1. 26 Dec, 2009 14 commits
    • Arnd Bergmann's avatar
      iproute2/iplink: add macvlan options for bridge mode · d63a9b2b
      Arnd Bergmann authored
      Macvlan can now optionally support forwarding between its
      ports, if they are in "bridge" mode. This adds support
      for this option to "ip link add", "ip link set" and "ip
      -d link show".
      
      The default mode in the kernel is now "vepa" mode, meaning
      "virtual ethernet port aggregator". This mode is used
      together with the "hairpin" mode of an ethernet bridge
      that the parent of the macvlan device is connected to.
      All frames still get sent out to the external interface,
      but the adjacent bridge is able to send them back on
      the same wire in hairpin mode, so the macvlan ports
      are able to see each other, which the bridge can be
      configured to monitor and control traffic between
      all macvlan instances. Multicast traffic coming in
      from the external interface is checked for the source
      MAC address and only delivered to ports that have not
      yet seen it.
      
      In bridge mode, macvlan will send all multicast traffic
      to other interfaces that are also in bridge mode but
      not to those in vepa mode, which get them on the way
      back from the hairpin.
      
      The third supported mode is "private", which prevents
      communication between macvlans even if the adjacent
      bridge is in hairpin mode. This behavior is closer to
      the original implementation of macvlan but stricly
      maintains isolation.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      d63a9b2b
    • Brian Haley's avatar
      Add dadfailed option to ip command · a1f27794
      Brian Haley authored
      Fix support for IFA_F_DADFAILED and update ip.8 man page.
      Signed-off-by: default avatarBrian Haley <brian.haley@hp.com>
      a1f27794
    • Patrick McHardy's avatar
      iprule: add oif classification support · 85eae222
      Patrick McHardy authored
      David Miller wrote:
      > From: Patrick McHardy <kaber@trash.net>
      > Date: Mon, 30 Nov 2009 19:00:14 +0100
      >
      >> This patch contains iproute support for iprule oif classification
      >> for the send-to-self RFC I just sent out.
      >
      > Patrick, you need to submit a new version of this patch with
      > the FIB_RULE_* macro fixed, just like the kernel version got
      > fixed.
      
      Thanks for reminind me of this. New patch attached.
      
      commit 0fe5164cbaa1d65dda341075710be71bf1f32d10
      Author: Patrick McHardy <kaber@trash.net>
      Date:   Fri Dec 4 07:06:18 2009 +0100
      
          iprule: add oif classification support
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      85eae222
    • Jamal Hadi Salim's avatar
      skbedit: Add support to mark packets · e04dd30a
      Jamal Hadi Salim authored
      This adds support for setting the skb mark.
      Signed-off-by: default avatarJamal Hadi Salim <hadi@cyberus.ca>
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@intel.com>
      e04dd30a
    • Patrick McHardy's avatar
      iplink_vlan: add support for VLAN loose binding flag · 2180b6b5
      Patrick McHardy authored
      This patch adds support for the VLAN loose binding flag that is
      supported in net-next to iplink_vlan.
      
      commit 870970deb6cbea7a5d4881bdd717304d5284d315
      Author: Patrick McHardy <kaber@trash.net>
      Date:   Tue Dec 1 12:21:15 2009 +0100
      
          iplink_vlan: add support for VLAN loose binding flag
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      2180b6b5
    • Stephen Hemminger's avatar
      Update exported kernel headers · ab322673
      Stephen Hemminger authored
      These corespond with 2.6.33-rc2
      ab322673
    • Stephen Hemminger's avatar
      iproute2-091226 · abdd9bf7
      Stephen Hemminger authored
      abdd9bf7
    • Andreas Henriksson's avatar
      Slightly improve the configure script. · f1a0125b
      Andreas Henriksson authored
      Split up in functions. Make XT checks bail if previous XT check
      was successful.
      
      This result improves the output of the configure script to not indicate
      using iptables only because the last test failed (when previous ones could
      have already succeded).
      Signed-off-by: default avatarAndreas Henriksson <andreas@fatal.se>
      f1a0125b
    • Stephen Hemminger's avatar
      Fix warning about sprintf() and NSTAT_HIST · 896ebd6c
      Stephen Hemminger authored
      The environment variable could contain format characters, causing
      problems. Better to just use it directly.
      896ebd6c
    • Stephen Hemminger's avatar
      985f4578
    • Simon Horman's avatar
      flush secondary addresses before primary ones · b49240ec
      Simon Horman authored
      Unless promote_secondaries has been active deleting the primary address of
      an interface will automatically delete all the secondary addresses.
      
      In the case where ip flush requests the primary then secondary addresses to
      be removed - which is the order the addresses are returned by the kernel -
      this will cause an error as by the time the request to remove a secondary
      address is made it will be missing as it will have been deleted in the
      course of deleting the primary address.
      
      This approach to solving this problem orders requests for the
      deletion of secondary addresses before primary ones providing
      rtnl_dump_filter_l(), a version of rtnl_dump_filter() that
      iterates over a list of filters. And by providing two specialised
      filters print_addrinfo_secondary() and print_addrinfo_primary().
      
      rtnl_dump_filter_l() first iterates over all addresses using
      print_addrinfo_secondary(), which appends secondary addresses to the
      request buffer.  Then again using print_addrinfo_primary() which appends
      primary addresses.
      
      This approach should work regardless of it promote_secondaries is
      active or not. And regardless of if any primary of secondary addresses
      are present or not.
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      b49240ec
    • Andreas Henriksson's avatar
      Add new (iptables 1.4.5 compatible) tc/ipt/xt module. · a36ceb85
      Andreas Henriksson authored
      Add a new cleaned up m_xt.c based on m_xt_old.c
      The new m_xt.c has been updated to use the new names and new api
      that xtables exposes in iptables 1.4.5.
      All the old internal api cruft has also been dropped.
      
      Additionally, a configure script test is added to check for
      the new xtables api and set the TC_CONFIG_XT flag in Config.
      (tc/Makefile already handles this flag in previous commit.)
      Signed-off-by: default avatarAndreas Henriksson <andreas@fatal.se>
      a36ceb85
    • Andreas Henriksson's avatar
      Keep the old tc/ipt/xt module for compatibility. · 80d689d0
      Andreas Henriksson authored
      Move the file and rename the configure flags.
      The file is being kept around for iptables < 1.4.5 compatibility.
      Signed-off-by: default avatarAndreas Henriksson <andreas@fatal.se>
      80d689d0
    • Andreas Henriksson's avatar
      iproute: make ss --help output to stdout · 7a96e199
      Andreas Henriksson authored
      Peter Palfrader said in http://bugs.debian.org/545008 that
      "--help output, if explicitly requested, should go to stdout, not stderr."
      which this patch fixes.
      
      Additionally, the exit code was adjusted to success if help was
      explicitly requested.
      
      (Syntax error still outputs to stderr and has the same exit code.)
      Signed-off-by: default avatarAndreas Henriksson <andreas@fatal.se>
      7a96e199
  2. 02 Dec, 2009 3 commits
    • Patrick McHardy's avatar
      f_fw: fix compat mode · c90308ff
      Patrick McHardy authored
      The kernel takes a lack of options as indication that the fw classifier
      should operate in compatibility mode, where marks are mapped directly to
      classids.
      
      Commit e22b42a2 (tc mask patch) broke this by adding an empty TCA_OPTIONS
      attribute even if no handle is specified. Restore the old behaviour.
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      c90308ff
    • Andreas Henriksson's avatar
      iproute2: use -fPIC in lib/ · 6837f771
      Andreas Henriksson authored
      The static libnetlink.a library is exposed to other users in Debian via the
      "iproute-dev" package. Apparently people are interested in using it in their
      shared libraries and would like to see the code be position independent.
      
      Patch below makes the code under lib/ build with -fPIC.
      
      See http://bugs.debian.org/547602Signed-off-by: default avatarAndreas Henriksson <andreas@fatal.se>
      6837f771
    • Mark Borst's avatar
      iproute: "ip mroute show" doesn't show all output interfaces · 080b3ad4
      Mark Borst authored
      The command "ip mroute show" will only show the first Oif.
      
      mark@flappie:~$ ip mroute show
      (192.168.1.1, 224.0.0.123)       Iif: _rename    Oifs: eth1
      
      mark@flappie:~$ cat /proc/net/ip_mr_cache
      Group    Origin   Iif     Pkts    Bytes    Wrong Oifs
      7B0000E0 0101A8C0 2          0        0        0  0:1    1:1
      
      This shows 2 Oifs here. However, ipmroute.c, function read_mroute_list(), uses sscanf() with a %s mask for oiflist, which stops after the first whitespace (i.e. after Oif 0:1). The patch below fixes this to read until the newline (though I'm not sure whether this is the proper way to fix it).
      
      After this patch:
      mark@flappie:~/iproute-20090324/ip$ ./ip mroute show
      (192.168.1.1, 224.0.0.123)       Iif: _rename    Oifs: eth1 eth0
      
      This patch originally submitted as http://bugs.debian.org/550097Signed-off-by: default avatarAndreas Henriksson <andreas@fatal.se>
      080b3ad4
  3. 01 Dec, 2009 5 commits
  4. 17 Nov, 2009 1 commit
  5. 13 Nov, 2009 3 commits
  6. 10 Nov, 2009 7 commits
    • Stephen Hemminger's avatar
      Add static-syms.h to ignore · a6992a9c
      Stephen Hemminger authored
      a6992a9c
    • Mike Frysinger's avatar
      support static-only systems · f2e27cfb
      Mike Frysinger authored
      The iptables code supports a "no shared libs" mode where it can be used
      without requiring dlfcn related functionality.  This adds similar support
      to iproute2 so that it can easily be used on systems like nommu Linux (but
      obviously with a few limitations -- no dynamic plugins).
      
      Rather than modify every location that uses dlfcn.h, I hooked the dlfcn.h
      header with stub functions when shared library support is disabled.  Then
      symbol lookup is done via a local static lookup table (which is generated
      automatically at build time) so that internal symbols can be found.
      Signed-off-by: default avatarMike Frysinger <vapier@gentoo.org>
      f2e27cfb
    • Mike Frysinger's avatar
      arpd/ifstat/nstat/rtacct: use daemon() · a7a9ddbb
      Mike Frysinger authored
      A bunch of misc utils basically reimplement the daemon() function (the
      whole fork/close/chdir/etc...).  Rather than do that, use daemon() as
      that will work under nommu Linux systems that lack fork().
      Signed-off-by: default avatarMike Frysinger <vapier@gentoo.org>
      a7a9ddbb
    • Patrick McHardy's avatar
      iproute uses too small of a receive buffer · 7f03191f
      Patrick McHardy authored
      It uses 1MB as receive buf limit by default (without
      increasing /proc/sys/net/core/rmem_max it will be limited by less
      however) and allows to specify the size manually using "-rcvbuf X"
      (-r is already used, so you need to specify at least -rc).
      
      Additionally rtnl_listen() continues on ENOBUFS after printing the
      error message.
      7f03191f
    • Sven Anders's avatar
      Fix flushing code - rtnl_send_check · 24f38182
      Sven Anders authored
      I experienced an error, if I try to perform a
      
        ip route flush proto 4
      
      with many routes in a complex environment, it
      gave me the following error:
      
        Failed to send flush request: Success
        Flush terminated
      24f38182
    • Stephen Hemminger's avatar
      Consolidate fprintf statements · 8a1c7fcb
      Stephen Hemminger authored
      Doing one item per call is like old MODULA2 code.
      8a1c7fcb
    • Stephen Hemminger's avatar
      Update to 2.6.32 kernel headers · 8007bfb5
      Stephen Hemminger authored
      8007bfb5
  7. 11 Sep, 2009 2 commits
  8. 10 Sep, 2009 1 commit
  9. 26 Aug, 2009 1 commit
  10. 06 Aug, 2009 3 commits