From 87d433e44e48f7a8dd65a31c9e3e4b7cd98a80b7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Thu, 25 Nov 2021 04:18:54 +0000 Subject: [PATCH] import iproute-5.15.0-1.el8 --- .gitignore | 2 +- .iproute.metadata | 2 +- ...-parsing-issue-on-include_dir-option.patch | 74 ++ ...-option-to-match-on-related-ct-state.patch | 73 -- ...x-parsing-issue-on-libbpf_dir-option.patch | 79 ++ ...missing-ct_state-flags-to-usage-desc.patch | 43 - ...rsing-issue-with-more-than-one-value.patch | 63 ++ ...-add-support-for-port-based-endpoint.patch | 123 --- SOURCES/0004-Update-kernel-headers.patch | 986 ------------------ ...4-configure-simplify-options-parsing.patch | 114 ++ ...-configure-support-param-value-style.patch | 53 + ...rt-for-packet-per-second-rate-limiti.patch | 221 ---- ...0006-configure-add-the-prefix-option.patch | 72 ++ ...6-police-Add-support-for-json-output.patch | 159 --- ...0007-configure-add-the-libdir-option.patch | 151 +++ ...ix-normal-output-back-to-what-it-was.patch | 73 -- ...u32-Fix-key-folding-in-sample-option.patch | 68 -- ...-tc-htb-improve-burst-error-messages.patch | 84 -- ...ix-bpffs-mount-when-sys-fs-bpf-exist.patch | 67 -- SOURCES/iproute2.sh | 5 - SPECS/iproute.spec | 55 +- 21 files changed, 629 insertions(+), 1938 deletions(-) create mode 100644 SOURCES/0001-configure-fix-parsing-issue-on-include_dir-option.patch delete mode 100644 SOURCES/0001-tc-f_flower-Add-option-to-match-on-related-ct-state.patch create mode 100644 SOURCES/0002-configure-fix-parsing-issue-on-libbpf_dir-option.patch delete mode 100644 SOURCES/0002-tc-f_flower-Add-missing-ct_state-flags-to-usage-desc.patch create mode 100644 SOURCES/0003-configure-fix-parsing-issue-with-more-than-one-value.patch delete mode 100644 SOURCES/0003-mptcp-add-support-for-port-based-endpoint.patch delete mode 100644 SOURCES/0004-Update-kernel-headers.patch create mode 100644 SOURCES/0004-configure-simplify-options-parsing.patch create mode 100644 SOURCES/0005-configure-support-param-value-style.patch delete mode 100644 SOURCES/0005-police-add-support-for-packet-per-second-rate-limiti.patch create mode 100644 SOURCES/0006-configure-add-the-prefix-option.patch delete mode 100644 SOURCES/0006-police-Add-support-for-json-output.patch create mode 100644 SOURCES/0007-configure-add-the-libdir-option.patch delete mode 100644 SOURCES/0007-police-Fix-normal-output-back-to-what-it-was.patch delete mode 100644 SOURCES/0008-tc-u32-Fix-key-folding-in-sample-option.patch delete mode 100644 SOURCES/0009-tc-htb-improve-burst-error-messages.patch delete mode 100644 SOURCES/0010-lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch delete mode 100644 SOURCES/iproute2.sh diff --git a/.gitignore b/.gitignore index 8da3976..7213939 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/iproute2-5.12.0.tar.xz +SOURCES/iproute2-5.15.0.tar.xz diff --git a/.iproute.metadata b/.iproute.metadata index 7ed2e23..8491aea 100644 --- a/.iproute.metadata +++ b/.iproute.metadata @@ -1 +1 @@ -4e18c1d72a29f41a5968ac8a9b266470f6ad89a7 SOURCES/iproute2-5.12.0.tar.xz +6cae5b261051a5f54596fea6647bf76cb87515a0 SOURCES/iproute2-5.15.0.tar.xz diff --git a/SOURCES/0001-configure-fix-parsing-issue-on-include_dir-option.patch b/SOURCES/0001-configure-fix-parsing-issue-on-include_dir-option.patch new file mode 100644 index 0000000..17cc699 --- /dev/null +++ b/SOURCES/0001-configure-fix-parsing-issue-on-include_dir-option.patch @@ -0,0 +1,74 @@ +From b30268eda844bdebbb8e5e4f5735e3b1bb666368 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Andrea Claudi +Date: Tue, 23 Nov 2021 15:28:18 +0100 +Subject: [PATCH] configure: fix parsing issue on include_dir option + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2016061 +Upstream Status: iproute2.git commit 1d819dcc + +commit 1d819dcc741e25958190e31f8186c940713fa0a8 +Author: Andrea Claudi +Date: Thu Oct 14 10:50:49 2021 +0200 + + configure: fix parsing issue on include_dir option + + configure is stuck in an endless loop if '--include_dir' option is used + without a value: + + $ ./configure --include_dir + ./configure: line 506: shift: 2: shift count out of range + ./configure: line 506: shift: 2: shift count out of range + [...] + + Fix it splitting 'shift 2' into two consecutive shifts, and making the + second one conditional to the number of remaining arguments. + + A check is also provided after the while loop to verify the include dir + exists; this avoid to produce an erroneous configuration. + + Fixes: a9c3d70d902a ("configure: add options ability") + Signed-off-by: Andrea Claudi + Acked-by: Phil Sutter + Signed-off-by: David Ahern +--- + configure | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/configure b/configure +index 7f4f3bd9..ea9051ab 100755 +--- a/configure ++++ b/configure +@@ -485,7 +485,7 @@ usage() + { + cat < Path to iproute2 include dir + --libbpf_dir Path to libbpf DESTDIR + --libbpf_force Enable/disable libbpf by force. Available options: + on: require link against libbpf, quit config if no libbpf support +@@ -502,8 +502,9 @@ else + while true; do + case "$1" in + --include_dir) +- INCLUDE=$2 +- shift 2 ;; ++ shift ++ INCLUDE="$1" ++ [ "$#" -gt 0 ] && shift ;; + --libbpf_dir) + LIBBPF_DIR="$2" + shift 2 ;; +@@ -523,6 +524,8 @@ else + done + fi + ++[ -d "$INCLUDE" ] || usage 1 ++ + echo "# Generated config based on" $INCLUDE >$CONFIG + quiet_config >> $CONFIG + +-- +2.31.1 + diff --git a/SOURCES/0001-tc-f_flower-Add-option-to-match-on-related-ct-state.patch b/SOURCES/0001-tc-f_flower-Add-option-to-match-on-related-ct-state.patch deleted file mode 100644 index d68d739..0000000 --- a/SOURCES/0001-tc-f_flower-Add-option-to-match-on-related-ct-state.patch +++ /dev/null @@ -1,73 +0,0 @@ -From d9bcc70051d23c62cc802a356dc7e4324398765e Mon Sep 17 00:00:00 2001 -Message-Id: -From: Andrea Claudi -Date: Mon, 28 Jun 2021 15:22:17 +0200 -Subject: [PATCH] tc: f_flower: Add option to match on related ct state - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1957243 -Upstream Status: unknown commit 7fda6c58 - -commit 7fda6c588a295ad381fdf0b9b9971169b2f9d9dc -Author: Ariel Levkovich -Date: Fri May 21 20:07:06 2021 +0300 - - tc: f_flower: Add option to match on related ct state - - Add support for matching on ct_state flag related. - The related state indicates a packet is associated with an existing - connection. - - Example: - $ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \ - ct_state -est-rel+trk \ - action mirred egress redirect dev ens1f0_1 - - $ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \ - ct_state +rel+trk \ - action mirred egress redirect dev ens1f0_1 - - Signed-off-by: Ariel Levkovich - Reviewed-by: Jiri Pirko - Signed-off-by: David Ahern ---- - man/man8/tc-flower.8 | 2 ++ - tc/f_flower.c | 3 ++- - 2 files changed, 4 insertions(+), 1 deletion(-) - -diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 -index f7336b62..4541d937 100644 ---- a/man/man8/tc-flower.8 -+++ b/man/man8/tc-flower.8 -@@ -391,6 +391,8 @@ rpl - The packet is in the reply direction, meaning that it is in the opposite d - .TP - inv - The state is invalid. The packet couldn't be associated to a connection. - .TP -+rel - The packet is related to an existing connection. -+.TP - Example: +trk+est - .RE - .TP -diff --git a/tc/f_flower.c b/tc/f_flower.c -index 53822a95..29db2e23 100644 ---- a/tc/f_flower.c -+++ b/tc/f_flower.c -@@ -94,7 +94,7 @@ static void explain(void) - " LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n" - " FILTERID := X:Y:Z\n" - " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n" -- " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new\n" -+ " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel\n" - " ACTION-SPEC := ... look at individual actions\n" - "\n" - "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n" -@@ -345,6 +345,7 @@ static struct flower_ct_states { - { "trk", TCA_FLOWER_KEY_CT_FLAGS_TRACKED }, - { "new", TCA_FLOWER_KEY_CT_FLAGS_NEW }, - { "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED }, -+ { "rel", TCA_FLOWER_KEY_CT_FLAGS_RELATED }, - { "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID }, - { "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY }, - }; --- -2.31.1 - diff --git a/SOURCES/0002-configure-fix-parsing-issue-on-libbpf_dir-option.patch b/SOURCES/0002-configure-fix-parsing-issue-on-libbpf_dir-option.patch new file mode 100644 index 0000000..29f6df5 --- /dev/null +++ b/SOURCES/0002-configure-fix-parsing-issue-on-libbpf_dir-option.patch @@ -0,0 +1,79 @@ +From a9cf0f0c57cf978ebe2abfd4c5a1b7df94f0a8ac Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: +References: +From: Andrea Claudi +Date: Tue, 23 Nov 2021 15:28:18 +0100 +Subject: [PATCH] configure: fix parsing issue on libbpf_dir option + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2016061 +Upstream Status: iproute2.git commit 48c379bc + +commit 48c379bc2afd43b3246f68ed46475f5318b1218f +Author: Andrea Claudi +Date: Thu Oct 14 10:50:50 2021 +0200 + + configure: fix parsing issue on libbpf_dir option + + configure is stuck in an endless loop if '--libbpf_dir' option is used + without a value: + + $ ./configure --libbpf_dir + ./configure: line 515: shift: 2: shift count out of range + ./configure: line 515: shift: 2: shift count out of range + [...] + + Fix it splitting 'shift 2' into two consecutive shifts, and making the + second one conditional to the number of remaining arguments. + + A check is also provided after the while loop to verify the libbpf dir + exists; also, as LIBBPF_DIR does not have a default value, configure bails + out if the user does not specify a value after --libbpf_dir, thus avoiding + to produce an erroneous configuration. + + Fixes: 7ae2585b865a ("configure: convert LIBBPF environment variables to command-line options") + Signed-off-by: Andrea Claudi + Acked-by: Phil Sutter + Signed-off-by: David Ahern +--- + configure | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/configure b/configure +index ea9051ab..0f304206 100755 +--- a/configure ++++ b/configure +@@ -486,7 +486,7 @@ usage() + cat < Path to iproute2 include dir +- --libbpf_dir Path to libbpf DESTDIR ++ --libbpf_dir Path to libbpf DESTDIR + --libbpf_force Enable/disable libbpf by force. Available options: + on: require link against libbpf, quit config if no libbpf support + off: disable libbpf probing +@@ -506,8 +506,9 @@ else + INCLUDE="$1" + [ "$#" -gt 0 ] && shift ;; + --libbpf_dir) +- LIBBPF_DIR="$2" +- shift 2 ;; ++ shift ++ LIBBPF_DIR="$1" ++ [ "$#" -gt 0 ] && shift ;; + --libbpf_force) + if [ "$2" != 'on' ] && [ "$2" != 'off' ]; then + usage 1 +@@ -525,6 +526,9 @@ else + fi + + [ -d "$INCLUDE" ] || usage 1 ++if [ "${LIBBPF_DIR-unused}" != "unused" ]; then ++ [ -d "$LIBBPF_DIR" ] || usage 1 ++fi + + echo "# Generated config based on" $INCLUDE >$CONFIG + quiet_config >> $CONFIG +-- +2.31.1 + diff --git a/SOURCES/0002-tc-f_flower-Add-missing-ct_state-flags-to-usage-desc.patch b/SOURCES/0002-tc-f_flower-Add-missing-ct_state-flags-to-usage-desc.patch deleted file mode 100644 index 023a925..0000000 --- a/SOURCES/0002-tc-f_flower-Add-missing-ct_state-flags-to-usage-desc.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5f12d06dac98f9085273ce548d2ed13341c920fe Mon Sep 17 00:00:00 2001 -Message-Id: <5f12d06dac98f9085273ce548d2ed13341c920fe.1624894546.git.aclaudi@redhat.com> -In-Reply-To: -References: -From: Andrea Claudi -Date: Mon, 28 Jun 2021 15:22:17 +0200 -Subject: [PATCH] tc: f_flower: Add missing ct_state flags to usage description - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1957243 -Upstream Status: unknown commit 825bd5da - -commit 825bd5dacb98597a5595b470bd275bb103a7b9c2 -Author: Ariel Levkovich -Date: Fri May 21 20:07:07 2021 +0300 - - tc: f_flower: Add missing ct_state flags to usage description - - Add ct_state flags rpl and inv to the commands usage - description - - Signed-off-by: Ariel Levkovich - Reviewed-by: Jiri Pirko - Signed-off-by: David Ahern ---- - tc/f_flower.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tc/f_flower.c b/tc/f_flower.c -index 29db2e23..c5af0276 100644 ---- a/tc/f_flower.c -+++ b/tc/f_flower.c -@@ -94,7 +94,7 @@ static void explain(void) - " LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n" - " FILTERID := X:Y:Z\n" - " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n" -- " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel\n" -+ " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel,rpl,inv\n" - " ACTION-SPEC := ... look at individual actions\n" - "\n" - "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n" --- -2.31.1 - diff --git a/SOURCES/0003-configure-fix-parsing-issue-with-more-than-one-value.patch b/SOURCES/0003-configure-fix-parsing-issue-with-more-than-one-value.patch new file mode 100644 index 0000000..1178cf1 --- /dev/null +++ b/SOURCES/0003-configure-fix-parsing-issue-with-more-than-one-value.patch @@ -0,0 +1,63 @@ +From 56a144f7a352d4dbd1e08585e82fad4bd6677b52 Mon Sep 17 00:00:00 2001 +Message-Id: <56a144f7a352d4dbd1e08585e82fad4bd6677b52.1637678195.git.aclaudi@redhat.com> +In-Reply-To: +References: +From: Andrea Claudi +Date: Tue, 23 Nov 2021 15:28:18 +0100 +Subject: [PATCH] configure: fix parsing issue with more than one value per + option + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2016061 +Upstream Status: iproute2.git commit c330d097 + +commit c330d0979440a1dec4a436fd742bb6e28d195526 +Author: Andrea Claudi +Date: Thu Oct 14 10:50:51 2021 +0200 + + configure: fix parsing issue with more than one value per option + + With commit a9c3d70d902a ("configure: add options ability") users are no + more able to provide wrong command lines like: + + $ ./configure --include_dir foo bar + + The script simply bails out when user provides more than one value for a + single option. However, in doing so, it breaks backward compatibility with + some packaging system, which expects unknown options to be ignored. + + Commit a3272b93725a ("configure: restore backward compatibility") fix this + issue, but makes it possible again for users to provide wrong command lines + such as the one above. + + This fixes the issue simply ignoring autoconf-like options such as + '--opt=value'. + + Fixes: a3272b93725a ("configure: restore backward compatibility") + Signed-off-by: Andrea Claudi + Acked-by: Phil Sutter + Signed-off-by: David Ahern +--- + configure | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/configure b/configure +index 0f304206..9ec19a5b 100755 +--- a/configure ++++ b/configure +@@ -517,10 +517,12 @@ else + shift 2 ;; + -h | --help) + usage 0 ;; ++ --*) ++ shift ;; + "") + break ;; + *) +- shift 1 ;; ++ usage 1 ;; + esac + done + fi +-- +2.31.1 + diff --git a/SOURCES/0003-mptcp-add-support-for-port-based-endpoint.patch b/SOURCES/0003-mptcp-add-support-for-port-based-endpoint.patch deleted file mode 100644 index 1633cd0..0000000 --- a/SOURCES/0003-mptcp-add-support-for-port-based-endpoint.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 0ccd2dbb3eca44a892a183db8c2e4221488ecf51 Mon Sep 17 00:00:00 2001 -Message-Id: <0ccd2dbb3eca44a892a183db8c2e4221488ecf51.1628790091.git.aclaudi@redhat.com> -In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -From: Andrea Claudi -Date: Mon, 9 Aug 2021 15:18:11 +0200 -Subject: [PATCH] mptcp: add support for port based endpoint - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1984733 -Upstream Status: iproute2.git commit 42fbca91 - -commit 42fbca91cd616ae714c3f6aa2d4e2c3399498e38 -Author: Paolo Abeni -Date: Fri Feb 19 21:42:55 2021 +0100 - - mptcp: add support for port based endpoint - - The feature is supported by the kernel since 5.11-net-next, - let's allow user-space to use it. - - Just parse and dump an additional, per endpoint, u16 attribute - - Signed-off-by: Paolo Abeni - Signed-off-by: David Ahern - -Signed-off-by: Andrea Claudi ---- - ip/ipmptcp.c | 16 ++++++++++++++-- - man/man8/ip-mptcp.8 | 8 ++++++++ - 2 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/ip/ipmptcp.c b/ip/ipmptcp.c -index e1ffafb3..5f659b59 100644 ---- a/ip/ipmptcp.c -+++ b/ip/ipmptcp.c -@@ -17,7 +17,7 @@ static void usage(void) - { - fprintf(stderr, - "Usage: ip mptcp endpoint add ADDRESS [ dev NAME ] [ id ID ]\n" -- " [ FLAG-LIST ]\n" -+ " [ port NR ] [ FLAG-LIST ]\n" - " ip mptcp endpoint delete id ID\n" - " ip mptcp endpoint show [ id ID ]\n" - " ip mptcp endpoint flush\n" -@@ -97,6 +97,7 @@ static int mptcp_parse_opt(int argc, char **argv, struct nlmsghdr *n, - bool id_set = false; - __u32 index = 0; - __u32 flags = 0; -+ __u16 port = 0; - __u8 id = 0; - - ll_init_map(&rth); -@@ -123,6 +124,10 @@ static int mptcp_parse_opt(int argc, char **argv, struct nlmsghdr *n, - if (!index) - invarg("device does not exist\n", ifname); - -+ } else if (matches(*argv, "port") == 0) { -+ NEXT_ARG(); -+ if (get_u16(&port, *argv, 0)) -+ invarg("expected port", *argv); - } else if (get_addr(&address, *argv, AF_UNSPEC) == 0) { - addr_set = true; - } else { -@@ -145,6 +150,8 @@ static int mptcp_parse_opt(int argc, char **argv, struct nlmsghdr *n, - addattr32(n, MPTCP_BUFLEN, MPTCP_PM_ADDR_ATTR_FLAGS, flags); - if (index) - addattr32(n, MPTCP_BUFLEN, MPTCP_PM_ADDR_ATTR_IF_IDX, index); -+ if (port) -+ addattr16(n, MPTCP_BUFLEN, MPTCP_PM_ADDR_ATTR_PORT, port); - if (addr_set) { - int type; - -@@ -181,8 +188,8 @@ static int print_mptcp_addrinfo(struct rtattr *addrinfo) - __u8 family = AF_UNSPEC, addr_attr_type; - const char *ifname; - unsigned int flags; -+ __u16 id, port; - int index; -- __u16 id; - - parse_rtattr_nested(tb, MPTCP_PM_ADDR_ATTR_MAX, addrinfo); - -@@ -196,6 +203,11 @@ static int print_mptcp_addrinfo(struct rtattr *addrinfo) - print_string(PRINT_ANY, "address", "%s ", - format_host_rta(family, tb[addr_attr_type])); - } -+ if (tb[MPTCP_PM_ADDR_ATTR_PORT]) { -+ port = rta_getattr_u16(tb[MPTCP_PM_ADDR_ATTR_PORT]); -+ if (port) -+ print_uint(PRINT_ANY, "port", "port %u ", port); -+ } - if (tb[MPTCP_PM_ADDR_ATTR_ID]) { - id = rta_getattr_u8(tb[MPTCP_PM_ADDR_ATTR_ID]); - print_uint(PRINT_ANY, "id", "id %u ", id); -diff --git a/man/man8/ip-mptcp.8 b/man/man8/ip-mptcp.8 -index ef8409ea..98cb93b9 100644 ---- a/man/man8/ip-mptcp.8 -+++ b/man/man8/ip-mptcp.8 -@@ -20,6 +20,8 @@ ip-mptcp \- MPTCP path manager configuration - .ti -8 - .BR "ip mptcp endpoint add " - .IR IFADDR -+.RB "[ " port -+.IR PORT " ]" - .RB "[ " dev - .IR IFNAME " ]" - .RB "[ " id -@@ -87,6 +89,12 @@ ip mptcp endpoint flush flush all existing MPTCP endpoints - .TE - - .TP -+.IR PORT -+When a port number is specified, incoming MPTCP subflows for already -+established MPTCP sockets will be accepted on the specified port, regardless -+the original listener port accepting the first MPTCP subflow and/or -+this peer being actually on the client side. -+ - .IR ID - is a unique numeric identifier for the given endpoint - --- -2.31.1 - diff --git a/SOURCES/0004-Update-kernel-headers.patch b/SOURCES/0004-Update-kernel-headers.patch deleted file mode 100644 index 7f5a9c6..0000000 --- a/SOURCES/0004-Update-kernel-headers.patch +++ /dev/null @@ -1,986 +0,0 @@ -From 2e5b8fd1e0e8fc4135bd6a162f32df5e624262b1 Mon Sep 17 00:00:00 2001 -Message-Id: <2e5b8fd1e0e8fc4135bd6a162f32df5e624262b1.1628790091.git.aclaudi@redhat.com> -In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -From: Andrea Claudi -Date: Wed, 11 Aug 2021 12:55:14 +0200 -Subject: [PATCH] Update kernel headers - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1981393 -Upstream Status: iproute2.git commit a5b355c0 - -commit a5b355c08c62fb5b3a42d0e27ef05571c7b30e2e -Author: David Ahern -Date: Fri Mar 19 14:59:17 2021 +0000 - - Update kernel headers - - Update kernel headers to commit: - 38cb57602369 ("selftests: net: forwarding: Fix a typo") - - Signed-off-by: David Ahern - -Signed-off-by: Andrea Claudi ---- - include/uapi/linux/bpf.h | 764 ++++++++++++++++++++++++++++++++- - include/uapi/linux/btf.h | 5 +- - include/uapi/linux/nexthop.h | 47 +- - include/uapi/linux/pkt_cls.h | 2 + - include/uapi/linux/rtnetlink.h | 7 + - 5 files changed, 818 insertions(+), 7 deletions(-) - -diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h -index b1aba6af..502934f7 100644 ---- a/include/uapi/linux/bpf.h -+++ b/include/uapi/linux/bpf.h -@@ -93,7 +93,717 @@ union bpf_iter_link_info { - } map; - }; - --/* BPF syscall commands, see bpf(2) man-page for details. */ -+/* BPF syscall commands, see bpf(2) man-page for more details. */ -+/** -+ * DOC: eBPF Syscall Preamble -+ * -+ * The operation to be performed by the **bpf**\ () system call is determined -+ * by the *cmd* argument. Each operation takes an accompanying argument, -+ * provided via *attr*, which is a pointer to a union of type *bpf_attr* (see -+ * below). The size argument is the size of the union pointed to by *attr*. -+ */ -+/** -+ * DOC: eBPF Syscall Commands -+ * -+ * BPF_MAP_CREATE -+ * Description -+ * Create a map and return a file descriptor that refers to the -+ * map. The close-on-exec file descriptor flag (see **fcntl**\ (2)) -+ * is automatically enabled for the new file descriptor. -+ * -+ * Applying **close**\ (2) to the file descriptor returned by -+ * **BPF_MAP_CREATE** will delete the map (but see NOTES). -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_MAP_LOOKUP_ELEM -+ * Description -+ * Look up an element with a given *key* in the map referred to -+ * by the file descriptor *map_fd*. -+ * -+ * The *flags* argument may be specified as one of the -+ * following: -+ * -+ * **BPF_F_LOCK** -+ * Look up the value of a spin-locked map without -+ * returning the lock. This must be specified if the -+ * elements contain a spinlock. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_MAP_UPDATE_ELEM -+ * Description -+ * Create or update an element (key/value pair) in a specified map. -+ * -+ * The *flags* argument should be specified as one of the -+ * following: -+ * -+ * **BPF_ANY** -+ * Create a new element or update an existing element. -+ * **BPF_NOEXIST** -+ * Create a new element only if it did not exist. -+ * **BPF_EXIST** -+ * Update an existing element. -+ * **BPF_F_LOCK** -+ * Update a spin_lock-ed map element. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * May set *errno* to **EINVAL**, **EPERM**, **ENOMEM**, -+ * **E2BIG**, **EEXIST**, or **ENOENT**. -+ * -+ * **E2BIG** -+ * The number of elements in the map reached the -+ * *max_entries* limit specified at map creation time. -+ * **EEXIST** -+ * If *flags* specifies **BPF_NOEXIST** and the element -+ * with *key* already exists in the map. -+ * **ENOENT** -+ * If *flags* specifies **BPF_EXIST** and the element with -+ * *key* does not exist in the map. -+ * -+ * BPF_MAP_DELETE_ELEM -+ * Description -+ * Look up and delete an element by key in a specified map. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_MAP_GET_NEXT_KEY -+ * Description -+ * Look up an element by key in a specified map and return the key -+ * of the next element. Can be used to iterate over all elements -+ * in the map. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * The following cases can be used to iterate over all elements of -+ * the map: -+ * -+ * * If *key* is not found, the operation returns zero and sets -+ * the *next_key* pointer to the key of the first element. -+ * * If *key* is found, the operation returns zero and sets the -+ * *next_key* pointer to the key of the next element. -+ * * If *key* is the last element, returns -1 and *errno* is set -+ * to **ENOENT**. -+ * -+ * May set *errno* to **ENOMEM**, **EFAULT**, **EPERM**, or -+ * **EINVAL** on error. -+ * -+ * BPF_PROG_LOAD -+ * Description -+ * Verify and load an eBPF program, returning a new file -+ * descriptor associated with the program. -+ * -+ * Applying **close**\ (2) to the file descriptor returned by -+ * **BPF_PROG_LOAD** will unload the eBPF program (but see NOTES). -+ * -+ * The close-on-exec file descriptor flag (see **fcntl**\ (2)) is -+ * automatically enabled for the new file descriptor. -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_OBJ_PIN -+ * Description -+ * Pin an eBPF program or map referred by the specified *bpf_fd* -+ * to the provided *pathname* on the filesystem. -+ * -+ * The *pathname* argument must not contain a dot ("."). -+ * -+ * On success, *pathname* retains a reference to the eBPF object, -+ * preventing deallocation of the object when the original -+ * *bpf_fd* is closed. This allow the eBPF object to live beyond -+ * **close**\ (\ *bpf_fd*\ ), and hence the lifetime of the parent -+ * process. -+ * -+ * Applying **unlink**\ (2) or similar calls to the *pathname* -+ * unpins the object from the filesystem, removing the reference. -+ * If no other file descriptors or filesystem nodes refer to the -+ * same object, it will be deallocated (see NOTES). -+ * -+ * The filesystem type for the parent directory of *pathname* must -+ * be **BPF_FS_MAGIC**. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_OBJ_GET -+ * Description -+ * Open a file descriptor for the eBPF object pinned to the -+ * specified *pathname*. -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_PROG_ATTACH -+ * Description -+ * Attach an eBPF program to a *target_fd* at the specified -+ * *attach_type* hook. -+ * -+ * The *attach_type* specifies the eBPF attachment point to -+ * attach the program to, and must be one of *bpf_attach_type* -+ * (see below). -+ * -+ * The *attach_bpf_fd* must be a valid file descriptor for a -+ * loaded eBPF program of a cgroup, flow dissector, LIRC, sockmap -+ * or sock_ops type corresponding to the specified *attach_type*. -+ * -+ * The *target_fd* must be a valid file descriptor for a kernel -+ * object which depends on the attach type of *attach_bpf_fd*: -+ * -+ * **BPF_PROG_TYPE_CGROUP_DEVICE**, -+ * **BPF_PROG_TYPE_CGROUP_SKB**, -+ * **BPF_PROG_TYPE_CGROUP_SOCK**, -+ * **BPF_PROG_TYPE_CGROUP_SOCK_ADDR**, -+ * **BPF_PROG_TYPE_CGROUP_SOCKOPT**, -+ * **BPF_PROG_TYPE_CGROUP_SYSCTL**, -+ * **BPF_PROG_TYPE_SOCK_OPS** -+ * -+ * Control Group v2 hierarchy with the eBPF controller -+ * enabled. Requires the kernel to be compiled with -+ * **CONFIG_CGROUP_BPF**. -+ * -+ * **BPF_PROG_TYPE_FLOW_DISSECTOR** -+ * -+ * Network namespace (eg /proc/self/ns/net). -+ * -+ * **BPF_PROG_TYPE_LIRC_MODE2** -+ * -+ * LIRC device path (eg /dev/lircN). Requires the kernel -+ * to be compiled with **CONFIG_BPF_LIRC_MODE2**. -+ * -+ * **BPF_PROG_TYPE_SK_SKB**, -+ * **BPF_PROG_TYPE_SK_MSG** -+ * -+ * eBPF map of socket type (eg **BPF_MAP_TYPE_SOCKHASH**). -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_PROG_DETACH -+ * Description -+ * Detach the eBPF program associated with the *target_fd* at the -+ * hook specified by *attach_type*. The program must have been -+ * previously attached using **BPF_PROG_ATTACH**. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_PROG_TEST_RUN -+ * Description -+ * Run the eBPF program associated with the *prog_fd* a *repeat* -+ * number of times against a provided program context *ctx_in* and -+ * data *data_in*, and return the modified program context -+ * *ctx_out*, *data_out* (for example, packet data), result of the -+ * execution *retval*, and *duration* of the test run. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * **ENOSPC** -+ * Either *data_size_out* or *ctx_size_out* is too small. -+ * **ENOTSUPP** -+ * This command is not supported by the program type of -+ * the program referred to by *prog_fd*. -+ * -+ * BPF_PROG_GET_NEXT_ID -+ * Description -+ * Fetch the next eBPF program currently loaded into the kernel. -+ * -+ * Looks for the eBPF program with an id greater than *start_id* -+ * and updates *next_id* on success. If no other eBPF programs -+ * remain with ids higher than *start_id*, returns -1 and sets -+ * *errno* to **ENOENT**. -+ * -+ * Return -+ * Returns zero on success. On error, or when no id remains, -1 -+ * is returned and *errno* is set appropriately. -+ * -+ * BPF_MAP_GET_NEXT_ID -+ * Description -+ * Fetch the next eBPF map currently loaded into the kernel. -+ * -+ * Looks for the eBPF map with an id greater than *start_id* -+ * and updates *next_id* on success. If no other eBPF maps -+ * remain with ids higher than *start_id*, returns -1 and sets -+ * *errno* to **ENOENT**. -+ * -+ * Return -+ * Returns zero on success. On error, or when no id remains, -1 -+ * is returned and *errno* is set appropriately. -+ * -+ * BPF_PROG_GET_FD_BY_ID -+ * Description -+ * Open a file descriptor for the eBPF program corresponding to -+ * *prog_id*. -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_MAP_GET_FD_BY_ID -+ * Description -+ * Open a file descriptor for the eBPF map corresponding to -+ * *map_id*. -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_OBJ_GET_INFO_BY_FD -+ * Description -+ * Obtain information about the eBPF object corresponding to -+ * *bpf_fd*. -+ * -+ * Populates up to *info_len* bytes of *info*, which will be in -+ * one of the following formats depending on the eBPF object type -+ * of *bpf_fd*: -+ * -+ * * **struct bpf_prog_info** -+ * * **struct bpf_map_info** -+ * * **struct bpf_btf_info** -+ * * **struct bpf_link_info** -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_PROG_QUERY -+ * Description -+ * Obtain information about eBPF programs associated with the -+ * specified *attach_type* hook. -+ * -+ * The *target_fd* must be a valid file descriptor for a kernel -+ * object which depends on the attach type of *attach_bpf_fd*: -+ * -+ * **BPF_PROG_TYPE_CGROUP_DEVICE**, -+ * **BPF_PROG_TYPE_CGROUP_SKB**, -+ * **BPF_PROG_TYPE_CGROUP_SOCK**, -+ * **BPF_PROG_TYPE_CGROUP_SOCK_ADDR**, -+ * **BPF_PROG_TYPE_CGROUP_SOCKOPT**, -+ * **BPF_PROG_TYPE_CGROUP_SYSCTL**, -+ * **BPF_PROG_TYPE_SOCK_OPS** -+ * -+ * Control Group v2 hierarchy with the eBPF controller -+ * enabled. Requires the kernel to be compiled with -+ * **CONFIG_CGROUP_BPF**. -+ * -+ * **BPF_PROG_TYPE_FLOW_DISSECTOR** -+ * -+ * Network namespace (eg /proc/self/ns/net). -+ * -+ * **BPF_PROG_TYPE_LIRC_MODE2** -+ * -+ * LIRC device path (eg /dev/lircN). Requires the kernel -+ * to be compiled with **CONFIG_BPF_LIRC_MODE2**. -+ * -+ * **BPF_PROG_QUERY** always fetches the number of programs -+ * attached and the *attach_flags* which were used to attach those -+ * programs. Additionally, if *prog_ids* is nonzero and the number -+ * of attached programs is less than *prog_cnt*, populates -+ * *prog_ids* with the eBPF program ids of the programs attached -+ * at *target_fd*. -+ * -+ * The following flags may alter the result: -+ * -+ * **BPF_F_QUERY_EFFECTIVE** -+ * Only return information regarding programs which are -+ * currently effective at the specified *target_fd*. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_RAW_TRACEPOINT_OPEN -+ * Description -+ * Attach an eBPF program to a tracepoint *name* to access kernel -+ * internal arguments of the tracepoint in their raw form. -+ * -+ * The *prog_fd* must be a valid file descriptor associated with -+ * a loaded eBPF program of type **BPF_PROG_TYPE_RAW_TRACEPOINT**. -+ * -+ * No ABI guarantees are made about the content of tracepoint -+ * arguments exposed to the corresponding eBPF program. -+ * -+ * Applying **close**\ (2) to the file descriptor returned by -+ * **BPF_RAW_TRACEPOINT_OPEN** will delete the map (but see NOTES). -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_BTF_LOAD -+ * Description -+ * Verify and load BPF Type Format (BTF) metadata into the kernel, -+ * returning a new file descriptor associated with the metadata. -+ * BTF is described in more detail at -+ * https://www.kernel.org/doc/html/latest/bpf/btf.html. -+ * -+ * The *btf* parameter must point to valid memory providing -+ * *btf_size* bytes of BTF binary metadata. -+ * -+ * The returned file descriptor can be passed to other **bpf**\ () -+ * subcommands such as **BPF_PROG_LOAD** or **BPF_MAP_CREATE** to -+ * associate the BTF with those objects. -+ * -+ * Similar to **BPF_PROG_LOAD**, **BPF_BTF_LOAD** has optional -+ * parameters to specify a *btf_log_buf*, *btf_log_size* and -+ * *btf_log_level* which allow the kernel to return freeform log -+ * output regarding the BTF verification process. -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_BTF_GET_FD_BY_ID -+ * Description -+ * Open a file descriptor for the BPF Type Format (BTF) -+ * corresponding to *btf_id*. -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_TASK_FD_QUERY -+ * Description -+ * Obtain information about eBPF programs associated with the -+ * target process identified by *pid* and *fd*. -+ * -+ * If the *pid* and *fd* are associated with a tracepoint, kprobe -+ * or uprobe perf event, then the *prog_id* and *fd_type* will -+ * be populated with the eBPF program id and file descriptor type -+ * of type **bpf_task_fd_type**. If associated with a kprobe or -+ * uprobe, the *probe_offset* and *probe_addr* will also be -+ * populated. Optionally, if *buf* is provided, then up to -+ * *buf_len* bytes of *buf* will be populated with the name of -+ * the tracepoint, kprobe or uprobe. -+ * -+ * The resulting *prog_id* may be introspected in deeper detail -+ * using **BPF_PROG_GET_FD_BY_ID** and **BPF_OBJ_GET_INFO_BY_FD**. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_MAP_LOOKUP_AND_DELETE_ELEM -+ * Description -+ * Look up an element with the given *key* in the map referred to -+ * by the file descriptor *fd*, and if found, delete the element. -+ * -+ * The **BPF_MAP_TYPE_QUEUE** and **BPF_MAP_TYPE_STACK** map types -+ * implement this command as a "pop" operation, deleting the top -+ * element rather than one corresponding to *key*. -+ * The *key* and *key_len* parameters should be zeroed when -+ * issuing this operation for these map types. -+ * -+ * This command is only valid for the following map types: -+ * * **BPF_MAP_TYPE_QUEUE** -+ * * **BPF_MAP_TYPE_STACK** -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_MAP_FREEZE -+ * Description -+ * Freeze the permissions of the specified map. -+ * -+ * Write permissions may be frozen by passing zero *flags*. -+ * Upon success, no future syscall invocations may alter the -+ * map state of *map_fd*. Write operations from eBPF programs -+ * are still possible for a frozen map. -+ * -+ * Not supported for maps of type **BPF_MAP_TYPE_STRUCT_OPS**. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_BTF_GET_NEXT_ID -+ * Description -+ * Fetch the next BPF Type Format (BTF) object currently loaded -+ * into the kernel. -+ * -+ * Looks for the BTF object with an id greater than *start_id* -+ * and updates *next_id* on success. If no other BTF objects -+ * remain with ids higher than *start_id*, returns -1 and sets -+ * *errno* to **ENOENT**. -+ * -+ * Return -+ * Returns zero on success. On error, or when no id remains, -1 -+ * is returned and *errno* is set appropriately. -+ * -+ * BPF_MAP_LOOKUP_BATCH -+ * Description -+ * Iterate and fetch multiple elements in a map. -+ * -+ * Two opaque values are used to manage batch operations, -+ * *in_batch* and *out_batch*. Initially, *in_batch* must be set -+ * to NULL to begin the batched operation. After each subsequent -+ * **BPF_MAP_LOOKUP_BATCH**, the caller should pass the resultant -+ * *out_batch* as the *in_batch* for the next operation to -+ * continue iteration from the current point. -+ * -+ * The *keys* and *values* are output parameters which must point -+ * to memory large enough to hold *count* items based on the key -+ * and value size of the map *map_fd*. The *keys* buffer must be -+ * of *key_size* * *count*. The *values* buffer must be of -+ * *value_size* * *count*. -+ * -+ * The *elem_flags* argument may be specified as one of the -+ * following: -+ * -+ * **BPF_F_LOCK** -+ * Look up the value of a spin-locked map without -+ * returning the lock. This must be specified if the -+ * elements contain a spinlock. -+ * -+ * On success, *count* elements from the map are copied into the -+ * user buffer, with the keys copied into *keys* and the values -+ * copied into the corresponding indices in *values*. -+ * -+ * If an error is returned and *errno* is not **EFAULT**, *count* -+ * is set to the number of successfully processed elements. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * May set *errno* to **ENOSPC** to indicate that *keys* or -+ * *values* is too small to dump an entire bucket during -+ * iteration of a hash-based map type. -+ * -+ * BPF_MAP_LOOKUP_AND_DELETE_BATCH -+ * Description -+ * Iterate and delete all elements in a map. -+ * -+ * This operation has the same behavior as -+ * **BPF_MAP_LOOKUP_BATCH** with two exceptions: -+ * -+ * * Every element that is successfully returned is also deleted -+ * from the map. This is at least *count* elements. Note that -+ * *count* is both an input and an output parameter. -+ * * Upon returning with *errno* set to **EFAULT**, up to -+ * *count* elements may be deleted without returning the keys -+ * and values of the deleted elements. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_MAP_UPDATE_BATCH -+ * Description -+ * Update multiple elements in a map by *key*. -+ * -+ * The *keys* and *values* are input parameters which must point -+ * to memory large enough to hold *count* items based on the key -+ * and value size of the map *map_fd*. The *keys* buffer must be -+ * of *key_size* * *count*. The *values* buffer must be of -+ * *value_size* * *count*. -+ * -+ * Each element specified in *keys* is sequentially updated to the -+ * value in the corresponding index in *values*. The *in_batch* -+ * and *out_batch* parameters are ignored and should be zeroed. -+ * -+ * The *elem_flags* argument should be specified as one of the -+ * following: -+ * -+ * **BPF_ANY** -+ * Create new elements or update a existing elements. -+ * **BPF_NOEXIST** -+ * Create new elements only if they do not exist. -+ * **BPF_EXIST** -+ * Update existing elements. -+ * **BPF_F_LOCK** -+ * Update spin_lock-ed map elements. This must be -+ * specified if the map value contains a spinlock. -+ * -+ * On success, *count* elements from the map are updated. -+ * -+ * If an error is returned and *errno* is not **EFAULT**, *count* -+ * is set to the number of successfully processed elements. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * May set *errno* to **EINVAL**, **EPERM**, **ENOMEM**, or -+ * **E2BIG**. **E2BIG** indicates that the number of elements in -+ * the map reached the *max_entries* limit specified at map -+ * creation time. -+ * -+ * May set *errno* to one of the following error codes under -+ * specific circumstances: -+ * -+ * **EEXIST** -+ * If *flags* specifies **BPF_NOEXIST** and the element -+ * with *key* already exists in the map. -+ * **ENOENT** -+ * If *flags* specifies **BPF_EXIST** and the element with -+ * *key* does not exist in the map. -+ * -+ * BPF_MAP_DELETE_BATCH -+ * Description -+ * Delete multiple elements in a map by *key*. -+ * -+ * The *keys* parameter is an input parameter which must point -+ * to memory large enough to hold *count* items based on the key -+ * size of the map *map_fd*, that is, *key_size* * *count*. -+ * -+ * Each element specified in *keys* is sequentially deleted. The -+ * *in_batch*, *out_batch*, and *values* parameters are ignored -+ * and should be zeroed. -+ * -+ * The *elem_flags* argument may be specified as one of the -+ * following: -+ * -+ * **BPF_F_LOCK** -+ * Look up the value of a spin-locked map without -+ * returning the lock. This must be specified if the -+ * elements contain a spinlock. -+ * -+ * On success, *count* elements from the map are updated. -+ * -+ * If an error is returned and *errno* is not **EFAULT**, *count* -+ * is set to the number of successfully processed elements. If -+ * *errno* is **EFAULT**, up to *count* elements may be been -+ * deleted. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_LINK_CREATE -+ * Description -+ * Attach an eBPF program to a *target_fd* at the specified -+ * *attach_type* hook and return a file descriptor handle for -+ * managing the link. -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_LINK_UPDATE -+ * Description -+ * Update the eBPF program in the specified *link_fd* to -+ * *new_prog_fd*. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_LINK_GET_FD_BY_ID -+ * Description -+ * Open a file descriptor for the eBPF Link corresponding to -+ * *link_id*. -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_LINK_GET_NEXT_ID -+ * Description -+ * Fetch the next eBPF link currently loaded into the kernel. -+ * -+ * Looks for the eBPF link with an id greater than *start_id* -+ * and updates *next_id* on success. If no other eBPF links -+ * remain with ids higher than *start_id*, returns -1 and sets -+ * *errno* to **ENOENT**. -+ * -+ * Return -+ * Returns zero on success. On error, or when no id remains, -1 -+ * is returned and *errno* is set appropriately. -+ * -+ * BPF_ENABLE_STATS -+ * Description -+ * Enable eBPF runtime statistics gathering. -+ * -+ * Runtime statistics gathering for the eBPF runtime is disabled -+ * by default to minimize the corresponding performance overhead. -+ * This command enables statistics globally. -+ * -+ * Multiple programs may independently enable statistics. -+ * After gathering the desired statistics, eBPF runtime statistics -+ * may be disabled again by calling **close**\ (2) for the file -+ * descriptor returned by this function. Statistics will only be -+ * disabled system-wide when all outstanding file descriptors -+ * returned by prior calls for this subcommand are closed. -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_ITER_CREATE -+ * Description -+ * Create an iterator on top of the specified *link_fd* (as -+ * previously created using **BPF_LINK_CREATE**) and return a -+ * file descriptor that can be used to trigger the iteration. -+ * -+ * If the resulting file descriptor is pinned to the filesystem -+ * using **BPF_OBJ_PIN**, then subsequent **read**\ (2) syscalls -+ * for that path will trigger the iterator to read kernel state -+ * using the eBPF program attached to *link_fd*. -+ * -+ * Return -+ * A new file descriptor (a nonnegative integer), or -1 if an -+ * error occurred (in which case, *errno* is set appropriately). -+ * -+ * BPF_LINK_DETACH -+ * Description -+ * Forcefully detach the specified *link_fd* from its -+ * corresponding attachment point. -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * BPF_PROG_BIND_MAP -+ * Description -+ * Bind a map to the lifetime of an eBPF program. -+ * -+ * The map identified by *map_fd* is bound to the program -+ * identified by *prog_fd* and only released when *prog_fd* is -+ * released. This may be used in cases where metadata should be -+ * associated with a program which otherwise does not contain any -+ * references to the map (for example, embedded in the eBPF -+ * program instructions). -+ * -+ * Return -+ * Returns zero on success. On error, -1 is returned and *errno* -+ * is set appropriately. -+ * -+ * NOTES -+ * eBPF objects (maps and programs) can be shared between processes. -+ * -+ * * After **fork**\ (2), the child inherits file descriptors -+ * referring to the same eBPF objects. -+ * * File descriptors referring to eBPF objects can be transferred over -+ * **unix**\ (7) domain sockets. -+ * * File descriptors referring to eBPF objects can be duplicated in the -+ * usual way, using **dup**\ (2) and similar calls. -+ * * File descriptors referring to eBPF objects can be pinned to the -+ * filesystem using the **BPF_OBJ_PIN** command of **bpf**\ (2). -+ * -+ * An eBPF object is deallocated only after all file descriptors referring -+ * to the object have been closed and no references remain pinned to the -+ * filesystem or attached (for example, bound to a program or device). -+ */ - enum bpf_cmd { - BPF_MAP_CREATE, - BPF_MAP_LOOKUP_ELEM, -@@ -393,6 +1103,15 @@ enum bpf_link_type { - * is struct/union. - */ - #define BPF_PSEUDO_BTF_ID 3 -+/* insn[0].src_reg: BPF_PSEUDO_FUNC -+ * insn[0].imm: insn offset to the func -+ * insn[1].imm: 0 -+ * insn[0].off: 0 -+ * insn[1].off: 0 -+ * ldimm64 rewrite: address of the function -+ * verifier type: PTR_TO_FUNC. -+ */ -+#define BPF_PSEUDO_FUNC 4 - - /* when bpf_call->src_reg == BPF_PSEUDO_CALL, bpf_call->imm == pc-relative - * offset to another bpf function -@@ -720,7 +1439,7 @@ union bpf_attr { - * parsed and used to produce a manual page. The workflow is the following, - * and requires the rst2man utility: - * -- * $ ./scripts/bpf_helpers_doc.py \ -+ * $ ./scripts/bpf_doc.py \ - * --filename include/uapi/linux/bpf.h > /tmp/bpf-helpers.rst - * $ rst2man /tmp/bpf-helpers.rst > /tmp/bpf-helpers.7 - * $ man /tmp/bpf-helpers.7 -@@ -1765,6 +2484,10 @@ union bpf_attr { - * Use with ENCAP_L3/L4 flags to further specify the tunnel - * type; *len* is the length of the inner MAC header. - * -+ * * **BPF_F_ADJ_ROOM_ENCAP_L2_ETH**: -+ * Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the -+ * L2 type as Ethernet. -+ * - * A call to this helper is susceptible to change the underlying - * packet buffer. Therefore, at load time, all checks on pointers - * previously done by the verifier are invalidated and must be -@@ -3850,7 +4573,7 @@ union bpf_attr { - * - * long bpf_check_mtu(void *ctx, u32 ifindex, u32 *mtu_len, s32 len_diff, u64 flags) - * Description -- * Check packet size against exceeding MTU of net device (based -+ * Check ctx packet size against exceeding MTU of net device (based - * on *ifindex*). This helper will likely be used in combination - * with helpers that adjust/change the packet size. - * -@@ -3915,6 +4638,34 @@ union bpf_attr { - * * **BPF_MTU_CHK_RET_FRAG_NEEDED** - * * **BPF_MTU_CHK_RET_SEGS_TOOBIG** - * -+ * long bpf_for_each_map_elem(struct bpf_map *map, void *callback_fn, void *callback_ctx, u64 flags) -+ * Description -+ * For each element in **map**, call **callback_fn** function with -+ * **map**, **callback_ctx** and other map-specific parameters. -+ * The **callback_fn** should be a static function and -+ * the **callback_ctx** should be a pointer to the stack. -+ * The **flags** is used to control certain aspects of the helper. -+ * Currently, the **flags** must be 0. -+ * -+ * The following are a list of supported map types and their -+ * respective expected callback signatures: -+ * -+ * BPF_MAP_TYPE_HASH, BPF_MAP_TYPE_PERCPU_HASH, -+ * BPF_MAP_TYPE_LRU_HASH, BPF_MAP_TYPE_LRU_PERCPU_HASH, -+ * BPF_MAP_TYPE_ARRAY, BPF_MAP_TYPE_PERCPU_ARRAY -+ * -+ * long (\*callback_fn)(struct bpf_map \*map, const void \*key, void \*value, void \*ctx); -+ * -+ * For per_cpu maps, the map_value is the value on the cpu where the -+ * bpf_prog is running. -+ * -+ * If **callback_fn** return 0, the helper will continue to the next -+ * element. If return value is 1, the helper will skip the rest of -+ * elements and return. Other return values are not used now. -+ * -+ * Return -+ * The number of traversed map elements for success, **-EINVAL** for -+ * invalid **flags**. - */ - #define __BPF_FUNC_MAPPER(FN) \ - FN(unspec), \ -@@ -4081,6 +4832,7 @@ union bpf_attr { - FN(ima_inode_hash), \ - FN(sock_from_file), \ - FN(check_mtu), \ -+ FN(for_each_map_elem), \ - /* */ - - /* integer value in 'imm' field of BPF_CALL instruction selects which helper -@@ -4174,6 +4926,7 @@ enum { - BPF_F_ADJ_ROOM_ENCAP_L4_GRE = (1ULL << 3), - BPF_F_ADJ_ROOM_ENCAP_L4_UDP = (1ULL << 4), - BPF_F_ADJ_ROOM_NO_CSUM_RESET = (1ULL << 5), -+ BPF_F_ADJ_ROOM_ENCAP_L2_ETH = (1ULL << 6), - }; - - enum { -@@ -5211,7 +5964,10 @@ struct bpf_pidns_info { - - /* User accessible data for SK_LOOKUP programs. Add new fields at the end. */ - struct bpf_sk_lookup { -- __bpf_md_ptr(struct bpf_sock *, sk); /* Selected socket */ -+ union { -+ __bpf_md_ptr(struct bpf_sock *, sk); /* Selected socket */ -+ __u64 cookie; /* Non-zero if socket was selected in PROG_TEST_RUN */ -+ }; - - __u32 family; /* Protocol family (AF_INET, AF_INET6) */ - __u32 protocol; /* IP protocol (IPPROTO_TCP, IPPROTO_UDP) */ -diff --git a/include/uapi/linux/btf.h b/include/uapi/linux/btf.h -index 4a42eb48..2c42dcac 100644 ---- a/include/uapi/linux/btf.h -+++ b/include/uapi/linux/btf.h -@@ -52,7 +52,7 @@ struct btf_type { - }; - }; - --#define BTF_INFO_KIND(info) (((info) >> 24) & 0x0f) -+#define BTF_INFO_KIND(info) (((info) >> 24) & 0x1f) - #define BTF_INFO_VLEN(info) ((info) & 0xffff) - #define BTF_INFO_KFLAG(info) ((info) >> 31) - -@@ -72,7 +72,8 @@ struct btf_type { - #define BTF_KIND_FUNC_PROTO 13 /* Function Proto */ - #define BTF_KIND_VAR 14 /* Variable */ - #define BTF_KIND_DATASEC 15 /* Section */ --#define BTF_KIND_MAX BTF_KIND_DATASEC -+#define BTF_KIND_FLOAT 16 /* Floating point */ -+#define BTF_KIND_MAX BTF_KIND_FLOAT - #define NR_BTF_KINDS (BTF_KIND_MAX + 1) - - /* For some specific BTF_KIND, "struct btf_type" is immediately -diff --git a/include/uapi/linux/nexthop.h b/include/uapi/linux/nexthop.h -index b0a56139..37b14b4e 100644 ---- a/include/uapi/linux/nexthop.h -+++ b/include/uapi/linux/nexthop.h -@@ -21,7 +21,10 @@ struct nexthop_grp { - }; - - enum { -- NEXTHOP_GRP_TYPE_MPATH, /* default type if not specified */ -+ NEXTHOP_GRP_TYPE_MPATH, /* hash-threshold nexthop group -+ * default type if not specified -+ */ -+ NEXTHOP_GRP_TYPE_RES, /* resilient nexthop group */ - __NEXTHOP_GRP_TYPE_MAX, - }; - -@@ -52,8 +55,50 @@ enum { - NHA_FDB, /* flag; nexthop belongs to a bridge fdb */ - /* if NHA_FDB is added, OIF, BLACKHOLE, ENCAP cannot be set */ - -+ /* nested; resilient nexthop group attributes */ -+ NHA_RES_GROUP, -+ /* nested; nexthop bucket attributes */ -+ NHA_RES_BUCKET, -+ - __NHA_MAX, - }; - - #define NHA_MAX (__NHA_MAX - 1) -+ -+enum { -+ NHA_RES_GROUP_UNSPEC, -+ /* Pad attribute for 64-bit alignment. */ -+ NHA_RES_GROUP_PAD = NHA_RES_GROUP_UNSPEC, -+ -+ /* u16; number of nexthop buckets in a resilient nexthop group */ -+ NHA_RES_GROUP_BUCKETS, -+ /* clock_t as u32; nexthop bucket idle timer (per-group) */ -+ NHA_RES_GROUP_IDLE_TIMER, -+ /* clock_t as u32; nexthop unbalanced timer */ -+ NHA_RES_GROUP_UNBALANCED_TIMER, -+ /* clock_t as u64; nexthop unbalanced time */ -+ NHA_RES_GROUP_UNBALANCED_TIME, -+ -+ __NHA_RES_GROUP_MAX, -+}; -+ -+#define NHA_RES_GROUP_MAX (__NHA_RES_GROUP_MAX - 1) -+ -+enum { -+ NHA_RES_BUCKET_UNSPEC, -+ /* Pad attribute for 64-bit alignment. */ -+ NHA_RES_BUCKET_PAD = NHA_RES_BUCKET_UNSPEC, -+ -+ /* u16; nexthop bucket index */ -+ NHA_RES_BUCKET_INDEX, -+ /* clock_t as u64; nexthop bucket idle time */ -+ NHA_RES_BUCKET_IDLE_TIME, -+ /* u32; nexthop id assigned to the nexthop bucket */ -+ NHA_RES_BUCKET_NH_ID, -+ -+ __NHA_RES_BUCKET_MAX, -+}; -+ -+#define NHA_RES_BUCKET_MAX (__NHA_RES_BUCKET_MAX - 1) -+ - #endif -diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h -index 7ea59cfe..025c40fe 100644 ---- a/include/uapi/linux/pkt_cls.h -+++ b/include/uapi/linux/pkt_cls.h -@@ -190,6 +190,8 @@ enum { - TCA_POLICE_PAD, - TCA_POLICE_RATE64, - TCA_POLICE_PEAKRATE64, -+ TCA_POLICE_PKTRATE64, -+ TCA_POLICE_PKTBURST64, - __TCA_POLICE_MAX - #define TCA_POLICE_RESULT TCA_POLICE_RESULT - }; -diff --git a/include/uapi/linux/rtnetlink.h b/include/uapi/linux/rtnetlink.h -index b34b9add..f62cccc1 100644 ---- a/include/uapi/linux/rtnetlink.h -+++ b/include/uapi/linux/rtnetlink.h -@@ -178,6 +178,13 @@ enum { - RTM_GETVLAN, - #define RTM_GETVLAN RTM_GETVLAN - -+ RTM_NEWNEXTHOPBUCKET = 116, -+#define RTM_NEWNEXTHOPBUCKET RTM_NEWNEXTHOPBUCKET -+ RTM_DELNEXTHOPBUCKET, -+#define RTM_DELNEXTHOPBUCKET RTM_DELNEXTHOPBUCKET -+ RTM_GETNEXTHOPBUCKET, -+#define RTM_GETNEXTHOPBUCKET RTM_GETNEXTHOPBUCKET -+ - __RTM_MAX, - #define RTM_MAX (((__RTM_MAX + 3) & ~3) - 1) - }; --- -2.31.1 - diff --git a/SOURCES/0004-configure-simplify-options-parsing.patch b/SOURCES/0004-configure-simplify-options-parsing.patch new file mode 100644 index 0000000..f47758b --- /dev/null +++ b/SOURCES/0004-configure-simplify-options-parsing.patch @@ -0,0 +1,114 @@ +From 1b4bdce40f9244823c464f2a36a0db7cd6ba427b Mon Sep 17 00:00:00 2001 +Message-Id: <1b4bdce40f9244823c464f2a36a0db7cd6ba427b.1637678195.git.aclaudi@redhat.com> +In-Reply-To: +References: +From: Andrea Claudi +Date: Tue, 23 Nov 2021 15:28:18 +0100 +Subject: [PATCH] configure: simplify options parsing + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2016061 +Upstream Status: iproute2.git commit 99245d17 + +commit 99245d1741a85e4397973782578d4a78673eb348 +Author: Andrea Claudi +Date: Thu Oct 14 10:50:52 2021 +0200 + + configure: simplify options parsing + + This commit simplifies options parsing moving all the code not related to + parsing out of the case statement. + + - The conditional shift after the assignments is moved right after the + case, reducing code duplication. + - The semantic checks on the LIBBPF_FORCE value is moved after the loop + like we already did for INCLUDE and LIBBPF_DIR. + - Finally, the loop condition is changed to check remaining arguments, thus + making it possible to get rid of the null string case break. + + As a bonus, now the help message states that on or off should follow + --libbpf_force + + Signed-off-by: Andrea Claudi + Acked-by: Phil Sutter + Signed-off-by: David Ahern +--- + configure | 37 ++++++++++++++++++------------------- + 1 file changed, 18 insertions(+), 19 deletions(-) + +diff --git a/configure b/configure +index 9ec19a5b..26e06eb8 100755 +--- a/configure ++++ b/configure +@@ -485,12 +485,12 @@ usage() + { + cat < Path to iproute2 include dir +- --libbpf_dir Path to libbpf DESTDIR +- --libbpf_force Enable/disable libbpf by force. Available options: +- on: require link against libbpf, quit config if no libbpf support +- off: disable libbpf probing +- -h | --help Show this usage info ++ --include_dir Path to iproute2 include dir ++ --libbpf_dir Path to libbpf DESTDIR ++ --libbpf_force Enable/disable libbpf by force. Available options: ++ on: require link against libbpf, quit config if no libbpf support ++ off: disable libbpf probing ++ -h | --help Show this usage info + EOF + exit $1 + } +@@ -499,31 +499,25 @@ EOF + if [ $# -eq 1 ] && [ "$(echo $1 | cut -c 1)" != '-' ]; then + INCLUDE="$1" + else +- while true; do ++ while [ "$#" -gt 0 ]; do + case "$1" in + --include_dir) + shift +- INCLUDE="$1" +- [ "$#" -gt 0 ] && shift ;; ++ INCLUDE="$1" ;; + --libbpf_dir) + shift +- LIBBPF_DIR="$1" +- [ "$#" -gt 0 ] && shift ;; ++ LIBBPF_DIR="$1" ;; + --libbpf_force) +- if [ "$2" != 'on' ] && [ "$2" != 'off' ]; then +- usage 1 +- fi +- LIBBPF_FORCE=$2 +- shift 2 ;; ++ shift ++ LIBBPF_FORCE="$1" ;; + -h | --help) + usage 0 ;; + --*) +- shift ;; +- "") +- break ;; ++ ;; + *) + usage 1 ;; + esac ++ [ "$#" -gt 0 ] && shift + done + fi + +@@ -531,6 +525,11 @@ fi + if [ "${LIBBPF_DIR-unused}" != "unused" ]; then + [ -d "$LIBBPF_DIR" ] || usage 1 + fi ++if [ "${LIBBPF_FORCE-unused}" != "unused" ]; then ++ if [ "$LIBBPF_FORCE" != 'on' ] && [ "$LIBBPF_FORCE" != 'off' ]; then ++ usage 1 ++ fi ++fi + + echo "# Generated config based on" $INCLUDE >$CONFIG + quiet_config >> $CONFIG +-- +2.31.1 + diff --git a/SOURCES/0005-configure-support-param-value-style.patch b/SOURCES/0005-configure-support-param-value-style.patch new file mode 100644 index 0000000..b3b8acf --- /dev/null +++ b/SOURCES/0005-configure-support-param-value-style.patch @@ -0,0 +1,53 @@ +From fd03755c5b59a7c197dc9089494c08780f1669a7 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: +References: +From: Andrea Claudi +Date: Tue, 23 Nov 2021 15:28:18 +0100 +Subject: [PATCH] configure: support --param=value style + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2016061 +Upstream Status: iproute2.git commit 4b8bca5f + +commit 4b8bca5f9e3e6f210b1036166dc98801e76d8ee5 +Author: Andrea Claudi +Date: Thu Oct 14 10:50:53 2021 +0200 + + configure: support --param=value style + + This commit makes it possible to specify values for configure params + using the common autotools configure syntax '--param=value'. + + Signed-off-by: Andrea Claudi + Acked-by: Phil Sutter + Signed-off-by: David Ahern +--- + configure | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/configure b/configure +index 26e06eb8..9a2645d9 100755 +--- a/configure ++++ b/configure +@@ -504,12 +504,18 @@ else + --include_dir) + shift + INCLUDE="$1" ;; ++ --include_dir=*) ++ INCLUDE="${1#*=}" ;; + --libbpf_dir) + shift + LIBBPF_DIR="$1" ;; ++ --libbpf_dir=*) ++ LIBBPF_DIR="${1#*=}" ;; + --libbpf_force) + shift + LIBBPF_FORCE="$1" ;; ++ --libbpf_force=*) ++ LIBBPF_FORCE="${1#*=}" ;; + -h | --help) + usage 0 ;; + --*) +-- +2.31.1 + diff --git a/SOURCES/0005-police-add-support-for-packet-per-second-rate-limiti.patch b/SOURCES/0005-police-add-support-for-packet-per-second-rate-limiti.patch deleted file mode 100644 index 9d19b45..0000000 --- a/SOURCES/0005-police-add-support-for-packet-per-second-rate-limiti.patch +++ /dev/null @@ -1,221 +0,0 @@ -From b061aeba93b1c730b7dafeece6b90aad2e7afce8 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -From: Andrea Claudi -Date: Wed, 11 Aug 2021 12:55:14 +0200 -Subject: [PATCH] police: add support for packet-per-second rate limiting - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1981393 -Upstream Status: iproute2.git commit cf9ae1bd - -commit cf9ae1bd31187d8ae62bc1bb408e443dbc8bd6a0 -Author: Baowen Zheng -Date: Fri Mar 26 13:50:18 2021 +0100 - - police: add support for packet-per-second rate limiting - - Allow a policer action to enforce a rate-limit based on packets-per-second, - configurable using a packet-per-second rate and burst parameters. - - e.g. - # $TC actions add action police pkts_rate 1000 pkts_burst 200 index 1 - # $TC actions ls action police - total acts 1 - - action order 0: police 0x1 rate 0bit burst 0b mtu 4096Mb pkts_rate 1000 pkts_burst 200 - ref 1 bind 0 - - Signed-off-by: Baowen Zheng - Signed-off-by: Simon Horman - Signed-off-by: Louis Peens - Signed-off-by: David Ahern - -Signed-off-by: Andrea Claudi ---- - man/man8/tc-police.8 | 35 ++++++++++++++++++++++++------- - tc/m_police.c | 50 +++++++++++++++++++++++++++++++++++++++++--- - 2 files changed, 75 insertions(+), 10 deletions(-) - -diff --git a/man/man8/tc-police.8 b/man/man8/tc-police.8 -index 52279755..86e263bb 100644 ---- a/man/man8/tc-police.8 -+++ b/man/man8/tc-police.8 -@@ -5,9 +5,11 @@ police - policing action - .SH SYNOPSIS - .in +8 - .ti -8 --.BR tc " ... " "action police" -+.BR tc " ... " "action police [" - .BI rate " RATE " burst --.IR BYTES [\fB/ BYTES "] [" -+.IR BYTES [\fB/ BYTES "] ] [" -+.BI pkts_rate " RATE " pkts_burst -+.IR PACKETS "] [" - .B mtu - .IR BYTES [\fB/ BYTES "] ] [" - .BI peakrate " RATE" -@@ -34,19 +36,29 @@ police - policing action - .SH DESCRIPTION - The - .B police --action allows to limit bandwidth of traffic matched by the filter it is --attached to. Basically there are two different algorithms available to measure --the packet rate: The first one uses an internal dual token bucket and is --configured using the -+action allows limiting of the byte or packet rate of traffic matched by the -+filter it is attached to. -+.P -+There are two different algorithms available to measure the byte rate: The -+first one uses an internal dual token bucket and is configured using the - .BR rate ", " burst ", " mtu ", " peakrate ", " overhead " and " linklayer - parameters. The second one uses an in-kernel sampling mechanism. It can be - fine-tuned using the - .B estimator - filter parameter. -+.P -+There is one algorithm available to measure packet rate and it is similar to -+the first algorithm described for byte rate. It is configured using the -+.BR pkt_rate " and " pkt_burst -+parameters. -+.P -+At least one of the -+.BR rate " and " pkt_rate " -+parameters must be configured. - .SH OPTIONS - .TP - .BI rate " RATE" --The maximum traffic rate of packets passing this action. Those exceeding it will -+The maximum byte rate of packets passing this action. Those exceeding it will - be treated as defined by the - .B conform-exceed - option. -@@ -55,6 +67,15 @@ option. - Set the maximum allowed burst in bytes, optionally followed by a slash ('/') - sign and cell size which must be a power of 2. - .TP -+.BI pkt_rate " RATE" -+The maximum packet rate or packets passing this action. Those exceeding it will -+be treated as defined by the -+.B conform-exceed -+option. -+.TP -+.BI pkt_burst " PACKETS" -+Set the maximum allowed burst in packets. -+.TP - .BI mtu " BYTES\fR[\fB/\fIBYTES\fR]" - This is the maximum packet size handled by the policer (larger ones will be - handled like they exceeded the configured rate). Setting this value correctly -diff --git a/tc/m_police.c b/tc/m_police.c -index bb51df68..9ef0e40b 100644 ---- a/tc/m_police.c -+++ b/tc/m_police.c -@@ -38,7 +38,8 @@ struct action_util police_action_util = { - static void usage(void) - { - fprintf(stderr, -- "Usage: ... police rate BPS burst BYTES[/BYTES] [ mtu BYTES[/BYTES] ]\n" -+ "Usage: ... police [ rate BPS burst BYTES[/BYTES] ] \n" -+ " [ pkts_rate RATE pkts_burst PACKETS ] [ mtu BYTES[/BYTES] ]\n" - " [ peakrate BPS ] [ avrate BPS ] [ overhead BYTES ]\n" - " [ linklayer TYPE ] [ CONTROL ]\n" - "Where: CONTROL := conform-exceed [/NOTEXCEEDACT]\n" -@@ -67,6 +68,7 @@ static int act_parse_police(struct action_util *a, int *argc_p, char ***argv_p, - int Rcell_log = -1, Pcell_log = -1; - struct rtattr *tail; - __u64 rate64 = 0, prate64 = 0; -+ __u64 pps64 = 0, ppsburst64 = 0; - - if (a) /* new way of doing things */ - NEXT_ARG(); -@@ -144,6 +146,18 @@ static int act_parse_police(struct action_util *a, int *argc_p, char ***argv_p, - NEXT_ARG(); - if (get_linklayer(&linklayer, *argv)) - invarg("linklayer", *argv); -+ } else if (matches(*argv, "pkts_rate") == 0) { -+ NEXT_ARG(); -+ if (pps64) -+ duparg("pkts_rate", *argv); -+ if (get_u64(&pps64, *argv, 10)) -+ invarg("pkts_rate", *argv); -+ } else if (matches(*argv, "pkts_burst") == 0) { -+ NEXT_ARG(); -+ if (ppsburst64) -+ duparg("pkts_burst", *argv); -+ if (get_u64(&ppsburst64, *argv, 10)) -+ invarg("pkts_burst", *argv); - } else if (strcmp(*argv, "help") == 0) { - usage(); - } else { -@@ -161,8 +175,8 @@ action_ctrl_ok: - return -1; - - /* Must at least do late binding, use TB or ewma policing */ -- if (!rate64 && !avrate && !p.index && !mtu) { -- fprintf(stderr, "'rate' or 'avrate' or 'mtu' MUST be specified.\n"); -+ if (!rate64 && !avrate && !p.index && !mtu && !pps64) { -+ fprintf(stderr, "'rate' or 'avrate' or 'mtu' or 'pkts_rate' MUST be specified.\n"); - return -1; - } - -@@ -172,6 +186,18 @@ action_ctrl_ok: - return -1; - } - -+ /* When the packets TB policer is used, pkts_burst is required */ -+ if (pps64 && !ppsburst64) { -+ fprintf(stderr, "'pkts_burst' requires 'pkts_rate'.\n"); -+ return -1; -+ } -+ -+ /* forbid rate and pkts_rate in same action */ -+ if (pps64 && rate64) { -+ fprintf(stderr, "'rate' and 'pkts_rate' are not allowed in same action.\n"); -+ return -1; -+ } -+ - if (prate64) { - if (!rate64) { - fprintf(stderr, "'peakrate' requires 'rate'.\n"); -@@ -223,6 +249,12 @@ action_ctrl_ok: - if (presult) - addattr32(n, MAX_MSG, TCA_POLICE_RESULT, presult); - -+ if (pps64) { -+ addattr64(n, MAX_MSG, TCA_POLICE_PKTRATE64, pps64); -+ ppsburst64 = tc_calc_xmittime(pps64, ppsburst64); -+ addattr64(n, MAX_MSG, TCA_POLICE_PKTBURST64, ppsburst64); -+ } -+ - addattr_nest_end(n, tail); - res = 0; - -@@ -244,6 +276,7 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) - unsigned int buffer; - unsigned int linklayer; - __u64 rate64, prate64; -+ __u64 pps64, ppsburst64; - - if (arg == NULL) - return 0; -@@ -287,6 +320,17 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) - tc_print_rate(PRINT_FP, NULL, "avrate %s ", - rta_getattr_u32(tb[TCA_POLICE_AVRATE])); - -+ if ((tb[TCA_POLICE_PKTRATE64] && -+ RTA_PAYLOAD(tb[TCA_POLICE_PKTRATE64]) >= sizeof(pps64)) && -+ (tb[TCA_POLICE_PKTBURST64] && -+ RTA_PAYLOAD(tb[TCA_POLICE_PKTBURST64]) >= sizeof(ppsburst64))) { -+ pps64 = rta_getattr_u64(tb[TCA_POLICE_PKTRATE64]); -+ ppsburst64 = rta_getattr_u64(tb[TCA_POLICE_PKTBURST64]); -+ ppsburst64 = tc_calc_xmitsize(pps64, ppsburst64); -+ fprintf(f, "pkts_rate %llu ", pps64); -+ fprintf(f, "pkts_burst %llu ", ppsburst64); -+ } -+ - print_action_control(f, "action ", p->action, ""); - - if (tb[TCA_POLICE_RESULT]) { --- -2.31.1 - diff --git a/SOURCES/0006-configure-add-the-prefix-option.patch b/SOURCES/0006-configure-add-the-prefix-option.patch new file mode 100644 index 0000000..0954ad6 --- /dev/null +++ b/SOURCES/0006-configure-add-the-prefix-option.patch @@ -0,0 +1,72 @@ +From 3be62dd57ef875f9cf4674f8665c5da48c4e2274 Mon Sep 17 00:00:00 2001 +Message-Id: <3be62dd57ef875f9cf4674f8665c5da48c4e2274.1637678195.git.aclaudi@redhat.com> +In-Reply-To: +References: +From: Andrea Claudi +Date: Tue, 23 Nov 2021 15:28:18 +0100 +Subject: [PATCH] configure: add the --prefix option + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2016061 +Upstream Status: iproute2.git commit 0ee1950b + +commit 0ee1950b5c38986ea896606810231f5f9d761a00 +Author: Andrea Claudi +Date: Thu Oct 14 10:50:54 2021 +0200 + + configure: add the --prefix option + + This commit add the '--prefix' option to the iproute2 configure script. + + This mimics the '--prefix' option that autotools configure provides, and + will be used later to allow users or packagers to set the lib directory. + + Signed-off-by: Andrea Claudi + Acked-by: Phil Sutter + Signed-off-by: David Ahern +--- + configure | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/configure b/configure +index 9a2645d9..05e23eff 100755 +--- a/configure ++++ b/configure +@@ -3,6 +3,7 @@ + # This is not an autoconf generated configure + + INCLUDE="$PWD/include" ++PREFIX="/usr" + + # Output file which is input to Makefile + CONFIG=config.mk +@@ -490,6 +491,7 @@ Usage: $0 [OPTIONS] + --libbpf_force Enable/disable libbpf by force. Available options: + on: require link against libbpf, quit config if no libbpf support + off: disable libbpf probing ++ --prefix Path prefix of the lib files to install + -h | --help Show this usage info + EOF + exit $1 +@@ -516,6 +518,11 @@ else + LIBBPF_FORCE="$1" ;; + --libbpf_force=*) + LIBBPF_FORCE="${1#*=}" ;; ++ --prefix) ++ shift ++ PREFIX="$1" ;; ++ --prefix=*) ++ PREFIX="${1#*=}" ;; + -h | --help) + usage 0 ;; + --*) +@@ -536,6 +543,7 @@ if [ "${LIBBPF_FORCE-unused}" != "unused" ]; then + usage 1 + fi + fi ++[ -z "$PREFIX" ] && usage 1 + + echo "# Generated config based on" $INCLUDE >$CONFIG + quiet_config >> $CONFIG +-- +2.31.1 + diff --git a/SOURCES/0006-police-Add-support-for-json-output.patch b/SOURCES/0006-police-Add-support-for-json-output.patch deleted file mode 100644 index 1f11b9b..0000000 --- a/SOURCES/0006-police-Add-support-for-json-output.patch +++ /dev/null @@ -1,159 +0,0 @@ -From 04b921c03a4680931df6660b88444f2478fb585c Mon Sep 17 00:00:00 2001 -Message-Id: <04b921c03a4680931df6660b88444f2478fb585c.1628790091.git.aclaudi@redhat.com> -In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -From: Andrea Claudi -Date: Wed, 11 Aug 2021 12:55:14 +0200 -Subject: [PATCH] police: Add support for json output - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1981393 -Upstream Status: iproute2.git commit 0d5cf51e - -commit 0d5cf51e0d6c7bfdc51754381b85367b5f8e254a -Author: Roi Dayan -Date: Mon Jun 7 09:44:08 2021 +0300 - - police: Add support for json output - - Change to use the print wrappers instead of fprintf(). - - This is example output of the options part before this commit: - - "options": { - "handle": 1, - "in_hw": true, - "actions": [ { - "order": 1 police 0x2 , - "control_action": { - "type": "drop" - }, - "control_action": { - "type": "continue" - }overhead 0b linklayer unspec - ref 1 bind 1 - , - "used_hw_stats": [ "delayed" ] - } ] - } - - This is the output of the same dump with this commit: - - "options": { - "handle": 1, - "in_hw": true, - "actions": [ { - "order": 1, - "kind": "police", - "index": 2, - "control_action": { - "type": "drop" - }, - "control_action": { - "type": "continue" - }, - "overhead": 0, - "linklayer": "unspec", - "ref": 1, - "bind": 1, - "used_hw_stats": [ "delayed" ] - } ] - } - - Signed-off-by: Roi Dayan - Reviewed-by: Paul Blakey - Signed-off-by: David Ahern - -Signed-off-by: Andrea Claudi ---- - tc/m_police.c | 30 +++++++++++++++++------------- - 1 file changed, 17 insertions(+), 13 deletions(-) - -diff --git a/tc/m_police.c b/tc/m_police.c -index 9ef0e40b..2594c089 100644 ---- a/tc/m_police.c -+++ b/tc/m_police.c -@@ -278,18 +278,19 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) - __u64 rate64, prate64; - __u64 pps64, ppsburst64; - -+ print_string(PRINT_ANY, "kind", "%s", "police"); - if (arg == NULL) - return 0; - - parse_rtattr_nested(tb, TCA_POLICE_MAX, arg); - - if (tb[TCA_POLICE_TBF] == NULL) { -- fprintf(f, "[NULL police tbf]"); -- return 0; -+ fprintf(stderr, "[NULL police tbf]"); -+ return -1; - } - #ifndef STOOPID_8BYTE - if (RTA_PAYLOAD(tb[TCA_POLICE_TBF]) < sizeof(*p)) { -- fprintf(f, "[truncated police tbf]"); -+ fprintf(stderr, "[truncated police tbf]"); - return -1; - } - #endif -@@ -300,13 +301,13 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) - RTA_PAYLOAD(tb[TCA_POLICE_RATE64]) >= sizeof(rate64)) - rate64 = rta_getattr_u64(tb[TCA_POLICE_RATE64]); - -- fprintf(f, " police 0x%x ", p->index); -+ print_uint(PRINT_ANY, "index", "\t index %u ", p->index); - tc_print_rate(PRINT_FP, NULL, "rate %s ", rate64); - buffer = tc_calc_xmitsize(rate64, p->burst); - print_size(PRINT_FP, NULL, "burst %s ", buffer); - print_size(PRINT_FP, NULL, "mtu %s ", p->mtu); - if (show_raw) -- fprintf(f, "[%08x] ", p->burst); -+ print_hex(PRINT_FP, NULL, "[%08x] ", p->burst); - - prate64 = p->peakrate.rate; - if (tb[TCA_POLICE_PEAKRATE64] && -@@ -327,8 +328,8 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) - pps64 = rta_getattr_u64(tb[TCA_POLICE_PKTRATE64]); - ppsburst64 = rta_getattr_u64(tb[TCA_POLICE_PKTBURST64]); - ppsburst64 = tc_calc_xmitsize(pps64, ppsburst64); -- fprintf(f, "pkts_rate %llu ", pps64); -- fprintf(f, "pkts_burst %llu ", ppsburst64); -+ print_u64(PRINT_ANY, "pkts_rate", "pkts_rate %llu ", pps64); -+ print_u64(PRINT_ANY, "pkts_burst", "pkts_burst %llu ", ppsburst64); - } - - print_action_control(f, "action ", p->action, ""); -@@ -337,14 +338,17 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) - __u32 action = rta_getattr_u32(tb[TCA_POLICE_RESULT]); - - print_action_control(f, "/", action, " "); -- } else -- fprintf(f, " "); -+ } else { -+ print_string(PRINT_FP, NULL, " ", NULL); -+ } - -- fprintf(f, "overhead %ub ", p->rate.overhead); -+ print_uint(PRINT_ANY, "overhead", "overhead %u ", p->rate.overhead); - linklayer = (p->rate.linklayer & TC_LINKLAYER_MASK); - if (linklayer > TC_LINKLAYER_ETHERNET || show_details) -- fprintf(f, "linklayer %s ", sprint_linklayer(linklayer, b2)); -- fprintf(f, "\n\tref %d bind %d", p->refcnt, p->bindcnt); -+ print_string(PRINT_ANY, "linklayer", "linklayer %s ", -+ sprint_linklayer(linklayer, b2)); -+ print_int(PRINT_ANY, "ref", "ref %d ", p->refcnt); -+ print_int(PRINT_ANY, "bind", "bind %d ", p->bindcnt); - if (show_stats) { - if (tb[TCA_POLICE_TM]) { - struct tcf_t *tm = RTA_DATA(tb[TCA_POLICE_TM]); -@@ -352,7 +356,7 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) - print_tm(f, tm); - } - } -- fprintf(f, "\n"); -+ print_nl(); - - - return 0; --- -2.31.1 - diff --git a/SOURCES/0007-configure-add-the-libdir-option.patch b/SOURCES/0007-configure-add-the-libdir-option.patch new file mode 100644 index 0000000..f008e77 --- /dev/null +++ b/SOURCES/0007-configure-add-the-libdir-option.patch @@ -0,0 +1,151 @@ +From f9649a5c15f7dcee4e684854fcc75a7a3fe27683 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: +References: +From: Andrea Claudi +Date: Tue, 23 Nov 2021 15:28:18 +0100 +Subject: [PATCH] configure: add the --libdir option + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2016061 +Upstream Status: iproute2.git commit cee0cf84 + +commit cee0cf84bd32c8d9215f0c155187ad99d52a69b1 +Author: Andrea Claudi +Date: Thu Oct 14 10:50:55 2021 +0200 + + configure: add the --libdir option + + This commit allows users/packagers to choose a lib directory to store + iproute2 lib files. + + At the moment iproute2 ship lib files in /usr/lib and offers no way to + modify this setting. However, according to the FHS, distros may choose + "one or more variants of the /lib directory on systems which support + more than one binary format" (e.g. /usr/lib64 on Fedora). + + As Luca states in commit a3272b93725a ("configure: restore backward + compatibility"), packaging systems may assume that 'configure' is from + autotools, and try to pass it some parameters. + + Allowing the '--libdir=/path/to/libdir' syntax, we can use this to our + advantage, and let the lib directory to be chosen by the distro + packaging system. + + Note that LIBDIR uses "\${prefix}/lib" as default value because autoconf + allows this to be expanded to the --prefix value at configure runtime. + "\${prefix}" is replaced with the PREFIX value in check_lib_dir(). + + Signed-off-by: Andrea Claudi + Acked-by: Phil Sutter + Signed-off-by: David Ahern +--- + Makefile | 7 ++++--- + configure | 18 ++++++++++++++++++ + 2 files changed, 22 insertions(+), 3 deletions(-) + +diff --git a/Makefile b/Makefile +index 5bc11477..45655ca4 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,8 @@ + # SPDX-License-Identifier: GPL-2.0 + # Top level Makefile for iproute2 + ++-include config.mk ++ + ifeq ("$(origin V)", "command line") + VERBOSE = $(V) + endif +@@ -13,7 +15,6 @@ MAKEFLAGS += --no-print-directory + endif + + PREFIX?=/usr +-LIBDIR?=$(PREFIX)/lib + SBINDIR?=/sbin + CONFDIR?=/etc/iproute2 + NETNS_RUN_DIR?=/var/run/netns +@@ -60,7 +61,7 @@ SUBDIRS=lib ip tc bridge misc netem genl tipc devlink rdma dcb man vdpa + LIBNETLINK=../lib/libutil.a ../lib/libnetlink.a + LDLIBS += $(LIBNETLINK) + +-all: config ++all: config.mk + @set -e; \ + for i in $(SUBDIRS); \ + do echo; echo $$i; $(MAKE) -C $$i; done +@@ -80,7 +81,7 @@ help: + @echo "Make Arguments:" + @echo " V=[0|1] - set build verbosity level" + +-config: ++config.mk: + @if [ ! -f config.mk -o configure -nt config.mk ]; then \ + sh configure $(KERNEL_INCLUDE); \ + fi +diff --git a/configure b/configure +index 05e23eff..8ddff43c 100755 +--- a/configure ++++ b/configure +@@ -4,6 +4,7 @@ + + INCLUDE="$PWD/include" + PREFIX="/usr" ++LIBDIR="\${prefix}/lib" + + # Output file which is input to Makefile + CONFIG=config.mk +@@ -149,6 +150,15 @@ EOF + rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest + } + ++check_lib_dir() ++{ ++ LIBDIR=$(echo $LIBDIR | sed "s|\${prefix}|$PREFIX|") ++ ++ echo -n "lib directory: " ++ echo "$LIBDIR" ++ echo "LIBDIR:=$LIBDIR" >> $CONFIG ++} ++ + check_ipt() + { + if ! grep TC_CONFIG_XT $CONFIG > /dev/null; then +@@ -487,6 +497,7 @@ usage() + cat < Path to iproute2 include dir ++ --libdir Path to iproute2 lib dir + --libbpf_dir Path to libbpf DESTDIR + --libbpf_force Enable/disable libbpf by force. Available options: + on: require link against libbpf, quit config if no libbpf support +@@ -508,6 +519,11 @@ else + INCLUDE="$1" ;; + --include_dir=*) + INCLUDE="${1#*=}" ;; ++ --libdir) ++ shift ++ LIBDIR="$1" ;; ++ --libdir=*) ++ LIBDIR="${1#*=}" ;; + --libbpf_dir) + shift + LIBBPF_DIR="$1" ;; +@@ -544,6 +560,7 @@ if [ "${LIBBPF_FORCE-unused}" != "unused" ]; then + fi + fi + [ -z "$PREFIX" ] && usage 1 ++[ -z "$LIBDIR" ] && usage 1 + + echo "# Generated config based on" $INCLUDE >$CONFIG + quiet_config >> $CONFIG +@@ -568,6 +585,7 @@ if ! grep -q TC_CONFIG_NO_XT $CONFIG; then + fi + + echo ++check_lib_dir + if ! grep -q TC_CONFIG_NO_XT $CONFIG; then + echo -n "iptables modules directory: " + check_ipt_lib_dir +-- +2.31.1 + diff --git a/SOURCES/0007-police-Fix-normal-output-back-to-what-it-was.patch b/SOURCES/0007-police-Fix-normal-output-back-to-what-it-was.patch deleted file mode 100644 index 792cdbf..0000000 --- a/SOURCES/0007-police-Fix-normal-output-back-to-what-it-was.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 148b286b52aa8f38d8d7587b598522310067de7b Mon Sep 17 00:00:00 2001 -Message-Id: <148b286b52aa8f38d8d7587b598522310067de7b.1628790091.git.aclaudi@redhat.com> -In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -From: Andrea Claudi -Date: Wed, 11 Aug 2021 12:55:14 +0200 -Subject: [PATCH] police: Fix normal output back to what it was - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1981393 -Upstream Status: iproute2.git commit 71d36000 - -commit 71d36000dc9ce8397fc45b680e0c0340df5a28e5 -Author: Roi Dayan -Date: Mon Jul 12 15:26:53 2021 +0300 - - police: Fix normal output back to what it was - - With the json support fix the normal output was - changed. set it back to what it was. - Print overhead with print_size(). - Print newline before ref. - - Fixes: 0d5cf51e0d6c ("police: Add support for json output") - Signed-off-by: Roi Dayan - Signed-off-by: Stephen Hemminger - -Signed-off-by: Andrea Claudi ---- - tc/m_police.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/tc/m_police.c b/tc/m_police.c -index 2594c089..f38ab90a 100644 ---- a/tc/m_police.c -+++ b/tc/m_police.c -@@ -278,7 +278,7 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) - __u64 rate64, prate64; - __u64 pps64, ppsburst64; - -- print_string(PRINT_ANY, "kind", "%s", "police"); -+ print_string(PRINT_JSON, "kind", "%s", "police"); - if (arg == NULL) - return 0; - -@@ -301,7 +301,8 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) - RTA_PAYLOAD(tb[TCA_POLICE_RATE64]) >= sizeof(rate64)) - rate64 = rta_getattr_u64(tb[TCA_POLICE_RATE64]); - -- print_uint(PRINT_ANY, "index", "\t index %u ", p->index); -+ print_hex(PRINT_FP, NULL, " police 0x%x ", p->index); -+ print_uint(PRINT_JSON, "index", NULL, p->index); - tc_print_rate(PRINT_FP, NULL, "rate %s ", rate64); - buffer = tc_calc_xmitsize(rate64, p->burst); - print_size(PRINT_FP, NULL, "burst %s ", buffer); -@@ -342,12 +343,13 @@ static int print_police(struct action_util *a, FILE *f, struct rtattr *arg) - print_string(PRINT_FP, NULL, " ", NULL); - } - -- print_uint(PRINT_ANY, "overhead", "overhead %u ", p->rate.overhead); -+ print_size(PRINT_ANY, "overhead", "overhead %s ", p->rate.overhead); - linklayer = (p->rate.linklayer & TC_LINKLAYER_MASK); - if (linklayer > TC_LINKLAYER_ETHERNET || show_details) - print_string(PRINT_ANY, "linklayer", "linklayer %s ", - sprint_linklayer(linklayer, b2)); -- print_int(PRINT_ANY, "ref", "ref %d ", p->refcnt); -+ print_nl(); -+ print_int(PRINT_ANY, "ref", "\tref %d ", p->refcnt); - print_int(PRINT_ANY, "bind", "bind %d ", p->bindcnt); - if (show_stats) { - if (tb[TCA_POLICE_TM]) { --- -2.31.1 - diff --git a/SOURCES/0008-tc-u32-Fix-key-folding-in-sample-option.patch b/SOURCES/0008-tc-u32-Fix-key-folding-in-sample-option.patch deleted file mode 100644 index 3aa5014..0000000 --- a/SOURCES/0008-tc-u32-Fix-key-folding-in-sample-option.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 7fcfc0e4d6949ff32df3ed749bad8eb419cebbda Mon Sep 17 00:00:00 2001 -Message-Id: <7fcfc0e4d6949ff32df3ed749bad8eb419cebbda.1628790091.git.aclaudi@redhat.com> -In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -From: Andrea Claudi -Date: Wed, 11 Aug 2021 14:49:33 +0200 -Subject: [PATCH] tc: u32: Fix key folding in sample option - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1979425 -Upstream Status: iproute2.git commit 9b7ea92b - -commit 9b7ea92b9e3feff2876f772ace01148b7406839c -Author: Phil Sutter -Date: Wed Aug 4 11:18:28 2021 +0200 - - tc: u32: Fix key folding in sample option - - In between Linux kernel 2.4 and 2.6, key folding for hash tables changed - in kernel space. When iproute2 dropped support for the older algorithm, - the wrong code was removed and kernel 2.4 folding method remained in - place. To get things functional for recent kernels again, restoring the - old code alone was not sufficient - additional byteorder fixes were - needed. - - While being at it, make use of ffs() and thereby align the code with how - kernel determines the shift width. - - Fixes: 267480f55383c ("Backout the 2.4 utsname hash patch.") - Signed-off-by: Phil Sutter - Signed-off-by: Stephen Hemminger - -Signed-off-by: Andrea Claudi ---- - tc/f_u32.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/tc/f_u32.c b/tc/f_u32.c -index 2ed5254a..a5747f67 100644 ---- a/tc/f_u32.c -+++ b/tc/f_u32.c -@@ -978,6 +978,13 @@ show_k: - goto show_k; - } - -+static __u32 u32_hash_fold(struct tc_u32_key *key) -+{ -+ __u8 fshift = key->mask ? ffs(ntohl(key->mask)) - 1 : 0; -+ -+ return ntohl(key->val & key->mask) >> fshift; -+} -+ - static int u32_parse_opt(struct filter_util *qu, char *handle, - int argc, char **argv, struct nlmsghdr *n) - { -@@ -1110,9 +1117,7 @@ static int u32_parse_opt(struct filter_util *qu, char *handle, - } - NEXT_ARG(); - } -- hash = sel2.keys[0].val & sel2.keys[0].mask; -- hash ^= hash >> 16; -- hash ^= hash >> 8; -+ hash = u32_hash_fold(&sel2.keys[0]); - htid = ((hash % divisor) << 12) | (htid & 0xFFF00000); - sample_ok = 1; - continue; --- -2.31.1 - diff --git a/SOURCES/0009-tc-htb-improve-burst-error-messages.patch b/SOURCES/0009-tc-htb-improve-burst-error-messages.patch deleted file mode 100644 index e3f18bb..0000000 --- a/SOURCES/0009-tc-htb-improve-burst-error-messages.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 0b66dc13c157f4d34518c06dd774ef39be0df271 Mon Sep 17 00:00:00 2001 -Message-Id: <0b66dc13c157f4d34518c06dd774ef39be0df271.1628790091.git.aclaudi@redhat.com> -In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -References: <650694eb0120722499207078f965442ef7343bb1.1628790091.git.aclaudi@redhat.com> -From: Andrea Claudi -Date: Thu, 12 Aug 2021 18:26:39 +0200 -Subject: [PATCH] tc: htb: improve burst error messages - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1910745 -Upstream Status: iproute2.git commit e44786b2 - -commit e44786b26934e4fbf337b0af73a9e6f53d458a25 -Author: Andrea Claudi -Date: Thu May 6 12:42:06 2021 +0200 - - tc: htb: improve burst error messages - - When a wrong value is provided for "burst" or "cburst" parameters, the - resulting error message is unclear and can be misleading: - - $ tc class add dev dummy0 parent 1: classid 1:1 htb rate 100KBps burst errtrigger - Illegal "buffer" - - The message claims an illegal "buffer" is provided, but neither the - inline help nor the man page list "buffer" among the htb parameters, and - the only way to know that "burst", "maxburst" and "buffer" are synonyms - is to look into tc/q_htb.c. - - This commit tries to improve this simply changing the error string to - the parameter name provided in the user-given command, clearly pointing - out where the wrong value is. - - $ tc class add dev dummy0 parent 1: classid 1:1 htb rate 100KBps burst errtrigger - Illegal "burst" - - $ tc class add dev dummy0 parent 1: classid 1:1 htb rate 100Kbps maxburst errtrigger - Illegal "maxburst" - - Reported-by: Sebastian Mitterle - Signed-off-by: Andrea Claudi - Signed-off-by: David Ahern - -Signed-off-by: Andrea Claudi ---- - tc/q_htb.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/tc/q_htb.c b/tc/q_htb.c -index 42566355..b5f95f67 100644 ---- a/tc/q_htb.c -+++ b/tc/q_htb.c -@@ -125,6 +125,7 @@ static int htb_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str - unsigned int linklayer = LINKLAYER_ETHERNET; /* Assume ethernet */ - struct rtattr *tail; - __u64 ceil64 = 0, rate64 = 0; -+ char *param; - - while (argc > 0) { - if (matches(*argv, "prio") == 0) { -@@ -160,17 +161,19 @@ static int htb_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str - } else if (matches(*argv, "burst") == 0 || - strcmp(*argv, "buffer") == 0 || - strcmp(*argv, "maxburst") == 0) { -+ param = *argv; - NEXT_ARG(); - if (get_size_and_cell(&buffer, &cell_log, *argv) < 0) { -- explain1("buffer"); -+ explain1(param); - return -1; - } - } else if (matches(*argv, "cburst") == 0 || - strcmp(*argv, "cbuffer") == 0 || - strcmp(*argv, "cmaxburst") == 0) { -+ param = *argv; - NEXT_ARG(); - if (get_size_and_cell(&cbuffer, &ccell_log, *argv) < 0) { -- explain1("cbuffer"); -+ explain1(param); - return -1; - } - } else if (strcmp(*argv, "ceil") == 0) { --- -2.31.1 - diff --git a/SOURCES/0010-lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch b/SOURCES/0010-lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch deleted file mode 100644 index 514fa63..0000000 --- a/SOURCES/0010-lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch +++ /dev/null @@ -1,67 +0,0 @@ -From d1f0f7f4e3e3a372a51e64bdd88f8ddecde1fbbf Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: <650694eb0120722499207078f965442ef7343bb1.1633614399.git.aclaudi@redhat.com> -References: <650694eb0120722499207078f965442ef7343bb1.1633614399.git.aclaudi@redhat.com> -From: Andrea Claudi -Date: Tue, 28 Sep 2021 11:46:43 +0200 -Subject: [PATCH] lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1995082 -Upstream Status: iproute2.git commit 2f5825cb - -commit 2f5825cb38028a14961a79844a069be4e3057eca -Author: Andrea Claudi -Date: Tue Sep 21 11:33:24 2021 +0200 - - lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists - - bpf selftests using iproute2 fails with: - - $ ip link set dev veth0 xdp object ../bpf/xdp_dummy.o section xdp_dummy - Continuing without mounted eBPF fs. Too old kernel? - mkdir (null)/globals failed: No such file or directory - Unable to load program - - This happens when the /sys/fs/bpf directory exists. In this case, mkdir - in bpf_mnt_check_target() fails with errno == EEXIST, and the function - returns -1. Thus bpf_get_work_dir() does not call bpf_mnt_fs() and the - bpffs is not mounted. - - Fix this in bpf_mnt_check_target(), returning 0 when the mountpoint - exists. - - Fixes: d4fcdbbec9df ("lib/bpf: Fix and simplify bpf_mnt_check_target()") - Reported-by: Mingyu Shi - Reported-by: Jiri Benc - Suggested-by: Jiri Benc - Signed-off-by: Andrea Claudi - Reviewed-by: Toke Høiland-Jørgensen - Signed-off-by: Stephen Hemminger ---- - lib/bpf_legacy.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/bpf_legacy.c b/lib/bpf_legacy.c -index 7ec9ce9d..f9dfad6e 100644 ---- a/lib/bpf_legacy.c -+++ b/lib/bpf_legacy.c -@@ -513,9 +513,12 @@ static int bpf_mnt_check_target(const char *target) - int ret; - - ret = mkdir(target, S_IRWXU); -- if (ret && errno != EEXIST) -+ if (ret) { -+ if (errno == EEXIST) -+ return 0; - fprintf(stderr, "mkdir %s failed: %s\n", target, - strerror(errno)); -+ } - - return ret; - } --- -2.31.1 - diff --git a/SOURCES/iproute2.sh b/SOURCES/iproute2.sh deleted file mode 100644 index f13e1f0..0000000 --- a/SOURCES/iproute2.sh +++ /dev/null @@ -1,5 +0,0 @@ -# tc initialization script (sh) - -if [ -z "$TC_LIB_DIR" ]; then - export TC_LIB_DIR=/usr/lib64/tc -fi diff --git a/SPECS/iproute.spec b/SPECS/iproute.spec index 1b5b5a7..d5218d0 100644 --- a/SPECS/iproute.spec +++ b/SPECS/iproute.spec @@ -1,42 +1,35 @@ Summary: Advanced IP routing and network device configuration tools Name: iproute -Version: 5.12.0 -Release: 4%{?dist}%{?buildid} +Version: 5.15.0 +Release: 1%{?dist}%{?buildid} Group: Applications/System -URL: http://kernel.org/pub/linux/utils/net/%{name}2/ -Source0: http://kernel.org/pub/linux/utils/net/%{name}2/%{name}2-%{version}.tar.xz +URL: https://kernel.org/pub/linux/utils/net/%{name}2/ +Source0: https://kernel.org/pub/linux/utils/net/%{name}2/%{name}2-%{version}.tar.xz Source1: rt_dsfield.deprecated -Source2: iproute2.sh -Patch0: 0001-tc-f_flower-Add-option-to-match-on-related-ct-state.patch -Patch1: 0002-tc-f_flower-Add-missing-ct_state-flags-to-usage-desc.patch -Patch2: 0003-mptcp-add-support-for-port-based-endpoint.patch -Patch3: 0004-Update-kernel-headers.patch -Patch4: 0005-police-add-support-for-packet-per-second-rate-limiti.patch -Patch5: 0006-police-Add-support-for-json-output.patch -Patch6: 0007-police-Fix-normal-output-back-to-what-it-was.patch -Patch7: 0008-tc-u32-Fix-key-folding-in-sample-option.patch -Patch8: 0009-tc-htb-improve-burst-error-messages.patch -Patch9: 0010-lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch +Patch0: 0001-configure-fix-parsing-issue-on-include_dir-option.patch +Patch1: 0002-configure-fix-parsing-issue-on-libbpf_dir-option.patch +Patch2: 0003-configure-fix-parsing-issue-with-more-than-one-value.patch +Patch3: 0004-configure-simplify-options-parsing.patch +Patch4: 0005-configure-support-param-value-style.patch +Patch5: 0006-configure-add-the-prefix-option.patch +Patch6: 0007-configure-add-the-libdir-option.patch + License: GPLv2+ and Public Domain BuildRequires: bison BuildRequires: elfutils-libelf-devel BuildRequires: flex +BuildRequires: gcc BuildRequires: iptables-devel >= 1.4.5 BuildRequires: libbpf-devel +BuildRequires: libcap-devel BuildRequires: libdb-devel BuildRequires: libmnl-devel BuildRequires: libselinux-devel +BuildRequires: make BuildRequires: pkgconfig -%if ! 0%{?_module_build} -%if 0%{?fedora} -BuildRequires: linux-atm-libs-devel -%endif -%endif -# For the UsrMove transition period -Conflicts: filesystem < 3 Requires: libbpf +Requires: psmisc Provides: /sbin/ip -Obsoletes: %{name} < 4.5.0-3 %description The iproute package contains networking utilities (ip and rtmon, for example) @@ -47,7 +40,6 @@ kernel. Summary: Linux Traffic Control utility Group: Applications/System License: GPLv2+ -Obsoletes: %{name} < 4.5.0-3 Requires: %{name}%{?_isa} = %{version}-%{release} Provides: /sbin/tc @@ -98,15 +90,11 @@ install -D -m644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a # drop these files, iproute-doc package extracts files directly from _builddir rm -rf '%{buildroot}%{_docdir}' -# Append deprecated values to rt_dsfield for compatibility reasons +# append deprecated values to rt_dsfield for compatibility reasons cat %{SOURCE1} >>%{buildroot}%{_sysconfdir}/iproute2/rt_dsfield -# use TC_LIB_DIR environment variable -install -D -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/iproute2.sh - %files %dir %{_sysconfdir}/iproute2 -%{!?_licensedir:%global license %%doc} %license COPYING %doc README README.devel %{_mandir}/man7/* @@ -120,9 +108,7 @@ install -D -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/iproute2.sh %{_datadir}/bash-completion/completions/devlink %files tc -%{!?_licensedir:%global license %%doc} %license COPYING -%{_sysconfdir}/profile.d/iproute2.sh %{_mandir}/man7/tc-* %{_mandir}/man8/tc* %{_mandir}/man8/cbq* @@ -133,13 +119,11 @@ install -D -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/iproute2.sh %if ! 0%{?_module_build} %files doc -%{!?_licensedir:%global license %%doc} %license COPYING %doc examples %endif %files devel -%{!?_licensedir:%global license %%doc} %license COPYING %{_mandir}/man3/* %{_libdir}/libnetlink.a @@ -147,6 +131,9 @@ install -D -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/iproute2.sh %{_includedir}/iproute2/bpf_elf.h %changelog +* Tue Nov 23 2021 Andrea Claudi - 5.15.0-1.el8 +- New version 5.15.0 (Andrea Claudi) [2016061] + * Thu Oct 07 2021 Andrea Claudi [5.12.0-4.el8] - lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists (Andrea Claudi) [1995082] @@ -159,7 +146,7 @@ install -D -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/iproute2.sh - Update kernel headers (Andrea Claudi) [1981393] - mptcp: add support for port based endpoint (Andrea Claudi) [1984733] -* Fri Aug 08 2021 Andrea Claudi [5.12.0-2.el8] +* Fri Aug 06 2021 Andrea Claudi [5.12.0-2.el8] - add build and run-time dependencies on libbpf (Andrea Claudi) [1990402] * Mon Jun 28 2021 Andrea Claudi [5.12.0-1.el8]