. It is needed to suppress
spurious errors when using SOCK_DESTROY via rtnl_talk.
Signed-off-by: default avatarLorenzo Colitti <lorenzo@google.com>
      57fdf2d4
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7