Herbert Xu [Wed, 23 Apr 2008 07:42:32 +0000 (15:42 +0800)]
xfrm: Allow replay setting
Hi Stephen:
[IP] xfrm: Allow replay setting
For certain applications there is a requirement to start the
sequence number from a point other than the default. As it
is the kernel provides an interface to do that but it isn't
available through the ip(8) command. Since we're encouraging
people to migrate over to ip(8) for manual keying, it is useful
to have this ability there.
This patch adds support for setting replay sequence numbers
through ip(8).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
Don't break scripts that depend on previous offset/value format.
Introduce a new -pretty flag for decoding, and (*gasp*) document
the formatting arguments.
Write something about the tweak to enable promoting secondary addresses
instead of deleting them together with the primary address as discussed
in this thread on the netdev mailing list:
http://www.spinics.net/lists/netdev/msg52294.html
The claim that this is supported since 2.6.15 is based on looking at
changes to net/ipv4/devinet.c in the linux-2.6 git tree:
I was asked to at least mention the xfrm option in ip manual. I added
all usage into ip.8 and try to write some basic information about xfrm.
If someone want complete it, I'll be happy.
In ss.c, generic_proc_open(), for which the net_*_open functions are just
convenient wrappers, uses fopen, so errors are signalled by a NULL return
value. Some checks were expecting negative values instead, fix them.
Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de> Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Add more aliases to synchronize IPv4 and IPv6 tunnel command, e.g.,
IPv4: hoplimit (alias to ttl), tclass (alias to tos)
IPv6: dsfield, tos (alias to tc, or tclass), ttl (alias to hoplimit)
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
The patches branch of the debian packaging repo, at
git://git.debian.org/git/collab-maint/pkg-iproute, now has four patches still
pending. (Not resending, since they've all been posted multiple times before.
Pick them up from the repo if you're interested.)
PJ Waskiewicz [Wed, 13 Feb 2008 11:49:09 +0000 (03:49 -0800)]
Update various classifiers' help output for expected CLASSID syntax
update: Fix the spelling of "hexidecimal"
This updates the help output to specify that CLASSID should be hexidecimal.
This makes sure that a user entering "flowid 1:10" gets his flow put into
band 15 (0x10) and knows why.
Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
This fixes the problem where a bulk operation (like ip flush)
is performed as non-root user. The kernel will only send a response
if there is an error, so check for it.
After further investigation it seems clear to me that reverting the
commit 720a2e8d990707749b2... is the correct thing to do, since the real
fix for the problem this commit was supposed to fix was instead fixed in
commit c29391c7c68f031e246c...
Whatever you specify after a u32 police you will now get a syntax error,
and according to "tc filter add u32 help" there are several things that
you are supposed to be able to specify after a police.
[...]
> Commands like "tc filter add dev ppp0 parent ffff: protocol ip prio 50
> u32 match ip src 0.0.0.0/0 police rate 4mbit burst 10k drop flowid :1"
> apparently no longer works. The flowid is not accepted anymore.
> Reverting commit 720a2e8d99... which you authored seems to "fix" this.
[...]
After further investigation it seems clear to me that reverting the
commit 720a2e8d990707749b2... is the correct thing to do, since the real
fix for the problem this commit was supposed to fix was instead fixed in
commit c29391c7c68f031e246c...
Whatever you specify after a u32 police you will now get a syntax error,
and according to "tc filter add u32 help" there are several things that
you are supposed to be able to specify after a police.
Change the rate table calc of transmit cost to use upper bound value.
Patrick McHardy, Cite: 'its better to overestimate than underestimate
to stay in control of the queue'.
Illustrating the rate table array:
Legend description
rtab[x] : Array index x of rtab[x]
xmit_sz : Transmit size contained in rtab[x] (normally transmit time)
maps[a-b] : Packet sizes from a to b, will map into rtab[x]
New TC util on a kernel WITHOUT support for cell_align
rtab[0]:=xmit_sz:8 maps[0-7]
rtab[1]:=xmit_sz:16 maps[8-15]
rtab[2]:=xmit_sz:24 maps[16-23]
rtab[3]:=xmit_sz:32 maps[24-31]
rtab[4]:=xmit_sz:40 maps[32-39]
rtab[5]:=xmit_sz:48 maps[40-47]
rtab[6]:=xmit_sz:56 maps[48-55]
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Change tc_calc_rtable() to take a tc_ratespec struct as an
argument. (cell_log still needs to be passed on as a parameter,
because -1 indicate that the cell_log needs to be computed by the
function.).
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Pavel Emelyanov [Thu, 19 Jul 2007 09:32:31 +0000 (13:32 +0400)]
iplink_parse() routine
This routine parses CLI attributes, describing generic link
parameters such as name, address, etc.
This is mostly copy-pasted from iplink_modify().
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Reported by: Satoru SATOH <satoru.satoh@gmail.com>
"ip route show" does not print correct value when larger rto_min is
set (e.g. 3sec).
This problem is because of overflow in print_route() and
the patch below is a workaround fix for that.
[root test]# ./iproute2.git.org/ip/ip route show dev eth1
192.168.140.0/24 proto kernel scope link src 192.168.140.130
169.254.0.0/16 scope link
[root test]# ./iproute2.git.org/ip/ip route change 192.168.140.0/24
dev eth1 rto_min 3s
[root test]# ./iproute2.git.org/ip/ip route show dev eth1
192.168.140.0/24 scope link rto_min lock 2ms <-- wrong
169.254.0.0/16 scope link
[root test]# ./iproute2.git/ip/ip route show dev eth1 # patched version
192.168.140.0/24 scope link rto_min lock 3000ms <-- correct
169.254.0.0/16 scope link
This is a simpler fix.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Templin, Fred L [Mon, 26 Nov 2007 17:46:06 +0000 (09:46 -0800)]
iproute2-2.6.23: RFC4214 Support (v2.5)
This patch includes support for the Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) per RFC4214.
The following diffs are specific to the iproute2-2.6.23
software distribution. This message includes the full and
patchable diff text; please use this version to apply patches.
Signed-off-by: Fred L. Templin <fred.l.templin@boeing.com> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
On tor, 2007-12-06 at 11:53 -0800, Stephen Hemminger wrote:
> On Tue, 4 Dec 2007 14:58:18 +0100
> Andreas Henriksson <andreas@fatal.se> wrote:
>
> > Suggested patch for allowing netmask to be specified in dotted quad format.
> > See http://bugs.debian.org/357172
> >
> > (Known problem: this will not prevent some invalid syntaxes,
> > ie. "255.0.255.0" will be treated as "255.255.255.0")
> >
> > Comments? Suggestions? Improvements?
>
> Fix the bug you mentioned?
>
> [... snip example code ...]
Updated patch, added your netmask validation code but without the check
that made 0.0.0.0 (default) and 255.255.255.255 (one address) invalid
netmasks as they are permitted in CIDR format.
Signed-off-by: Andreas Henriksson <andreas@fatal.se> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
As the current maintainer of iproute2 package, you could be interested
in including the attached patch that allow using masks in the fw filter
of the tc utility (very useful at least for me). AFAK, it works at least
from iproute2 version 2.6.20-?. Feel free to make the appropriate
cleaning changes if necessary, or contact me if you see any trouble.
Best regards,
François Delawarde.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>