Merge branch 'master' into net-next
diff --git a/ip/Makefile b/ip/Makefile
index d8b38ac..52b76ef 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -3,7 +3,7 @@
ipmaddr.o ipmonitor.o ipmroute.o ipprefix.o iptuntap.o iptoken.o \
ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o \
iplink_vlan.o link_veth.o link_gre.o iplink_can.o \
- iplink_macvlan.o iplink_macvtap.o ipl2tp.o link_vti.o link_vti6.o \
+ iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \
iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \
link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \
iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \
diff --git a/ip/iplink_macvlan.c b/ip/iplink_macvlan.c
index 826b659..f195e81 100644
--- a/ip/iplink_macvlan.c
+++ b/ip/iplink_macvlan.c
@@ -1,5 +1,5 @@
/*
- * iplink_vlan.c VLAN device support
+ * iplink_macvlan.c macvlan/macvtap device support
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -20,31 +20,40 @@
#include "utils.h"
#include "ip_common.h"
-static void print_explain(FILE *f)
+#define pfx_err(lu, ...) { \
+ fprintf(stderr, "%s: ", lu->id); \
+ fprintf(stderr, __VA_ARGS__); \
+ fprintf(stderr, "\n"); \
+}
+
+static void print_explain(struct link_util *lu, FILE *f)
{
fprintf(f,
- "Usage: ... macvlan mode { private | vepa | bridge | passthru }\n"
+ "Usage: ... %s mode { private | vepa | bridge | passthru [nopromisc] }\n",
+ lu->id
);
}
-static void explain(void)
+static void explain(struct link_util *lu)
{
- print_explain(stderr);
+ print_explain(lu, stderr);
}
-static int mode_arg(void)
+static int mode_arg(const char *arg)
{
fprintf(stderr, "Error: argument of \"mode\" must be \"private\", "
- "\"vepa\", \"bridge\" or \"passthru\" \n");
+ "\"vepa\", \"bridge\" or \"passthru\", not \"%s\"\n", arg);
return -1;
}
static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
+ __u32 mode = 0;
+ __u16 flags = 0;
+
while (argc > 0) {
if (matches(*argv, "mode") == 0) {
- __u32 mode = 0;
NEXT_ARG();
if (strcmp(*argv, "private") == 0)
@@ -56,26 +65,39 @@
else if (strcmp(*argv, "passthru") == 0)
mode = MACVLAN_MODE_PASSTHRU;
else
- return mode_arg();
-
- addattr32(n, 1024, IFLA_MACVLAN_MODE, mode);
+ return mode_arg(*argv);
+ } else if (matches(*argv, "nopromisc") == 0) {
+ flags |= MACVLAN_FLAG_NOPROMISC;
} else if (matches(*argv, "help") == 0) {
- explain();
+ explain(lu);
return -1;
} else {
- fprintf(stderr, "macvlan: unknown option \"%s\"?\n", *argv);
- explain();
+ pfx_err(lu, "unknown option \"%s\"?", *argv);
+ explain(lu);
return -1;
}
argc--, argv++;
}
+ if (mode)
+ addattr32(n, 1024, IFLA_MACVLAN_MODE, mode);
+
+ if (flags) {
+ if (flags & MACVLAN_FLAG_NOPROMISC &&
+ mode != MACVLAN_MODE_PASSTHRU) {
+ pfx_err(lu, "nopromisc flag only valid in passthru mode");
+ explain(lu);
+ return -1;
+ }
+ addattr16(n, 1024, IFLA_MACVLAN_FLAGS, flags);
+ }
return 0;
}
static void macvlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
__u32 mode;
+ __u16 flags;
if (!tb)
return;
@@ -91,12 +113,20 @@
: mode == MACVLAN_MODE_BRIDGE ? "bridge"
: mode == MACVLAN_MODE_PASSTHRU ? "passthru"
: "unknown");
+
+ if (!tb[IFLA_MACVLAN_FLAGS] ||
+ RTA_PAYLOAD(tb[IFLA_MACVLAN_FLAGS]) < sizeof(__u16))
+ return;
+
+ flags = rta_getattr_u16(tb[IFLA_MACVLAN_FLAGS]);
+ if (flags & MACVLAN_FLAG_NOPROMISC)
+ fprintf(f, "nopromisc ");
}
static void macvlan_print_help(struct link_util *lu, int argc, char **argv,
FILE *f)
{
- print_explain(f);
+ print_explain(lu, f);
}
struct link_util macvlan_link_util = {
@@ -106,3 +136,11 @@
.print_opt = macvlan_print_opt,
.print_help = macvlan_print_help,
};
+
+struct link_util macvtap_link_util = {
+ .id = "macvtap",
+ .maxattr = IFLA_MACVLAN_MAX,
+ .parse_opt = macvlan_parse_opt,
+ .print_opt = macvlan_print_opt,
+ .print_help = macvlan_print_help,
+};
diff --git a/ip/iplink_macvtap.c b/ip/iplink_macvtap.c
deleted file mode 100644
index 9c2cd74..0000000
--- a/ip/iplink_macvtap.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * iplink_macvtap.c macvtap device support
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <linux/if_link.h>
-
-#include "rt_names.h"
-#include "utils.h"
-#include "ip_common.h"
-
-static void print_explain(FILE *f)
-{
- fprintf(stderr,
- "Usage: ... macvtap mode { private | vepa | bridge | passthru }\n"
- );
-}
-
-static void explain(void)
-{
- print_explain(stderr);
-}
-
-static int mode_arg(const char *arg)
-{
- fprintf(stderr, "Error: argument of \"mode\" must be \"private\", "
- "\"vepa\", \"bridge\" or \"passthru\", not \"%s\"\n", arg);
- return -1;
-}
-
-static int macvtap_parse_opt(struct link_util *lu, int argc, char **argv,
- struct nlmsghdr *n)
-{
- while (argc > 0) {
- if (matches(*argv, "mode") == 0) {
- __u32 mode = 0;
- NEXT_ARG();
-
- if (strcmp(*argv, "private") == 0)
- mode = MACVLAN_MODE_PRIVATE;
- else if (strcmp(*argv, "vepa") == 0)
- mode = MACVLAN_MODE_VEPA;
- else if (strcmp(*argv, "bridge") == 0)
- mode = MACVLAN_MODE_BRIDGE;
- else if (strcmp(*argv, "passthru") == 0)
- mode = MACVLAN_MODE_PASSTHRU;
- else
- return mode_arg(*argv);
-
- addattr32(n, 1024, IFLA_MACVLAN_MODE, mode);
- } else if (matches(*argv, "help") == 0) {
- explain();
- return -1;
- } else {
- fprintf(stderr, "macvtap: unknown command \"%s\"?\n", *argv);
- explain();
- return -1;
- }
- argc--, argv++;
- }
-
- return 0;
-}
-
-static void macvtap_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
-{
- __u32 mode;
-
- if (!tb)
- return;
-
- if (!tb[IFLA_MACVLAN_MODE] ||
- RTA_PAYLOAD(tb[IFLA_MACVLAN_MODE]) < sizeof(__u32))
- return;
-
- mode = rta_getattr_u32(tb[IFLA_VLAN_ID]);
- fprintf(f, " mode %s ",
- mode == MACVLAN_MODE_PRIVATE ? "private"
- : mode == MACVLAN_MODE_VEPA ? "vepa"
- : mode == MACVLAN_MODE_BRIDGE ? "bridge"
- : mode == MACVLAN_MODE_PASSTHRU ? "passthru"
- : "unknown");
-}
-
-static void macvtap_print_help(struct link_util *lu, int argc, char **argv,
- FILE *f)
-{
- print_explain(f);
-}
-
-struct link_util macvtap_link_util = {
- .id = "macvtap",
- .maxattr = IFLA_MACVLAN_MAX,
- .parse_opt = macvtap_parse_opt,
- .print_opt = macvtap_print_opt,
- .print_help = macvtap_print_help,
-};
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 4928249..ac6f481 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -768,6 +768,56 @@
.in -8
+.TP
+MACVLAN and MACVTAP Type Support
+For a link of type
+.I MACVLAN
+or
+.I MACVTAP
+the following additional arguments are supported:
+
+.BI "ip link add link " DEVICE " name " NAME
+.BR type " { " macvlan " | " macvtap " } "
+.BR mode " { " private " | " vepa " | " bridge " | " passthru
+.BR " [ " nopromisc " ] } "
+
+.in +8
+.sp
+.BR type " { " macvlan " | " macvtap " } "
+- specifies the link type to use.
+.BR macvlan " creates just a virtual interface, while "
+.BR macvtap " in addition creates a character device "
+.BR /dev/tapX " to be used just like a " tuntap " device."
+
+.B mode private
+- Do not allow communication between
+.B macvlan
+instances on the same physical interface, even if the external switch supports
+hairpin mode.
+
+.B mode vepa
+- Virtual Ethernet Port Aggregator mode. Data from one
+.B macvlan
+instance to the other on the same physical interface is transmitted over the
+physical interface. Either the attached switch needs to support hairpin mode,
+or there must be a TCP/IP router forwarding the packets in order to allow
+communication. This is the default mode.
+
+.B mode bridge
+- In bridge mode, all endpoints are directly connected to each other,
+communication is not redirected through the physical interface's peer.
+
+.BR mode " " passthru " [ " nopromisc " ] "
+- This mode gives more power to a single endpoint, usually in
+.BR macvtap " mode. It is not allowed for more than one endpoint on the same "
+physical interface. All traffic will be forwarded to this endpoint, allowing
+virtio guests to change MAC address or set promiscuous mode in order to bridge
+the interface or create vlan interfaces on top of it. By default, this mode
+forces the underlying interface into promiscuous mode. Passing the
+.BR nopromisc " flag prevents this, so the promisc flag may be controlled "
+using standard tools.
+.in -8
+
.SS ip link delete - delete virtual link
.TP
diff --git a/misc/ss.c b/misc/ss.c
index 7c3dfa3..eca4aa3 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -457,7 +457,9 @@
user_ent_hash_build_init = 1;
- strcpy(name, root);
+ strncpy(name, root, sizeof(name)-1);
+ name[sizeof(name)-1] = 0;
+
if (strlen(name) == 0 || name[strlen(name)-1] != '/')
strcat(name, "/");
@@ -481,7 +483,7 @@
if (getpidcon(pid, &pid_context) != 0)
pid_context = strdup(no_ctx);
- sprintf(name + nameoff, "%d/fd/", pid);
+ snprintf(name + nameoff, sizeof(name) - nameoff, "%d/fd/", pid);
pos = strlen(name);
if ((dir1 = opendir(name)) == NULL) {
free(pid_context);
@@ -502,7 +504,7 @@
if (sscanf(d1->d_name, "%d%c", &fd, &crap) != 1)
continue;
- sprintf(name+pos, "%d", fd);
+ snprintf(name+pos, sizeof(name) - pos, "%d", fd);
link_len = readlink(name, lnk, sizeof(lnk)-1);
if (link_len == -1)
@@ -2738,7 +2740,7 @@
struct sockstat *u, **insp;
int flags;
- if (!(u = malloc(sizeof(*u))))
+ if (!(u = calloc(1, sizeof(*u))))
break;
u->name = NULL;
u->peer_name = NULL;
@@ -3088,11 +3090,13 @@
strncpy(procname, "kernel", 6);
} else if (pid > 0) {
FILE *fp;
- sprintf(procname, "%s/%d/stat",
+ snprintf(procname, sizeof(procname), "%s/%d/stat",
getenv("PROC_ROOT") ? : "/proc", pid);
if ((fp = fopen(procname, "r")) != NULL) {
if (fscanf(fp, "%*d (%[^)])", procname) == 1) {
- sprintf(procname+strlen(procname), "/%d", pid);
+ snprintf(procname+strlen(procname),
+ sizeof(procname)-strlen(procname),
+ "/%d", pid);
done = 1;
}
fclose(fp);