From d47129cf707fac663264651c7112992bc3265003 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 17 May 2024 16:59:00 +0200 Subject: Merging upstream version 6.9.0. Signed-off-by: Daniel Baumann --- man/man8/bridge.8 | 6 ++++++ man/man8/ip-ioam.8 | 5 +++++ man/man8/ip-link.8.in | 2 +- man/man8/ip-netns.8.in | 2 +- man/man8/ip-route.8.in | 16 ++++++++++++---- man/man8/ss.8 | 9 +++++++++ man/man8/tc-matchall.8 | 20 ++++++++++---------- man/man8/tc-mirred.8 | 38 +++++++++++++++++++++++++++++--------- man/man8/tc-simple.8 | 12 ++++++------ man/man8/tc.8 | 6 +++++- 10 files changed, 84 insertions(+), 32 deletions(-) (limited to 'man/man8') diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index eeea407..bb02bd2 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -22,6 +22,7 @@ bridge \- show / manipulate bridge addresses and devices \fB\-s\fR[\fItatistics\fR] | \fB\-n\fR[\fIetns\fR] name | \fB\-b\fR[\fIatch\fR] filename | +\fB\-com\fR[\fIpressvlans\fR] | \fB\-c\fR[\fIolor\fR] | \fB\-p\fR[\fIretty\fR] | \fB\-j\fR[\fIson\fR] | @@ -345,6 +346,11 @@ Don't terminate bridge command on errors in batch mode. If there were any errors during execution of the commands, the application return code will be non zero. +.TP +.BR "\-com", " \-compressvlans" +Show compressed VLAN list. It will show continuous VLANs with the range instead +of separated VLANs. Default is off. + .TP .BR \-c [ color ][ = { always | auto | never } Configure color output. If parameter is omitted or diff --git a/man/man8/ip-ioam.8 b/man/man8/ip-ioam.8 index 1bdc0ec..c723d78 100644 --- a/man/man8/ip-ioam.8 +++ b/man/man8/ip-ioam.8 @@ -49,12 +49,17 @@ ip-ioam \- IPv6 In-situ OAM (IOAM) .RI " { " ID " | " .BR none " }" +.ti -8 +.B ip ioam monitor + .SH DESCRIPTION The \fBip ioam\fR command is used to configure IPv6 In-situ OAM (IOAM6) internal parameters, namely IOAM namespaces and schemas. .PP Those parameters also include the mapping between an IOAM namespace and an IOAM schema. +.PP +The \fBip ioam monitor\fR command displays IOAM data received. .SH EXAMPLES .PP diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 31e2d7f..1e4dfcd 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -63,7 +63,7 @@ ip-link \- network device configuration .RI "[ " ARGS " ]" .ti -8 -.BR "ip link set " { +.BR "ip link" " { " set " | " change " } " { .IR DEVICE " | " .BI "group " GROUP } diff --git a/man/man8/ip-netns.8.in b/man/man8/ip-netns.8.in index 2911bdd..2e12e28 100644 --- a/man/man8/ip-netns.8.in +++ b/man/man8/ip-netns.8.in @@ -98,7 +98,7 @@ If NAME is available in @NETNS_RUN_DIR@ this command creates a new network namespace and assigns NAME. .TP -.B ip netns attach NAME PID - create a new named network namespace +.B ip netns attach NAME PID - assign a name to the network namespace of the process .sp If NAME is available in @NETNS_RUN_DIR@ this command attaches the network namespace of the process PID to NAME as if it were created with ip netns. diff --git a/man/man8/ip-route.8.in b/man/man8/ip-route.8.in index 10387bc..df49f8b 100644 --- a/man/man8/ip-route.8.in +++ b/man/man8/ip-route.8.in @@ -29,6 +29,7 @@ ip-route \- routing table management .ti -8 .B ip route get .I ROUTE_GET_FLAGS +.B [ to ] .IR ADDRESS " [ " .BI from " ADDRESS " iif " STRING" .RB " ] [ " oif @@ -44,7 +45,9 @@ ip-route \- routing table management .B sport .IR NUMBER " ] [ " .B dport -.IR NUMBER " ] " +.IR NUMBER " ] [" +.B as +.IR ADDRESS " ]" .ti -8 .BR "ip route" " { " add " | " del " | " change " | " append " | "\ @@ -263,9 +266,14 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" .ti -8 .IR ROUTE_GET_FLAGS " := " -.BR " [ " -.BR fibmatch -.BR " ] " +.IR ROUTE_GET_FLAG " [ " +.IR ROUTE_GET_FLAGS " ] " + +.ti -8 +.IR ROUTE_GET_FLAG " := " +.BR "[ " +.BR connected " | " fibmatch " | " notify +.BR "]" .SH DESCRIPTION .B ip route diff --git a/man/man8/ss.8 b/man/man8/ss.8 index 4ece41f..e23af82 100644 --- a/man/man8/ss.8 +++ b/man/man8/ss.8 @@ -24,6 +24,9 @@ Output version information. .B \-H, \-\-no-header Suppress header line. .TP +.B \-Q, \-\-no-queues +Suppress sending and receiving queue columns. +.TP .B \-O, \-\-oneline Print each socket's data on a single line. .TP @@ -423,6 +426,12 @@ to FILE after applying filters. If FILE is - stdout is used. Read filter information from FILE. Each line of FILE is interpreted like single command line option. If FILE is - stdin is used. .TP +.B \-\-bpf-maps +Pretty-print all the BPF socket-local data entries for each socket. +.TP +.B \-\-bpf-map-id=MAP_ID +Pretty-print the BPF socket-local data entries for the requested map ID. Can be used more than once. +.TP .B FILTER := [ state STATE-FILTER ] [ EXPRESSION ] Please take a look at the official documentation for details regarding filters. diff --git a/man/man8/tc-matchall.8 b/man/man8/tc-matchall.8 index d022406..538cf74 100644 --- a/man/man8/tc-matchall.8 +++ b/man/man8/tc-matchall.8 @@ -37,39 +37,39 @@ To create ingress mirroring from port eth1 to port eth2: .RS .EX -tc qdisc add dev eth1 handle ffff: ingress -tc filter add dev eth1 parent ffff: \\ +tc qdisc add dev eth1 handle ffff: clsact +tc filter add dev eth1 ingress \\ matchall skip_sw \\ action mirred egress mirror \\ dev eth2 .EE .RE -The first command creates an ingress qdisc with handle +The first command creates a clsact qdisc with handle .BR ffff: on device .BR eth1 where the second command attaches a matchall filters on it that mirrors the -packets to device eth2. +packets to device eth2 for ingress. To create egress mirroring from port eth1 to port eth2: .RS .EX -tc qdisc add dev eth1 handle 1: root prio -tc filter add dev eth1 parent 1: \\ +tc qdisc add dev eth1 handle ffff: clsact +tc filter add dev eth1 egress \\ matchall skip_sw \\ action mirred egress mirror \\ dev eth2 .EE .RE -The first command creates an egress qdisc with handle -.BR 1: -that replaces the root qdisc on device +The first command creates a clsact qdisc with handle +.BR ffff: +on device .BR eth1 where the second command attaches a matchall filters on it that mirrors the -packets to device eth2. +packets to device eth2 for egress. To sample one of every 100 packets flowing into interface eth0 to psample group 12: diff --git a/man/man8/tc-mirred.8 b/man/man8/tc-mirred.8 index e529fa6..6959e3e 100644 --- a/man/man8/tc-mirred.8 +++ b/man/man8/tc-mirred.8 @@ -9,12 +9,23 @@ mirred - mirror/redirect action .I DIRECTION ACTION .RB "[ " index .IR INDEX " ] " -.BI dev " DEVICENAME" +.I TARGET .ti -8 .IR DIRECTION " := { " .BR ingress " | " egress " }" +.ti -8 +.IR TARGET " := { " DEV " | " BLOCK " }" + +.ti -8 +.IR DEV " := " +.BI dev " DEVICENAME" + +.ti -8 +.IR BLOCK " := " +.BI blockid " BLOCKID" + .ti -8 .IR ACTION " := { " .BR mirror " | " redirect " }" @@ -24,6 +35,12 @@ The action allows packet mirroring (copying) or redirecting (stealing) the packet it receives. Mirroring is what is sometimes referred to as Switch Port Analyzer (SPAN) and is commonly used to analyze and/or debug flows. +When mirroring to a tc block, the packet will be mirrored to all the ports in +the block with exception of the port where the packet ingressed, if that port is +part of the tc block. Redirecting is similar to mirroring except that the +behaviour is to mirror to the first N - 1 ports in the block and redirect to the +last one (note that the port in which the packet arrived is not going to be +mirrored or redirected to). .SH OPTIONS .TP .B ingress @@ -39,7 +56,7 @@ Define whether the packet should be copied .RB ( mirror ) or moved .RB ( redirect ) -to the destination interface. +to the destination interface or block. .TP .BI index " INDEX" Assign a unique ID to this action instead of letting the kernel choose one @@ -49,14 +66,17 @@ is a 32bit unsigned integer greater than zero. .TP .BI dev " DEVICENAME" Specify the network interface to redirect or mirror to. +.TP +.BI blockid " BLOCKID" +Specify the tc block to redirect or mirror to. .SH EXAMPLES Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for debugging purposes: .RS .EX -# tc qdisc add dev eth0 handle ffff: ingress -# tc filter add dev eth0 parent ffff: u32 \\ +# tc qdisc add dev eth0 handle ffff: clsact +# tc filter add dev eth0 ingress u32 \\ match u32 0 0 \\ action police rate 1mbit burst 100k conform-exceed pipe \\ action mirred egress redirect dev lo @@ -70,8 +90,8 @@ with e.g. tcpdump: .EX # ip link add dummy0 type dummy # ip link set dummy0 up -# tc qdisc add dev eth0 handle ffff: ingress -# tc filter add dev eth0 parent ffff: protocol ip \\ +# tc qdisc add dev eth0 handle ffff: clsact +# tc filter add dev eth0 ingress protocol ip \\ u32 match ip protocol 1 0xff \\ action mirred egress mirror dev dummy0 .EE @@ -87,14 +107,14 @@ interface, it is possible to send ingress traffic through an instance of # modprobe ifb # ip link set ifb0 up # tc qdisc add dev ifb0 root sfq -# tc qdisc add dev eth0 handle ffff: ingress -# tc filter add dev eth0 parent ffff: u32 \\ +# tc qdisc add dev eth0 handle ffff: clsact +# tc filter add dev eth0 ingress u32 \\ match u32 0 0 \\ action mirred egress redirect dev ifb0 .EE .RE -.SH LIMITIATIONS +.SH LIMITATIONS The kernel restricts nesting to four levels to avoid the chance of nesting loops. .PP diff --git a/man/man8/tc-simple.8 b/man/man8/tc-simple.8 index f565755..ae1aec3 100644 --- a/man/man8/tc-simple.8 +++ b/man/man8/tc-simple.8 @@ -55,11 +55,11 @@ grep the logs to see the logged message display stats again and observe increment by 1 .EX - hadi@noma1:$ tc qdisc add dev eth0 ingress - hadi@noma1:$tc filter add dev eth0 parent ffff: protocol ip prio 5 \\ + $ tc qdisc add dev eth0 ingress + $ tc filter add dev eth0 parent ffff: protocol ip prio 5 \\ u32 match ip protocol 1 0xff flowid 1:1 action simple sdata "Incoming ICMP" - hadi@noma1:$ sudo tc -s filter ls dev eth0 parent ffff: + $ sudo tc -s filter ls dev eth0 parent ffff: filter protocol ip pref 5 u32 filter protocol ip pref 5 u32 fh 800: ht divisor 1 filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 @@ -71,7 +71,7 @@ display stats again and observe increment by 1 backlog 0b 0p requeues 0 - hadi@noma1$ ping -c 1 www.google.ca + $ ping -c 1 www.google.ca PING www.google.ca (74.125.225.120) 56(84) bytes of data. 64 bytes from ord08s08-in-f24.1e100.net (74.125.225.120): icmp_req=1 ttl=53 time=31.3 ms @@ -79,10 +79,10 @@ display stats again and observe increment by 1 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 31.316/31.316/31.316/0.000 ms - hadi@noma1$ dmesg | grep simple + $ dmesg | grep simple [135354.473951] simple: Incoming ICMP_1 - hadi@noma1$ sudo tc/tc -s filter ls dev eth0 parent ffff: + $ sudo tc/tc -s filter ls dev eth0 parent ffff: filter protocol ip pref 5 u32 filter protocol ip pref 5 u32 fh 800: ht divisor 1 filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 diff --git a/man/man8/tc.8 b/man/man8/tc.8 index 3175454..dce58af 100644 --- a/man/man8/tc.8 +++ b/man/man8/tc.8 @@ -127,7 +127,7 @@ tc \- show / manipulate traffic control settings \fB[ \fB-nm \fR| \fB-nam\fR[\fIes\fR] \fB] \fR| \fB[ \fR{ \fB-cf \fR| \fB-c\fR[\fIonf\fR] \fR} \fB[ filename ] \fB] \fR \fB[ -t\fR[imestamp\fR] \fB\] \fR| \fB[ -t\fR[short\fR] \fR| \fB[ --o\fR[neline\fR] \fB]\fR } +-o\fR[neline\fR] \fB] \fR| \fB[ -echo ]\fR } .ti 8 .IR FORMAT " := {" @@ -743,6 +743,10 @@ When\fB\ tc monitor\fR\ runs, print timestamp before the event message in format When\fB\ tc monitor\fR\ runs, prints short timestamp before the event message in format: [--
T.] +.TP +.BR "\-echo" +Request the kernel to send the applied configuration back. + .SH FORMAT The show command has additional formatting options: -- cgit v1.2.3