Display 4 additional tcp socket info fields :

backoff : exponential backoff
lastsnd : time in milli second since last send
lastrcv : time in milli second since last receive
lastack : time in milli second since last acknowledgement

$ ss -ti dst :22
State       Recv-Q Send-Q                  Local Address:Port
Peer Address:Port
ESTAB       0      0                        172.16.5.1:58470
172.17.131.143:ssh
	 cubic wscale:7,7 rto:228 rtt:30/20 ato:40 mss:1256 cwnd:6 ssthresh:4
send 2.0Mbps lastsnd:3480 lastrcv:3464 lastack:3464 rcv_rtt:81.5
rcv_space:87812
Signed-off-by: Eric Dumazet <edumazet@google.com>

Since commit 3c682146, iplink requires assigning negative
ifindex (-1) to the kernel when creating interface without
specifying index.

v2: checking whether index is -1, suggested by Cong Wang.

Cc: Cong Wang <cwang@twopensource.com>
Signed-off-by: Atzm Watanabe <atzm@stratosphere.co.jp>
Acked-by: Cong Wang <cwang@twopensource.com>

Renamed testsuite/tests/policer to testsuite/tests/policer.t
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

When make tests then 2 folders are generated:

    testsuite/results
    testsuite/iproute2/iproute2-this
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

In case if unknown message was handled then it will be displayed as:

    Unknown message: type=0x00000044(68) flags=0x00000000(0) len=0x0000004c(76)
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

The man page and the "fail" example are missing an underscore in the
nf_mark ematch.

eg.

tc filter add dev eth0 parent ffff:  basic match 'meta(nfmark gt 24)'
classid 2:4

meta: unknown meta id

... >>meta(nfmark gt 24)<< ...
... meta(>>nfmark<< gt 24)...
Usage: meta(OBJECT { eq | lt | gt } OBJECT)
where: OBJECT  := { META_ID | VALUE }
        META_ID := id [ shift SHIFT ] [ mask MASK ]

Example: meta(nfmark gt 24)
          meta(indev shift 1 eq "ppp")
          meta(tcindex mask 0xf0 eq 0xf0)

For a list of meta identifiers, use meta(list).
Illegal "ematch"

meta(list) does correctly show nf_mark and the above test works with
nf_mark.

Signed-off-by: Andy Furniss adf.lists@gmail.com

netns monitor fails when there is no /var/run/netns dir
which might be created later while monitoring.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Tests were not allowed to be ran, the following
issues were fixed:
    - creating the results folder before test running
    - sudo $PREFIX moved before variables definition which
        allow to pass them through the sudo to test script.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Example setup:

sudo tc qdisc del dev eth0 root handle 1:0 prio
sudo tc qdisc add dev eth0 root handle 1:0 prio

sudo tc filter add dev eth0 pref 10 proto ip parent 1:0 \
rsvp session 10.0.0.1 ipproto icmp \
classid 1:1  \
action police rate 1kbit burst 90k pipe \
action ok

tc -s filter show dev eth0 parent 1:0

filter protocol ip pref 10 rsvp
filter protocol ip pref 10 rsvp fh 0x0001100a flowid 1:1 session
10.0.0.1 ipproto icmp
        action order 1:  police 0x5 rate 1Kbit burst 23440b mtu 2Kb
action pipe overhead 0b
ref 1 bind 1
        Action statistics:
        Sent 98000 bytes 1000 pkt (dropped 0, overlimits 761 requeues 0)
        backlog 0b 0p requeues 0

        action order 2: gact action pass
         random type none pass val 0
         index 2 ref 1 bind 1 installed 60 sec used 3 sec
        Action statistics:
        Sent 74578 bytes 761 pkt (dropped 0, overlimits 0 requeues 0)
        backlog 0b 0p requeues 0
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Tested-by: John Fastabend <john.r.fastabend@intel.com>

Was broken by commit 288abf51
Lets not be too clever and have a separate call to print flushed
actions info.

Broken looks like:
root@moja-1:~# tc actions add  action drop index 4
root@moja-1:~# tc -s actions ls action gact

    action order 0: gact action drop
     random type none pass val 0
     index 4 ref 1 bind 0 installed 9 sec used 4 sec

The fixed version looks like:
    action order 0: gact action drop
     random type none pass val 0
     index 4 ref 1 bind 0 installed 9 sec used 4 sec
         Sent 108948 bytes 1297 pkts (dropped 1297, overlimits 0)
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

show, list, lst and help commands were not printed in usage.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

This checking was performed only when adding interface but
it is needed also when deleting, otherwise the error will be:

    ioctl(TUNSETIFF): Invalid argument
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Parenthesis are required else maxaddr value is a bool and thus output is always
1 when the option is set.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

These options were missing in usage and man pages.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

Signed-off-by: Jiri Pirko <jiri@resnulli.us>

This patch adds the necessary changes to allow altering a slave device's
options via ip link set <device> type <master type>_slave specific-option.
It also adds support to set the bonding slaves' queue_id.

Example:
 ip link set eth0 type bond_slave queue_id 10
Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Acked-by: Jiri Pirko <jiri@resnulli.us>

Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>

Starting from linux-3.15, kernel supports new tcp metric attributes :
TCP_METRIC_RTT_US & TCP_METRIC_RTTVAR_US

Update ip command to detect their use.
Signed-off-by: Eric Dumazet <edumazet@google.com>

IPv6 router sends ND messages with RDNSS option
which causes the printing of unknown message by 'ip monitor':

    Unknown message: 0000004c 00000044 00000000
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

This is ugly fix but solves the case when timestamp
or banner-label is printed before the cloned route will be skipped
by iproute filter which filters out all cached routes by default.
In such case timestamp will be printed twice:

    Timestamp: Thu Sep  4 19:46:59 2014 457933 usec
    Timestamp: Thu Sep  4 19:47:07 2014 977970 usec
    10.3.5.1 dev wlp3s0 lladdr XX:XX:XX:XX:XX:XX STALE
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Update the rt_dsfield file to contain values defined in current RFC.
The days of TOS precedence are gone, even Cisco doesn't refer
to these in the documents.

The real checking is performed later in iplink_modify(..) func which
checks device existence if NLM_F_CREATE flag is set.

Also it fixes the case when impossible to add veth link which was
caused by 9a02651a (ip: check for missing dev arg when doing VF rate)
because these devices are not exist yet.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

For hsr link there was no short description in ip-link man page.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

Currently if mkdir failed with "Permission denied" error then "mount --make-shared ..."
error message will be showed because /var/run/netns does not exist.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

SNMP counters can be provided as 64bit numbers.
nstat needs to cope with this even if running in 32bit mode.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

This adds ARPHRD_NETLINK to ll_types so that it can be properly
shown e.g. in `ip a`:

 8: nlmon: <NOARP,UP,LOWER_UP> mtu 3776 qdisc noqueue state UNKNOWN group default
    link/netlink
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

Signed-off-by: Jiri Pirko <jiri@resnulli.us>

ll_index can return -1 but was declared unsigned.
rt_addr_n2a had unused length parameter

First, the default value for 1-k is documented as being 0, but is
currently being set to 1. (100%).  This causes all packets to be dropped
in the good state if 1-k is not explicitly specified.  Fix this by setting
the default to 0.

	Second, the 1-h option is parsed correctly, however, the kernel is
expecting "h", not 1-h.  Fix this by inverting the "1-h" percentage before
sending to and after receiving from the kernel.  This does change the
behavior, but makes it consistent with the netem documentation and the
literature on the Gilbert-Elliot model, which refer to "1-h" and "1-k,"
not "h" or "k" directly.

	Last, fix a minor formatting issue for the options reporting.
Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>

root@moja-mojo:bridge# ./bridge fdb help
Usage: bridge fdb { add | append | del | replace } ADDR dev DEV {self|master} [ temp ]
              [router] [ dst IPADDR] [ vlan VID ]
              [ port PORT] [ vni VNI ] [via DEV]
       bridge fdb {show} [ br BRDEV ] [ brport DEV ]

 Lets start with two bridges each with a port...

root@moja-mojo:bridge# ./bridge link
10: sw1-p1 state DOWN : <BROADCAST,NOARP> mtu 1500 master sw1 state disabled priority 32 cost 100
11: eth1 state DOWN : <BROADCAST,NOARP> mtu 1500 master br0 state disabled priority 32 cost 100

show all...
root@moja-mojo:bridge# ./bridge fdb show
33:33:00:00:00:01 dev ifb0 self permanent
33:33:00:00:00:01 dev ifb1 self permanent
33:33:00:00:00:01 dev eth0 self permanent
01:00:5e:00:00:01 dev eth0 self permanent
33:33:ff:92:c0:60 dev eth0 self permanent
33:33:00:00:00:fb dev eth0 self permanent
01:00:5e:00:00:fb dev eth0 self permanent
01:00:5e:7f:ff:fd dev eth0 self permanent
01:00:5e:00:00:01 dev wlan0 self permanent
33:33:00:00:00:01 dev wlan0 self permanent
33:33:ff:c2:84:3b dev wlan0 self permanent
33:33:00:00:00:fb dev wlan0 self permanent
01:00:5e:00:00:01 dev virbr0 self permanent
01:00:5e:00:00:fb dev virbr0 self permanent
33:33:00:00:00:01 dev br0 self permanent
33:33:00:00:00:01 dev sw1 self permanent
33:33:00:00:00:01 dev dummy0 self permanent
5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master sw1 permanent
33:33:00:00:00:01 dev sw1-p1 self permanent
b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent
33:33:00:00:00:01 dev eth1 self permanent

Lets see a netdev that is *not* attached to a bridge

root@moja-mojo:bridge# ./bridge fdb show brport eth0
33:33:00:00:00:01 self permanent
01:00:5e:00:00:01 self permanent
33:33:ff:92:c0:60 self permanent
33:33:00:00:00:fb self permanent
01:00:5e:00:00:fb self permanent
01:00:5e:7f:ff:fd self permanent

Lets see a netdev that is bridge port
root@moja-mojo:bridge# ./bridge fdb show brport eth1
hadi@jhs-1:/media/MT1/other-gits/iproute-jul04/bridge$ ./bridge fdb show brport eth1
b6:5e:dd:ce:d7:5e vlan 0 master br0 permanent
33:33:00:00:00:01 self permanent

Specify the correct bridge and you get good stuff
root@moja-mojo:bridge# ./bridge fdb show brport eth1 br br0
6:5e:dd:ce:d7:5e vlan 0 master br0 permanent
33:33:00:00:00:01 self permanent

Specify the wrong bridge and you get good nada
root@moja-mojo:bridge# ./bridge fdb show brport eth1 br sw1

dump br0
root@moja-mojo:bridge# ./bridge fdb show br br0
33:33:00:00:00:01 dev br0 self permanent
b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent
33:33:00:00:00:01 dev eth1 self permanent

dump sw1
root@moja-mojo:bridge# ./bridge fdb show br sw1
33:33:00:00:00:01 dev sw1 self permanent
5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master sw1 permanent
33:33:00:00:00:01 dev sw1-p1 self permanent

Lets move a port from one bridge to another for shits-and-giggles
(as the New Brunswickians like to say)
root@moja-mojo:bridge# ip link set sw1-p1 master br0

Now dump again br0
root@moja-mojo:bridge# ./bridge fdb show br br0
33:33:00:00:00:01 dev br0 self permanent
5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master br0 permanent
33:33:00:00:00:01 dev sw1-p1 self permanent
b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent
33:33:00:00:00:01 dev eth1 self permanent
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>

This patch avoids a full link wildump request when the user has specified
a single link. Uses RTM_GETLINK without the NLM_F_DUMP flag.

This helps on a system with large number of interfaces.

This patch currently only uses the link ifindex in the filter.
Hoping to provide a subsequent kernel patch to do link dump filtering on
other attributes in the kernel.

In iplink_get, to be safe, this patch currently sets the answer buffer
size to the max size that libnetlink rtnl_talk can copy. The current api
does not seem to provide a way to indicate the answer buf size.

changelog from RFC to v1:
    - incorporated comments from stephen (fixed comment and fixed if/else block)

changelog from v1 to v2:
    - fix whitespaces error
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>

This patch adds description about macvtap to ip-link.8 man page.
Signed-off-by: Rami Rosen <ramirose@gmail.com>

Consider the following command:

ip tunnel add mode vti remote 12.0.0.1 local 12.0.0.3 ikey 15

i_flags will be GRE_KEY|VTI_ISVTI. So, in order to distinguish between ipip and
vti we have to check just VTI_ISVTI bit, not the equality of i_flags and
VTI_ISVTI.

* Note, that there also was a bug in ip_tunnel/ip_vti, see
commit 7c8e6b9c281(ip_vti: Fix 'ip tunnel add' with 'key' parameters),
https://lkml.org/lkml/2014/6/7/125.
Even patched iproute could be unable to create vti tunnels with non-zero keys.

1) Unpatched iproute2:
[root@vm ~]# ip tunnel show
[root@vm ~]# lsmod | egrep '(ipip|vti)'
[root@vm ~]# ip tunnel add mode vti ikey 1
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ipip                    4197  0 
tunnel4                 1659  1 ipip
ip_tunnel               9295  1 ipip
[root@vm ~]# ip tunnel show
tunl0: ip/ip  remote any  local any  ttl inherit
[root@vm ~]# ip tunnel add mode vti remote 1.2.3.4 ikey 2
[root@vm ~]# ip tunnel show
ipip0: ip/ip  remote 1.2.3.4  local any  ttl inherit 
tunl0: ip/ip  remote any  local any  ttl inherit 
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ipip                    4197  0 
tunnel4                 1659  1 ipip
ip_tunnel               9295  1 ipip

# ipip tunnels are created instead of vti

2) Patched iproute2:
[root@vm ~]# ip tunnel show
[root@vm ~]# lsmod | egrep '(ipip|vti)'
[root@vm ~]# ip tunnel add mode vti ikey 1
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ip_vti                  5258  0 
ip_tunnel               9295  1 ip_vti
[root@vm ~]# ip tunnel show
vti0: ip/ip  remote any  local any  ttl inherit  ikey 1  okey 0 
ip_vti0: ip/ip  remote any  local any  ttl inherit  nopmtudisc key 0
[root@vm ~]# ip tunnel add mode vti remote 1.2.3.4 ikey 2
[root@vm ~]# ip tunnel show
vti0: ip/ip  remote any  local any  ttl inherit  ikey 1  okey 0
vti1: ip/ip  remote 1.2.3.4  local any  ttl inherit  ikey 2  okey 0 
ip_vti0: ip/ip  remote any  local any  ttl inherit  nopmtudisc key 0

# Vti tunnels are created as expected
# * If you have unpatched kernel your vti tunnels will have ikey == okey == 0

Same story exists with ip tunnel show/del with non-zero [io]key: requests are 
routed to tunl0 instead of ip_vti0.
Signed-off-by: Dmitry Popov <ixaphire@qrator.net>

Signed-off-by: Vasily Averin <vvs@openvz.org>

Not sure how these typos slipped in back then, I suspect
too much coffee. ;) So lets fix them up properly.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>