diff options
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | ethtool.8.in | 20 | ||||
| -rw-r--r-- | ethtool.c | 87 | ||||
| -rw-r--r-- | netlink/coalesce.c | 2 | ||||
| -rw-r--r-- | netlink/rss.c | 19 | ||||
| -rw-r--r-- | shell-completion/bash/ethtool | 6 | ||||
| -rw-r--r-- | uapi/linux/ethtool.h | 89 | ||||
| -rw-r--r-- | uapi/linux/ethtool_netlink.h | 1 | ||||
| -rw-r--r-- | uapi/linux/if_link.h | 530 |
10 files changed, 740 insertions, 22 deletions
@@ -1,3 +1,9 @@ +Version 6.9 - May 23, 2024 + * Feature: support for rx-flow-hash gtp (-N) + * Feature: support for RSS input transformation (-X) + * Fix: typo in coalescing output (-c) + * Fix: document all debugging flags in man page + Version 6.7 - January 29, 2024 * Feature: support for setting TCP data split * Fix: fix new gcc14 warning diff --git a/configure.ac b/configure.ac index c871558..e494aac 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(ethtool, 6.7, netdev@vger.kernel.org) +AC_INIT(ethtool, 6.9, netdev@vger.kernel.org) AC_PREREQ(2.52) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([ethtool.c]) diff --git a/ethtool.8.in b/ethtool.8.in index 7a3080f..8090f0f 100644 --- a/ethtool.8.in +++ b/ethtool.8.in @@ -117,7 +117,7 @@ . hy \\n(HY .. . -.TH ETHTOOL 8 "January 2024" "Ethtool version @VERSION@" +.TH ETHTOOL 8 "May 2024" "Ethtool version @VERSION@" .SH NAME ethtool \- query or control network driver and hardware settings . @@ -351,6 +351,7 @@ ethtool \- query or control network driver and hardware settings .RB ...\ | \ default \ ] .RB [ hfunc .IR FUNC ] +.B2 xfrm symmetric-xor none .RB [ context .I CTX .RB |\ new ] @@ -565,6 +566,10 @@ Turns on debugging messages. Argument is interpreted as a mask: nokeep; lB l. 0x01 Parser information +0x02 Summary of netlink messages +0x04 Hex dump of sent netlink messages +0x08 Hex dump of received netlink messages +0x10 Structure of netlink messages .TE .TP .BI \-\-json @@ -1201,6 +1206,19 @@ even if a nibble is zero. Sets RSS hash function of the specified network device. List of RSS hash functions which kernel supports is shown as a part of the --show-rxfh command output. .TP +.BI xfrm +Sets the RSS input transformation. Currently, only the +.B symmetric-xor +transformation is supported where the NIC XORs the L3 and/or L4 source and +destination fields (as selected by +.B --config-nfc rx-flow-hash +) before passing them to the hash algorithm. The RSS hash function will +then yield the same hash for the other flow direction where the source and +destination fields are swapped (i.e. Symmetric RSS). Note that XORing the +input parameters reduces the entropy of the input set and the hash algorithm +could potentially be exploited. Switch off (default) by +.B xfrm none. +.TP .BI start\ N For the \fBequal\fR and \fBweight\fR options, sets the starting receive queue for spreading flows to \fIN\fR. @@ -360,6 +360,18 @@ static int rxflow_str_to_type(const char *str) flow_type = AH_ESP_V4_FLOW; else if (!strcmp(str, "sctp4")) flow_type = SCTP_V4_FLOW; + else if (!strcmp(str, "gtpc4")) + flow_type = GTPC_V4_FLOW; + else if (!strcmp(str, "gtpc4t")) + flow_type = GTPC_TEID_V4_FLOW; + else if (!strcmp(str, "gtpu4")) + flow_type = GTPU_V4_FLOW; + else if (!strcmp(str, "gtpu4e")) + flow_type = GTPU_EH_V4_FLOW; + else if (!strcmp(str, "gtpu4u")) + flow_type = GTPU_UL_V4_FLOW; + else if (!strcmp(str, "gtpu4d")) + flow_type = GTPU_DL_V4_FLOW; else if (!strcmp(str, "tcp6")) flow_type = TCP_V6_FLOW; else if (!strcmp(str, "udp6")) @@ -370,6 +382,18 @@ static int rxflow_str_to_type(const char *str) flow_type = SCTP_V6_FLOW; else if (!strcmp(str, "ether")) flow_type = ETHER_FLOW; + else if (!strcmp(str, "gtpc6")) + flow_type = GTPC_V6_FLOW; + else if (!strcmp(str, "gtpc6t")) + flow_type = GTPC_TEID_V6_FLOW; + else if (!strcmp(str, "gtpu6")) + flow_type = GTPU_V6_FLOW; + else if (!strcmp(str, "gtpu6e")) + flow_type = GTPU_EH_V6_FLOW; + else if (!strcmp(str, "gtpu6u")) + flow_type = GTPU_UL_V6_FLOW; + else if (!strcmp(str, "gtpu6d")) + flow_type = GTPU_DL_V6_FLOW; return flow_type; } @@ -1010,6 +1034,9 @@ static int parse_rxfhashopts(char *optstr, u32 *data) case 'n': *data |= RXH_L4_B_2_3; break; + case 'e': + *data |= RXH_GTP_TEID; + break; case 'r': *data |= RXH_DISCARD; break; @@ -1042,6 +1069,8 @@ static char *unparse_rxfhashopts(u64 opts) strcat(buf, "L4 bytes 0 & 1 [TCP/UDP src port]\n"); if (opts & RXH_L4_B_2_3) strcat(buf, "L4 bytes 2 & 3 [TCP/UDP dst port]\n"); + if (opts & RXH_GTP_TEID) + strcat(buf, "GTP TEID\n"); } else { sprintf(buf, "None"); } @@ -1559,6 +1588,24 @@ static int dump_rxfhash(int fhash, u64 val) case SCTP_V4_FLOW: fprintf(stdout, "SCTP over IPV4 flows"); break; + case GTPC_V4_FLOW: + fprintf(stdout, "GTP-C over IPV4 flows"); + break; + case GTPC_TEID_V4_FLOW: + fprintf(stdout, "GTP-C (include TEID) over IPV4 flows"); + break; + case GTPU_V4_FLOW: + fprintf(stdout, "GTP-U over IPV4 flows"); + break; + case GTPU_EH_V4_FLOW: + fprintf(stdout, "GTP-U and Extension Header over IPV4 flows"); + break; + case GTPU_UL_V4_FLOW: + fprintf(stdout, "GTP-U PSC Uplink over IPV4 flows"); + break; + case GTPU_DL_V4_FLOW: + fprintf(stdout, "GTP-U PSC Downlink over IPV4 flows"); + break; case AH_ESP_V4_FLOW: case AH_V4_FLOW: case ESP_V4_FLOW: @@ -1573,6 +1620,24 @@ static int dump_rxfhash(int fhash, u64 val) case SCTP_V6_FLOW: fprintf(stdout, "SCTP over IPV6 flows"); break; + case GTPC_V6_FLOW: + fprintf(stdout, "GTP-C over IPV6 flows"); + break; + case GTPC_TEID_V6_FLOW: + fprintf(stdout, "GTP-C (include TEID) over IPV6 flows"); + break; + case GTPU_V6_FLOW: + fprintf(stdout, "GTP-U over IPV6 flows"); + break; + case GTPU_EH_V6_FLOW: + fprintf(stdout, "GTP-U and Extension Header over IPV6 flows"); + break; + case GTPU_UL_V6_FLOW: + fprintf(stdout, "GTP-U PSC Uplink over IPV6 flows"); + break; + case GTPU_DL_V6_FLOW: + fprintf(stdout, "GTP-U PSC Downlink over IPV6 flows"); + break; case AH_ESP_V6_FLOW: case AH_V6_FLOW: case ESP_V6_FLOW: @@ -4029,6 +4094,10 @@ static int do_grxfh(struct cmd_context *ctx) (const char *)hfuncs->data + i * ETH_GSTRING_LEN, (rss->hfunc & (1 << i)) ? "on" : "off"); + printf("RSS input transformation:\n"); + printf(" symmetric-xor: %s\n", + (rss->input_xfrm & RXH_XFRM_SYM_XOR) ? "on" : "off"); + out: free(hfuncs); free(rss); @@ -4146,6 +4215,7 @@ static int do_srxfh(struct cmd_context *ctx) u32 arg_num = 0, indir_bytes = 0; u32 req_hfunc = 0; u32 entry_size = sizeof(rss_head.rss_config[0]); + u32 req_input_xfrm = 0xff; u32 num_weights = 0; u32 rss_context = 0; int delete = 0; @@ -4189,6 +4259,15 @@ static int do_srxfh(struct cmd_context *ctx) if (!req_hfunc_name) exit_bad_args(); ++arg_num; + } else if (!strcmp(ctx->argp[arg_num], "xfrm")) { + ++arg_num; + if (!strcmp(ctx->argp[arg_num], "symmetric-xor")) + req_input_xfrm = RXH_XFRM_SYM_XOR; + else if (!strcmp(ctx->argp[arg_num], "none")) + req_input_xfrm = 0; + else + exit_bad_args(); + ++arg_num; } else if (!strcmp(ctx->argp[arg_num], "context")) { ++arg_num; if(!strcmp(ctx->argp[arg_num], "new")) @@ -4333,6 +4412,7 @@ static int do_srxfh(struct cmd_context *ctx) rss->cmd = ETHTOOL_SRSSH; rss->rss_context = rss_context; rss->hfunc = req_hfunc; + rss->input_xfrm = req_input_xfrm; if (delete) { rss->indir_size = rss->key_size = 0; } else { @@ -5834,7 +5914,8 @@ static const struct option args[] = { .func = do_grxclass, .help = "Show Rx network flow classification options or rules", .xhelp = " [ rx-flow-hash tcp4|udp4|ah4|esp4|sctp4|" - "tcp6|udp6|ah6|esp6|sctp6 [context %d] |\n" + "gtpc4|gtpc4t|gtpu4|gtpu4e|gtpu4u|gtpu4d|tcp6|udp6|ah6|esp6|sctp6|" + "gtpc6|gtpc6t|gtpu6|gtpu6e|gtpu6u|gtpu6d [context %d] |\n" " rule %d ]\n" }, { @@ -5842,7 +5923,8 @@ static const struct option args[] = { .func = do_srxclass, .help = "Configure Rx network flow classification options or rules", .xhelp = " rx-flow-hash tcp4|udp4|ah4|esp4|sctp4|" - "tcp6|udp6|ah6|esp6|sctp6 m|v|t|s|d|f|n|r... [context %d] |\n" + "gtpc4|gtpc4t|gtpu4|gtpu4e|gtpu4u|gtpu4d|tcp6|udp6|ah6|esp6|sctp6" + "|gtpc6|gtpc6t|gtpu6|gtpu6e|gtpu6u|gtpu6d m|v|t|s|d|f|n|r|e... [context %d] |\n" " flow-type ether|ip4|tcp4|udp4|sctp4|ah4|esp4|" "ip6|tcp6|udp6|ah6|esp6|sctp6\n" " [ src %x:%x:%x:%x:%x:%x [m %x:%x:%x:%x:%x:%x] ]\n" @@ -5887,6 +5969,7 @@ static const struct option args[] = { " [ equal N | weight W0 W1 ... | default ]\n" " [ hkey %x:%x:%x:%x:%x:.... ]\n" " [ hfunc FUNC ]\n" + " [ xfrm symmetric-xor|none ]\n" " [ delete ]\n" }, { diff --git a/netlink/coalesce.c b/netlink/coalesce.c index bc34d3d..bb93f9b 100644 --- a/netlink/coalesce.c +++ b/netlink/coalesce.c @@ -93,7 +93,7 @@ int coalesce_reply_cb(const struct nlmsghdr *nlhdr, void *data) tb[ETHTOOL_A_COALESCE_TX_AGGR_MAX_BYTES]); show_u32("tx-aggr-max-frames", "tx-aggr-max-frames:\t", tb[ETHTOOL_A_COALESCE_TX_AGGR_MAX_FRAMES]); - show_u32("tx-aggr-time-usecs", "tx-aggr-time-usecs\t", + show_u32("tx-aggr-time-usecs", "tx-aggr-time-usecs:\t", tb[ETHTOOL_A_COALESCE_TX_AGGR_TIME_USECS]); show_cr(); diff --git a/netlink/rss.c b/netlink/rss.c index 4ad6065..dc28698 100644 --- a/netlink/rss.c +++ b/netlink/rss.c @@ -21,7 +21,8 @@ struct cb_args { void dump_json_rss_info(struct cmd_context *ctx, u32 *indir_table, u32 indir_size, u8 *hkey, u32 hkey_size, - const struct stringset *hash_funcs, u8 hfunc) + const struct stringset *hash_funcs, u8 hfunc, + u32 input_xfrm) { unsigned int i; @@ -46,6 +47,12 @@ void dump_json_rss_info(struct cmd_context *ctx, u32 *indir_table, if (hfunc & (1 << i)) { print_string(PRINT_JSON, "rss-hash-function", NULL, get_string(hash_funcs, i)); + open_json_object("rss-input-transformation"); + print_bool(PRINT_JSON, "symmetric-xor", NULL, + (input_xfrm & RXH_XFRM_SYM_XOR) ? + true : false); + + close_json_object(); break; } } @@ -89,6 +96,7 @@ int rss_reply_cb(const struct nlmsghdr *nlhdr, void *data) const struct stringset *hash_funcs; u32 rss_hfunc = 0, indir_size; u32 *indir_table = NULL; + u32 input_xfrm = 0; u8 *hkey = NULL; bool silent; int err_ret; @@ -118,6 +126,9 @@ int rss_reply_cb(const struct nlmsghdr *nlhdr, void *data) hkey = mnl_attr_get_payload(tb[ETHTOOL_A_RSS_HKEY]); } + if (tb[ETHTOOL_A_RSS_INPUT_XFRM]) + input_xfrm = mnl_attr_get_u32(tb[ETHTOOL_A_RSS_INPUT_XFRM]); + /* Fetch RSS hash functions and their status and print */ if (!nlctx->is_monitor) { ret = netlink_init_ethnl2_socket(nlctx); @@ -153,7 +164,8 @@ int rss_reply_cb(const struct nlmsghdr *nlhdr, void *data) indir_size = indir_bytes / sizeof(u32); if (is_json_context()) { dump_json_rss_info(nlctx->ctx, (u32 *)indir_table, indir_size, - hkey, hkey_bytes, hash_funcs, rss_hfunc); + hkey, hkey_bytes, hash_funcs, rss_hfunc, + input_xfrm); } else { print_indir_table(nlctx->ctx, args->num_rings, indir_size, (u32 *)indir_table); @@ -167,6 +179,9 @@ int rss_reply_cb(const struct nlmsghdr *nlhdr, void *data) printf(" %s: %s\n", get_string(hash_funcs, i), (rss_hfunc & (1 << i)) ? "on" : "off"); } + printf("RSS input transformation:\n"); + printf(" symmetric-xor: %s\n", + (input_xfrm & RXH_XFRM_SYM_XOR) ? "on" : "off"); } return MNL_CB_OK; diff --git a/shell-completion/bash/ethtool b/shell-completion/bash/ethtool index 99c5f6f..f7d6aed 100644 --- a/shell-completion/bash/ethtool +++ b/shell-completion/bash/ethtool @@ -79,6 +79,8 @@ _ethtool_flow_type() local types='ah4 ah6 esp4 esp6 ether sctp4 sctp6 tcp4 tcp6 udp4 udp6' if [ "${1-}" != --hash ]; then types="$types ip4 ip6" + else + types="gtpc4 gtpc6 gtpc4t gtpc6t gtpu4 gtpu6 gtpu4e gtpu6e gtpu4u gtpu6u gtpu4d gtpu6d $types" fi COMPREPLY=( $( compgen -W "$types" -- "$cur" ) ) } @@ -171,7 +173,7 @@ _ethtool_change() return ;; wol) # $cur is a set of wol type characters. - _ethtool_compgen_letterset p u m b a g s f d + _ethtool_compgen_letterset p u m b a g s f d e return ;; xcvr) COMPREPLY=( $( compgen -W 'internal external' -- "$cur" ) ) @@ -483,7 +485,7 @@ _ethtool_config_nfc() _ethtool_flow_type --hash return ;; 5) - _ethtool_compgen_letterset m v t s d f n r + _ethtool_compgen_letterset m v t s d f n r e return ;; 6) COMPREPLY=( $( compgen -W context -- "$cur" ) ) diff --git a/uapi/linux/ethtool.h b/uapi/linux/ethtool.h index 1d0731b..4d74ba0 100644 --- a/uapi/linux/ethtool.h +++ b/uapi/linux/ethtool.h @@ -1264,6 +1264,8 @@ struct ethtool_rxfh_indir { * hardware hash key. * @hfunc: Defines the current RSS hash function used by HW (or to be set to). * Valid values are one of the %ETH_RSS_HASH_*. + * @input_xfrm: Defines how the input data is transformed. Valid values are one + * of %RXH_XFRM_*. * @rsvd8: Reserved for future use; see the note on reserved space. * @rsvd32: Reserved for future use; see the note on reserved space. * @rss_config: RX ring/queue index for each hash value i.e., indirection table @@ -1283,7 +1285,8 @@ struct ethtool_rxfh { __u32 indir_size; __u32 key_size; __u8 hfunc; - __u8 rsvd8[3]; + __u8 input_xfrm; + __u8 rsvd8[2]; __u32 rsvd32; __u32 rss_config[]; }; @@ -1990,6 +1993,15 @@ static __inline__ int ethtool_validate_duplex(__u8 duplex) #define WOL_MODE_COUNT 8 +/* RSS hash function data + * XOR the corresponding source and destination fields of each specified + * protocol. Both copies of the XOR'ed fields are fed into the RSS and RXHASH + * calculation. Note that this XORing reduces the input set entropy and could + * be exploited to reduce the RSS queue spread. + */ +#define RXH_XFRM_SYM_XOR (1 << 0) +#define RXH_XFRM_NO_CHANGE 0xff + /* L2-L4 network traffic flow types */ #define TCP_V4_FLOW 0x01 /* hash or spec (tcp_ip4_spec) */ #define UDP_V4_FLOW 0x02 /* hash or spec (udp_ip4_spec) */ @@ -2009,6 +2021,53 @@ static __inline__ int ethtool_validate_duplex(__u8 duplex) #define IPV4_FLOW 0x10 /* hash only */ #define IPV6_FLOW 0x11 /* hash only */ #define ETHER_FLOW 0x12 /* spec only (ether_spec) */ + +/* Used for GTP-U IPv4 and IPv6. + * The format of GTP packets only includes + * elements such as TEID and GTP version. + * It is primarily intended for data communication of the UE. + */ +#define GTPU_V4_FLOW 0x13 /* hash only */ +#define GTPU_V6_FLOW 0x14 /* hash only */ + +/* Use for GTP-C IPv4 and v6. + * The format of these GTP packets does not include TEID. + * Primarily expected to be used for communication + * to create sessions for UE data communication, + * commonly referred to as CSR (Create Session Request). + */ +#define GTPC_V4_FLOW 0x15 /* hash only */ +#define GTPC_V6_FLOW 0x16 /* hash only */ + +/* Use for GTP-C IPv4 and v6. + * Unlike GTPC_V4_FLOW, the format of these GTP packets includes TEID. + * After session creation, it becomes this packet. + * This is mainly used for requests to realize UE handover. + */ +#define GTPC_TEID_V4_FLOW 0x17 /* hash only */ +#define GTPC_TEID_V6_FLOW 0x18 /* hash only */ + +/* Use for GTP-U and extended headers for the PSC (PDU Session Container). + * The format of these GTP packets includes TEID and QFI. + * In 5G communication using UPF (User Plane Function), + * data communication with this extended header is performed. + */ +#define GTPU_EH_V4_FLOW 0x19 /* hash only */ +#define GTPU_EH_V6_FLOW 0x1a /* hash only */ + +/* Use for GTP-U IPv4 and v6 PSC (PDU Session Container) extended headers. + * This differs from GTPU_EH_V(4|6)_FLOW in that it is distinguished by + * UL/DL included in the PSC. + * There are differences in the data included based on Downlink/Uplink, + * and can be used to distinguish packets. + * The functions described so far are useful when you want to + * handle communication from the mobile network in UPF, PGW, etc. + */ +#define GTPU_UL_V4_FLOW 0x1b /* hash only */ +#define GTPU_UL_V6_FLOW 0x1c /* hash only */ +#define GTPU_DL_V4_FLOW 0x1d /* hash only */ +#define GTPU_DL_V6_FLOW 0x1e /* hash only */ + /* Flag to enable additional fields in struct ethtool_rx_flow_spec */ #define FLOW_EXT 0x80000000 #define FLOW_MAC_EXT 0x40000000 @@ -2023,6 +2082,7 @@ static __inline__ int ethtool_validate_duplex(__u8 duplex) #define RXH_IP_DST (1 << 5) #define RXH_L4_B_0_1 (1 << 6) /* src port in case of TCP/UDP/SCTP */ #define RXH_L4_B_2_3 (1 << 7) /* dst port in case of TCP/UDP/SCTP */ +#define RXH_GTP_TEID (1 << 8) /* teid in case of GTP */ #define RXH_DISCARD (1 << 31) #define RX_CLS_FLOW_DISC 0xffffffffffffffffULL @@ -2126,18 +2186,6 @@ enum ethtool_reset_flags { * refused. For drivers: ignore this field (use kernel's * __ETHTOOL_LINK_MODE_MASK_NBITS instead), any change to it will * be overwritten by kernel. - * @supported: Bitmap with each bit meaning given by - * %ethtool_link_mode_bit_indices for the link modes, physical - * connectors and other link features for which the interface - * supports autonegotiation or auto-detection. Read-only. - * @advertising: Bitmap with each bit meaning given by - * %ethtool_link_mode_bit_indices for the link modes, physical - * connectors and other link features that are advertised through - * autonegotiation or enabled for auto-detection. - * @lp_advertising: Bitmap with each bit meaning given by - * %ethtool_link_mode_bit_indices for the link modes, and other - * link features that the link partner advertised through - * autonegotiation; 0 if unknown or not applicable. Read-only. * @transceiver: Used to distinguish different possible PHY types, * reported consistently by PHYLIB. Read-only. * @master_slave_cfg: Master/slave port mode. @@ -2179,6 +2227,21 @@ enum ethtool_reset_flags { * %set_link_ksettings() should validate all fields other than @cmd * and @link_mode_masks_nwords that are not described as read-only or * deprecated, and must ignore all fields described as read-only. + * + * @link_mode_masks is divided into three bitfields, each of length + * @link_mode_masks_nwords: + * - supported: Bitmap with each bit meaning given by + * %ethtool_link_mode_bit_indices for the link modes, physical + * connectors and other link features for which the interface + * supports autonegotiation or auto-detection. Read-only. + * - advertising: Bitmap with each bit meaning given by + * %ethtool_link_mode_bit_indices for the link modes, physical + * connectors and other link features that are advertised through + * autonegotiation or enabled for auto-detection. + * - lp_advertising: Bitmap with each bit meaning given by + * %ethtool_link_mode_bit_indices for the link modes, and other + * link features that the link partner advertised through + * autonegotiation; 0 if unknown or not applicable. Read-only. */ struct ethtool_link_settings { __u32 cmd; diff --git a/uapi/linux/ethtool_netlink.h b/uapi/linux/ethtool_netlink.h index a8b0d79..447d922 100644 --- a/uapi/linux/ethtool_netlink.h +++ b/uapi/linux/ethtool_netlink.h @@ -908,6 +908,7 @@ enum { ETHTOOL_A_RSS_HFUNC, /* u32 */ ETHTOOL_A_RSS_INDIR, /* binary */ ETHTOOL_A_RSS_HKEY, /* binary */ + ETHTOOL_A_RSS_INPUT_XFRM, /* u32 */ __ETHTOOL_A_RSS_CNT, ETHTOOL_A_RSS_MAX = (__ETHTOOL_A_RSS_CNT - 1), diff --git a/uapi/linux/if_link.h b/uapi/linux/if_link.h index c146352..ff4ceea 100644 --- a/uapi/linux/if_link.h +++ b/uapi/linux/if_link.h @@ -459,6 +459,286 @@ enum in6_addr_gen_mode { /* Bridge section */ +/** + * DOC: Bridge enum definition + * + * Please *note* that the timer values in the following section are expected + * in clock_t format, which is seconds multiplied by USER_HZ (generally + * defined as 100). + * + * @IFLA_BR_FORWARD_DELAY + * The bridge forwarding delay is the time spent in LISTENING state + * (before moving to LEARNING) and in LEARNING state (before moving + * to FORWARDING). Only relevant if STP is enabled. + * + * The valid values are between (2 * USER_HZ) and (30 * USER_HZ). + * The default value is (15 * USER_HZ). + * + * @IFLA_BR_HELLO_TIME + * The time between hello packets sent by the bridge, when it is a root + * bridge or a designated bridge. Only relevant if STP is enabled. + * + * The valid values are between (1 * USER_HZ) and (10 * USER_HZ). + * The default value is (2 * USER_HZ). + * + * @IFLA_BR_MAX_AGE + * The hello packet timeout is the time until another bridge in the + * spanning tree is assumed to be dead, after reception of its last hello + * message. Only relevant if STP is enabled. + * + * The valid values are between (6 * USER_HZ) and (40 * USER_HZ). + * The default value is (20 * USER_HZ). + * + * @IFLA_BR_AGEING_TIME + * Configure the bridge's FDB entries aging time. It is the time a MAC + * address will be kept in the FDB after a packet has been received from + * that address. After this time has passed, entries are cleaned up. + * Allow values outside the 802.1 standard specification for special cases: + * + * * 0 - entry never ages (all permanent) + * * 1 - entry disappears (no persistence) + * + * The default value is (300 * USER_HZ). + * + * @IFLA_BR_STP_STATE + * Turn spanning tree protocol on (*IFLA_BR_STP_STATE* > 0) or off + * (*IFLA_BR_STP_STATE* == 0) for this bridge. + * + * The default value is 0 (disabled). + * + * @IFLA_BR_PRIORITY + * Set this bridge's spanning tree priority, used during STP root bridge + * election. + * + * The valid values are between 0 and 65535. + * + * @IFLA_BR_VLAN_FILTERING + * Turn VLAN filtering on (*IFLA_BR_VLAN_FILTERING* > 0) or off + * (*IFLA_BR_VLAN_FILTERING* == 0). When disabled, the bridge will not + * consider the VLAN tag when handling packets. + * + * The default value is 0 (disabled). + * + * @IFLA_BR_VLAN_PROTOCOL + * Set the protocol used for VLAN filtering. + * + * The valid values are 0x8100(802.1Q) or 0x88A8(802.1AD). The default value + * is 0x8100(802.1Q). + * + * @IFLA_BR_GROUP_FWD_MASK + * The group forwarding mask. This is the bitmask that is applied to + * decide whether to forward incoming frames destined to link-local + * addresses (of the form 01:80:C2:00:00:0X). + * + * The default value is 0, which means the bridge does not forward any + * link-local frames coming on this port. + * + * @IFLA_BR_ROOT_ID + * The bridge root id, read only. + * + * @IFLA_BR_BRIDGE_ID + * The bridge id, read only. + * + * @IFLA_BR_ROOT_PORT + * The bridge root port, read only. + * + * @IFLA_BR_ROOT_PATH_COST + * The bridge root path cost, read only. + * + * @IFLA_BR_TOPOLOGY_CHANGE + * The bridge topology change, read only. + * + * @IFLA_BR_TOPOLOGY_CHANGE_DETECTED + * The bridge topology change detected, read only. + * + * @IFLA_BR_HELLO_TIMER + * The bridge hello timer, read only. + * + * @IFLA_BR_TCN_TIMER + * The bridge tcn timer, read only. + * + * @IFLA_BR_TOPOLOGY_CHANGE_TIMER + * The bridge topology change timer, read only. + * + * @IFLA_BR_GC_TIMER + * The bridge gc timer, read only. + * + * @IFLA_BR_GROUP_ADDR + * Set the MAC address of the multicast group this bridge uses for STP. + * The address must be a link-local address in standard Ethernet MAC address + * format. It is an address of the form 01:80:C2:00:00:0X, with X in [0, 4..f]. + * + * The default value is 0. + * + * @IFLA_BR_FDB_FLUSH + * Flush bridge's fdb dynamic entries. + * + * @IFLA_BR_MCAST_ROUTER + * Set bridge's multicast router if IGMP snooping is enabled. + * The valid values are: + * + * * 0 - disabled. + * * 1 - automatic (queried). + * * 2 - permanently enabled. + * + * The default value is 1. + * + * @IFLA_BR_MCAST_SNOOPING + * Turn multicast snooping on (*IFLA_BR_MCAST_SNOOPING* > 0) or off + * (*IFLA_BR_MCAST_SNOOPING* == 0). + * + * The default value is 1. + * + * @IFLA_BR_MCAST_QUERY_USE_IFADDR + * If enabled use the bridge's own IP address as source address for IGMP + * queries (*IFLA_BR_MCAST_QUERY_USE_IFADDR* > 0) or the default of 0.0.0.0 + * (*IFLA_BR_MCAST_QUERY_USE_IFADDR* == 0). + * + * The default value is 0 (disabled). + * + * @IFLA_BR_MCAST_QUERIER + * Enable (*IFLA_BR_MULTICAST_QUERIER* > 0) or disable + * (*IFLA_BR_MULTICAST_QUERIER* == 0) IGMP querier, ie sending of multicast + * queries by the bridge. + * + * The default value is 0 (disabled). + * + * @IFLA_BR_MCAST_HASH_ELASTICITY + * Set multicast database hash elasticity, It is the maximum chain length in + * the multicast hash table. This attribute is *deprecated* and the value + * is always 16. + * + * @IFLA_BR_MCAST_HASH_MAX + * Set maximum size of the multicast hash table + * + * The default value is 4096, the value must be a power of 2. + * + * @IFLA_BR_MCAST_LAST_MEMBER_CNT + * The Last Member Query Count is the number of Group-Specific Queries + * sent before the router assumes there are no local members. The Last + * Member Query Count is also the number of Group-and-Source-Specific + * Queries sent before the router assumes there are no listeners for a + * particular source. + * + * The default value is 2. + * + * @IFLA_BR_MCAST_STARTUP_QUERY_CNT + * The Startup Query Count is the number of Queries sent out on startup, + * separated by the Startup Query Interval. + * + * The default value is 2. + * + * @IFLA_BR_MCAST_LAST_MEMBER_INTVL + * The Last Member Query Interval is the Max Response Time inserted into + * Group-Specific Queries sent in response to Leave Group messages, and + * is also the amount of time between Group-Specific Query messages. + * + * The default value is (1 * USER_HZ). + * + * @IFLA_BR_MCAST_MEMBERSHIP_INTVL + * The interval after which the bridge will leave a group, if no membership + * reports for this group are received. + * + * The default value is (260 * USER_HZ). + * + * @IFLA_BR_MCAST_QUERIER_INTVL + * The interval between queries sent by other routers. if no queries are + * seen after this delay has passed, the bridge will start to send its own + * queries (as if *IFLA_BR_MCAST_QUERIER_INTVL* was enabled). + * + * The default value is (255 * USER_HZ). + * + * @IFLA_BR_MCAST_QUERY_INTVL + * The Query Interval is the interval between General Queries sent by + * the Querier. + * + * The default value is (125 * USER_HZ). The minimum value is (1 * USER_HZ). + * + * @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL + * The Max Response Time used to calculate the Max Resp Code inserted + * into the periodic General Queries. + * + * The default value is (10 * USER_HZ). + * + * @IFLA_BR_MCAST_STARTUP_QUERY_INTVL + * The interval between queries in the startup phase. + * + * The default value is (125 * USER_HZ) / 4. The minimum value is (1 * USER_HZ). + * + * @IFLA_BR_NF_CALL_IPTABLES + * Enable (*NF_CALL_IPTABLES* > 0) or disable (*NF_CALL_IPTABLES* == 0) + * iptables hooks on the bridge. + * + * The default value is 0 (disabled). + * + * @IFLA_BR_NF_CALL_IP6TABLES + * Enable (*NF_CALL_IP6TABLES* > 0) or disable (*NF_CALL_IP6TABLES* == 0) + * ip6tables hooks on the bridge. + * + * The default value is 0 (disabled). + * + * @IFLA_BR_NF_CALL_ARPTABLES + * Enable (*NF_CALL_ARPTABLES* > 0) or disable (*NF_CALL_ARPTABLES* == 0) + * arptables hooks on the bridge. + * + * The default value is 0 (disabled). + * + * @IFLA_BR_VLAN_DEFAULT_PVID + * VLAN ID applied to untagged and priority-tagged incoming packets. + * + * The default value is 1. Setting to the special value 0 makes all ports of + * this bridge not have a PVID by default, which means that they will + * not accept VLAN-untagged traffic. + * + * @IFLA_BR_PAD + * Bridge attribute padding type for netlink message. + * + * @IFLA_BR_VLAN_STATS_ENABLED + * Enable (*IFLA_BR_VLAN_STATS_ENABLED* == 1) or disable + * (*IFLA_BR_VLAN_STATS_ENABLED* == 0) per-VLAN stats accounting. + * + * The default value is 0 (disabled). + * + * @IFLA_BR_MCAST_STATS_ENABLED + * Enable (*IFLA_BR_MCAST_STATS_ENABLED* > 0) or disable + * (*IFLA_BR_MCAST_STATS_ENABLED* == 0) multicast (IGMP/MLD) stats + * accounting. + * + * The default value is 0 (disabled). + * + * @IFLA_BR_MCAST_IGMP_VERSION + * Set the IGMP version. + * + * The valid values are 2 and 3. The default value is 2. + * + * @IFLA_BR_MCAST_MLD_VERSION + * Set the MLD version. + * + * The valid values are 1 and 2. The default value is 1. + * + * @IFLA_BR_VLAN_STATS_PER_PORT + * Enable (*IFLA_BR_VLAN_STATS_PER_PORT* == 1) or disable + * (*IFLA_BR_VLAN_STATS_PER_PORT* == 0) per-VLAN per-port stats accounting. + * Can be changed only when there are no port VLANs configured. + * + * The default value is 0 (disabled). + * + * @IFLA_BR_MULTI_BOOLOPT + * The multi_boolopt is used to control new boolean options to avoid adding + * new netlink attributes. You can look at ``enum br_boolopt_id`` for those + * options. + * + * @IFLA_BR_MCAST_QUERIER_STATE + * Bridge mcast querier states, read only. + * + * @IFLA_BR_FDB_N_LEARNED + * The number of dynamically learned FDB entries for the current bridge, + * read only. + * + * @IFLA_BR_FDB_MAX_LEARNED + * Set the number of max dynamically learned FDB entries for the current + * bridge. + */ enum { IFLA_BR_UNSPEC, IFLA_BR_FORWARD_DELAY, @@ -520,11 +800,252 @@ struct ifla_bridge_id { __u8 addr[6]; /* ETH_ALEN */ }; +/** + * DOC: Bridge mode enum definition + * + * @BRIDGE_MODE_HAIRPIN + * Controls whether traffic may be sent back out of the port on which it + * was received. This option is also called reflective relay mode, and is + * used to support basic VEPA (Virtual Ethernet Port Aggregator) + * capabilities. By default, this flag is turned off and the bridge will + * not forward traffic back out of the receiving port. + */ enum { BRIDGE_MODE_UNSPEC, BRIDGE_MODE_HAIRPIN, }; +/** + * DOC: Bridge port enum definition + * + * @IFLA_BRPORT_STATE + * The operation state of the port. Here are the valid values. + * + * * 0 - port is in STP *DISABLED* state. Make this port completely + * inactive for STP. This is also called BPDU filter and could be used + * to disable STP on an untrusted port, like a leaf virtual device. + * The traffic forwarding is also stopped on this port. + * * 1 - port is in STP *LISTENING* state. Only valid if STP is enabled + * on the bridge. In this state the port listens for STP BPDUs and + * drops all other traffic frames. + * * 2 - port is in STP *LEARNING* state. Only valid if STP is enabled on + * the bridge. In this state the port will accept traffic only for the + * purpose of updating MAC address tables. + * * 3 - port is in STP *FORWARDING* state. Port is fully active. + * * 4 - port is in STP *BLOCKING* state. Only valid if STP is enabled on + * the bridge. This state is used during the STP election process. + * In this state, port will only process STP BPDUs. + * + * @IFLA_BRPORT_PRIORITY + * The STP port priority. The valid values are between 0 and 255. + * + * @IFLA_BRPORT_COST + * The STP path cost of the port. The valid values are between 1 and 65535. + * + * @IFLA_BRPORT_MODE + * Set the bridge port mode. See *BRIDGE_MODE_HAIRPIN* for more details. + * + * @IFLA_BRPORT_GUARD + * Controls whether STP BPDUs will be processed by the bridge port. By + * default, the flag is turned off to allow BPDU processing. Turning this + * flag on will disable the bridge port if a STP BPDU packet is received. + * + * If the bridge has Spanning Tree enabled, hostile devices on the network + * may send BPDU on a port and cause network failure. Setting *guard on* + * will detect and stop this by disabling the port. The port will be + * restarted if the link is brought down, or removed and reattached. + * + * @IFLA_BRPORT_PROTECT + * Controls whether a given port is allowed to become a root port or not. + * Only used when STP is enabled on the bridge. By default the flag is off. + * + * This feature is also called root port guard. If BPDU is received from a + * leaf (edge) port, it should not be elected as root port. This could + * be used if using STP on a bridge and the downstream bridges are not fully + * trusted; this prevents a hostile guest from rerouting traffic. + * + * @IFLA_BRPORT_FAST_LEAVE + * This flag allows the bridge to immediately stop multicast traffic + * forwarding on a port that receives an IGMP Leave message. It is only used + * when IGMP snooping is enabled on the bridge. By default the flag is off. + * + * @IFLA_BRPORT_LEARNING + * Controls whether a given port will learn *source* MAC addresses from + * received traffic or not. Also controls whether dynamic FDB entries + * (which can also be added by software) will be refreshed by incoming + * traffic. By default this flag is on. + * + * @IFLA_BRPORT_UNICAST_FLOOD + * Controls whether unicast traffic for which there is no FDB entry will + * be flooded towards this port. By default this flag is on. + * + * @IFLA_BRPORT_PROXYARP + * Enable proxy ARP on this port. + * + * @IFLA_BRPORT_LEARNING_SYNC + * Controls whether a given port will sync MAC addresses learned on device + * port to bridge FDB. + * + * @IFLA_BRPORT_PROXYARP_WIFI + * Enable proxy ARP on this port which meets extended requirements by + * IEEE 802.11 and Hotspot 2.0 specifications. + * + * @IFLA_BRPORT_ROOT_ID + * + * @IFLA_BRPORT_BRIDGE_ID + * + * @IFLA_BRPORT_DESIGNATED_PORT + * + * @IFLA_BRPORT_DESIGNATED_COST + * + * @IFLA_BRPORT_ID + * + * @IFLA_BRPORT_NO + * + * @IFLA_BRPORT_TOPOLOGY_CHANGE_ACK + * + * @IFLA_BRPORT_CONFIG_PENDING + * + * @IFLA_BRPORT_MESSAGE_AGE_TIMER + * + * @IFLA_BRPORT_FORWARD_DELAY_TIMER + * + * @IFLA_BRPORT_HOLD_TIMER + * + * @IFLA_BRPORT_FLUSH + * Flush bridge ports' fdb dynamic entries. + * + * @IFLA_BRPORT_MULTICAST_ROUTER + * Configure the port's multicast router presence. A port with + * a multicast router will receive all multicast traffic. + * The valid values are: + * + * * 0 disable multicast routers on this port + * * 1 let the system detect the presence of routers (default) + * * 2 permanently enable multicast traffic forwarding on this port + * * 3 enable multicast routers temporarily on this port, not depending + * on incoming queries. + * + * @IFLA_BRPORT_PAD + * + * @IFLA_BRPORT_MCAST_FLOOD + * Controls whether a given port will flood multicast traffic for which + * there is no MDB entry. By default this flag is on. + * + * @IFLA_BRPORT_MCAST_TO_UCAST + * Controls whether a given port will replicate packets using unicast + * instead of multicast. By default this flag is off. + * + * This is done by copying the packet per host and changing the multicast + * destination MAC to a unicast one accordingly. + * + * *mcast_to_unicast* works on top of the multicast snooping feature of the + * bridge. Which means unicast copies are only delivered to hosts which + * are interested in unicast and signaled this via IGMP/MLD reports previously. + * + * This feature is intended for interface types which have a more reliable + * and/or efficient way to deliver unicast packets than broadcast ones + * (e.g. WiFi). + * + * However, it should only be enabled on interfaces where no IGMPv2/MLDv1 + * report suppression takes place. IGMP/MLD report suppression issue is + * usually overcome by the network daemon (supplicant) enabling AP isolation + * and by that separating all STAs. + * + * Delivery of STA-to-STA IP multicast is made possible again by enabling + * and utilizing the bridge hairpin mode, which considers the incoming port + * as a potential outgoing port, too (see *BRIDGE_MODE_HAIRPIN* option). + * Hairpin mode is performed after multicast snooping, therefore leading + * to only deliver reports to STAs running a multicast router. + * + * @IFLA_BRPORT_VLAN_TUNNEL + * Controls whether vlan to tunnel mapping is enabled on the port. + * By default this flag is off. + * + * @IFLA_BRPORT_BCAST_FLOOD + * Controls flooding of broadcast traffic on the given port. By default + * this flag is on. + * + * @IFLA_BRPORT_GROUP_FWD_MASK + * Set the group forward mask. This is a bitmask that is applied to + * decide whether to forward incoming frames destined to link-local + * addresses. The addresses of the form are 01:80:C2:00:00:0X (defaults + * to 0, which means the bridge does not forward any link-local frames + * coming on this port). + * + * @IFLA_BRPORT_NEIGH_SUPPRESS + * Controls whether neighbor discovery (arp and nd) proxy and suppression + * is enabled on the port. By default this flag is off. + * + * @IFLA_BRPORT_ISOLATED + * Controls whether a given port will be isolated, which means it will be + * able to communicate with non-isolated ports only. By default this + * flag is off. + * + * @IFLA_BRPORT_BACKUP_PORT + * Set a backup port. If the port loses carrier all traffic will be + * redirected to the configured backup port. Set the value to 0 to disable + * it. + * + * @IFLA_BRPORT_MRP_RING_OPEN + * + * @IFLA_BRPORT_MRP_IN_OPEN + * + * @IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT + * The number of per-port EHT hosts limit. The default value is 512. + * Setting to 0 is not allowed. + * + * @IFLA_BRPORT_MCAST_EHT_HOSTS_CNT + * The current number of tracked hosts, read only. + * + * @IFLA_BRPORT_LOCKED + * Controls whether a port will be locked, meaning that hosts behind the + * port will not be able to communicate through the port unless an FDB + * entry with the unit's MAC address is in the FDB. The common use case is + * that hosts are allowed access through authentication with the IEEE 802.1X + * protocol or based on whitelists. By default this flag is off. + * + * Please note that secure 802.1X deployments should always use the + * *BR_BOOLOPT_NO_LL_LEARN* flag, to not permit the bridge to populate its + * FDB based on link-local (EAPOL) traffic received on the port. + * + * @IFLA_BRPORT_MAB + * Controls whether a port will use MAC Authentication Bypass (MAB), a + * technique through which select MAC addresses may be allowed on a locked + * port, without using 802.1X authentication. Packets with an unknown source + * MAC address generates a "locked" FDB entry on the incoming bridge port. + * The common use case is for user space to react to these bridge FDB + * notifications and optionally replace the locked FDB entry with a normal + * one, allowing traffic to pass for whitelisted MAC addresses. + * + * Setting this flag also requires *IFLA_BRPORT_LOCKED* and + * *IFLA_BRPORT_LEARNING*. *IFLA_BRPORT_LOCKED* ensures that unauthorized + * data packets are dropped, and *IFLA_BRPORT_LEARNING* allows the dynamic + * FDB entries installed by user space (as replacements for the locked FDB + * entries) to be refreshed and/or aged out. + * + * @IFLA_BRPORT_MCAST_N_GROUPS + * + * @IFLA_BRPORT_MCAST_MAX_GROUPS + * Sets the maximum number of MDB entries that can be registered for a + * given port. Attempts to register more MDB entries at the port than this + * limit allows will be rejected, whether they are done through netlink + * (e.g. the bridge tool), or IGMP or MLD membership reports. Setting a + * limit of 0 disables the limit. The default value is 0. + * + * @IFLA_BRPORT_NEIGH_VLAN_SUPPRESS + * Controls whether neighbor discovery (arp and nd) proxy and suppression is + * enabled for a given port. By default this flag is off. + * + * Note that this option only takes effect when *IFLA_BRPORT_NEIGH_SUPPRESS* + * is enabled for a given port. + * + * @IFLA_BRPORT_BACKUP_NHID + * The FDB nexthop object ID to attach to packets being redirected to a + * backup port that has VLAN tunnel mapping enabled (via the + * *IFLA_BRPORT_VLAN_TUNNEL* option). Setting a value of 0 (default) has + * the effect of not attaching any ID. + */ enum { IFLA_BRPORT_UNSPEC, IFLA_BRPORT_STATE, /* Spanning tree state */ @@ -854,6 +1375,7 @@ enum { IFLA_VXLAN_DF, IFLA_VXLAN_VNIFILTER, /* only applicable with COLLECT_METADATA mode */ IFLA_VXLAN_LOCALBYPASS, + IFLA_VXLAN_LABEL_POLICY, /* IPv6 flow label policy; ifla_vxlan_label_policy */ __IFLA_VXLAN_MAX }; #define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1) @@ -871,6 +1393,13 @@ enum ifla_vxlan_df { VXLAN_DF_MAX = __VXLAN_DF_END - 1, }; +enum ifla_vxlan_label_policy { + VXLAN_LABEL_FIXED = 0, + VXLAN_LABEL_INHERIT = 1, + __VXLAN_LABEL_END, + VXLAN_LABEL_MAX = __VXLAN_LABEL_END - 1, +}; + /* GENEVE section */ enum { IFLA_GENEVE_UNSPEC, @@ -974,6 +1503,7 @@ enum { IFLA_BOND_AD_LACP_ACTIVE, IFLA_BOND_MISSED_MAX, IFLA_BOND_NS_IP6_TARGET, + IFLA_BOND_COUPLED_CONTROL, __IFLA_BOND_MAX, }; |