diff options
| author | Stephen Hemminger <stephen@networkplumber.org> | 2023-11-06 12:40:38 -0800 |
|---|---|---|
| committer | Stephen Hemminger <stephen@networkplumber.org> | 2023-11-06 12:40:38 -0800 |
| commit | cb0709b74f08e3df3b6cd558e519ab34924a40e7 (patch) | |
| tree | eb1bca67f195bb32f6c216871937374bb22cde2d | |
| parent | 6b79bc819fefa18e2ff6e522d303ecb1b1c62cb4 (diff) | |
| parent | 77138a2f947763de872edb41507a93a292139812 (diff) | |
| download | iproute2-cb0709b74f08e3df3b6cd558e519ab34924a40e7.tar.gz | |
Merge branch 'main' of git://git.kernel.org/pub/scm/network/iproute2/iproute2-next
34 files changed, 921 insertions, 217 deletions
@@ -41,7 +41,8 @@ endif DEFINES+=-DCONF_USR_DIR=\"$(CONF_USR_DIR)\" \ -DCONF_ETC_DIR=\"$(CONF_ETC_DIR)\" \ -DNETNS_RUN_DIR=\"$(NETNS_RUN_DIR)\" \ - -DNETNS_ETC_DIR=\"$(NETNS_ETC_DIR)\" + -DNETNS_ETC_DIR=\"$(NETNS_ETC_DIR)\" \ + -DCONF_COLOR=$(CONF_COLOR) #options for AX.25 ADDLIB+=ax25_ntop.o diff --git a/bridge/bridge.c b/bridge/bridge.c index 704be50c7..339101a87 100644 --- a/bridge/bridge.c +++ b/bridge/bridge.c @@ -23,7 +23,6 @@ int preferred_family = AF_UNSPEC; int oneline; int show_stats; int show_details; -static int color; int compress_vlans; int json; int timestamp; @@ -103,6 +102,8 @@ static int batch(const char *name) int main(int argc, char **argv) { + int color = CONF_COLOR; + while (argc > 1) { const char *opt = argv[1]; diff --git a/bridge/fdb.c b/bridge/fdb.c index d7ef26fd7..7b4443661 100644 --- a/bridge/fdb.c +++ b/bridge/fdb.c @@ -45,10 +45,11 @@ static void usage(void) " [ state STATE ] [ dynamic ] ]\n" " bridge fdb get [ to ] LLADDR [ br BRDEV ] { brport | dev } DEV\n" " [ vlan VID ] [ vni VNI ] [ self ] [ master ] [ dynamic ]\n" - " bridge fdb flush dev DEV [ brport DEV ] [ vlan VID ]\n" - " [ self ] [ master ] [ [no]permanent | [no]static | [no]dynamic ]\n" + " bridge fdb flush dev DEV [ brport DEV ] [ vlan VID ] [ src_vni VNI ]\n" + " [ nhid NHID ] [ vni VNI ] [ port PORT ] [ dst IPADDR ] [ self ]\n" + " [ master ] [ [no]permanent | [no]static | [no]dynamic ]\n" " [ [no]added_by_user ] [ [no]extern_learn ] [ [no]sticky ]\n" - " [ [no]offloaded ]\n"); + " [ [no]offloaded ] [ [no]router ]\n"); exit(-1); } @@ -696,10 +697,17 @@ static int fdb_flush(int argc, char **argv) }; unsigned short ndm_state_mask = 0; unsigned short ndm_flags_mask = 0; - short vid = -1, port_ifidx = -1; + short vid = -1, brport_ifidx = -1; + char *d = NULL, *brport = NULL; unsigned short ndm_flags = 0; unsigned short ndm_state = 0; - char *d = NULL, *port = NULL; + unsigned long src_vni = ~0; + unsigned long vni = ~0; + unsigned long port = 0; + inet_prefix dst; + int dst_ok = 0; + __u32 nhid = 0; + char *endptr; while (argc > 0) { if (strcmp(*argv, "dev") == 0) { @@ -751,16 +759,56 @@ static int fdb_flush(int argc, char **argv) } else if (strcmp(*argv, "nooffloaded") == 0) { ndm_flags &= ~NTF_OFFLOADED; ndm_flags_mask |= NTF_OFFLOADED; + } else if (strcmp(*argv, "router") == 0) { + ndm_flags |= NTF_ROUTER; + ndm_flags_mask |= NTF_ROUTER; + } else if (strcmp(*argv, "norouter") == 0) { + ndm_flags &= ~NTF_ROUTER; + ndm_flags_mask |= NTF_ROUTER; } else if (strcmp(*argv, "brport") == 0) { - if (port) + if (brport) duparg2("brport", *argv); NEXT_ARG(); - port = *argv; + brport = *argv; } else if (strcmp(*argv, "vlan") == 0) { if (vid >= 0) duparg2("vlan", *argv); NEXT_ARG(); vid = atoi(*argv); + } else if (strcmp(*argv, "src_vni") == 0) { + NEXT_ARG(); + src_vni = strtoul(*argv, &endptr, 0); + if ((endptr && *endptr) || + (src_vni >> 24) || src_vni == ULONG_MAX) + invarg("invalid src VNI\n", *argv); + } else if (strcmp(*argv, "nhid") == 0) { + NEXT_ARG(); + if (get_u32(&nhid, *argv, 0)) + invarg("\"nid\" value is invalid\n", *argv); + } else if (strcmp(*argv, "vni") == 0) { + NEXT_ARG(); + vni = strtoul(*argv, &endptr, 0); + if ((endptr && *endptr) || + (vni >> 24) || vni == ULONG_MAX) + invarg("invalid VNI\n", *argv); + } else if (strcmp(*argv, "port") == 0) { + NEXT_ARG(); + port = strtoul(*argv, &endptr, 0); + if (endptr && *endptr) { + struct servent *pse; + + pse = getservbyname(*argv, "udp"); + if (!pse) + invarg("invalid port\n", *argv); + port = ntohs(pse->s_port); + } else if (port > 0xffff) + invarg("invalid port\n", *argv); + } else if (strcmp(*argv, "dst") == 0) { + NEXT_ARG(); + if (dst_ok) + duparg2("dst", *argv); + get_addr(&dst, *argv, preferred_family); + dst_ok = 1; } else if (strcmp(*argv, "help") == 0) { NEXT_ARG(); } else { @@ -783,11 +831,11 @@ static int fdb_flush(int argc, char **argv) return -1; } - if (port) { - port_ifidx = ll_name_to_index(port); - if (port_ifidx == 0) { + if (brport) { + brport_ifidx = ll_name_to_index(brport); + if (brport_ifidx == 0) { fprintf(stderr, "Cannot find bridge port device \"%s\"\n", - port); + brport); return -1; } } @@ -803,10 +851,24 @@ static int fdb_flush(int argc, char **argv) req.ndm.ndm_flags = ndm_flags; req.ndm.ndm_state = ndm_state; - if (port_ifidx > -1) - addattr32(&req.n, sizeof(req), NDA_IFINDEX, port_ifidx); + if (brport_ifidx > -1) + addattr32(&req.n, sizeof(req), NDA_IFINDEX, brport_ifidx); if (vid > -1) addattr16(&req.n, sizeof(req), NDA_VLAN, vid); + if (src_vni != ~0) + addattr32(&req.n, sizeof(req), NDA_SRC_VNI, src_vni); + if (nhid > 0) + addattr32(&req.n, sizeof(req), NDA_NH_ID, nhid); + if (vni != ~0) + addattr32(&req.n, sizeof(req), NDA_VNI, vni); + if (port) { + unsigned short dport; + + dport = htons((unsigned short)port); + addattr16(&req.n, sizeof(req), NDA_PORT, dport); + } + if (dst_ok) + addattr_l(&req.n, sizeof(req), NDA_DST, &dst.data, dst.bytelen); if (ndm_flags_mask) addattr8(&req.n, sizeof(req), NDA_NDM_FLAGS_MASK, ndm_flags_mask); diff --git a/bridge/mdb.c b/bridge/mdb.c index 18793458e..dc8007914 100644 --- a/bridge/mdb.c +++ b/bridge/mdb.c @@ -36,7 +36,8 @@ static void usage(void) "Usage: bridge mdb { add | del | replace } dev DEV port PORT grp GROUP [src SOURCE] [permanent | temp] [vid VID]\n" " [ filter_mode { include | exclude } ] [ source_list SOURCE_LIST ] [ proto PROTO ] [ dst IPADDR ]\n" " [ dst_port DST_PORT ] [ vni VNI ] [ src_vni SRC_VNI ] [ via DEV ]\n" - " bridge mdb {show} [ dev DEV ] [ vid VID ]\n"); + " bridge mdb {show} [ dev DEV ] [ vid VID ]\n" + " bridge mdb get dev DEV grp GROUP [ src SOURCE ] [ vid VID ] [ src_vni SRC_VNI ]\n"); exit(-1); } @@ -848,6 +849,100 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv) return 0; } +static int mdb_get(int argc, char **argv) +{ + struct { + struct nlmsghdr n; + struct br_port_msg bpm; + char buf[1024]; + } req = { + .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct br_port_msg)), + .n.nlmsg_flags = NLM_F_REQUEST, + .n.nlmsg_type = RTM_GETMDB, + .bpm.family = PF_BRIDGE, + }; + char *d = NULL, *grp = NULL, *src = NULL, *src_vni = NULL; + struct br_mdb_entry entry = {}; + struct nlmsghdr *answer; + bool get_attrs = false; + short vid = 0; + int ret = 0; + + while (argc > 0) { + if (strcmp(*argv, "dev") == 0) { + NEXT_ARG(); + d = *argv; + } else if (strcmp(*argv, "grp") == 0) { + NEXT_ARG(); + grp = *argv; + } else if (strcmp(*argv, "vid") == 0) { + NEXT_ARG(); + vid = atoi(*argv); + } else if (strcmp(*argv, "src") == 0) { + NEXT_ARG(); + src = *argv; + get_attrs = true; + } else if (strcmp(*argv, "src_vni") == 0) { + NEXT_ARG(); + src_vni = *argv; + get_attrs = true; + } else { + if (strcmp(*argv, "help") == 0) + usage(); + } + argc--; argv++; + } + + if (d == NULL || grp == NULL) { + fprintf(stderr, "Device and group address are required arguments.\n"); + return -1; + } + + req.bpm.ifindex = ll_name_to_index(d); + if (!req.bpm.ifindex) + return nodev(d); + + if (mdb_parse_grp(grp, &entry)) { + fprintf(stderr, "Invalid address \"%s\"\n", grp); + return -1; + } + + entry.vid = vid; + addattr_l(&req.n, sizeof(req), MDBA_GET_ENTRY, &entry, sizeof(entry)); + if (get_attrs) { + struct rtattr *nest = addattr_nest(&req.n, sizeof(req), + MDBA_GET_ENTRY_ATTRS); + + nest->rta_type |= NLA_F_NESTED; + + if (src && mdb_parse_src(&req.n, sizeof(req), src)) { + fprintf(stderr, "Invalid source address \"%s\"\n", src); + return -1; + } + + if (src_vni && mdb_parse_vni(&req.n, sizeof(req), src_vni, + MDBE_ATTR_SRC_VNI)) { + fprintf(stderr, "Invalid source VNI \"%s\"\n", src_vni); + return -1; + } + + addattr_nest_end(&req.n, nest); + } + + if (rtnl_talk(&rth, &req.n, &answer) < 0) + return -2; + + new_json_obj(json); + + if (print_mdbs(answer, stdout) < 0) + ret = -1; + + delete_json_obj(); + free(answer); + + return ret; +} + int do_mdb(int argc, char **argv) { ll_init_map(&rth); @@ -865,6 +960,8 @@ int do_mdb(int argc, char **argv) matches(*argv, "lst") == 0 || matches(*argv, "list") == 0) return mdb_show(argc-1, argv+1); + if (strcmp(*argv, "get") == 0) + return mdb_get(argc-1, argv+1); if (matches(*argv, "help") == 0) usage(); } else @@ -5,6 +5,7 @@ INCLUDE="$PWD/include" PREFIX="/usr" LIBDIR="\${prefix}/lib" +COLOR="never" # Output file which is input to Makefile CONFIG=config.mk @@ -479,6 +480,24 @@ check_cap() fi } +check_color() +{ + case "$COLOR" in + never) + echo 'CONF_COLOR:=COLOR_OPT_NEVER' >> $CONFIG + echo 'never' + ;; + auto) + echo 'CONF_COLOR:=COLOR_OPT_AUTO' >> $CONFIG + echo 'auto' + ;; + always) + echo 'CONF_COLOR:=COLOR_OPT_ALWAYS' >> $CONFIG + echo 'always' + ;; + esac +} + quiet_config() { cat <<EOF @@ -509,6 +528,10 @@ usage() { cat <<EOF Usage: $0 [OPTIONS] + --color <never|auto|always> Default color output configuration. Available options: + never: color output is disabled (default) + auto: color output is enabled if stdout is a terminal + always: color output is enabled regardless of stdout state --include_dir <dir> Path to iproute2 include dir --libdir <dir> Path to iproute2 lib dir --libbpf_dir <dir> Path to libbpf DESTDIR @@ -527,6 +550,11 @@ if [ $# -eq 1 ] && [ "$(echo $1 | cut -c 1)" != '-' ]; then else while [ "$#" -gt 0 ]; do case "$1" in + --color) + shift + COLOR="$1" ;; + --color=*) + COLOR="${1#*=}" ;; --include_dir) shift INCLUDE="$1" ;; @@ -563,6 +591,12 @@ else done fi +case "$COLOR" in + never) ;; + auto) ;; + always) ;; + *) usage 1 ;; +esac [ -d "$INCLUDE" ] || usage 1 if [ "${LIBBPF_DIR-unused}" != "unused" ]; then [ -d "$LIBBPF_DIR" ] || usage 1 @@ -634,6 +668,9 @@ check_strlcpy echo -n "libcap support: " check_cap +echo -n "color output: " +check_color + echo >> $CONFIG echo "%.o: %.c" >> $CONFIG echo ' $(QUIET_CC)$(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(CPPFLAGS) -c -o $@ $<' >> $CONFIG diff --git a/devlink/devlink.c b/devlink/devlink.c index d1795f616..3baad3557 100644 --- a/devlink/devlink.c +++ b/devlink/devlink.c @@ -2271,6 +2271,30 @@ static int dl_argv_parse(struct dl *dl, uint64_t o_required, if (mig) opts->port_fn_caps.value |= DEVLINK_PORT_FN_CAP_MIGRATABLE; o_found |= DL_OPT_PORT_FN_CAPS; + } else if (dl_argv_match(dl, "ipsec_crypto") && + (o_all & DL_OPT_PORT_FN_CAPS)) { + bool ipsec_crypto; + + dl_arg_inc(dl); + err = dl_argv_bool(dl, &ipsec_crypto); + if (err) + return err; + opts->port_fn_caps.selector |= DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO; + if (ipsec_crypto) + opts->port_fn_caps.value |= DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO; + o_found |= DL_OPT_PORT_FN_CAPS; + } else if (dl_argv_match(dl, "ipsec_packet") && + (o_all & DL_OPT_PORT_FN_CAPS)) { + bool ipsec_packet; + + dl_arg_inc(dl); + err = dl_argv_bool(dl, &ipsec_packet); + if (err) + return err; + opts->port_fn_caps.selector |= DEVLINK_PORT_FN_CAP_IPSEC_PACKET; + if (ipsec_packet) + opts->port_fn_caps.value |= DEVLINK_PORT_FN_CAP_IPSEC_PACKET; + o_found |= DL_OPT_PORT_FN_CAPS; } else { pr_err("Unknown option \"%s\"\n", dl_argv(dl)); return -EINVAL; @@ -4644,6 +4668,7 @@ static void cmd_port_help(void) pr_err(" devlink port unsplit DEV/PORT_INDEX\n"); pr_err(" devlink port function set DEV/PORT_INDEX [ hw_addr ADDR ] [ state { active | inactive } ]\n"); pr_err(" [ roce { enable | disable } ] [ migratable { enable | disable } ]\n"); + pr_err(" [ ipsec_crypto { enable | disable } ] [ ipsec_packet { enable | disable } ]\n"); pr_err(" devlink port function rate { help | show | add | del | set }\n"); pr_err(" devlink port param set DEV/PORT_INDEX name PARAMETER value VALUE cmode { permanent | driverinit | runtime }\n"); pr_err(" devlink port param show [DEV/PORT_INDEX name PARAMETER]\n"); @@ -4769,6 +4794,14 @@ static void pr_out_port_function(struct dl *dl, struct nlattr **tb_port) print_string(PRINT_ANY, "migratable", " migratable %s", port_fn_caps->value & DEVLINK_PORT_FN_CAP_MIGRATABLE ? "enable" : "disable"); + if (port_fn_caps->selector & DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO) + print_string(PRINT_ANY, "ipsec_crypto", " ipsec_crypto %s", + port_fn_caps->value & DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO ? + "enable" : "disable"); + if (port_fn_caps->selector & DEVLINK_PORT_FN_CAP_IPSEC_PACKET) + print_string(PRINT_ANY, "ipsec_packet", " ipsec_packet %s", + port_fn_caps->value & DEVLINK_PORT_FN_CAP_IPSEC_PACKET ? + "enable" : "disable"); } if (!dl->json_output) @@ -4960,6 +4993,7 @@ static void cmd_port_function_help(void) { pr_err("Usage: devlink port function set DEV/PORT_INDEX [ hw_addr ADDR ] [ state { active | inactive } ]\n"); pr_err(" [ roce { enable | disable } ] [ migratable { enable | disable } ]\n"); + pr_err(" [ ipsec_crypto { enable | disable } ] [ ipsec_packet { enable | disable } ]\n"); pr_err(" devlink port function rate { help | show | add | del | set }\n"); } diff --git a/include/bpf_util.h b/include/bpf_util.h index 1c924f501..8951a5e84 100644 --- a/include/bpf_util.h +++ b/include/bpf_util.h @@ -273,10 +273,10 @@ void bpf_print_ops(struct rtattr *bpf_ops, __u16 len); int bpf_prog_load_dev(enum bpf_prog_type type, const struct bpf_insn *insns, size_t size_insns, const char *license, __u32 ifindex, - char *log, size_t size_log); + char *log, size_t size_log, bool verbose); int bpf_program_load(enum bpf_prog_type type, const struct bpf_insn *insns, size_t size_insns, const char *license, char *log, - size_t size_log); + size_t size_log, bool verbose); int bpf_prog_attach_fd(int prog_fd, int target_fd, enum bpf_attach_type type); int bpf_prog_detach_fd(int target_fd, enum bpf_attach_type type); diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index f6f4347b7..cdd6006d7 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -932,7 +932,14 @@ enum bpf_map_type { */ BPF_MAP_TYPE_CGROUP_STORAGE = BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED, BPF_MAP_TYPE_REUSEPORT_SOCKARRAY, - BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE, + BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE_DEPRECATED, + /* BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE is available to bpf programs + * attaching to a cgroup. The new mechanism (BPF_MAP_TYPE_CGRP_STORAGE + + * local percpu kptr) supports all BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE + * functionality and more. So mark * BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE + * deprecated. + */ + BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE_DEPRECATED, BPF_MAP_TYPE_QUEUE, BPF_MAP_TYPE_STACK, BPF_MAP_TYPE_SK_STORAGE, @@ -1040,6 +1047,13 @@ enum bpf_attach_type { BPF_TCX_INGRESS, BPF_TCX_EGRESS, BPF_TRACE_UPROBE_MULTI, + BPF_CGROUP_UNIX_CONNECT, + BPF_CGROUP_UNIX_SENDMSG, + BPF_CGROUP_UNIX_RECVMSG, + BPF_CGROUP_UNIX_GETPEERNAME, + BPF_CGROUP_UNIX_GETSOCKNAME, + BPF_NETKIT_PRIMARY, + BPF_NETKIT_PEER, __MAX_BPF_ATTACH_TYPE }; @@ -1059,6 +1073,7 @@ enum bpf_link_type { BPF_LINK_TYPE_NETFILTER = 10, BPF_LINK_TYPE_TCX = 11, BPF_LINK_TYPE_UPROBE_MULTI = 12, + BPF_LINK_TYPE_NETKIT = 13, MAX_BPF_LINK_TYPE, }; @@ -1644,6 +1659,13 @@ union bpf_attr { __u32 flags; __u32 pid; } uprobe_multi; + struct { + union { + __u32 relative_fd; + __u32 relative_id; + }; + __u64 expected_revision; + } netkit; }; } link_create; @@ -2697,8 +2719,8 @@ union bpf_attr { * *bpf_socket* should be one of the following: * * * **struct bpf_sock_ops** for **BPF_PROG_TYPE_SOCK_OPS**. - * * **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT** - * and **BPF_CGROUP_INET6_CONNECT**. + * * **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT**, + * **BPF_CGROUP_INET6_CONNECT** and **BPF_CGROUP_UNIX_CONNECT**. * * This helper actually implements a subset of **setsockopt()**. * It supports the following *level*\ s: @@ -2936,8 +2958,8 @@ union bpf_attr { * *bpf_socket* should be one of the following: * * * **struct bpf_sock_ops** for **BPF_PROG_TYPE_SOCK_OPS**. - * * **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT** - * and **BPF_CGROUP_INET6_CONNECT**. + * * **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT**, + * **BPF_CGROUP_INET6_CONNECT** and **BPF_CGROUP_UNIX_CONNECT**. * * This helper actually implements a subset of **getsockopt()**. * It supports the same set of *optname*\ s that is supported by @@ -3257,6 +3279,11 @@ union bpf_attr { * and *params*->smac will not be set as output. A common * use case is to call **bpf_redirect_neigh**\ () after * doing **bpf_fib_lookup**\ (). + * **BPF_FIB_LOOKUP_SRC** + * Derive and set source IP addr in *params*->ipv{4,6}_src + * for the nexthop. If the src addr cannot be derived, + * **BPF_FIB_LKUP_RET_NO_SRC_ADDR** is returned. In this + * case, *params*->dmac and *params*->smac are not set either. * * *ctx* is either **struct xdp_md** for XDP programs or * **struct sk_buff** tc cls_act programs. @@ -5089,6 +5116,8 @@ union bpf_attr { * **BPF_F_TIMER_ABS** * Start the timer in absolute expire value instead of the * default relative one. + * **BPF_F_TIMER_CPU_PIN** + * Timer will be pinned to the CPU of the caller. * * Return * 0 on success. @@ -6525,6 +6554,7 @@ struct bpf_link_info { __aligned_u64 addrs; __u32 count; /* in/out: kprobe_multi function count */ __u32 flags; + __u64 missed; } kprobe_multi; struct { __u32 type; /* enum bpf_perf_event_type */ @@ -6540,6 +6570,7 @@ struct bpf_link_info { __u32 name_len; __u32 offset; /* offset from func_name */ __u64 addr; + __u64 missed; } kprobe; /* BPF_PERF_EVENT_KPROBE, BPF_PERF_EVENT_KRETPROBE */ struct { __aligned_u64 tp_name; /* in/out */ @@ -6555,6 +6586,10 @@ struct bpf_link_info { __u32 ifindex; __u32 attach_type; } tcx; + struct { + __u32 ifindex; + __u32 attach_type; + } netkit; }; } __attribute__((aligned(8))); @@ -6953,6 +6988,7 @@ enum { BPF_FIB_LOOKUP_OUTPUT = (1U << 1), BPF_FIB_LOOKUP_SKIP_NEIGH = (1U << 2), BPF_FIB_LOOKUP_TBID = (1U << 3), + BPF_FIB_LOOKUP_SRC = (1U << 4), }; enum { @@ -6965,6 +7001,7 @@ enum { BPF_FIB_LKUP_RET_UNSUPP_LWT, /* fwd requires encapsulation */ BPF_FIB_LKUP_RET_NO_NEIGH, /* no neighbor entry for nh */ BPF_FIB_LKUP_RET_FRAG_NEEDED, /* fragmentation required to fwd */ + BPF_FIB_LKUP_RET_NO_SRC_ADDR, /* failed to derive IP src addr */ }; struct bpf_fib_lookup { @@ -6999,6 +7036,9 @@ struct bpf_fib_lookup { __u32 rt_metric; }; + /* input: source address to consider for lookup + * output: source address result from lookup + */ union { __be32 ipv4_src; __u32 ipv6_src[4]; /* in6_addr; network order */ @@ -7300,9 +7340,11 @@ struct bpf_core_relo { * Flags to control bpf_timer_start() behaviour. * - BPF_F_TIMER_ABS: Timeout passed is absolute time, by default it is * relative to current time. + * - BPF_F_TIMER_CPU_PIN: Timer will be pinned to the CPU of the caller. */ enum { BPF_F_TIMER_ABS = (1ULL << 0), + BPF_F_TIMER_CPU_PIN = (1ULL << 1), }; /* BPF numbers iterator state */ diff --git a/include/uapi/linux/devlink.h b/include/uapi/linux/devlink.h index 8b9b98e75..fc554a898 100644 --- a/include/uapi/linux/devlink.h +++ b/include/uapi/linux/devlink.h @@ -265,7 +265,7 @@ enum { * Documentation/networking/devlink/devlink-flash.rst * */ -enum { +enum devlink_flash_overwrite { DEVLINK_FLASH_OVERWRITE_SETTINGS_BIT, DEVLINK_FLASH_OVERWRITE_IDENTIFIERS_BIT, @@ -680,6 +680,7 @@ enum devlink_port_function_attr { DEVLINK_PORT_FN_ATTR_STATE, /* u8 */ DEVLINK_PORT_FN_ATTR_OPSTATE, /* u8 */ DEVLINK_PORT_FN_ATTR_CAPS, /* bitfield32 */ + DEVLINK_PORT_FN_ATTR_DEVLINK, /* nested */ __DEVLINK_PORT_FUNCTION_ATTR_MAX, DEVLINK_PORT_FUNCTION_ATTR_MAX = __DEVLINK_PORT_FUNCTION_ATTR_MAX - 1 diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h index e3d55b12b..adb75f7db 100644 --- a/include/uapi/linux/if_bridge.h +++ b/include/uapi/linux/if_bridge.h @@ -723,6 +723,24 @@ enum { }; #define MDBA_SET_ENTRY_MAX (__MDBA_SET_ENTRY_MAX - 1) +/* [MDBA_GET_ENTRY] = { + * struct br_mdb_entry + * [MDBA_GET_ENTRY_ATTRS] = { + * [MDBE_ATTR_SOURCE] + * struct in_addr / struct in6_addr + * [MDBE_ATTR_SRC_VNI] + * u32 + * } + * } + */ +enum { + MDBA_GET_ENTRY_UNSPEC, + MDBA_GET_ENTRY, + MDBA_GET_ENTRY_ATTRS, + __MDBA_GET_ENTRY_MAX, +}; +#define MDBA_GET_ENTRY_MAX (__MDBA_GET_ENTRY_MAX - 1) + /* [MDBA_SET_ENTRY_ATTRS] = { * [MDBE_ATTR_xxx] * ... diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index c2ca7a6ad..c146352f5 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -376,7 +376,7 @@ enum { IFLA_GSO_IPV4_MAX_SIZE, IFLA_GRO_IPV4_MAX_SIZE, - + IFLA_DPLL_PIN, __IFLA_MAX }; @@ -508,6 +508,8 @@ enum { IFLA_BR_VLAN_STATS_PER_PORT, IFLA_BR_MULTI_BOOLOPT, IFLA_BR_MCAST_QUERIER_STATE, + IFLA_BR_FDB_N_LEARNED, + IFLA_BR_FDB_MAX_LEARNED, __IFLA_BR_MAX, }; @@ -754,6 +756,30 @@ struct tunnel_msg { __u32 ifindex; }; +/* netkit section */ +enum netkit_action { + NETKIT_NEXT = -1, + NETKIT_PASS = 0, + NETKIT_DROP = 2, + NETKIT_REDIRECT = 7, +}; + +enum netkit_mode { + NETKIT_L2, + NETKIT_L3, +}; + +enum { + IFLA_NETKIT_UNSPEC, + IFLA_NETKIT_PEER_INFO, + IFLA_NETKIT_PRIMARY, + IFLA_NETKIT_POLICY, + IFLA_NETKIT_PEER_POLICY, + IFLA_NETKIT_MODE, + __IFLA_NETKIT_MAX, +}; +#define IFLA_NETKIT_MAX (__IFLA_NETKIT_MAX - 1) + /* VXLAN section */ /* include statistics in the dump */ @@ -1390,7 +1416,9 @@ enum { enum { IFLA_DSA_UNSPEC, - IFLA_DSA_MASTER, + IFLA_DSA_CONDUIT, + /* Deprecated, use IFLA_DSA_CONDUIT instead */ + IFLA_DSA_MASTER = IFLA_DSA_CONDUIT, __IFLA_DSA_MAX, }; diff --git a/include/uapi/linux/mptcp.h b/include/uapi/linux/mptcp.h index 159d32f04..99b555758 100644 --- a/include/uapi/linux/mptcp.h +++ b/include/uapi/linux/mptcp.h @@ -21,91 +21,20 @@ #define MPTCP_SUBFLOW_FLAG_CONNECTED _BITUL(7) #define MPTCP_SUBFLOW_FLAG_MAPVALID _BITUL(8) -enum { - MPTCP_SUBFLOW_ATTR_UNSPEC, - MPTCP_SUBFLOW_ATTR_TOKEN_REM, - MPTCP_SUBFLOW_ATTR_TOKEN_LOC, - MPTCP_SUBFLOW_ATTR_RELWRITE_SEQ, - MPTCP_SUBFLOW_ATTR_MAP_SEQ, - MPTCP_SUBFLOW_ATTR_MAP_SFSEQ, - MPTCP_SUBFLOW_ATTR_SSN_OFFSET, - MPTCP_SUBFLOW_ATTR_MAP_DATALEN, - MPTCP_SUBFLOW_ATTR_FLAGS, - MPTCP_SUBFLOW_ATTR_ID_REM, - MPTCP_SUBFLOW_ATTR_ID_LOC, - MPTCP_SUBFLOW_ATTR_PAD, - __MPTCP_SUBFLOW_ATTR_MAX -}; - -#define MPTCP_SUBFLOW_ATTR_MAX (__MPTCP_SUBFLOW_ATTR_MAX - 1) - -/* netlink interface */ -#define MPTCP_PM_NAME "mptcp_pm" #define MPTCP_PM_CMD_GRP_NAME "mptcp_pm_cmds" #define MPTCP_PM_EV_GRP_NAME "mptcp_pm_events" -#define MPTCP_PM_VER 0x1 - -/* - * ATTR types defined for MPTCP - */ -enum { - MPTCP_PM_ATTR_UNSPEC, - - MPTCP_PM_ATTR_ADDR, /* nested address */ - MPTCP_PM_ATTR_RCV_ADD_ADDRS, /* u32 */ - MPTCP_PM_ATTR_SUBFLOWS, /* u32 */ - MPTCP_PM_ATTR_TOKEN, /* u32 */ - MPTCP_PM_ATTR_LOC_ID, /* u8 */ - MPTCP_PM_ATTR_ADDR_REMOTE, /* nested address */ - - __MPTCP_PM_ATTR_MAX -}; - -#define MPTCP_PM_ATTR_MAX (__MPTCP_PM_ATTR_MAX - 1) - -enum { - MPTCP_PM_ADDR_ATTR_UNSPEC, - - MPTCP_PM_ADDR_ATTR_FAMILY, /* u16 */ - MPTCP_PM_ADDR_ATTR_ID, /* u8 */ - MPTCP_PM_ADDR_ATTR_ADDR4, /* struct in_addr */ - MPTCP_PM_ADDR_ATTR_ADDR6, /* struct in6_addr */ - MPTCP_PM_ADDR_ATTR_PORT, /* u16 */ - MPTCP_PM_ADDR_ATTR_FLAGS, /* u32 */ - MPTCP_PM_ADDR_ATTR_IF_IDX, /* s32 */ - - __MPTCP_PM_ADDR_ATTR_MAX -}; - -#define MPTCP_PM_ADDR_ATTR_MAX (__MPTCP_PM_ADDR_ATTR_MAX - 1) - -#define MPTCP_PM_ADDR_FLAG_SIGNAL (1 << 0) -#define MPTCP_PM_ADDR_FLAG_SUBFLOW (1 << 1) -#define MPTCP_PM_ADDR_FLAG_BACKUP (1 << 2) -#define MPTCP_PM_ADDR_FLAG_FULLMESH (1 << 3) -#define MPTCP_PM_ADDR_FLAG_IMPLICIT (1 << 4) - -enum { - MPTCP_PM_CMD_UNSPEC, - MPTCP_PM_CMD_ADD_ADDR, - MPTCP_PM_CMD_DEL_ADDR, - MPTCP_PM_CMD_GET_ADDR, - MPTCP_PM_CMD_FLUSH_ADDRS, - MPTCP_PM_CMD_SET_LIMITS, - MPTCP_PM_CMD_GET_LIMITS, - MPTCP_PM_CMD_SET_FLAGS, - MPTCP_PM_CMD_ANNOUNCE, - MPTCP_PM_CMD_REMOVE, - MPTCP_PM_CMD_SUBFLOW_CREATE, - MPTCP_PM_CMD_SUBFLOW_DESTROY, - - __MPTCP_PM_CMD_AFTER_LAST -}; +#include <linux/mptcp_pm.h> #define MPTCP_INFO_FLAG_FALLBACK _BITUL(0) #define MPTCP_INFO_FLAG_REMOTE_KEY_RECEIVED _BITUL(1) +#define MPTCP_PM_ADDR_FLAG_SIGNAL (1 << 0) +#define MPTCP_PM_ADDR_FLAG_SUBFLOW (1 << 1) +#define MPTCP_PM_ADDR_FLAG_BACKUP (1 << 2) +#define MPTCP_PM_ADDR_FLAG_FULLMESH (1 << 3) +#define MPTCP_PM_ADDR_FLAG_IMPLICIT (1 << 4) + struct mptcp_info { __u8 mptcpi_subflows; __u8 mptcpi_add_addr_signal; @@ -128,93 +57,6 @@ struct mptcp_info { __u64 mptcpi_bytes_acked; }; -/* - * MPTCP_EVENT_CREATED: token, family, saddr4 | saddr6, daddr4 | daddr6, - * sport, dport - * A new MPTCP connection has been created. It is the good time to allocate - * memory and send ADD_ADDR if needed. Depending on the traffic-patterns - * it can take a long time until the MPTCP_EVENT_ESTABLISHED is sent. - * - * MPTCP_EVENT_ESTABLISHED: token, family, saddr4 | saddr6, daddr4 | daddr6, - * sport, dport - * A MPTCP connection is established (can start new subflows). - * - * MPTCP_EVENT_CLOSED: token - * A MPTCP connection has stopped. - * - * MPTCP_EVENT_ANNOUNCED: token, rem_id, family, daddr4 | daddr6 [, dport] - * A new address has been announced by the peer. - * - * MPTCP_EVENT_REMOVED: token, rem_id - * An address has been lost by the peer. - * - * MPTCP_EVENT_SUB_ESTABLISHED: token, family, loc_id, rem_id, - * saddr4 | saddr6, daddr4 | daddr6, sport, - * dport, backup, if_idx [, error] - * A new subflow has been established. 'error' should not be set. - * - * MPTCP_EVENT_SUB_CLOSED: token, family, loc_id, rem_id, saddr4 | saddr6, - * daddr4 | daddr6, sport, dport, backup, if_idx - * [, error] - * A subflow has been closed. An error (copy of sk_err) could be set if an - * error has been detected for this subflow. - * - * MPTCP_EVENT_SUB_PRIORITY: token, family, loc_id, rem_id, saddr4 | saddr6, - * daddr4 | daddr6, sport, dport, backup, if_idx - * [, error] - * The priority of a subflow has changed. 'error' should not be set. - * - * MPTCP_EVENT_LISTENER_CREATED: family, sport, saddr4 | saddr6 - * A new PM listener is created. - * - * MPTCP_EVENT_LISTENER_CLOSED: family, sport, saddr4 | saddr6 - * A PM listener is closed. - */ -enum mptcp_event_type { - MPTCP_EVENT_UNSPEC = 0, - MPTCP_EVENT_CREATED = 1, - MPTCP_EVENT_ESTABLISHED = 2, - MPTCP_EVENT_CLOSED = 3, - - MPTCP_EVENT_ANNOUNCED = 6, - MPTCP_EVENT_REMOVED = 7, - - MPTCP_EVENT_SUB_ESTABLISHED = 10, - MPTCP_EVENT_SUB_CLOSED = 11, - - MPTCP_EVENT_SUB_PRIORITY = 13, - - MPTCP_EVENT_LISTENER_CREATED = 15, - MPTCP_EVENT_LISTENER_CLOSED = 16, -}; - -enum mptcp_event_attr { - MPTCP_ATTR_UNSPEC = 0, - - MPTCP_ATTR_TOKEN, /* u32 */ - MPTCP_ATTR_FAMILY, /* u16 */ - MPTCP_ATTR_LOC_ID, /* u8 */ - MPTCP_ATTR_REM_ID, /* u8 */ - MPTCP_ATTR_SADDR4, /* be32 */ - MPTCP_ATTR_SADDR6, /* struct in6_addr */ - MPTCP_ATTR_DADDR4, /* be32 */ - MPTCP_ATTR_DADDR6, /* struct in6_addr */ - MPTCP_ATTR_SPORT, /* be16 */ - MPTCP_ATTR_DPORT, /* be16 */ - MPTCP_ATTR_BACKUP, /* u8 */ - MPTCP_ATTR_ERROR, /* u8 */ - MPTCP_ATTR_FLAGS, /* u16 */ - MPTCP_ATTR_TIMEOUT, /* u32 */ - MPTCP_ATTR_IF_IDX, /* s32 */ - MPTCP_ATTR_RESET_REASON,/* u32 */ - MPTCP_ATTR_RESET_FLAGS, /* u32 */ - MPTCP_ATTR_SERVER_SIDE, /* u8 */ - - __MPTCP_ATTR_AFTER_LAST -}; - -#define MPTCP_ATTR_MAX (__MPTCP_ATTR_AFTER_LAST - 1) - /* MPTCP Reset reason codes, rfc8684 */ #define MPTCP_RST_EUNSPEC 0 #define MPTCP_RST_EMPTCP 1 diff --git a/include/uapi/linux/mptcp_pm.h b/include/uapi/linux/mptcp_pm.h new file mode 100644 index 000000000..3a4912a2f --- /dev/null +++ b/include/uapi/linux/mptcp_pm.h @@ -0,0 +1,150 @@ +/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) */ +/* Do not edit directly, auto-generated from: */ +/* Documentation/netlink/specs/mptcp.yaml */ +/* YNL-GEN uapi header */ + +#ifndef _LINUX_MPTCP_PM_H +#define _LINUX_MPTCP_PM_H + +#define MPTCP_PM_NAME "mptcp_pm" +#define MPTCP_PM_VER 1 + +/** + * enum mptcp_event_type + * @MPTCP_EVENT_UNSPEC: unused event + * @MPTCP_EVENT_CREATED: token, family, saddr4 | saddr6, daddr4 | daddr6, + * sport, dport A new MPTCP connection has been created. It is the good time + * to allocate memory and send ADD_ADDR if needed. Depending on the + * traffic-patterns it can take a long time until the MPTCP_EVENT_ESTABLISHED + * is sent. + * @MPTCP_EVENT_ESTABLISHED: token, family, saddr4 | saddr6, daddr4 | daddr6, + * sport, dport A MPTCP connection is established (can start new subflows). + * @MPTCP_EVENT_CLOSED: token A MPTCP connection has stopped. + * @MPTCP_EVENT_ANNOUNCED: token, rem_id, family, daddr4 | daddr6 [, dport] A + * new address has been announced by the peer. + * @MPTCP_EVENT_REMOVED: token, rem_id An address has been lost by the peer. + * @MPTCP_EVENT_SUB_ESTABLISHED: token, family, loc_id, rem_id, saddr4 | + * saddr6, daddr4 | daddr6, sport, dport, backup, if_idx [, error] A new + * subflow has been established. 'error' should not be set. + * @MPTCP_EVENT_SUB_CLOSED: token, family, loc_id, rem_id, saddr4 | saddr6, + * daddr4 | daddr6, sport, dport, backup, if_idx [, error] A subflow has been + * closed. An error (copy of sk_err) could be set if an error has been + * detected for this subflow. + * @MPTCP_EVENT_SUB_PRIORITY: token, family, loc_id, rem_id, saddr4 | saddr6, + * daddr4 | daddr6, sport, dport, backup, if_idx [, error] The priority of a + * subflow has changed. 'error' should not be set. + * @MPTCP_EVENT_LISTENER_CREATED: family, sport, saddr4 | saddr6 A new PM + * listener is created. + * @MPTCP_EVENT_LISTENER_CLOSED: family, sport, saddr4 | saddr6 A PM listener + * is closed. + */ +enum mptcp_event_type { + MPTCP_EVENT_UNSPEC, + MPTCP_EVENT_CREATED, + MPTCP_EVENT_ESTABLISHED, + MPTCP_EVENT_CLOSED, + MPTCP_EVENT_ANNOUNCED = 6, + MPTCP_EVENT_REMOVED, + MPTCP_EVENT_SUB_ESTABLISHED = 10, + MPTCP_EVENT_SUB_CLOSED, + MPTCP_EVENT_SUB_PRIORITY = 13, + MPTCP_EVENT_LISTENER_CREATED = 15, + MPTCP_EVENT_LISTENER_CLOSED, +}; + +enum { + MPTCP_PM_ADDR_ATTR_UNSPEC, + MPTCP_PM_ADDR_ATTR_FAMILY, + MPTCP_PM_ADDR_ATTR_ID, + MPTCP_PM_ADDR_ATTR_ADDR4, + MPTCP_PM_ADDR_ATTR_ADDR6, + MPTCP_PM_ADDR_ATTR_PORT, + MPTCP_PM_ADDR_ATTR_FLAGS, + MPTCP_PM_ADDR_ATTR_IF_IDX, + + __MPTCP_PM_ADDR_ATTR_MAX +}; +#define MPTCP_PM_ADDR_ATTR_MAX (__MPTCP_PM_ADDR_ATTR_MAX - 1) + +enum { + MPTCP_SUBFLOW_ATTR_UNSPEC, + MPTCP_SUBFLOW_ATTR_TOKEN_REM, + MPTCP_SUBFLOW_ATTR_TOKEN_LOC, + MPTCP_SUBFLOW_ATTR_RELWRITE_SEQ, + MPTCP_SUBFLOW_ATTR_MAP_SEQ, + MPTCP_SUBFLOW_ATTR_MAP_SFSEQ, + MPTCP_SUBFLOW_ATTR_SSN_OFFSET, + MPTCP_SUBFLOW_ATTR_MAP_DATALEN, + MPTCP_SUBFLOW_ATTR_FLAGS, + MPTCP_SUBFLOW_ATTR_ID_REM, + MPTCP_SUBFLOW_ATTR_ID_LOC, + MPTCP_SUBFLOW_ATTR_PAD, + + __MPTCP_SUBFLOW_ATTR_MAX +}; +#define MPTCP_SUBFLOW_ATTR_MAX (__MPTCP_SUBFLOW_ATTR_MAX - 1) + +enum { + MPTCP_PM_ENDPOINT_ADDR = 1, + + __MPTCP_PM_ENDPOINT_MAX +}; +#define MPTCP_PM_ENDPOINT_MAX (__MPTCP_PM_ENDPOINT_MAX - 1) + +enum { + MPTCP_PM_ATTR_UNSPEC, + MPTCP_PM_ATTR_ADDR, + MPTCP_PM_ATTR_RCV_ADD_ADDRS, + MPTCP_PM_ATTR_SUBFLOWS, + MPTCP_PM_ATTR_TOKEN, + MPTCP_PM_ATTR_LOC_ID, + MPTCP_PM_ATTR_ADDR_REMOTE, + + __MPTCP_ATTR_AFTER_LAST +}; +#define MPTCP_PM_ATTR_MAX (__MPTCP_ATTR_AFTER_LAST - 1) + +enum mptcp_event_attr { + MPTCP_ATTR_UNSPEC, + MPTCP_ATTR_TOKEN, + MPTCP_ATTR_FAMILY, + MPTCP_ATTR_LOC_ID, + MPTCP_ATTR_REM_ID, + MPTCP_ATTR_SADDR4, + MPTCP_ATTR_SADDR6, + MPTCP_ATTR_DADDR4, + MPTCP_ATTR_DADDR6, + MPTCP_ATTR_SPORT, + MPTCP_ATTR_DPORT, + MPTCP_ATTR_BACKUP, + MPTCP_ATTR_ERROR, + MPTCP_ATTR_FLAGS, + MPTCP_ATTR_TIMEOUT, + MPTCP_ATTR_IF_IDX, + MPTCP_ATTR_RESET_REASON, + MPTCP_ATTR_RESET_FLAGS, + MPTCP_ATTR_SERVER_SIDE, + + __MPTCP_ATTR_MAX +}; +#define MPTCP_ATTR_MAX (__MPTCP_ATTR_MAX - 1) + +enum { + MPTCP_PM_CMD_UNSPEC, + MPTCP_PM_CMD_ADD_ADDR, + MPTCP_PM_CMD_DEL_ADDR, + MPTCP_PM_CMD_GET_ADDR, + MPTCP_PM_CMD_FLUSH_ADDRS, + MPTCP_PM_CMD_SET_LIMITS, + MPTCP_PM_CMD_GET_LIMITS, + MPTCP_PM_CMD_SET_FLAGS, + MPTCP_PM_CMD_ANNOUNCE, + MPTCP_PM_CMD_REMOVE, + MPTCP_PM_CMD_SUBFLOW_CREATE, + MPTCP_PM_CMD_SUBFLOW_DESTROY, + + __MPTCP_PM_CMD_AFTER_LAST +}; +#define MPTCP_PM_CMD_MAX (__MPTCP_PM_CMD_AFTER_LAST - 1) + +#endif /* _LINUX_MPTCP_PM_H */ diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h index 47bac97ec..ff64eb186 100644 --- a/include/uapi/linux/netlink.h +++ b/include/uapi/linux/netlink.h @@ -294,6 +294,8 @@ struct nla_bitfield32 { * entry has attributes again, the policy for those inner ones * and the corresponding maxtype may be specified. * @NL_ATTR_TYPE_BITFIELD32: &struct nla_bitfield32 attribute + * @NL_ATTR_TYPE_SINT: 32-bit or 64-bit signed attribute, aligned to 4B + * @NL_ATTR_TYPE_UINT: 32-bit or 64-bit unsigned attribute, aligned to 4B */ enum netlink_attribute_type { NL_ATTR_TYPE_INVALID, @@ -318,6 +320,9 @@ enum netlink_attribute_type { NL_ATTR_TYPE_NESTED_ARRAY, NL_ATTR_TYPE_BITFIELD32, + + NL_ATTR_TYPE_SINT, + NL_ATTR_TYPE_UINT, }; /** diff --git a/include/uapi/linux/pkt_sched.h b/include/uapi/linux/pkt_sched.h index 3f85ae578..f762a10bf 100644 --- a/include/uapi/linux/pkt_sched.h +++ b/include/uapi/linux/pkt_sched.h @@ -941,15 +941,22 @@ enum { TCA_FQ_HORIZON_DROP, /* drop packets beyond horizon, or cap their EDT */ + TCA_FQ_PRIOMAP, /* prio2band */ + + TCA_FQ_WEIGHTS, /* Weights for each band */ + __TCA_FQ_MAX }; #define TCA_FQ_MAX (__TCA_FQ_MAX - 1) +#define FQ_BANDS 3 +#define FQ_MIN_WEIGHT 16384 + struct tc_fq_qd_stats { __u64 gc_flows; - __u64 highprio_packets; - __u64 tcp_retrans; + __u64 highprio_packets; /* obsolete */ + __u64 tcp_retrans; /* obsolete */ __u64 throttled; __u64 flows_plimit; __u64 pkts_too_long; @@ -962,6 +969,10 @@ struct tc_fq_qd_stats { __u64 ce_mark; /* packets above ce_threshold */ __u64 horizon_drops; __u64 horizon_caps; + __u64 fastpath_packets; + __u64 band_drops[FQ_BANDS]; + __u32 band_pkt_count[FQ_BANDS]; + __u32 pad; }; /* Heavy-Hitter Filter */ diff --git a/include/uapi/linux/rtnetlink.h b/include/uapi/linux/rtnetlink.h index 2132e941b..4e6c8e14c 100644 --- a/include/uapi/linux/rtnetlink.h +++ b/include/uapi/linux/rtnetlink.h @@ -502,13 +502,17 @@ enum { #define RTAX_MAX (__RTAX_MAX - 1) -#define RTAX_FEATURE_ECN (1 << 0) -#define RTAX_FEATURE_SACK (1 << 1) -#define RTAX_FEATURE_TIMESTAMP (1 << 2) -#define RTAX_FEATURE_ALLFRAG (1 << 3) - -#define RTAX_FEATURE_MASK (RTAX_FEATURE_ECN | RTAX_FEATURE_SACK | \ - RTAX_FEATURE_TIMESTAMP | RTAX_FEATURE_ALLFRAG) +#define RTAX_FEATURE_ECN (1 << 0) +#define RTAX_FEATURE_SACK (1 << 1) /* unused */ +#define RTAX_FEATURE_TIMESTAMP (1 << 2) /* unused */ +#define RTAX_FEATURE_ALLFRAG (1 << 3) /* unused */ +#define RTAX_FEATURE_TCP_USEC_TS (1 << 4) + +#define RTAX_FEATURE_MASK (RTAX_FEATURE_ECN | \ + RTAX_FEATURE_SACK | \ + RTAX_FEATURE_TIMESTAMP | \ + RTAX_FEATURE_ALLFRAG | \ + RTAX_FEATURE_TCP_USEC_TS) struct rta_session { __u8 proto; diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h index 26f33a4c2..a0819c6a5 100644 --- a/include/uapi/linux/snmp.h +++ b/include/uapi/linux/snmp.h @@ -24,7 +24,7 @@ enum IPSTATS_MIB_INOCTETS, /* InOctets */ IPSTATS_MIB_INDELIVERS, /* InDelivers */ IPSTATS_MIB_OUTFORWDATAGRAMS, /* OutForwDatagrams */ - IPSTATS_MIB_OUTPKTS, /* OutRequests */ + IPSTATS_MIB_OUTREQUESTS, /* OutRequests */ IPSTATS_MIB_OUTOCTETS, /* OutOctets */ /* other fields */ IPSTATS_MIB_INHDRERRORS, /* InHdrErrors */ @@ -57,6 +57,7 @@ enum IPSTATS_MIB_ECT0PKTS, /* InECT0Pkts */ IPSTATS_MIB_CEPKTS, /* InCEPkts */ IPSTATS_MIB_REASM_OVERLAPS, /* ReasmOverlaps */ + IPSTATS_MIB_OUTPKTS, /* OutTransmits */ __IPSTATS_MIB_MAX }; @@ -296,6 +297,11 @@ enum LINUX_MIB_TCPMIGRATEREQSUCCESS, /* TCPMigrateReqSuccess */ LINUX_MIB_TCPMIGRATEREQFAILURE, /* TCPMigrateReqFailure */ LINUX_MIB_TCPPLBREHASH, /* TCPPLBRehash */ + LINUX_MIB_TCPAOREQUIRED, /* TCPAORequired */ + LINUX_MIB_TCPAOBAD, /* TCPAOBad */ + LINUX_MIB_TCPAOKEYNOTFOUND, /* TCPAOKeyNotFound */ + LINUX_MIB_TCPAOGOOD, /* TCPAOGood */ + LINUX_MIB_TCPAODROPPEDICMPS, /* TCPAODroppedIcmps */ __LINUX_MIB_MAX }; diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h index 4ee5d7721..a1b9fb3f8 100644 --- a/include/uapi/linux/tcp.h +++ b/include/uapi/linux/tcp.h @@ -129,6 +129,11 @@ enum { #define TCP_TX_DELAY 37 /* delay outgoing packets by XX usec */ +#define TCP_AO_ADD_KEY 38 /* Add/Set MKT */ +#define TCP_AO_DEL_KEY 39 /* Delete MKT */ +#define TCP_AO_INFO 40 /* Set/list TCP-AO per-socket options */ +#define TCP_AO_GET_KEYS 41 /* List MKT(s) */ +#define TCP_AO_REPAIR 42 /* Get/Set SNEs and ISNs */ #define TCP_REPAIR_ON 1 #define TCP_REPAIR_OFF 0 @@ -170,6 +175,7 @@ enum tcp_fastopen_client_fail { #define TCPI_OPT_ECN 8 /* ECN was negociated at TCP session init */ #define TCPI_OPT_ECN_SEEN 16 /* we received at least one packet with ECT */ #define TCPI_OPT_SYN_DATA 32 /* SYN-ACK acked data in SYN sent or rcvd */ +#define TCPI_OPT_USEC_TS 64 /* usec timestamps */ /* * Sender's congestion state indicating normal or abnormal situations @@ -289,6 +295,18 @@ struct tcp_info { */ __u32 tcpi_rehash; /* PLB or timeout triggered rehash attempts */ + + __u16 tcpi_total_rto; /* Total number of RTO timeouts, including + * SYN/SYN-ACK and recurring timeouts. + */ + __u16 tcpi_total_rto_recoveries; /* Total number of RTO + * recoveries, including any + * unfinished recovery. + */ + __u32 tcpi_total_rto_time; /* Total time spent in RTO recoveries + * in milliseconds, including any + * unfinished recovery. + */ }; /* netlink attributes types for SCM_TIMESTAMPING_OPT_STATS */ @@ -348,6 +366,106 @@ struct tcp_diag_md5sig { __u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN]; }; +#define TCP_AO_MAXKEYLEN 80 + +#define TCP_AO_KEYF_IFINDEX (1 << 0) /* L3 ifindex for VRF */ +#define TCP_AO_KEYF_EXCLUDE_OPT (1 << 1) /* "Indicates whether TCP + * options other than TCP-AO + * are included in the MAC + * calculation" + */ + +struct tcp_ao_add { /* setsockopt(TCP_AO_ADD_KEY) */ + struct __kernel_sockaddr_storage addr; /* peer's address for the key */ + char alg_name[64]; /* crypto hash algorithm to use */ + __s32 ifindex; /* L3 dev index for VRF */ + __u32 set_current :1, /* set key as Current_key at once */ + set_rnext :1, /* request it from peer with RNext_key */ + reserved :30; /* must be 0 */ + __u16 reserved2; /* padding, must be 0 */ + __u8 prefix; /* peer's address prefix */ + __u8 sndid; /* SendID for outgoing segments */ + __u8 rcvid; /* RecvID to match for incoming seg */ + __u8 maclen; /* length of authentication code (hash) */ + __u8 keyflags; /* see TCP_AO_KEYF_ */ + __u8 keylen; /* length of ::key */ + __u8 key[TCP_AO_MAXKEYLEN]; +} __attribute__((aligned(8))); + +struct tcp_ao_del { /* setsockopt(TCP_AO_DEL_KEY) */ + struct __kernel_sockaddr_storage addr; /* peer's address for the key */ + __s32 ifindex; /* L3 dev index for VRF */ + __u32 set_current :1, /* corresponding ::current_key */ + set_rnext :1, /* corresponding ::rnext */ + del_async :1, /* only valid for listen sockets */ + reserved :29; /* must be 0 */ + __u16 reserved2; /* padding, must be 0 */ + __u8 prefix; /* peer's address prefix */ + __u8 sndid; /* SendID for outgoing segments */ + __u8 rcvid; /* RecvID to match for incoming seg */ + __u8 current_key; /* KeyID to set as Current_key */ + __u8 rnext; /* KeyID to set as Rnext_key */ + __u8 keyflags; /* see TCP_AO_KEYF_ */ +} __attribute__((aligned(8))); + +struct tcp_ao_info_opt { /* setsockopt(TCP_AO_INFO), getsockopt(TCP_AO_INFO) */ + /* Here 'in' is for setsockopt(), 'out' is for getsockopt() */ + __u32 set_current :1, /* in/out: corresponding ::current_key */ + set_rnext :1, /* in/out: corresponding ::rnext */ + ao_required :1, /* in/out: don't accept non-AO connects */ + set_counters :1, /* in: set/clear ::pkt_* counters */ + accept_icmps :1, /* in/out: accept incoming ICMPs */ + reserved :27; /* must be 0 */ + __u16 reserved2; /* padding, must be 0 */ + __u8 current_key; /* in/out: KeyID of Current_key */ + __u8 rnext; /* in/out: keyid of RNext_key */ + __u64 pkt_good; /* in/out: verified segments */ + __u64 pkt_bad; /* in/out: failed verification */ + __u64 pkt_key_not_found; /* in/out: could not find a key to verify */ + __u64 pkt_ao_required; /* in/out: segments missing TCP-AO sign */ + __u64 pkt_dropped_icmp; /* in/out: ICMPs that were ignored */ +} __attribute__((aligned(8))); + +struct tcp_ao_getsockopt { /* getsockopt(TCP_AO_GET_KEYS) */ + struct __kernel_sockaddr_storage addr; /* in/out: dump keys for peer + * with this address/prefix + */ + char alg_name[64]; /* out: crypto hash algorithm */ + __u8 key[TCP_AO_MAXKEYLEN]; + __u32 nkeys; /* in: size of the userspace buffer + * @optval, measured in @optlen - the + * sizeof(struct tcp_ao_getsockopt) + * out: number of keys that matched + */ + __u16 is_current :1, /* in: match and dump Current_key, + * out: the dumped key is Current_key + */ + + is_rnext :1, /* in: match and dump RNext_key, + * out: the dumped key is RNext_key + */ + get_all :1, /* in: dump all keys */ + reserved :13; /* padding, must be 0 */ + __u8 sndid; /* in/out: dump keys with SendID */ + __u8 rcvid; /* in/out: dump keys with RecvID */ + __u8 prefix; /* in/out: dump keys with address/prefix */ + __u8 maclen; /* out: key's length of authentication + * code (hash) + */ + __u8 keyflags; /* in/out: see TCP_AO_KEYF_ */ + __u8 keylen; /* out: length of ::key */ + __s32 ifindex; /* in/out: L3 dev index for VRF */ + __u64 pkt_good; /* out: verified segments */ + __u64 pkt_bad; /* out: segments that failed verification */ +} __attribute__((aligned(8))); + +struct tcp_ao_repair { /* {s,g}etsockopt(TCP_AO_REPAIR) */ + __be32 snt_isn; + __be32 rcv_isn; + __u32 snd_sne; + __u32 rcv_sne; +} __attribute__((aligned(8))); + /* setsockopt(fd, IPPROTO_TCP, TCP_ZEROCOPY_RECEIVE, ...) */ #define TCP_RECEIVE_ZEROCOPY_FLAG_TLB_CLEAN_HINT 0x1 diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h index 10bdef8f6..43efaeca0 100644 --- a/include/uapi/linux/xfrm.h +++ b/include/uapi/linux/xfrm.h @@ -4,6 +4,7 @@ #include <linux/in6.h> #include <linux/types.h> +#include <linux/stddef.h> /* All of the structures in this file may not change size as they are * passed into the kernel from userspace via netlink sockets. @@ -33,7 +34,7 @@ struct xfrm_sec_ctx { __u8 ctx_alg; __u16 ctx_len; __u32 ctx_sid; - char ctx_str[]; + char ctx_str[] __counted_by(ctx_len); }; /* Security Context Domains of Interpretation */ @@ -168,7 +168,7 @@ int main(int argc, char **argv) const char *libbpf_version; char *batch_file = NULL; char *basename; - int color = 0; + int color = CONF_COLOR; /* to run vrf exec without root, capabilities might be set, drop them * if not needed as the first thing. diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c index 462075295..6b70ffbb6 100644 --- a/ip/iplink_bridge.c +++ b/ip/iplink_bridge.c @@ -34,6 +34,7 @@ static void print_explain(FILE *f) " [ group_fwd_mask MASK ]\n" " [ group_address ADDRESS ]\n" " [ no_linklocal_learn NO_LINKLOCAL_LEARN ]\n" + " [ fdb_max_learned FDB_MAX_LEARNED ]\n" " [ vlan_filtering VLAN_FILTERING ]\n" " [ vlan_protocol VLAN_PROTOCOL ]\n" " [ vlan_default_pvid VLAN_DEFAULT_PVID ]\n" @@ -168,6 +169,14 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv, bm.optval |= no_ll_learn_bit; else bm.optval &= ~no_ll_learn_bit; + } else if (strcmp(*argv, "fdb_max_learned") == 0) { + __u32 fdb_max_learned; + + NEXT_ARG(); + if (get_u32(&fdb_max_learned, *argv, 0)) + invarg("invalid fdb_max_learned", *argv); + + addattr32(n, 1024, IFLA_BR_FDB_MAX_LEARNED, fdb_max_learned); } else if (matches(*argv, "fdb_flush") == 0) { addattr(n, 1024, IFLA_BR_FDB_FLUSH); } else if (matches(*argv, "vlan_default_pvid") == 0) { @@ -544,6 +553,18 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) if (tb[IFLA_BR_GC_TIMER]) _bridge_print_timer(f, "gc_timer", tb[IFLA_BR_GC_TIMER]); + if (tb[IFLA_BR_FDB_N_LEARNED]) + print_uint(PRINT_ANY, + "fdb_n_learned", + "fdb_n_learned %u ", + rta_getattr_u32(tb[IFLA_BR_FDB_N_LEARNED])); + + if (tb[IFLA_BR_FDB_MAX_LEARNED]) + print_uint(PRINT_ANY, + "fdb_max_learned", + "fdb_max_learned %u ", + rta_getattr_u32(tb[IFLA_BR_FDB_MAX_LEARNED])); + if (tb[IFLA_BR_VLAN_DEFAULT_PVID]) print_uint(PRINT_ANY, "vlan_default_pvid", diff --git a/ip/ipvrf.c b/ip/ipvrf.c index 12beaec34..e7c702abb 100644 --- a/ip/ipvrf.c +++ b/ip/ipvrf.c @@ -253,7 +253,8 @@ static int prog_load(int idx) }; return bpf_program_load(BPF_PROG_TYPE_CGROUP_SOCK, prog, sizeof(prog), - "GPL", bpf_log_buf, sizeof(bpf_log_buf)); + "GPL", bpf_log_buf, sizeof(bpf_log_buf), + false); } static int vrf_configure_cgroup(const char *path, int ifindex) diff --git a/lib/bpf_legacy.c b/lib/bpf_legacy.c index 3542b12fb..844974e97 100644 --- a/lib/bpf_legacy.c +++ b/lib/bpf_legacy.c @@ -1098,7 +1098,7 @@ int bpf_prog_detach_fd(int target_fd, enum bpf_attach_type type) int bpf_prog_load_dev(enum bpf_prog_type type, const struct bpf_insn *insns, size_t size_insns, const char *license, __u32 ifindex, - char *log, size_t size_log) + char *log, size_t size_log, bool verbose) { union bpf_attr attr = {}; @@ -1112,6 +1112,8 @@ int bpf_prog_load_dev(enum bpf_prog_type type, const struct bpf_insn *insns, attr.log_buf = bpf_ptr_to_u64(log); attr.log_size = size_log; attr.log_level = 1; + if (verbose) + attr.log_level |= 2; } return bpf(BPF_PROG_LOAD, &attr, sizeof(attr)); @@ -1119,9 +1121,9 @@ int bpf_prog_load_dev(enum bpf_prog_type type, const struct bpf_insn *insns, int bpf_program_load(enum bpf_prog_type type, const struct bpf_insn *insns, size_t size_insns, const char *license, char *log, - size_t size_log) + size_t size_log, bool verbose) { - return bpf_prog_load_dev(type, insns, size_insns, license, 0, log, size_log); + return bpf_prog_load_dev(type, insns, size_insns, license, 0, log, size_log, verbose); } #ifdef HAVE_ELF @@ -1543,7 +1545,7 @@ retry: errno = 0; fd = bpf_prog_load_dev(prog->type, prog->insns, prog->size, prog->license, ctx->ifindex, - ctx->log, ctx->log_size); + ctx->log, ctx->log_size, ctx->verbose); if (fd < 0 || ctx->verbose) { /* The verifier log is pretty chatty, sometimes so chatty * on larger programs, that we could fail to dump everything diff --git a/lib/bpf_libbpf.c b/lib/bpf_libbpf.c index e1c211a1b..08692d30a 100644 --- a/lib/bpf_libbpf.c +++ b/lib/bpf_libbpf.c @@ -287,6 +287,12 @@ static int load_bpf_object(struct bpf_cfg_in *cfg) .pin_root_path = root_path, ); +#if (LIBBPF_MAJOR_VERSION > 0) || (LIBBPF_MINOR_VERSION >= 7) + open_opts.kernel_log_level = 1; + if (cfg->verbose) + open_opts.kernel_log_level |= 2; +#endif + obj = bpf_object__open_file(cfg->object, &open_opts); if (libbpf_get_error(obj)) { fprintf(stderr, "ERROR: opening BPF object file failed\n"); diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index c52c9331e..7c1b22f64 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -128,10 +128,20 @@ bridge \- show / manipulate bridge addresses and devices .IR DEV " ] [ " .B vlan .IR VID " ] [ " +.B src_vni +.IR VNI " ] [ " +.B nhid +.IR NHID " ] [" +.B vni +.IR VNI " ] [ " +.B port +.IR PORT " ] [" +.B dst +.IR IPADDR " ] [ " .BR self " ] [ " master " ] [ " .BR [no]permanent " | " [no]static " | " [no]dynamic " ] [ " .BR [no]added_by_user " ] [ " [no]extern_learn " ] [ " -.BR [no]sticky " ] [ " [no]offloaded " ]" +.BR [no]sticky " ] [ " [no]offloaded " ] [ " [no]router " ]" .ti -8 .BR "bridge mdb" " { " add " | " del " | " replace " } " @@ -168,6 +178,16 @@ bridge \- show / manipulate bridge addresses and devices .IR DEV " ]" .ti -8 +.B "bridge mdb get" +.BI dev " DEV " grp " GROUP " +.RB "[ " src +.IR SOURCE " ]" +.RB "[ " vid +.IR VID " ]" +.RB "[ " src_vni +.IR SRC_VNI " ]" + +.ti -8 .BR "bridge vlan" " { " add " | " del " } " .B dev .I DEV @@ -893,6 +913,35 @@ the target VLAN ID for the operation. Match forwarding table entries only with t specified VLAN ID. .TP +.BI src_vni " VNI" +the src VNI Network Identifier (or VXLAN Segment ID) for the operation. Match +forwarding table entries only with the specified VNI. Valid if the referenced +device is a VXLAN type device. + +.TP +.BI nhid " NHID" +the ECMP nexthop group for the operation. Match forwarding table entries only +with the specified NHID. Valid if the referenced device is a VXLAN type device. + +.TP +.BI vni " VNI" +the VXLAN VNI Network Identifier (or VXLAN Segment ID) for the operation. Match +forwarding table entries only with the specified VNI. Valid if the referenced +device is a VXLAN type device. + +.TP +.BI port " PORT" +the UDP destination PORT number for the operation. Match forwarding table +entries only with the specified PORT. Valid if the referenced device is a VXLAN +type device. + +.TP +.BI dst " IPADDR" +the IP address of the destination VXLAN tunnel endpoint for the operation. Match +forwarding table entries only with the specified IPADDR. Valid if the referenced +device is a VXLAN type device. + +.TP .B self the operation is fulfilled directly by the driver for the specified network device. If the network device belongs to a master like a bridge, then the @@ -904,6 +953,11 @@ command can also be used on the bridge device itself. The flag is set by default .B master if the specified network device is a port that belongs to a master device such as a bridge, the operation is fulfilled by the master device's driver. +Flush with both 'master' and 'self' is not recommended with attributes that are +not supported by all devices (e.g., vlan, vni). Such command will be handled by +bridge or VXLAN driver, but will return an error from the driver that does not +support the attribute. Instead, run flush twice - once with 'self' and once +with 'master', and each one with the supported attributes. .TP .B [no]permanent @@ -941,6 +995,13 @@ if specified then only entries with offloaded flag will be deleted or respective if "no" is prepended then only entries without offloaded flag will be deleted. .sp +.TP +.B [no]router +if specified then only entries with router flag will be deleted or respectively +if "no" is prepended then only entries without router flag will be deleted. Valid +if the referenced device is a VXLAN type device. +.sp + .SH bridge mdb - multicast group database management .B mdb @@ -1086,6 +1147,31 @@ With the .B -statistics option, the command displays timer values for mdb and router port entries. +.SS bridge mdb get - get multicast group database entry. + +This command retrieves a multicast group database entry based on its key. + +.TP +.BI dev " DEV" +the interface where this group address is associated. + +.TP +.BI grp " GROUP" +the multicast group address (IPv4, IPv6 or L2 multicast). + +.TP +.BI src " SOURCE" +the source IP address. Only relevant when retrieving an (S, G) entry. + +.TP +.BI vid " VID" +the VLAN ID. Only relevant when the bridge is VLAN-aware. + +.TP +.BI src_vni " SRC_VNI" +the source VNI Network Identifier. Only relevant when the VXLAN device is in +external mode. + .SH bridge vlan - VLAN filter list .B vlan diff --git a/man/man8/devlink-port.8 b/man/man8/devlink-port.8 index 56049f734..70d8837ea 100644 --- a/man/man8/devlink-port.8 +++ b/man/man8/devlink-port.8 @@ -77,6 +77,12 @@ devlink-port \- devlink port configuration .RI "[ " .BR migratable " { " enable " | " disable " }" .RI "]" +.RI "[ " +.BR ipsec_crypto " { " enable " | " disable " }" +.RI "]" +.RI "[ " +.BR ipsec_packet " { " enable " | " disable " }" +.RI "]" .ti -8 .BR "devlink port function rate " @@ -222,6 +228,16 @@ Set the RoCE capability of the function. .BR migratable " { " enable " | " disable " } " Set the migratable capability of the function. +.TP +.BR ipsec_crypto " { " enable " | " disable " } " +Set the IPsec crypto offload capability of the function. Controls XFRM state +crypto operation (Encrypt/Decrypt) offload. + +.TP +.BR ipsec_packet " { " enable " | " disable " } " +Set the IPsec packet offload capability of the function. Controls XFRM state +and policy offload (Encrypt/Decrypt operation and IPsec encapsulation). + .ti -8 .SS devlink port del - delete a devlink port .PP @@ -351,6 +367,16 @@ devlink port function set pci/0000:01:00.0/1 migratable enable This will enable the migratable functionality of the function. .RE .PP +devlink port function set pci/0000:01:00.0/1 ipsec_crypto enable +.RS 4 +This will enable the IPsec crypto offload functionality of the function. +.RE +.PP +devlink port function set pci/0000:01:00.0/1 ipsec_packet enable +.RS 4 +This will enable the IPsec packet offload functionality of the function. +.RE +.PP devlink port function set pci/0000:01:00.0/1 hw_addr 00:00:00:11:22:33 state active .RS 4 Configure hardware address and also active the function. When a function is diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 7365d0c6b..e82b2dbb0 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -1630,6 +1630,8 @@ the following additional arguments are supported: ] [ .BI no_linklocal_learn " NO_LINKLOCAL_LEARN " ] [ +.BI fdb_max_learned " FDB_MAX_LEARNED " +] [ .BI vlan_filtering " VLAN_FILTERING " ] [ .BI vlan_protocol " VLAN_PROTOCOL " @@ -1741,6 +1743,14 @@ or off When disabled, the bridge will not learn from link-local frames (default: enabled). +.BI fdb_max_learned " FDB_MAX_LEARNED " +- set the maximum number of learned FDB entries. If +.RI ( FDB_MAX_LEARNED " == 0) " +the feature is disabled. Default is +.BR 0 . +.I FDB_MAX_LEARNED +is a 32bit unsigned integer. + .BI vlan_filtering " VLAN_FILTERING " - turn VLAN filtering on .RI ( VLAN_FILTERING " > 0) " diff --git a/man/man8/rdma-system.8 b/man/man8/rdma-system.8 index ab1d89fd8..554938eb8 100644 --- a/man/man8/rdma-system.8 +++ b/man/man8/rdma-system.8 @@ -27,12 +27,19 @@ rdma-system \- RDMA subsystem configuration .BR NEWMODE .ti -8 +.B rdma system set +.BR privileged-qkey +.BR NEWSTATE + +.ti -8 .B rdma system help .SH "DESCRIPTION" -.SS rdma system set - set RDMA subsystem network namespace mode +.SS rdma system set - set RDMA subsystem network namespace mode or +privileged qkey mode -.SS rdma system show - display RDMA subsystem network namespace mode +.SS rdma system show - display RDMA subsystem network namespace mode and +privileged qkey state .PP .I "NEWMODE" @@ -49,12 +56,18 @@ network namespaces is not needed, shared mode can be used. It is preferred to not change the subsystem mode when there is active RDMA traffic running, even though it is supported. +.PP +.I "NEWSTATE" +- Specifies the new state of the privileged-qkey parameter, either on or off. +This parameter determines whether a non-privileged user is allowed to specify a +controlled QKEY or not. .SH "EXAMPLES" .PP rdma system show .RS 4 -Shows the state of RDMA subsystem network namespace mode on the system. +Shows the state of RDMA subsystem network namespace mode on the system and +the state of privileged qkey parameter. .RE .PP rdma system set netns exclusive @@ -69,6 +82,19 @@ Sets the RDMA subsystem in network namespace shared mode. In this mode RDMA devi are shared among network namespaces. .RE .PP +.PP +rdma system set privileged-qkey on +.RS 4 +Sets the privileged-qkey parameter to on. In this state non-privileged user +is allowed to specify a controlled QKEY. +.RE +.PP +rdma system set privileged-qkey off +.RS 4 +Sets the privileged-qkey parameter to off. In this state non-privileged user +is *not* allowed to specify a controlled QKEY. +.RE +.PP .SH SEE ALSO .BR rdma (8), diff --git a/rdma/include/uapi/rdma/rdma_netlink.h b/rdma/include/uapi/rdma/rdma_netlink.h index 92c528a0b..47ca21768 100644 --- a/rdma/include/uapi/rdma/rdma_netlink.h +++ b/rdma/include/uapi/rdma/rdma_netlink.h @@ -299,6 +299,8 @@ enum rdma_nldev_command { RDMA_NLDEV_CMD_STAT_GET_STATUS, + RDMA_NLDEV_CMD_RES_SRQ_GET_RAW, + RDMA_NLDEV_NUM_OPS }; @@ -555,6 +557,12 @@ enum rdma_nldev_attr { RDMA_NLDEV_ATTR_STAT_HWCOUNTER_DYNAMIC, /* u8 */ /* + * To enable or disable using privileged_qkey without being + * a privileged user. + */ + RDMA_NLDEV_SYS_ATTR_PRIVILEGED_QKEY_MODE, /* u8 */ + + /* * Always the end */ RDMA_NLDEV_ATTR_MAX diff --git a/rdma/res-srq.c b/rdma/res-srq.c index 186ae281d..cf9209d77 100644 --- a/rdma/res-srq.c +++ b/rdma/res-srq.c @@ -162,6 +162,20 @@ out: return -EINVAL; } +static int res_srq_line_raw(struct rd *rd, const char *name, int idx, + struct nlattr **nla_line) +{ + if (!nla_line[RDMA_NLDEV_ATTR_RES_RAW]) + return MNL_CB_ERROR; + + open_json_object(NULL); + print_dev(rd, idx, name); + print_raw_data(rd, nla_line); + newline(rd); + + return MNL_CB_OK; +} + static int res_srq_line(struct rd *rd, const char *name, int idx, struct nlattr **nla_line) { @@ -248,7 +262,8 @@ int res_srq_idx_parse_cb(const struct nlmsghdr *nlh, void *data) name = mnl_attr_get_str(tb[RDMA_NLDEV_ATTR_DEV_NAME]); idx = mnl_attr_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]); - return res_srq_line(rd, name, idx, tb); + return (rd->show_raw) ? res_srq_line_raw(rd, name, idx, tb) : + res_srq_line(rd, name, idx, tb); } int res_srq_parse_cb(const struct nlmsghdr *nlh, void *data) @@ -276,7 +291,8 @@ int res_srq_parse_cb(const struct nlmsghdr *nlh, void *data) if (ret != MNL_CB_OK) break; - ret = res_srq_line(rd, name, idx, nla_line); + ret = (rd->show_raw) ? res_srq_line_raw(rd, name, idx, nla_line) : + res_srq_line(rd, name, idx, nla_line); if (ret != MNL_CB_OK) break; } diff --git a/rdma/res.h b/rdma/res.h index 70e51acd0..e880c28be 100644 --- a/rdma/res.h +++ b/rdma/res.h @@ -39,6 +39,8 @@ static inline uint32_t res_get_command(uint32_t command, struct rd *rd) return RDMA_NLDEV_CMD_RES_CQ_GET_RAW; case RDMA_NLDEV_CMD_RES_MR_GET: return RDMA_NLDEV_CMD_RES_MR_GET_RAW; + case RDMA_NLDEV_CMD_RES_SRQ_GET: + return RDMA_NLDEV_CMD_RES_SRQ_GET_RAW; default: return command; } diff --git a/rdma/sys.c b/rdma/sys.c index fd785b253..3e369553f 100644 --- a/rdma/sys.c +++ b/rdma/sys.c @@ -40,6 +40,16 @@ static int sys_show_parse_cb(const struct nlmsghdr *nlh, void *data) mode_str); } + if (tb[RDMA_NLDEV_SYS_ATTR_PRIVILEGED_QKEY_MODE]) { + uint8_t mode; + + mode = mnl_attr_get_u8(tb[RDMA_NLDEV_SYS_ATTR_PRIVILEGED_QKEY_MODE]); + + print_color_on_off(PRINT_ANY, COLOR_NONE, "privileged-qkey", + "privileged-qkey %s ", mode); + + } + if (tb[RDMA_NLDEV_SYS_ATTR_COPY_ON_FORK]) cof = mnl_attr_get_u8(tb[RDMA_NLDEV_SYS_ATTR_COPY_ON_FORK]); @@ -67,8 +77,9 @@ static int sys_show_no_args(struct rd *rd) static int sys_show(struct rd *rd) { const struct rd_cmd cmds[] = { - { NULL, sys_show_no_args}, - { "netns", sys_show_no_args}, + { NULL, sys_show_no_args}, + { "netns", sys_show_no_args}, + { "privileged-qkey", sys_show_no_args}, { 0 } }; @@ -86,6 +97,17 @@ static int sys_set_netns_cmd(struct rd *rd, bool enable) return rd_sendrecv_msg(rd, seq); } +static int sys_set_privileged_qkey_cmd(struct rd *rd, bool enable) +{ + uint32_t seq; + + rd_prepare_msg(rd, RDMA_NLDEV_CMD_SYS_SET, + &seq, (NLM_F_REQUEST | NLM_F_ACK)); + mnl_attr_put_u8(rd->nlh, RDMA_NLDEV_SYS_ATTR_PRIVILEGED_QKEY_MODE, enable); + + return rd_sendrecv_msg(rd, seq); +} + static bool sys_valid_netns_cmd(const char *cmd) { int i; @@ -111,10 +133,28 @@ static int sys_set_netns_args(struct rd *rd) return sys_set_netns_cmd(rd, cmd); } +static int sys_set_privileged_qkey_args(struct rd *rd) +{ + bool cmd; + int ret; + + if (rd_no_arg(rd)) { + pr_err("valid options are: { on | off }\n"); + return -EINVAL; + } + + cmd = parse_on_off("privileged-qkey", rd_argv(rd), &ret); + if (ret) + return -EINVAL; + + return sys_set_privileged_qkey_cmd(rd, cmd); +} + static int sys_set_help(struct rd *rd) { pr_out("Usage: %s system set [PARAM] value\n", rd->filename); pr_out(" system set netns { shared | exclusive }\n"); + pr_out(" system set privileged-qkey { on | off }\n"); return 0; } @@ -124,6 +164,7 @@ static int sys_set(struct rd *rd) { NULL, sys_set_help }, { "help", sys_set_help }, { "netns", sys_set_netns_args}, + { "privileged-qkey", sys_set_privileged_qkey_args}, { 0 } }; diff --git a/rdma/utils.c b/rdma/utils.c index 8a091c05e..099850693 100644 --- a/rdma/utils.c +++ b/rdma/utils.c @@ -473,6 +473,7 @@ static const enum mnl_attr_data_type nldev_policy[RDMA_NLDEV_ATTR_MAX] = { [RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK] = MNL_TYPE_U32, [RDMA_NLDEV_ATTR_DEV_DIM] = MNL_TYPE_U8, [RDMA_NLDEV_ATTR_RES_RAW] = MNL_TYPE_BINARY, + [RDMA_NLDEV_SYS_ATTR_PRIVILEGED_QKEY_MODE] = MNL_TYPE_U8, }; static int rd_attr_check(const struct nlattr *attr, int *typep) @@ -35,7 +35,6 @@ int use_iec; int force; bool use_names; int json; -int color; int oneline; int brief; @@ -254,6 +253,7 @@ int main(int argc, char **argv) { const char *libbpf_version; char *batch_file = NULL; + int color = CONF_COLOR; int ret; while (argc > 1) { |