1622 lines
60 KiB
Diff
1622 lines
60 KiB
Diff
|
diff --git a/man/man8/Makefile b/man/man8/Makefile
|
||
|
index e998928..152747a 100644
|
||
|
--- a/man/man8/Makefile
|
||
|
+++ b/man/man8/Makefile
|
||
|
@@ -6,7 +6,7 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 ss.8 \
|
||
|
tc-mqprio.8 tc-netem.8 tc-pfifo.8 tc-pfifo_fast.8 tc-prio.8 tc-red.8 \
|
||
|
tc-sfb.8 tc-sfq.8 tc-stab.8 tc-tbf.8 \
|
||
|
bridge.8 rtstat.8 ctstat.8 nstat.8 routef.8 \
|
||
|
- ip-addrlabel.8 ip-l2tp.8 \
|
||
|
+ ip-addrlabel.8 ip-fou.8 ip-gue.8 ip-l2tp.8 \
|
||
|
ip-maddress.8 ip-monitor.8 ip-mroute.8 ip-neighbour.8 \
|
||
|
ip-netns.8 ip-ntable.8 ip-rule.8 ip-tunnel.8 ip-xfrm.8 \
|
||
|
ip-tcp_metrics.8 ip-netconf.8 ip-token.8
|
||
|
diff --git a/man/man8/arpd.8 b/man/man8/arpd.8
|
||
|
index fc99b97..5050a98 100644
|
||
|
--- a/man/man8/arpd.8
|
||
|
+++ b/man/man8/arpd.8
|
||
|
@@ -35,7 +35,7 @@ Suppress sending broadcast queries by the kernel. This option only makes sense t
|
||
|
Specifies the timeout of the negative cache. When resolution fails, arpd suppresses further attempts to resolve for this period. This option only makes sense together with option '-k'. This timeout should not be too much longer than the boot time of a typical host not supporting gratuitous ARP. Default value is 60 seconds.
|
||
|
.TP
|
||
|
-p <TIME>
|
||
|
-The time to wait in seconds between polling attempts to the kernel ARP table. TIME may be a floating point number. The default value is 30.
|
||
|
+The time to wait in seconds between polling attempts to the kernel ARP table. TIME may be a floating point number. The default value is 30.
|
||
|
.TP
|
||
|
-R <RATE>
|
||
|
Maximal steady rate of broadcasts sent by arpd in packets per second. Default value is 1.
|
||
|
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
|
||
|
index e344db2..4135d01 100644
|
||
|
--- a/man/man8/bridge.8
|
||
|
+++ b/man/man8/bridge.8
|
||
|
@@ -40,7 +40,8 @@ bridge \- show / manipulate bridge addresses and devices
|
||
|
.BR learning " { " on " | " off " } ] [ "
|
||
|
.BR learning_sync " { " on " | " off " } ] [ "
|
||
|
.BR flood " { " on " | " off " } ] [ "
|
||
|
-.BR hwmode " { " vepa " | " veb " } ] "
|
||
|
+.BR hwmode " { " vepa " | " veb " } ] [ "
|
||
|
+.BR self " ] [ " master " ] "
|
||
|
|
||
|
.ti -8
|
||
|
.BR "bridge link" " [ " show " ] [ "
|
||
|
@@ -53,7 +54,7 @@ bridge \- show / manipulate bridge addresses and devices
|
||
|
.B dev
|
||
|
.IR DEV " { "
|
||
|
.BR local " | " temp " } { "
|
||
|
-.BR self " } { " embedded " } { " router " } [ "
|
||
|
+.BR self " } { " router " } [ "
|
||
|
.B dst
|
||
|
.IR IPADDR " ] [ "
|
||
|
.B vni
|
||
|
@@ -110,7 +111,7 @@ utility and exit.
|
||
|
|
||
|
.TP
|
||
|
.BR "\-s" , " \-stats", " \-statistics"
|
||
|
-output more information. If this option
|
||
|
+output more information. If this option
|
||
|
is given multiple times, the amount of information increases.
|
||
|
As a rule, the information is statistics or some time values.
|
||
|
|
||
|
@@ -168,9 +169,9 @@ and
|
||
|
(or
|
||
|
.B list
|
||
|
) objects, but some objects do not allow all of these operations
|
||
|
-or have some additional commands. The
|
||
|
+or have some additional commands. The
|
||
|
.B help
|
||
|
-command is available for all objects. It prints
|
||
|
+command is available for all objects. It prints
|
||
|
out a list of available commands and argument syntax conventions.
|
||
|
.sp
|
||
|
If no command is given, some default command is assumed.
|
||
|
@@ -200,68 +201,70 @@ the STP path cost of the specified port.
|
||
|
|
||
|
.TP
|
||
|
.BI priority " PRIO "
|
||
|
-the STP port priority. The priority value is an unsigned 8-bit quantity
|
||
|
-(number between 0 and 255). This metric is used in the designated port an
|
||
|
+the STP port priority. The priority value is an unsigned 8-bit quantity
|
||
|
+(number between 0 and 255). This metric is used in the designated port an
|
||
|
droot port selectio algorithms.
|
||
|
|
||
|
.TP
|
||
|
.BI state " STATE "
|
||
|
-the operation state of the port. This is primarily used by user space STP/RSTP
|
||
|
-implementation. The following is a list of valid values:
|
||
|
+the operation state of the port. This is primarily used by user space STP/RSTP
|
||
|
+implementation. One may enter a lowercased port state name, or one of the
|
||
|
+numbers below. Negative inputs are ignored, and unrecognized names return an
|
||
|
+error.
|
||
|
|
||
|
.B 0
|
||
|
-- port is DISABLED. Make this port completely inactive.
|
||
|
+- port is DISABLED. Make this port completely inactive.
|
||
|
.sp
|
||
|
|
||
|
.B 1
|
||
|
-- STP LISTENING state. Only valid if STP is enabled on the brige. In this
|
||
|
+- STP LISTENING state. Only valid if STP is enabled on the brige. In this
|
||
|
state the port for list for STP BPDUs and drop all other traffic.
|
||
|
.sp
|
||
|
|
||
|
.B 2
|
||
|
-- STP LEARNING state. Only valid if STP is enabled on the bridge. In this
|
||
|
+- STP LEARNING state. Only valid if STP is enabled on the bridge. In this
|
||
|
state the port will accept traffic only for the purpose of updating MAC
|
||
|
adress tables.
|
||
|
.sp
|
||
|
|
||
|
.B 3
|
||
|
-- STP FORWARDING state. Port is fully active.
|
||
|
+- STP FORWARDING state. Port is fully active.
|
||
|
.sp
|
||
|
|
||
|
.B 4
|
||
|
-- STP BLOCKING state. Only valid if STP is enabled on the bridge. This state
|
||
|
-is used during the STP election process. In this state, port will only process
|
||
|
+- STP BLOCKING state. Only valid if STP is enabled on the bridge. This state
|
||
|
+is used during the STP election process. In this state, port will only process
|
||
|
STP BPDUs.
|
||
|
.sp
|
||
|
|
||
|
.TP
|
||
|
.BR "guard on " or " guard off "
|
||
|
-Controls whether STP BPUDs will be processed by the bridge port. By default,
|
||
|
-the flag is turned off allowed BPDU processing. Turning this flag on will
|
||
|
+Controls whether STP BPUDs will be processed by the bridge port. By default,
|
||
|
+the flag is turned off allowed BPDU processing. Turning this flag on will
|
||
|
cause the port to stop processing STP BPDUs.
|
||
|
|
||
|
.TP
|
||
|
.BR "hairpin on " or " hairpin off "
|
||
|
Controls whether traffic may be send back out of the port on which it was
|
||
|
-received. By default, this flag is turned off and the bridge will not forward
|
||
|
+received. By default, this flag is turned off and the bridge will not forward
|
||
|
traffic back out of the receiving port.
|
||
|
|
||
|
.TP
|
||
|
.BR "fastleave on " or " fastleave off "
|
||
|
This flag allows the bridge to immediately stop multicast traffic on a port
|
||
|
-that receives IGMP Leave message. It is only used with IGMP snooping is
|
||
|
-enabled on the bridge. By default the flag is off.
|
||
|
+that receives IGMP Leave message. It is only used with IGMP snooping is
|
||
|
+enabled on the bridge. By default the flag is off.
|
||
|
|
||
|
.TP
|
||
|
.BR "root_block on " or " root_block off "
|
||
|
-Controls whether a given port is allowed to become root port or not. Only used
|
||
|
-when STP is enabled on the bridge. By default the flag is off.
|
||
|
+Controls whether a given port is allowed to become root port or not. Only used
|
||
|
+when STP is enabled on the bridge. By default the flag is off.
|
||
|
|
||
|
.TP
|
||
|
.BR "learning on " or " learning off "
|
||
|
Controls whether a given port will learn MAC addresses from received traffic or
|
||
|
-not. If learning if off, the bridge will end up flooding any traffic for which
|
||
|
-it has no FDB entry. By default this flag is on.
|
||
|
+not. If learning if off, the bridge will end up flooding any traffic for which
|
||
|
+it has no FDB entry. By default this flag is on.
|
||
|
|
||
|
.TP
|
||
|
.BR "learning_sync on " or " learning_sync off "
|
||
|
@@ -270,12 +273,12 @@ bridge FDB.
|
||
|
|
||
|
.TP
|
||
|
.BR "flooding on " or " flooding off "
|
||
|
-Controls whether a given port will flood unicast traffic for which there is no FDB entry. By default this flag is on.
|
||
|
+Controls whether a given port will flood unicast traffic for which there is no FDB entry. By default this flag is on.
|
||
|
|
||
|
.TP
|
||
|
.BI hwmode
|
||
|
Some network interface cards support HW bridge functionality and they may be
|
||
|
-configured in different modes. Currently support modes are:
|
||
|
+configured in different modes. Currently support modes are:
|
||
|
|
||
|
.B vepa
|
||
|
- Data sent between HW ports is sent on the wire to the external
|
||
|
@@ -284,6 +287,15 @@ switch.
|
||
|
.B veb
|
||
|
- bridging happens in hardware.
|
||
|
|
||
|
+.TP
|
||
|
+.BI self
|
||
|
+link setting is configured on specified physical device
|
||
|
+
|
||
|
+.TP
|
||
|
+.BI master
|
||
|
+link setting is configured on the software bridge (default)
|
||
|
+
|
||
|
+
|
||
|
.SS bridge link show - list bridge port configuration.
|
||
|
|
||
|
This command displays the current bridge port configuration and flags.
|
||
|
@@ -314,10 +326,6 @@ the interface to which this address is associated.
|
||
|
- the address is associated with a software fdb (default)
|
||
|
.sp
|
||
|
|
||
|
-.B embedded
|
||
|
-- the address is associated with an offloaded fdb
|
||
|
-.sp
|
||
|
-
|
||
|
.B router
|
||
|
- the destination address is associated with a router.
|
||
|
Valid if the referenced device is a VXLAN type device and has
|
||
|
@@ -381,7 +389,7 @@ This command displays the current forwarding table.
|
||
|
.PP
|
||
|
With the
|
||
|
.B -statistics
|
||
|
-option, the command becomes verbose. It prints out the last updated
|
||
|
+option, the command becomes verbose. It prints out the last updated
|
||
|
and last used time for each entry.
|
||
|
|
||
|
.SH bridge mdb - multicast group database management
|
||
|
@@ -444,7 +452,7 @@ bridge interfaces.
|
||
|
.PP
|
||
|
With the
|
||
|
.B -details
|
||
|
-option, the command becomes verbose. It prints out the ports known to have
|
||
|
+option, the command becomes verbose. It prints out the ports known to have
|
||
|
a connected router.
|
||
|
|
||
|
.SH bridge vlan - VLAN filter list
|
||
|
@@ -479,7 +487,7 @@ the vlan specified is to be treated as untagged on egress.
|
||
|
|
||
|
.TP
|
||
|
.BI self
|
||
|
-the vlan is configured on the specified physical device. Required if the
|
||
|
+the vlan is configured on the specified physical device. Required if the
|
||
|
device is the bridge device.
|
||
|
|
||
|
.TP
|
||
|
@@ -505,7 +513,7 @@ This command displays the current VLAN filter table.
|
||
|
The
|
||
|
.B bridge
|
||
|
utility can monitor the state of devices and addresses
|
||
|
-continuously. This option has a slightly different format.
|
||
|
+continuously. This option has a slightly different format.
|
||
|
Namely, the
|
||
|
.B monitor
|
||
|
command is the first in the command line and then the object list follows:
|
||
|
@@ -527,7 +535,7 @@ described in previous sections.
|
||
|
.P
|
||
|
If a file name is given, it does not listen on RTNETLINK,
|
||
|
but opens the file containing RTNETLINK messages saved in binary format
|
||
|
-and dumps them. Such a history file can be generated with the
|
||
|
+and dumps them. Such a history file can be generated with the
|
||
|
|
||
|
|
||
|
.SH NOTES
|
||
|
diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in
|
||
|
index d33b1ed..6e46af8 100644
|
||
|
--- a/man/man8/ip-address.8.in
|
||
|
+++ b/man/man8/ip-address.8.in
|
||
|
@@ -80,7 +80,7 @@ the name of the device to add the address to.
|
||
|
.BI local " ADDRESS " (default)
|
||
|
the address of the interface. The format of the address depends
|
||
|
on the protocol. It is a dotted quad for IP and a sequence of
|
||
|
-hexadecimal halfwords separated by colons for IPv6. The
|
||
|
+hexadecimal halfwords separated by colons for IPv6. The
|
||
|
.I ADDRESS
|
||
|
may be followed by a slash and a decimal number which encodes
|
||
|
the network prefix length.
|
||
|
@@ -91,8 +91,8 @@ the address of the remote endpoint for pointopoint interfaces.
|
||
|
Again, the
|
||
|
.I ADDRESS
|
||
|
may be followed by a slash and a decimal number, encoding the network
|
||
|
-prefix length. If a peer address is specified, the local address
|
||
|
-cannot have a prefix length. The network prefix is associated
|
||
|
+prefix length. If a peer address is specified, the local address
|
||
|
+cannot have a prefix length. The network prefix is associated
|
||
|
with the peer rather than with the local address.
|
||
|
|
||
|
.TP
|
||
|
@@ -103,7 +103,7 @@ It is possible to use the special symbols
|
||
|
.B '+'
|
||
|
and
|
||
|
.B '-'
|
||
|
-instead of the broadcast address. In this case, the broadcast address
|
||
|
+instead of the broadcast address. In this case, the broadcast address
|
||
|
is derived by setting/resetting the host bits of the interface prefix.
|
||
|
|
||
|
.TP
|
||
|
@@ -139,7 +139,7 @@ valid inside this site.
|
||
|
.B Arguments:
|
||
|
coincide with the arguments of
|
||
|
.B ip addr add.
|
||
|
-The device name is a required argument. The rest are optional.
|
||
|
+The device name is a required argument. The rest are optional.
|
||
|
If no arguments are given, the first address is deleted.
|
||
|
|
||
|
.SS ip address show - look at protocol addresses
|
||
|
@@ -221,14 +221,14 @@ The difference is that it does not run when no arguments are given.
|
||
|
.B Warning:
|
||
|
This command (and other
|
||
|
.B flush
|
||
|
-commands described below) is pretty dangerous. If you make a mistake,
|
||
|
+commands described below) is pretty dangerous. If you make a mistake,
|
||
|
it will not forgive it, but will cruelly purge all the addresses.
|
||
|
|
||
|
.PP
|
||
|
With the
|
||
|
.B -statistics
|
||
|
option, the command becomes verbose. It prints out the number of deleted
|
||
|
-addresses and the number of rounds made to flush the address list. If
|
||
|
+addresses and the number of rounds made to flush the address list. If
|
||
|
this option is given twice,
|
||
|
.B ip address flush
|
||
|
also dumps all the deleted addresses in the format described in the
|
||
|
diff --git a/man/man8/ip-addrlabel.8 b/man/man8/ip-addrlabel.8
|
||
|
index fefc3ef..5fc18fe 100644
|
||
|
--- a/man/man8/ip-addrlabel.8
|
||
|
+++ b/man/man8/ip-addrlabel.8
|
||
|
@@ -35,7 +35,7 @@ ip-addrlabel \- protocol address label management
|
||
|
|
||
|
.SH "DESCRIPTION"
|
||
|
IPv6 address labels are used for address selection;
|
||
|
-they are described in RFC 3484. Precedence is managed by userspace,
|
||
|
+they are described in RFC 3484. Precedence is managed by userspace,
|
||
|
and only the label itself is stored in the kernel.
|
||
|
|
||
|
.SS ip addrlabel add - add an address label
|
||
|
diff --git a/man/man8/ip-l2tp.8 b/man/man8/ip-l2tp.8
|
||
|
index 2efda9f..1738035 100644
|
||
|
--- a/man/man8/ip-l2tp.8
|
||
|
+++ b/man/man8/ip-l2tp.8
|
||
|
@@ -356,16 +356,16 @@ the recipient expects to receive ethernet frames exactly as
|
||
|
transmitted. In such cases, it is important that frames leaving the
|
||
|
tunnel are reassembled back into a single frame before being
|
||
|
forwarded on. To do so, enable netfilter connection tracking
|
||
|
-(conntrack) or manually load the Linux netfilter degrag modules at
|
||
|
+(conntrack) or manually load the Linux netfilter defrag modules at
|
||
|
each tunnel endpoint.
|
||
|
.PP
|
||
|
.nf
|
||
|
-site-A:# modprobe nf_degrag_ipv4
|
||
|
+site-A:# modprobe nf_defrag_ipv4
|
||
|
|
||
|
-site-B:# modprobe nf_degrag_ipv4
|
||
|
+site-B:# modprobe nf_defrag_ipv4
|
||
|
.fi
|
||
|
.PP
|
||
|
-If L2TP is being used over IPv6, use the IPv6 degrag module.
|
||
|
+If L2TP is being used over IPv6, use the IPv6 defrag module.
|
||
|
.SH INTEROPERABILITY
|
||
|
.PP
|
||
|
Unmanaged (static) L2TPv3 tunnels are supported by some network
|
||
|
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
|
||
|
index 239f764..5ad372c 100644
|
||
|
--- a/man/man8/ip-link.8.in
|
||
|
+++ b/man/man8/ip-link.8.in
|
||
|
@@ -72,7 +72,10 @@ ip-link \- network device configuration
|
||
|
.BR gre " |"
|
||
|
.BR gretap " |"
|
||
|
.BR ip6gre " |"
|
||
|
-.BR ip6gretap " ]"
|
||
|
+.BR ip6gretap " |"
|
||
|
+.BR vti " |"
|
||
|
+.BR nlmon " |"
|
||
|
+.BR ipvlan " ]"
|
||
|
|
||
|
.ti -8
|
||
|
.BI "ip link delete " DEVICE
|
||
|
@@ -228,6 +231,15 @@ Link types:
|
||
|
.sp
|
||
|
.BR ip6gretap
|
||
|
- Virtual L2 tunnel interface GRE over IPv6
|
||
|
+.sp
|
||
|
+.BR vti
|
||
|
+- Virtual tunnel interface
|
||
|
+.sp
|
||
|
+.BR nlmon
|
||
|
+- Netlink monitoring device
|
||
|
+.sp
|
||
|
+.BR ipvlan
|
||
|
+- Interface for L3 (IPv6/IPv4) based VLANs
|
||
|
.in -8
|
||
|
|
||
|
.TP
|
||
|
@@ -276,6 +288,8 @@ the following additional arguments are supported:
|
||
|
.BI ageing " SECONDS "
|
||
|
.R " ] [ "
|
||
|
.BI maxaddress " NUMBER "
|
||
|
+.R " ] [ "
|
||
|
+.B gbp
|
||
|
.R " ]"
|
||
|
|
||
|
.in +8
|
||
|
@@ -298,7 +312,7 @@ parameter.
|
||
|
.BI remote " IPADDR"
|
||
|
- specifies the unicast destination IP address to use in outgoing packets
|
||
|
when the destination link layer address is not known in the VXLAN device
|
||
|
-forwarding database. This parameter cannot be specified with the
|
||
|
+forwarding database. This parameter cannot be specified with the
|
||
|
.B group
|
||
|
parameter.
|
||
|
|
||
|
@@ -348,6 +362,49 @@ are entered into the VXLAN device forwarding database.
|
||
|
.BI maxaddress " NUMBER"
|
||
|
- specifies the maximum number of FDB entries.
|
||
|
|
||
|
+.sp
|
||
|
+.B gbp
|
||
|
+- enables the Group Policy extension (VXLAN-GBP).
|
||
|
+
|
||
|
+.in +4
|
||
|
+Allows to transport group policy context across VXLAN network peers.
|
||
|
+If enabled, includes the mark of a packet in the VXLAN header for outgoing
|
||
|
+packets and fills the packet mark based on the information found in the
|
||
|
+VXLAN header for incomming packets.
|
||
|
+
|
||
|
+Format of upper 16 bits of packet mark (flags);
|
||
|
+
|
||
|
+.in +2
|
||
|
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
+.br
|
||
|
+|-|-|-|-|-|-|-|-|-|D|-|-|A|-|-|-|
|
||
|
+.br
|
||
|
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
+
|
||
|
+.B D :=
|
||
|
+Don't Learn bit. When set, this bit indicates that the egress
|
||
|
+VTEP MUST NOT learn the source address of the encapsulated frame.
|
||
|
+
|
||
|
+.B A :=
|
||
|
+Indicates that the group policy has already been applied to
|
||
|
+this packet. Policies MUST NOT be applied by devices when the A bit is set.
|
||
|
+.in -2
|
||
|
+
|
||
|
+Format of lower 16 bits of packet mark (policy ID):
|
||
|
+
|
||
|
+.in +2
|
||
|
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
+.br
|
||
|
+| Group Policy ID |
|
||
|
+.br
|
||
|
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||
|
+.in -2
|
||
|
+
|
||
|
+Example:
|
||
|
+ iptables -A OUTPUT [...] -j MARK --set-mark 0x800FF
|
||
|
+
|
||
|
+.in -4
|
||
|
+
|
||
|
.in -8
|
||
|
|
||
|
.TP
|
||
|
@@ -476,7 +533,7 @@ flag calculates checksums for outgoing packets.
|
||
|
The
|
||
|
.B icsum
|
||
|
flag requires that all input packets have the correct
|
||
|
-checksum. The
|
||
|
+checksum. The
|
||
|
.B csum
|
||
|
flag is equivalent to the combination
|
||
|
.BR "icsum ocsum" .
|
||
|
@@ -487,7 +544,7 @@ flag is equivalent to the combination
|
||
|
|
||
|
.sp
|
||
|
.BI encaplimit " ELIM"
|
||
|
-- specifies a fixed encapsulation limit. Default is 4.
|
||
|
+- specifies a fixed encapsulation limit. Default is 4.
|
||
|
|
||
|
.sp
|
||
|
.BI flowlabel " FLOWLABEL"
|
||
|
@@ -554,7 +611,7 @@ device.
|
||
|
.BI group " GROUP "
|
||
|
.I GROUP
|
||
|
has a dual role: If both group and dev are present, then move the device to the
|
||
|
-specified group. If only a group is specified, then the command operates on
|
||
|
+specified group. If only a group is specified, then the command operates on
|
||
|
all devices in that group.
|
||
|
|
||
|
.TP
|
||
|
@@ -580,11 +637,13 @@ flag on the device.
|
||
|
.BR "dynamic on " or " dynamic off"
|
||
|
change the
|
||
|
.B DYNAMIC
|
||
|
-flag on the device.
|
||
|
+flag on the device. Indicates that address can change when interface goes down (currently
|
||
|
+.B NOT
|
||
|
+used by the Linux).
|
||
|
|
||
|
.TP
|
||
|
.BI name " NAME"
|
||
|
-change the name of the device. This operation is not
|
||
|
+change the name of the device. This operation is not
|
||
|
recommended if the device is running or has some addresses
|
||
|
already configured.
|
||
|
|
||
|
@@ -615,14 +674,29 @@ the interface is
|
||
|
.IR "POINTOPOINT" .
|
||
|
|
||
|
.TP
|
||
|
-.BI netns " PID"
|
||
|
-move the device to the network namespace associated with the process
|
||
|
-.IR "PID".
|
||
|
-
|
||
|
-.TP
|
||
|
-.BI netns " NETNSNAME"
|
||
|
+.BI netns " NETNSNAME " \fR| " PID"
|
||
|
move the device to the network namespace associated with name
|
||
|
-.IR "NETNSNAME".
|
||
|
+.IR "NETNSNAME " or
|
||
|
+.RI process " PID".
|
||
|
+
|
||
|
+Some devices are not allowed to change network namespace: loopback, bridge,
|
||
|
+ppp, wireless. These are network namespace local devices. In such case
|
||
|
+.B ip
|
||
|
+tool will return "Invalid argument" error. It is possible to find out if device is local
|
||
|
+to a single network namespace by checking
|
||
|
+.B netns-local
|
||
|
+flag in the output of the
|
||
|
+.BR ethtool ":"
|
||
|
+
|
||
|
+.in +8
|
||
|
+.B ethtool -k
|
||
|
+.I DEVICE
|
||
|
+.in -8
|
||
|
+
|
||
|
+To change network namespace for wireless devices the
|
||
|
+.B iw
|
||
|
+tool can be used. But it allows to change network namespace only for physical devices and by process
|
||
|
+.IR PID .
|
||
|
|
||
|
.TP
|
||
|
.BI alias " NAME"
|
||
|
@@ -720,7 +794,7 @@ If multiple parameter changes are requested,
|
||
|
aborts immediately after any of the changes have failed.
|
||
|
This is the only case when
|
||
|
.B ip
|
||
|
-can move the system to an unpredictable state. The solution
|
||
|
+can move the system to an unpredictable state. The solution
|
||
|
is to avoid changing several parameters with one
|
||
|
.B ip link set
|
||
|
call.
|
||
|
@@ -779,6 +853,12 @@ print human readable rates in IEC units (ie. 1K = 1024).
|
||
|
.I "TYPE"
|
||
|
specifies which help of link type to dislpay.
|
||
|
|
||
|
+.SS
|
||
|
+.I GROUP
|
||
|
+may be a number or a string from the file
|
||
|
+.B /etc/iproute2/group
|
||
|
+which can be manually filled.
|
||
|
+
|
||
|
.SH "EXAMPLES"
|
||
|
.PP
|
||
|
ip link show
|
||
|
@@ -832,7 +912,8 @@ and the outer UDP checksum and remote checksum offload are enabled.
|
||
|
|
||
|
.SH SEE ALSO
|
||
|
.br
|
||
|
-.BR ip (8)
|
||
|
+.BR ip (8),
|
||
|
+.BR ip-netns (8)
|
||
|
|
||
|
.SH AUTHOR
|
||
|
Original Manpage by Michail Litvak <mci@owl.openwall.com>
|
||
|
diff --git a/man/man8/ip-maddress.8 b/man/man8/ip-maddress.8
|
||
|
index 288d5cc..f3432bb 100644
|
||
|
--- a/man/man8/ip-maddress.8
|
||
|
+++ b/man/man8/ip-maddress.8
|
||
|
@@ -39,7 +39,7 @@ the device name.
|
||
|
These commands attach/detach a static link-layer multicast address
|
||
|
to listen on the interface.
|
||
|
Note that it is impossible to join protocol multicast groups
|
||
|
-statically. This command only manages link-layer addresses.
|
||
|
+statically. This command only manages link-layer addresses.
|
||
|
|
||
|
.RS
|
||
|
.TP
|
||
|
diff --git a/man/man8/ip-monitor.8 b/man/man8/ip-monitor.8
|
||
|
index 544b625..1de0ca9 100644
|
||
|
--- a/man/man8/ip-monitor.8
|
||
|
+++ b/man/man8/ip-monitor.8
|
||
|
@@ -33,7 +33,7 @@ Prints short timestamp before the event message on the same line in format:
|
||
|
The
|
||
|
.B ip
|
||
|
utility can monitor the state of devices, addresses
|
||
|
-and routes continuously. This option has a slightly different format.
|
||
|
+and routes continuously. This option has a slightly different format.
|
||
|
Namely, the
|
||
|
.B monitor
|
||
|
command is the first in the command line and then the object list follows:
|
||
|
@@ -49,7 +49,7 @@ command is the first in the command line and then the object list follows:
|
||
|
is the list of object types that we want to monitor.
|
||
|
It may contain
|
||
|
.BR link ", " address ", " route ", " mroute ", " prefix ", "
|
||
|
-.BR neigh " and " netconf "."
|
||
|
+.BR neigh ", " netconf " and " rule "."
|
||
|
If no
|
||
|
.B file
|
||
|
argument is given,
|
||
|
@@ -65,7 +65,7 @@ but opens the given file, and dumps its contents. The file
|
||
|
should contain RTNETLINK messages saved in binary format.
|
||
|
Such a file can be generated with the
|
||
|
.B rtmon
|
||
|
-utility. This utility has a command line syntax similar to
|
||
|
+utility. This utility has a command line syntax similar to
|
||
|
.BR "ip monitor" .
|
||
|
Ideally,
|
||
|
.B rtmon
|
||
|
diff --git a/man/man8/ip-mroute.8 b/man/man8/ip-mroute.8
|
||
|
index 3b708cf..e89b6b2 100644
|
||
|
--- a/man/man8/ip-mroute.8
|
||
|
+++ b/man/man8/ip-mroute.8
|
||
|
@@ -28,7 +28,7 @@ or
|
||
|
Due to the limitations of the current interface to the multicast routing
|
||
|
engine, it is impossible to change
|
||
|
.B mroute
|
||
|
-objects administratively, so we can only display them. This limitation
|
||
|
+objects administratively, so we can only display them. This limitation
|
||
|
will be removed in the future.
|
||
|
|
||
|
.SS ip mroute show - list mroute cache entries
|
||
|
diff --git a/man/man8/ip-neighbour.8 b/man/man8/ip-neighbour.8
|
||
|
index d6adc65..b0fc0dd 100644
|
||
|
--- a/man/man8/ip-neighbour.8
|
||
|
+++ b/man/man8/ip-neighbour.8
|
||
|
@@ -152,7 +152,7 @@ only list neighbour entries in this state.
|
||
|
.I NUD_STATE
|
||
|
takes values listed below or the special value
|
||
|
.B all
|
||
|
-which means all states. This option may occur more than once.
|
||
|
+which means all states. This option may occur more than once.
|
||
|
If this option is absent,
|
||
|
.B ip
|
||
|
lists all entries except for
|
||
|
@@ -176,9 +176,9 @@ and
|
||
|
.PP
|
||
|
With the
|
||
|
.B -statistics
|
||
|
-option, the command becomes verbose. It prints out the number of
|
||
|
+option, the command becomes verbose. It prints out the number of
|
||
|
deleted neighbours and the number of rounds made to flush the
|
||
|
-neighbour table. If the option is given
|
||
|
+neighbour table. If the option is given
|
||
|
twice,
|
||
|
.B ip neigh flush
|
||
|
also dumps all the deleted neighbours.
|
||
|
diff --git a/man/man8/ip-netns.8 b/man/man8/ip-netns.8
|
||
|
index 8e6999c..80a4ad1 100644
|
||
|
--- a/man/man8/ip-netns.8
|
||
|
+++ b/man/man8/ip-netns.8
|
||
|
@@ -24,6 +24,10 @@ ip-netns \- process network namespace management
|
||
|
.RI "[ " NETNSNAME " ]"
|
||
|
|
||
|
.ti -8
|
||
|
+.BR "ip netns" " { " set " } "
|
||
|
+.I NETNSNAME NETNSID
|
||
|
+
|
||
|
+.ti -8
|
||
|
.BR "ip netns identify"
|
||
|
.RI "[ " PID " ]"
|
||
|
|
||
|
@@ -42,12 +46,15 @@ ip-netns \- process network namespace management
|
||
|
A network namespace is logically another copy of the network stack,
|
||
|
with its own routes, firewall rules, and network devices.
|
||
|
|
||
|
+By default a process inherits its network namespace from its parent. Initially all
|
||
|
+the processes share the same default network namespace from the init process.
|
||
|
+
|
||
|
By convention a named network namespace is an object at
|
||
|
.BR "/var/run/netns/" NAME
|
||
|
-that can be opened. The file descriptor resulting from opening
|
||
|
+that can be opened. The file descriptor resulting from opening
|
||
|
.BR "/var/run/netns/" NAME
|
||
|
-refers to the specified network namespace. Holding that file
|
||
|
-descriptor open keeps the network namespace alive. The file
|
||
|
+refers to the specified network namespace. Holding that file
|
||
|
+descriptor open keeps the network namespace alive. The file
|
||
|
descriptor can be used with the
|
||
|
.B setns(2)
|
||
|
system call to change the network namespace associated with a task.
|
||
|
@@ -83,15 +90,55 @@ network namespace and assigns NAME.
|
||
|
.B ip [-all] netns delete [ NAME ] - delete the name of a network namespace(s)
|
||
|
.sp
|
||
|
If NAME is present in /var/run/netns it is umounted and the mount
|
||
|
-point is removed. If this is the last user of the network namespace the
|
||
|
-network namespace will be freed, otherwise the network namespace
|
||
|
-persists until it has no more users. ip netns delete may fail if
|
||
|
-the mount point is in use in another mount namespace.
|
||
|
+point is removed. If this is the last user of the network namespace the
|
||
|
+network namespace will be freed and all physical devices will be moved to the
|
||
|
+default one, otherwise the network namespace persists until it has no more
|
||
|
+users. ip netns delete may fail if the mount point is in use in another mount
|
||
|
+namespace.
|
||
|
|
||
|
If
|
||
|
.B -all
|
||
|
option was specified then all the network namespace names will be removed.
|
||
|
|
||
|
+It is possible to lose the physical device when it was moved to netns and
|
||
|
+then this netns was deleted with a running process:
|
||
|
+
|
||
|
+.RS 10
|
||
|
+$ ip netns add net0
|
||
|
+.RE
|
||
|
+.RS 10
|
||
|
+$ ip link set dev eth0 netns net0
|
||
|
+.RE
|
||
|
+.RS 10
|
||
|
+$ ip netns exec net0 SOME_PROCESS_IN_BACKGROUND
|
||
|
+.RE
|
||
|
+.RS 10
|
||
|
+$ ip netns del net0
|
||
|
+.RE
|
||
|
+
|
||
|
+.RS
|
||
|
+and eth0 will appear in the default netns only after SOME_PROCESS_IN_BACKGROUND
|
||
|
+will exit or will be killed. To prevent this the processes running in net0
|
||
|
+should be killed before deleting the netns:
|
||
|
+
|
||
|
+.RE
|
||
|
+.RS 10
|
||
|
+$ ip netns pids net0 | xargs kill
|
||
|
+.RE
|
||
|
+.RS 10
|
||
|
+$ ip netns del net0
|
||
|
+.RE
|
||
|
+
|
||
|
+.TP
|
||
|
+.B ip netns set NAME NETNSID - assign an id to a peer network namespace
|
||
|
+.sp
|
||
|
+This command assigns a id to a peer network namespace. This id is valid
|
||
|
+only in the current network namespace.
|
||
|
+This id will be used by the kernel in some netlink messages. If no id is
|
||
|
+assigned when the kernel needs it, it will be automatically assigned by
|
||
|
+the kernel.
|
||
|
+Once it is assigned, it's not possible to change it.
|
||
|
+
|
||
|
.TP
|
||
|
.B ip netns identify [PID] - Report network namespaces names for process
|
||
|
.sp
|
||
|
@@ -111,7 +158,7 @@ the named network namespace as their primary network namespace.
|
||
|
This command allows applications that are network namespace unaware
|
||
|
to be run in something other than the default network namespace with
|
||
|
all of the configuration for the specified network namespace appearing
|
||
|
-in the customary global locations. A network namespace and bind mounts
|
||
|
+in the customary global locations. A network namespace and bind mounts
|
||
|
are used to move files from their network namespace specific location
|
||
|
to their default locations without affecting other processes.
|
||
|
|
||
|
diff --git a/man/man8/ip-route.8.in b/man/man8/ip-route.8.in
|
||
|
index 89960c1..d53cc76 100644
|
||
|
--- a/man/man8/ip-route.8.in
|
||
|
+++ b/man/man8/ip-route.8.in
|
||
|
@@ -116,7 +116,9 @@ replace " } "
|
||
|
.B features
|
||
|
.IR FEATURES " ] [ "
|
||
|
.B quickack
|
||
|
-.IR BOOL " ]"
|
||
|
+.IR BOOL " ] [ "
|
||
|
+.B congctl
|
||
|
+.IR NAME " ]"
|
||
|
|
||
|
.ti -8
|
||
|
.IR TYPE " := [ "
|
||
|
@@ -160,7 +162,7 @@ by the route prefix.
|
||
|
|
||
|
.sp
|
||
|
.B unreachable
|
||
|
-- these destinations are unreachable. Packets are discarded and the
|
||
|
+- these destinations are unreachable. Packets are discarded and the
|
||
|
ICMP message
|
||
|
.I host unreachable
|
||
|
is generated.
|
||
|
@@ -170,47 +172,47 @@ error.
|
||
|
|
||
|
.sp
|
||
|
.B blackhole
|
||
|
-- these destinations are unreachable. Packets are discarded silently.
|
||
|
+- these destinations are unreachable. Packets are discarded silently.
|
||
|
The local senders get an
|
||
|
.I EINVAL
|
||
|
error.
|
||
|
|
||
|
.sp
|
||
|
.B prohibit
|
||
|
-- these destinations are unreachable. Packets are discarded and the
|
||
|
+- these destinations are unreachable. Packets are discarded and the
|
||
|
ICMP message
|
||
|
.I communication administratively prohibited
|
||
|
-is generated. The local senders get an
|
||
|
+is generated. The local senders get an
|
||
|
.I EACCES
|
||
|
error.
|
||
|
|
||
|
.sp
|
||
|
.B local
|
||
|
-- the destinations are assigned to this host. The packets are looped
|
||
|
+- the destinations are assigned to this host. The packets are looped
|
||
|
back and delivered locally.
|
||
|
|
||
|
.sp
|
||
|
.B broadcast
|
||
|
-- the destinations are broadcast addresses. The packets are sent as
|
||
|
+- the destinations are broadcast addresses. The packets are sent as
|
||
|
link broadcasts.
|
||
|
|
||
|
.sp
|
||
|
.B throw
|
||
|
- a special control route used together with policy rules. If such a
|
||
|
route is selected, lookup in this table is terminated pretending that
|
||
|
-no route was found. Without policy routing it is equivalent to the
|
||
|
-absence of the route in the routing table. The packets are dropped
|
||
|
+no route was found. Without policy routing it is equivalent to the
|
||
|
+absence of the route in the routing table. The packets are dropped
|
||
|
and the ICMP message
|
||
|
.I net unreachable
|
||
|
-is generated. The local senders get an
|
||
|
+is generated. The local senders get an
|
||
|
.I ENETUNREACH
|
||
|
error.
|
||
|
|
||
|
.sp
|
||
|
.B nat
|
||
|
-- a special NAT route. Destinations covered by the prefix
|
||
|
+- a special NAT route. Destinations covered by the prefix
|
||
|
are considered to be dummy (or external) addresses which require translation
|
||
|
-to real (or internal) ones before forwarding. The addresses to translate to
|
||
|
+to real (or internal) ones before forwarding. The addresses to translate to
|
||
|
are selected with the attribute
|
||
|
.BR "via" .
|
||
|
.B Warning:
|
||
|
@@ -221,7 +223,7 @@ Route NAT is no longer supported in Linux 2.6.
|
||
|
.RI "- " "not implemented"
|
||
|
the destinations are
|
||
|
.I anycast
|
||
|
-addresses assigned to this host. They are mainly equivalent
|
||
|
+addresses assigned to this host. They are mainly equivalent
|
||
|
to
|
||
|
.B local
|
||
|
with one difference: such addresses are invalid when used
|
||
|
@@ -229,7 +231,7 @@ as the source address of any packet.
|
||
|
|
||
|
.sp
|
||
|
.B multicast
|
||
|
-- a special type used for multicast routing. It is not present in
|
||
|
+- a special type used for multicast routing. It is not present in
|
||
|
normal routing tables.
|
||
|
.in -8
|
||
|
|
||
|
@@ -245,10 +247,10 @@ Values (0, 253, 254, and 255) are reserved for built-in use.
|
||
|
|
||
|
.sp
|
||
|
Actually, one other table always exists, which is invisible but
|
||
|
-even more important. It is the
|
||
|
+even more important. It is the
|
||
|
.B local
|
||
|
-table (ID 255). This table
|
||
|
-consists of routes for local and broadcast addresses. The kernel maintains
|
||
|
+table (ID 255). This table
|
||
|
+consists of routes for local and broadcast addresses. The kernel maintains
|
||
|
this table automatically and the administrator usually need not modify it
|
||
|
or even look at it.
|
||
|
|
||
|
@@ -268,7 +270,7 @@ change or add new one
|
||
|
.RS
|
||
|
.TP
|
||
|
.BI to " TYPE PREFIX " (default)
|
||
|
-the destination prefix of the route. If
|
||
|
+the destination prefix of the route. If
|
||
|
.I TYPE
|
||
|
is omitted,
|
||
|
.B ip
|
||
|
@@ -279,9 +281,9 @@ Other values of
|
||
|
are listed above.
|
||
|
.I PREFIX
|
||
|
is an IP or IPv6 address optionally followed by a slash and the
|
||
|
-prefix length. If the length of the prefix is missing,
|
||
|
+prefix length. If the length of the prefix is missing,
|
||
|
.B ip
|
||
|
-assumes a full-length host route. There is also a special
|
||
|
+assumes a full-length host route. There is also a special
|
||
|
.I PREFIX
|
||
|
.B default
|
||
|
- which is equivalent to IP
|
||
|
@@ -293,9 +295,9 @@ or to IPv6
|
||
|
.BI tos " TOS"
|
||
|
.TP
|
||
|
.BI dsfield " TOS"
|
||
|
-the Type Of Service (TOS) key. This key has no associated mask and
|
||
|
+the Type Of Service (TOS) key. This key has no associated mask and
|
||
|
the longest match is understood as: First, compare the TOS
|
||
|
-of the route and of the packet. If they are not equal, then the packet
|
||
|
+of the route and of the packet. If they are not equal, then the packet
|
||
|
may still match a route with a zero TOS.
|
||
|
.I TOS
|
||
|
is either an 8 bit hexadecimal number or an identifier
|
||
|
@@ -332,12 +334,12 @@ the output device name.
|
||
|
|
||
|
.TP
|
||
|
.BI via " ADDRESS"
|
||
|
-the address of the nexthop router. Actually, the sense of this field
|
||
|
-depends on the route type. For normal
|
||
|
+the address of the nexthop router. Actually, the sense of this field
|
||
|
+depends on the route type. For normal
|
||
|
.B unicast
|
||
|
routes it is either the true next hop router or, if it is a direct
|
||
|
route installed in BSD compatibility mode, it can be a local address
|
||
|
-of the interface. For NAT routes it is the first address of the block
|
||
|
+of the interface. For NAT routes it is the first address of the block
|
||
|
of translated IP destinations.
|
||
|
|
||
|
.TP
|
||
|
@@ -356,10 +358,10 @@ may be a number or a string from the file
|
||
|
.BI mtu " MTU"
|
||
|
.TP
|
||
|
.BI "mtu lock" " MTU"
|
||
|
-the MTU along the path to the destination. If the modifier
|
||
|
+the MTU along the path to the destination. If the modifier
|
||
|
.B lock
|
||
|
is not used, the MTU may be updated by the kernel due to
|
||
|
-Path MTU Discovery. If the modifier
|
||
|
+Path MTU Discovery. If the modifier
|
||
|
.B lock
|
||
|
is used, no path MTU discovery will be tried, all packets
|
||
|
will be sent without the DF bit in IPv4 case or fragmented
|
||
|
@@ -368,7 +370,7 @@ to MTU for IPv6.
|
||
|
.TP
|
||
|
.BI window " NUMBER"
|
||
|
the maximal window for TCP to advertise to these destinations,
|
||
|
-measured in bytes. It limits maximal data bursts that our TCP
|
||
|
+measured in bytes. It limits maximal data bursts that our TCP
|
||
|
peers are allowed to send to us.
|
||
|
|
||
|
.TP
|
||
|
@@ -389,7 +391,7 @@ above.
|
||
|
.TP
|
||
|
.BI rto_min " TIME " "(2.6.23+ only)"
|
||
|
the minimum TCP Retransmission TimeOut to use when communicating with this
|
||
|
-destination. Values are specified as with
|
||
|
+destination. Values are specified as with
|
||
|
.BI rtt
|
||
|
above.
|
||
|
|
||
|
@@ -399,7 +401,7 @@ an estimate for the initial slow start threshold.
|
||
|
|
||
|
.TP
|
||
|
.BI cwnd " NUMBER " "(2.3.15+ only)"
|
||
|
-the clamp for congestion window. It is ignored if the
|
||
|
+the clamp for congestion window. It is ignored if the
|
||
|
.B lock
|
||
|
flag is not used.
|
||
|
|
||
|
@@ -418,7 +420,7 @@ The default value is zero, meaning to use Slow Start value.
|
||
|
|
||
|
.TP
|
||
|
.BI features " FEATURES " (3.18+ only)
|
||
|
-Enable or disable per-route features. Only available feature at this
|
||
|
+Enable or disable per-route features. Only available feature at this
|
||
|
time is
|
||
|
.B ecn
|
||
|
to enable explicit congestion notification when initiating connections to the
|
||
|
@@ -433,9 +435,24 @@ sysctl is set to 0.
|
||
|
Enable or disable quick ack for connections to this destination.
|
||
|
|
||
|
.TP
|
||
|
+.BI congctl " NAME " "(3.20+ only)"
|
||
|
+.TP
|
||
|
+.BI "congctl lock" " NAME " "(3.20+ only)"
|
||
|
+Sets a specific TCP congestion control algorithm only for a given destination.
|
||
|
+If not specified, Linux keeps the current global default TCP congestion control
|
||
|
+algorithm, or the one set from the application. If the modifier
|
||
|
+.B lock
|
||
|
+is not used, an application may nevertheless overwrite the suggested congestion
|
||
|
+control algorithm for that destination. If the modifier
|
||
|
+.B lock
|
||
|
+is used, then an application is not allowed to overwrite the specified congestion
|
||
|
+control algorithm for that destination, thus it will be enforced/guaranteed to
|
||
|
+use the proposed algorithm.
|
||
|
+
|
||
|
+.TP
|
||
|
.BI advmss " NUMBER " "(2.3.15+ only)"
|
||
|
the MSS ('Maximal Segment Size') to advertise to these
|
||
|
-destinations when establishing TCP connections. If it is not given,
|
||
|
+destinations when establishing TCP connections. If it is not given,
|
||
|
Linux uses a default value calculated from the first hop device MTU.
|
||
|
(If the path to these destination is asymmetric, this guess may be wrong.)
|
||
|
|
||
|
@@ -498,7 +515,7 @@ If the routing protocol ID is not given,
|
||
|
.B ip assumes protocol
|
||
|
.B boot
|
||
|
(i.e. it assumes the route was added by someone who doesn't
|
||
|
-understand what they are doing). Several protocol values have
|
||
|
+understand what they are doing). Several protocol values have
|
||
|
a fixed interpretation.
|
||
|
Namely:
|
||
|
|
||
|
@@ -547,7 +564,7 @@ but their semantics are a bit different.
|
||
|
|
||
|
Key values
|
||
|
.RB "(" to ", " tos ", " preference " and " table ")"
|
||
|
-select the route to delete. If optional attributes are present,
|
||
|
+select the route to delete. If optional attributes are present,
|
||
|
.B ip
|
||
|
verifies that they coincide with the attributes of the route to delete.
|
||
|
If no route with the given key and attributes was found,
|
||
|
@@ -604,7 +621,7 @@ only select routes with the given TOS.
|
||
|
|
||
|
.TP
|
||
|
.BI table " TABLEID"
|
||
|
-show the routes from this table(s). The default setting is to show table
|
||
|
+show the routes from this table(s). The default setting is to show table
|
||
|
.BR main "."
|
||
|
.I TABLEID
|
||
|
may either be the ID of a real table or one of the special values:
|
||
|
@@ -678,7 +695,7 @@ this command flushes routes selected by some criteria.
|
||
|
.sp
|
||
|
The arguments have the same syntax and semantics as the arguments of
|
||
|
.BR "ip route show" ,
|
||
|
-but routing tables are not listed but purged. The only difference is
|
||
|
+but routing tables are not listed but purged. The only difference is
|
||
|
the default action:
|
||
|
.B show
|
||
|
dumps all the IP main routing table but
|
||
|
@@ -740,7 +757,7 @@ Note that this operation is not equivalent to
|
||
|
.B show
|
||
|
shows existing routes.
|
||
|
.B get
|
||
|
-resolves them and creates new clones if necessary. Essentially,
|
||
|
+resolves them and creates new clones if necessary. Essentially,
|
||
|
.B get
|
||
|
is equivalent to sending a packet along this path.
|
||
|
If the
|
||
|
@@ -750,7 +767,7 @@ to output packets towards the requested destination.
|
||
|
This is equivalent to pinging the destination
|
||
|
with a subsequent
|
||
|
.BR "ip route ls cache" ,
|
||
|
-however, no packets are actually sent. With the
|
||
|
+however, no packets are actually sent. With the
|
||
|
.B iif
|
||
|
argument, the kernel pretends that a packet arrived from this interface
|
||
|
and searches for a path to forward the packet.
|
||
|
@@ -774,8 +791,8 @@ This command expects to read a data stream as returned from
|
||
|
.BR "ip route save" .
|
||
|
It will attempt to restore the routing table information exactly as
|
||
|
it was at the time of the save, so any translation of information
|
||
|
-in the stream (such as device indexes) must be done first. Any existing
|
||
|
-routes are left unchanged. Any routes specified in the data stream that
|
||
|
+in the stream (such as device indexes) must be done first. Any existing
|
||
|
+routes are left unchanged. Any routes specified in the data stream that
|
||
|
already exist in the table will be ignored.
|
||
|
.RE
|
||
|
|
||
|
diff --git a/man/man8/ip-rule.8 b/man/man8/ip-rule.8
|
||
|
index 62df3b0..dd925be 100644
|
||
|
--- a/man/man8/ip-rule.8
|
||
|
+++ b/man/man8/ip-rule.8
|
||
|
@@ -86,7 +86,7 @@ and an
|
||
|
The RPDB is scanned in order of decreasing priority. The selector
|
||
|
of each rule is applied to {source address, destination address, incoming
|
||
|
interface, tos, fwmark} and, if the selector matches the packet,
|
||
|
-the action is performed. The action predicate may return with success.
|
||
|
+the action is performed. The action predicate may return with success.
|
||
|
In this case, it will either give a route or failure indication
|
||
|
and the RPDB lookup is terminated. Otherwise, the RPDB program
|
||
|
continues with the next rule.
|
||
|
@@ -131,18 +131,18 @@ table
|
||
|
(ID 253).
|
||
|
The
|
||
|
.B default
|
||
|
-table is empty. It is reserved for some post-processing if no previous
|
||
|
+table is empty. It is reserved for some post-processing if no previous
|
||
|
default rules selected the packet.
|
||
|
This rule may also be deleted.
|
||
|
|
||
|
.P
|
||
|
Each RPDB entry has additional
|
||
|
-attributes. F.e. each rule has a pointer to some routing
|
||
|
-table. NAT and masquerading rules have an attribute to select new IP
|
||
|
-address to translate/masquerade. Besides that, rules have some
|
||
|
+attributes. F.e. each rule has a pointer to some routing
|
||
|
+table. NAT and masquerading rules have an attribute to select new IP
|
||
|
+address to translate/masquerade. Besides that, rules have some
|
||
|
optional attributes, which routes have, namely
|
||
|
.BR "realms" .
|
||
|
-These values do not override those contained in the routing tables. They
|
||
|
+These values do not override those contained in the routing tables. They
|
||
|
are only used if the route did not select any attributes.
|
||
|
|
||
|
.sp
|
||
|
@@ -175,7 +175,7 @@ of the IP packet into some other value.
|
||
|
.RS
|
||
|
.TP
|
||
|
.BI type " TYPE " (default)
|
||
|
-the type of this rule. The list of valid types was given in the previous
|
||
|
+the type of this rule. The list of valid types was given in the previous
|
||
|
subsection.
|
||
|
|
||
|
.TP
|
||
|
@@ -188,14 +188,14 @@ select the destination prefix to match.
|
||
|
|
||
|
.TP
|
||
|
.BI iif " NAME"
|
||
|
-select the incoming device to match. If the interface is loopback,
|
||
|
-the rule only matches packets originating from this host. This means
|
||
|
+select the incoming device to match. If the interface is loopback,
|
||
|
+the rule only matches packets originating from this host. This means
|
||
|
that you may create separate routing tables for forwarded and local
|
||
|
packets and, hence, completely segregate them.
|
||
|
|
||
|
.TP
|
||
|
.BI oif " NAME"
|
||
|
-select the outgoing device to match. The outgoing interface is only
|
||
|
+select the outgoing device to match. The outgoing interface is only
|
||
|
available for packets originating from local sockets that are bound to
|
||
|
a device.
|
||
|
|
||
|
@@ -213,7 +213,7 @@ value to match.
|
||
|
|
||
|
.TP
|
||
|
.BI priority " PREFERENCE"
|
||
|
-the priority of this rule. Each rule should have an explicitly
|
||
|
+the priority of this rule. Each rule should have an explicitly
|
||
|
set
|
||
|
.I unique
|
||
|
priority value.
|
||
|
@@ -236,7 +236,7 @@ group GROUP.
|
||
|
.TP
|
||
|
.BI realms " FROM/TO"
|
||
|
Realms to select if the rule matched and the routing table lookup
|
||
|
-succeeded. Realm
|
||
|
+succeeded. Realm
|
||
|
.I TO
|
||
|
is only used if the route did not select any realm.
|
||
|
|
||
|
@@ -253,7 +253,7 @@ Using map-to instead of nat means the same thing.
|
||
|
|
||
|
.B Warning:
|
||
|
Changes to the RPDB made with these commands do not become active
|
||
|
-immediately. It is assumed that after a script finishes a batch of
|
||
|
+immediately. It is assumed that after a script finishes a batch of
|
||
|
updates, it flushes the routing cache with
|
||
|
.BR "ip route flush cache" .
|
||
|
.RE
|
||
|
diff --git a/man/man8/ip-tunnel.8 b/man/man8/ip-tunnel.8
|
||
|
index fc2d6bd..c97c28c 100644
|
||
|
--- a/man/man8/ip-tunnel.8
|
||
|
+++ b/man/man8/ip-tunnel.8
|
||
|
@@ -86,7 +86,7 @@ objects are tunnels, encapsulating packets in IP packets and then
|
||
|
sending them over the IP infrastructure.
|
||
|
The encapsulating (or outer) address family is specified by the
|
||
|
.B -f
|
||
|
-option. The default is IPv4.
|
||
|
+option. The default is IPv4.
|
||
|
|
||
|
.TP
|
||
|
.B ip tunnel add
|
||
|
@@ -168,7 +168,7 @@ changes.
|
||
|
.TP
|
||
|
.B nopmtudisc
|
||
|
disable Path MTU Discovery on this tunnel.
|
||
|
-It is enabled by default. Note that a fixed ttl is incompatible
|
||
|
+It is enabled by default. Note that a fixed ttl is incompatible
|
||
|
with this option: tunneling with a fixed ttl always makes pmtu
|
||
|
discovery.
|
||
|
|
||
|
@@ -199,7 +199,7 @@ flag calculates checksums for outgoing packets.
|
||
|
The
|
||
|
.B icsum
|
||
|
flag requires that all input packets have the correct
|
||
|
-checksum. The
|
||
|
+checksum. The
|
||
|
.B csum
|
||
|
flag is equivalent to the combination
|
||
|
.BR "icsum ocsum" .
|
||
|
@@ -223,7 +223,7 @@ flag is equivalent to the combination
|
||
|
.TP
|
||
|
.BI encaplim " ELIM"
|
||
|
.RB ( " only IPv6 tunnels " )
|
||
|
-set a fixed encapsulation limit. Default is 4.
|
||
|
+set a fixed encapsulation limit. Default is 4.
|
||
|
|
||
|
.TP
|
||
|
.BI flowlabel " FLOWLABEL"
|
||
|
diff --git a/man/man8/ip.8 b/man/man8/ip.8
|
||
|
index 016e8c6..4cd71de 100644
|
||
|
--- a/man/man8/ip.8
|
||
|
+++ b/man/man8/ip.8
|
||
|
@@ -56,7 +56,7 @@ If there were any errors during execution of the commands, the application retur
|
||
|
|
||
|
.TP
|
||
|
.BR "\-s" , " \-stats" , " \-statistics"
|
||
|
-Output more information. If the option
|
||
|
+Output more information. If the option
|
||
|
appears twice or more, the amount of information increases.
|
||
|
As a rule, the information is statistics or some time values.
|
||
|
|
||
|
@@ -67,7 +67,7 @@ Output more detailed information.
|
||
|
.TP
|
||
|
.BR "\-l" , " \-loops " <COUNT>
|
||
|
Specify maximum number of loops the 'ip addr flush' logic
|
||
|
-will attempt before giving up. The default is 10.
|
||
|
+will attempt before giving up. The default is 10.
|
||
|
Zero (0) means loop until all addresses are removed.
|
||
|
|
||
|
.TP
|
||
|
@@ -77,7 +77,7 @@ Specifies the protocol family to use. The protocol family identifier can be one
|
||
|
or
|
||
|
.BR link .
|
||
|
If this option is not present,
|
||
|
-the protocol family is guessed from other arguments. If the rest
|
||
|
+the protocol family is guessed from other arguments. If the rest
|
||
|
of the command line does not give enough information to guess the
|
||
|
family,
|
||
|
.B ip
|
||
|
@@ -254,9 +254,9 @@ and
|
||
|
(or
|
||
|
.B list
|
||
|
) objects, but some objects do not allow all of these operations
|
||
|
-or have some additional commands. The
|
||
|
+or have some additional commands. The
|
||
|
.B help
|
||
|
-command is available for all objects. It prints
|
||
|
+command is available for all objects. It prints
|
||
|
out a list of available commands and argument syntax conventions.
|
||
|
.sp
|
||
|
If no command is given, some default command is assumed.
|
||
|
diff --git a/man/man8/rtmon.8 b/man/man8/rtmon.8
|
||
|
index c9359d8..0538752 100644
|
||
|
--- a/man/man8/rtmon.8
|
||
|
+++ b/man/man8/rtmon.8
|
||
|
@@ -34,7 +34,7 @@ Show summary of options.
|
||
|
.TP
|
||
|
.B file FILE [ all | LISTofOBJECTS ]
|
||
|
Log output to FILE. LISTofOBJECTS is the list of object types that we
|
||
|
-want to monitor. It may contain 'link', 'address', 'route'
|
||
|
+want to monitor. It may contain 'link', 'address', 'route'
|
||
|
and 'all'. 'link' specifies the network device, 'address' the protocol
|
||
|
(IP or IPv6) address on a device, 'route' the routing table entry
|
||
|
and 'all' does what the name says.
|
||
|
diff --git a/man/man8/ss.8 b/man/man8/ss.8
|
||
|
index 450649a..b7fbaef 100644
|
||
|
--- a/man/man8/ss.8
|
||
|
+++ b/man/man8/ss.8
|
||
|
@@ -84,6 +84,9 @@ context of the creating process, however the context shown will reflect
|
||
|
any policy role, type and/or range transition rules applied,
|
||
|
and is therefore a useful reference.
|
||
|
.TP
|
||
|
+.B \-N NSNAME, \-\-net=NSNAME
|
||
|
+Switch to the specified network namespace name.
|
||
|
+.TP
|
||
|
.B \-b, \-\-bpf
|
||
|
Show socket BPF filters (only administrators are allowed to get these information).
|
||
|
.TP
|
||
|
diff --git a/man/man8/tc-cbq-details.8 b/man/man8/tc-cbq-details.8
|
||
|
index f43dca8..ddaf3ca 100644
|
||
|
--- a/man/man8/tc-cbq-details.8
|
||
|
+++ b/man/man8/tc-cbq-details.8
|
||
|
@@ -58,8 +58,8 @@ interval timeconstant
|
||
|
|
||
|
.SH DESCRIPTION
|
||
|
Class Based Queueing is a classful qdisc that implements a rich
|
||
|
-linksharing hierarchy of classes. It contains shaping elements as
|
||
|
-well as prioritizing capabilities. Shaping is performed using link
|
||
|
+linksharing hierarchy of classes. It contains shaping elements as
|
||
|
+well as prioritizing capabilities. Shaping is performed using link
|
||
|
idle time calculations based on the timing of dequeue events and
|
||
|
underlying link bandwidth.
|
||
|
|
||
|
diff --git a/man/man8/tc-cbq.8 b/man/man8/tc-cbq.8
|
||
|
index 4b371a0..b900e1c 100644
|
||
|
--- a/man/man8/tc-cbq.8
|
||
|
+++ b/man/man8/tc-cbq.8
|
||
|
@@ -60,8 +60,8 @@ interval timeconstant
|
||
|
|
||
|
.SH DESCRIPTION
|
||
|
Class Based Queueing is a classful qdisc that implements a rich
|
||
|
-linksharing hierarchy of classes. It contains shaping elements as
|
||
|
-well as prioritizing capabilities. Shaping is performed using link
|
||
|
+linksharing hierarchy of classes. It contains shaping elements as
|
||
|
+well as prioritizing capabilities. Shaping is performed using link
|
||
|
idle time calculations based on the timing of dequeue events and
|
||
|
underlying link bandwidth.
|
||
|
|
||
|
diff --git a/man/man8/tc-choke.8 b/man/man8/tc-choke.8
|
||
|
index 9d1081f..1916a3d 100644
|
||
|
--- a/man/man8/tc-choke.8
|
||
|
+++ b/man/man8/tc-choke.8
|
||
|
@@ -22,12 +22,12 @@ chance
|
||
|
|
||
|
CHOKe (CHOose and Keep for responsive flows, CHOose and Kill for unresponsive flows)
|
||
|
is a classless qdisc designed to both identify and penalize flows that monopolize the
|
||
|
-queue. CHOKe is a variation of RED, and the configuration is similar to RED.
|
||
|
+queue. CHOKe is a variation of RED, and the configuration is similar to RED.
|
||
|
|
||
|
.SH ALGORITHM
|
||
|
Once the queue hits a certain average length, a random packet is drawn from the
|
||
|
-queue. If both the to-be-queued and the drawn packet belong to the same flow,
|
||
|
-both packets are dropped. Otherwise, if the queue length is still below the maximum length,
|
||
|
+queue. If both the to-be-queued and the drawn packet belong to the same flow,
|
||
|
+both packets are dropped. Otherwise, if the queue length is still below the maximum length,
|
||
|
the new packet has a configurable chance of being marked (which may mean dropped).
|
||
|
If the queue length exceeds
|
||
|
.BR max ,
|
||
|
diff --git a/man/man8/tc-codel.8 b/man/man8/tc-codel.8
|
||
|
index 61f163f..a0e50a4 100644
|
||
|
--- a/man/man8/tc-codel.8
|
||
|
+++ b/man/man8/tc-codel.8
|
||
|
@@ -69,10 +69,10 @@ is used to ensure that the measured minimum delay does not become too stale. The
|
||
|
minimum delay must be experienced in the last epoch of length
|
||
|
.B interval.
|
||
|
It should be set on the order of the worst-case RTT through the bottleneck to
|
||
|
-give endpoints sufficient time to react. Default value is 100ms.
|
||
|
+give endpoints sufficient time to react. Default value is 100ms.
|
||
|
|
||
|
.SS ecn | noecn
|
||
|
-can be used to mark packets instead of dropping them. If
|
||
|
+can be used to mark packets instead of dropping them. If
|
||
|
.B ecn
|
||
|
has been enabled,
|
||
|
.B noecn
|
||
|
diff --git a/man/man8/tc-drr.8 b/man/man8/tc-drr.8
|
||
|
index 29daed8..f550a35 100644
|
||
|
--- a/man/man8/tc-drr.8
|
||
|
+++ b/man/man8/tc-drr.8
|
||
|
@@ -23,9 +23,9 @@ Each class is assigned a deficit counter, initialized to
|
||
|
.B quantum.
|
||
|
|
||
|
DRR maintains an (internal) ''active'' list of classes whose qdiscs are
|
||
|
-non-empty. This list is used for dequeuing. A packet is dequeued from
|
||
|
+non-empty. This list is used for dequeuing. A packet is dequeued from
|
||
|
the class at the head of the list if the packet size is smaller or equal
|
||
|
-to the deficit counter. If the counter is too small, it is increased by
|
||
|
+to the deficit counter. If the counter is too small, it is increased by
|
||
|
.B quantum
|
||
|
and the scheduler moves on to the next class in the active list.
|
||
|
|
||
|
@@ -34,7 +34,7 @@ and the scheduler moves on to the next class in the active list.
|
||
|
.TP
|
||
|
quantum
|
||
|
Amount of bytes a flow is allowed to dequeue before the scheduler moves to
|
||
|
-the next class. Defaults to the MTU of the interface. The minimum value is 1.
|
||
|
+the next class. Defaults to the MTU of the interface. The minimum value is 1.
|
||
|
|
||
|
.SH EXAMPLE & USAGE
|
||
|
|
||
|
@@ -54,9 +54,9 @@ You also need to add at least one filter to classify packets.
|
||
|
.P
|
||
|
|
||
|
Like SFQ, DRR is only useful when it owns the queue \-\- it is a pure scheduler and does
|
||
|
-not delay packets. Attaching non-work-conserving qdiscs like tbf to it does not make
|
||
|
+not delay packets. Attaching non-work-conserving qdiscs like tbf to it does not make
|
||
|
sense \-\- other qdiscs in the active list will also become inactive until the dequeue
|
||
|
-operation succeeds. Embed DRR within another qdisc like HTB or HFSC to ensure it owns the queue.
|
||
|
+operation succeeds. Embed DRR within another qdisc like HTB or HFSC to ensure it owns the queue.
|
||
|
.P
|
||
|
You can mimic SFQ behavior by assigning packets to the attached classes using the
|
||
|
flow filter:
|
||
|
diff --git a/man/man8/tc-fq_codel.8 b/man/man8/tc-fq_codel.8
|
||
|
index adeacd6..a80389a 100644
|
||
|
--- a/man/man8/tc-fq_codel.8
|
||
|
+++ b/man/man8/tc-fq_codel.8
|
||
|
@@ -47,7 +47,7 @@ has the same semantics as
|
||
|
.B codel
|
||
|
and is the acceptable minimum
|
||
|
standing/persistent queue delay. This minimum delay is identified by tracking
|
||
|
-the local minimum queue delay that packets experience. Default value is 5ms.
|
||
|
+the local minimum queue delay that packets experience. Default value is 5ms.
|
||
|
|
||
|
.SS interval
|
||
|
has the same semantics as
|
||
|
@@ -55,7 +55,7 @@ has the same semantics as
|
||
|
and is used to ensure that the measured minimum delay does not become too stale.
|
||
|
The minimum delay must be experienced in the last epoch of length .B interval.
|
||
|
It should be set on the order of the worst-case RTT through the bottleneck to
|
||
|
-give endpoints sufficient time to react. Default value is 100ms.
|
||
|
+give endpoints sufficient time to react. Default value is 100ms.
|
||
|
|
||
|
.SS quantum
|
||
|
is the number of bytes used as 'deficit' in the fair queuing algorithm. Default
|
||
|
@@ -65,7 +65,7 @@ header length of 14 bytes.
|
||
|
.SS ecn | noecn
|
||
|
has the same semantics as
|
||
|
.B codel
|
||
|
-and can be used to mark packets instead of dropping them. If
|
||
|
+and can be used to mark packets instead of dropping them. If
|
||
|
.B ecn
|
||
|
has been enabled,
|
||
|
.B noecn
|
||
|
diff --git a/man/man8/tc-hfsc.8 b/man/man8/tc-hfsc.8
|
||
|
index c5ff331..5444118 100644
|
||
|
--- a/man/man8/tc-hfsc.8
|
||
|
+++ b/man/man8/tc-hfsc.8
|
||
|
@@ -32,7 +32,7 @@ For description of BYTE, BPS and SEC \- please see \fBUNITS\fR
|
||
|
section of \fBtc\fR(8).
|
||
|
.
|
||
|
.SH DESCRIPTION (qdisc)
|
||
|
-HFSC qdisc has only one optional parameter \- \fBdefault\fR. CLASSID specifies
|
||
|
+HFSC qdisc has only one optional parameter \- \fBdefault\fR. CLASSID specifies
|
||
|
the minor part of the default classid, where packets not classified by other
|
||
|
means (e.g. u32 filter, CLASSIFY target of iptables) will be enqueued. If
|
||
|
\fBdefault\fR is not specified, unclassified packets will be dropped.
|
||
|
diff --git a/man/man8/tc-netem.8 b/man/man8/tc-netem.8
|
||
|
index b0b7864..53c4de9 100644
|
||
|
--- a/man/man8/tc-netem.8
|
||
|
+++ b/man/man8/tc-netem.8
|
||
|
@@ -151,7 +151,7 @@ header compression scheme. The third parameter - an unsigned value - specify
|
||
|
the cellsize. Cellsize can be used to simulate link layer schemes. ATM for
|
||
|
example has an payload cellsize of 48 bytes and 5 byte per cell header. If a
|
||
|
packet is 50 byte then ATM must use two cells: 2 * 48 bytes payload including 2
|
||
|
-* 5 byte header, thus consume 106 byte on the wire. The last optional value
|
||
|
+* 5 byte header, thus consume 106 byte on the wire. The last optional value
|
||
|
.I CELLOVERHEAD
|
||
|
can be used to specify per cell overhead - for our ATM example 5.
|
||
|
.I CELLOVERHEAD
|
||
|
diff --git a/man/man8/tc-pie.8 b/man/man8/tc-pie.8
|
||
|
index 536c381..278293b 100644
|
||
|
--- a/man/man8/tc-pie.8
|
||
|
+++ b/man/man8/tc-pie.8
|
||
|
@@ -49,7 +49,7 @@ the deviation between the current and target latency changes probability. beta e
|
||
|
additional adjustments depending on the latency trend.
|
||
|
|
||
|
The drop probabilty is used to mark packets in ecn mode. However, as in RED,
|
||
|
-beyond 10% packets are dropped based on this probability. The bytemode is used
|
||
|
+beyond 10% packets are dropped based on this probability. The bytemode is used
|
||
|
to drop packets proportional to the packet size.
|
||
|
|
||
|
Additional details can be found in the paper cited below.
|
||
|
diff --git a/man/man8/tc-red.8 b/man/man8/tc-red.8
|
||
|
index f410d15..d001c49 100644
|
||
|
--- a/man/man8/tc-red.8
|
||
|
+++ b/man/man8/tc-red.8
|
||
|
@@ -112,7 +112,7 @@ ecn
|
||
|
As mentioned before, RED can either 'mark' or 'drop'. Explicit Congestion
|
||
|
Notification allows RED to notify remote hosts that their rate exceeds the
|
||
|
amount of bandwidth available. Non-ECN capable hosts can only be notified by
|
||
|
-dropping a packet. If this parameter is specified, packets which indicate
|
||
|
+dropping a packet. If this parameter is specified, packets which indicate
|
||
|
that their hosts honor ECN will only be marked and not dropped, unless the
|
||
|
queue size hits
|
||
|
.B limit
|
||
|
@@ -156,7 +156,7 @@ Adaptive RED : http://icir.org/floyd/papers/adaptiveRed.pdf
|
||
|
.SH AUTHORS
|
||
|
Alexey N. Kuznetsov, <kuznet@ms2.inr.ac.ru>, Alexey Makarenko
|
||
|
<makar@phoenix.kharkov.ua>, J Hadi Salim <hadi@nortelnetworks.com>,
|
||
|
-Eric Dumazet <eric.dumazet@gmail.com>.
|
||
|
+Eric Dumazet <eric.dumazet@gmail.com>.
|
||
|
This manpage maintained by bert hubert <ahu@ds9a.nl>
|
||
|
|
||
|
|
||
|
diff --git a/man/man8/tc-sfb.8 b/man/man8/tc-sfb.8
|
||
|
index e7634d2..aad19e1 100644
|
||
|
--- a/man/man8/tc-sfb.8
|
||
|
+++ b/man/man8/tc-sfb.8
|
||
|
@@ -35,7 +35,7 @@ tries to determine the ideal marking probability automatically.
|
||
|
The
|
||
|
.B BLUE
|
||
|
algorithm maintains a probability which is used to mark or drop packets
|
||
|
-that are to be queued. If the queue overflows, the mark/drop probability
|
||
|
+that are to be queued. If the queue overflows, the mark/drop probability
|
||
|
is increased. If the queue becomes empty, the probability is decreased. The
|
||
|
.B Stochastic Fair Blue
|
||
|
(SFB) algorithm is designed to protect TCP flows against non-responsive flows.
|
||
|
@@ -44,8 +44,8 @@ This SFB implementation maintains 8 levels of 16 bins each for accounting.
|
||
|
Each flow is mapped into a bin of each level using a per-level hash value.
|
||
|
|
||
|
Every bin maintains a marking probability, which gets increased or decreased
|
||
|
-based on bin occupancy. If the number of packets exceeds the size of that
|
||
|
-bin, the marking probability is increased. If the number drops to zero, it
|
||
|
+based on bin occupancy. If the number of packets exceeds the size of that
|
||
|
+bin, the marking probability is increased. If the number drops to zero, it
|
||
|
is decreased.
|
||
|
|
||
|
The marking probability is based on the minimum value of all bins a flow is
|
||
|
@@ -63,7 +63,7 @@ with a non-responsive flow, causing the responsive flow to be misidentified as
|
||
|
being non-responsive.
|
||
|
|
||
|
The probability of a responsive flow to be misidentified is dependent on
|
||
|
-the number of non-responsive flows, M. It is (1 - (1 - (1 / 16.0)) ** M) **8,
|
||
|
+the number of non-responsive flows, M. It is (1 - (1 - (1 / 16.0)) ** M) **8,
|
||
|
so for example with 10 non-responsive flows approximately 0.2% of responsive flows
|
||
|
will be misidentified.
|
||
|
|
||
|
@@ -89,7 +89,7 @@ implementation maintains a second set of levels/bins as described in section
|
||
|
4.4 of the SFB reference.
|
||
|
While one set is used to manage the queue, a second set is warmed up:
|
||
|
Whenever a flow is then determined to be non-responsive, the marking
|
||
|
-probabilities in the second set are updated. When the rehashing
|
||
|
+probabilities in the second set are updated. When the rehashing
|
||
|
happens, these bins will be used to manage the queue and all non-responsive
|
||
|
flows can be rate-limited immediately.
|
||
|
This value determines how much time has to pass before the 2nd set
|
||
|
@@ -100,19 +100,19 @@ rehash.
|
||
|
.TP
|
||
|
limit
|
||
|
Hard limit on the real (not average) total queue size in packets.
|
||
|
-Further packets are dropped. Defaults to the transmit queue length of the
|
||
|
+Further packets are dropped. Defaults to the transmit queue length of the
|
||
|
device the qdisc is attached to.
|
||
|
.TP
|
||
|
max
|
||
|
Maximum length of a buckets queue, in packets, before packets start being
|
||
|
-dropped. Should be sightly larger than
|
||
|
+dropped. Should be sightly larger than
|
||
|
.B target
|
||
|
, but should not be set to values exceeding 1.5 times that of
|
||
|
.B target .
|
||
|
Defaults to 25.
|
||
|
.TP
|
||
|
target
|
||
|
-The desired average bin length. If the bin queue length reaches this value,
|
||
|
+The desired average bin length. If the bin queue length reaches this value,
|
||
|
the marking probability is increased by
|
||
|
.B increment.
|
||
|
The default value depends on the
|
||
|
@@ -123,11 +123,11 @@ will default to 20.
|
||
|
.TP
|
||
|
increment
|
||
|
A value used to increase the marking probability when the queue appears
|
||
|
-to be over-used. Must be between 0 and 1.0. Defaults to 0.00050.
|
||
|
+to be over-used. Must be between 0 and 1.0. Defaults to 0.00050.
|
||
|
.TP
|
||
|
decrement
|
||
|
Value used to decrease the marking probability when the queue is found
|
||
|
-to be empty. Must be between 0 and 1.0.
|
||
|
+to be empty. Must be between 0 and 1.0.
|
||
|
Defaults to 0.00005.
|
||
|
.TP
|
||
|
penalty_rate
|
||
|
@@ -153,7 +153,7 @@ The number of packets dropped before a per-flow queue was full.
|
||
|
ratedrop
|
||
|
The number of packets dropped because of rate-limiting.
|
||
|
If this value is high, there are many non-reactive flows being
|
||
|
-sent through sfb. In such cases, it might be better to
|
||
|
+sent through sfb. In such cases, it might be better to
|
||
|
embed sfb within a classful qdisc to better control such
|
||
|
flows using a different, shaping qdisc.
|
||
|
.TP
|
||
|
@@ -163,7 +163,7 @@ High bucketdrop may point to a high number of aggressive, short-lived
|
||
|
flows.
|
||
|
.TP
|
||
|
queuedrop
|
||
|
-The number of packets dropped due to reaching limit. This should normally be 0.
|
||
|
+The number of packets dropped due to reaching limit. This should normally be 0.
|
||
|
.TP
|
||
|
marked
|
||
|
The number of packets marked with ECN.
|
||
|
@@ -172,7 +172,7 @@ maxqlen
|
||
|
The length of the current longest per-flow (virtual) queue.
|
||
|
.TP
|
||
|
maxprob
|
||
|
-The maximum per-flow drop probability. 1 means that some
|
||
|
+The maximum per-flow drop probability. 1 means that some
|
||
|
flows have been detected as non-reactive.
|
||
|
|
||
|
.SH NOTES
|
||
|
diff --git a/man/man8/tc-sfq.8 b/man/man8/tc-sfq.8
|
||
|
index 5a651ff..9afb5b2 100644
|
||
|
--- a/man/man8/tc-sfq.8
|
||
|
+++ b/man/man8/tc-sfq.8
|
||
|
@@ -150,7 +150,7 @@ ecn
|
||
|
RED can either 'mark' or 'drop'. Explicit Congestion
|
||
|
Notification allows RED to notify remote hosts that their rate exceeds the
|
||
|
amount of bandwidth available. Non-ECN capable hosts can only be notified by
|
||
|
-dropping a packet. If this parameter is specified, packets which indicate
|
||
|
+dropping a packet. If this parameter is specified, packets which indicate
|
||
|
that their hosts honor ECN will only be marked and not dropped, unless the
|
||
|
queue size hits
|
||
|
.B depth
|
||
|
diff --git a/man/man8/tc-tbf.8 b/man/man8/tc-tbf.8
|
||
|
index 18ef7b4..fc2c837 100644
|
||
|
--- a/man/man8/tc-tbf.8
|
||
|
+++ b/man/man8/tc-tbf.8
|
||
|
@@ -102,7 +102,7 @@ Furthermore, if a peakrate is desired, the following parameters are available:
|
||
|
|
||
|
.TP
|
||
|
peakrate
|
||
|
-Maximum depletion rate of the bucket. The peakrate does not
|
||
|
+Maximum depletion rate of the bucket. The peakrate does not
|
||
|
need to be set, it is only necessary if perfect millisecond timescale
|
||
|
shaping is required.
|
||
|
|
||
|
diff --git a/man/man8/tc.8 b/man/man8/tc.8
|
||
|
index a6aed0a..ea4d445 100644
|
||
|
--- a/man/man8/tc.8
|
||
|
+++ b/man/man8/tc.8
|
||
|
@@ -250,23 +250,33 @@ attached to that class. Check qdisc specific manpages for details, however.
|
||
|
All qdiscs, classes and filters have IDs, which can either be specified
|
||
|
or be automatically assigned.
|
||
|
|
||
|
-IDs consist of a major number and a minor number, separated by a colon.
|
||
|
-Both major and minor number are limited to 16 bits. There are two special
|
||
|
-values: root is signified by major and minor of all ones, and unspecified
|
||
|
-is all zeros.
|
||
|
+IDs consist of a
|
||
|
+.BR major " number and a " minor
|
||
|
+number, separated by a colon -
|
||
|
+.BR major ":" minor "."
|
||
|
+Both
|
||
|
+.BR major " and " minor
|
||
|
+are hexadecimal numbers and are limited to 16 bits. There are two special
|
||
|
+values: root is signified by
|
||
|
+.BR major " and " minor
|
||
|
+of all ones, and unspecified is all zeros.
|
||
|
|
||
|
.TP
|
||
|
QDISCS
|
||
|
-A qdisc, which potentially can have children,
|
||
|
-gets assigned a major number, called a 'handle', leaving the minor
|
||
|
+A qdisc, which potentially can have children, gets assigned a
|
||
|
+.B major
|
||
|
+number, called a 'handle', leaving the
|
||
|
+.B minor
|
||
|
number namespace available for classes. The handle is expressed as '10:'.
|
||
|
-It is customary to explicitly assign a handle to qdiscs expected to have
|
||
|
-children.
|
||
|
+It is customary to explicitly assign a handle to qdiscs expected to have children.
|
||
|
|
||
|
.TP
|
||
|
CLASSES
|
||
|
-Classes residing under a qdisc share their qdisc major number, but each have
|
||
|
-a separate minor number called a 'classid' that has no relation to their
|
||
|
+Classes residing under a qdisc share their qdisc
|
||
|
+.B major
|
||
|
+number, but each have a separate
|
||
|
+.B minor
|
||
|
+number called a 'classid' that has no relation to their
|
||
|
parent classes, only to their parent qdisc. The same naming custom as for
|
||
|
qdiscs applies.
|
||
|
|