`rt_addrprotos` doesn't currently use the `.d` directory thing - add it.
My magic 8-ball predicts we might be grabbing a value or two for use in
FRRouting at some point in the future. Let's make it so we can ship
those in a separate file when it's time.
Signed-off-by: David Lamparter <equinox@diac24.net>
Signed-off-by: David Ahern <dsahern@kernel.org>
Following inclusion in net-next, extend rtnl_rtprot_tab and rt_protos
to support Keepalived.
Signed-off-by: Alexandre Cassen <acassen@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
The commit calls a new tc ematch for using netfilter xtable matches.
This allows early classification as well as mirroning/redirecting traffic
based on logic implemented in netfilter extensions.
Current supported use case is classification based on the incoming IPSec
state used during decpsulation using the 'policy' iptables extension
(xt_policy).
The matcher uses libxtables for parsing the input parameters.
Example use for matching an IPSec state with reqid 1:
tc qdisc add dev eth0 ingress
tc filter add dev eth0 protocol ip parent ffff: \
basic match 'ipt(-m policy --dir in --pol ipsec --reqid 1)' \
action drop
This is the user-space counter part of kernel commit ccc007e4a746
("net: sched: add em_ipt ematch for calling xtables matches")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Add support for reading proto id/name mappings from rt_protos.d
directory. Allows users to have custom protocol values converted
to human friendly names.
Each file under rt_protos.d has the 'id name' format used by
rt_protos. Only .conf files are read and parsed.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
The recently introduced object pinning can be further extended in order
to allow sharing maps beyond tc namespace. F.e. maps that are being pinned
from tracing side, can be accessed through this facility as well.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
There were only few Netlink protocol names
which were printed on the screen:
rtnl, fw, tcpdiag
So added the ability to identify Netlink proto name
from /etc/iproute/nl_protos or from static table.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Update the rt_dsfield file to contain values defined in current RFC.
The days of TOS precedence are gone, even Cisco doesn't refer
to these in the documents.
The canid ematch has been added in commit:
7b5f30e Ematch used to classify CAN frames according to their identifiers
But the corresponding entry in etc/iproute2/ematch_map was lost. This patch
adds the missing entry in ematch_map, otherweise tc would complain:
Error: Unable to find ematch "canid" in /etc/iproute2/ematch_map
Please assign a unique ID to the ematch kind the suggested entry is:
7 canid
Signed-off-by: Rostislav Lisovy <lisovy@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
example usage:
tc filter add dev $dev parent $id: basic match not ipset'(foobar src)' ..
also updates iproute2/ematch_map, else tc complains:
Error: Unable to find ematch "ipset" in /etc/iproute2/ematch_map
Please assign a unique ID to the ematch kind the suggested entry is:
8 ipset
when trying to use this ematch.
(text ematch (5) only exists in kernel, a vlan ematch (6) exists neither in
kernel nor userspace, but kernel headers define TCF_EM_VLAN == 6).
User can specify device group to list by using the group keyword:
ip link show group test
If no group is specified, 0 (default) is implied.
Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org>
