1. 09 Jun, 2018 1 commit
  2. 08 Jun, 2018 5 commits
  3. 01 Jun, 2018 5 commits
  4. 25 May, 2018 1 commit
    • Stephen Hemminger's avatar
      ip: defer lookup interface index · 65083b5f
      Stephen Hemminger authored
      The ip command would always lookup the network device index
      even when not necessary. This slows down operations like creating
      lots of VLAN's.
      
      David reported the original issue, this is an alternative patch
      that solves it in a slightly more general method.
      
      Using iproute2 to create a bridge and add 4094 vlans to it can take from
      2 to 3 *minutes*. The reason is the extraneous call to ll_name_to_index.
      ll_name_to_index results in an ioctl(SIOCGIFINDEX) call which in turn
      invokes dev_load. If the index does not exist, which it won't when
      creating a new link, dev_load calls modprobe twice -- once for
      netdev-NAME and again for NAME. This is unnecessary overhead for each
      link create.
      
      When ip link is invoked for a new device, there is no reason to
      call ll_name_to_index for the new device. With this patch, creating
      a bridge and adding 4094 vlans takes less than 3 *seconds*.
      
      	old:
      	# time ip -batch ip-vlan.batch
      	real    3m13.727s
      	user    0m0.076s
      	sys     0m1.959s
      
      	new:
      	# time ip -batch ip-vlan.batch
      	real    0m3.222s
      	user    0m0.044s
      	sys     0m1.777s
      Reported-off-by: 's avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: 's avatarStephen Hemminger <stephen@networkplumber.org>
      65083b5f
  5. 23 May, 2018 2 commits
  6. 17 May, 2018 1 commit
  7. 16 May, 2018 1 commit
  8. 15 May, 2018 1 commit
    • Luca Boccassi's avatar
      ip: do not drop capabilities if net_admin=i is set · 9b13cc98
      Luca Boccassi authored
      Users have reported a regression due to ip now dropping capabilities
      unconditionally.
      zerotier-one VPN and VirtualBox use ambient capabilities in their
      binary and then fork out to ip to set routes and links, and this
      does not work anymore.
      
      As a workaround, do not drop caps if CAP_NET_ADMIN (the most common
      capability used by ip) is set with the INHERITABLE flag.
      Users that want ip vrf exec to work do not need to set INHERITABLE,
      which will then only set when the calling program had privileges to
      give itself the ambient capability.
      
      Fixes: ba2fc55b ("Drop capabilities if not running ip exec vrf with libcap")
      Signed-off-by: Luca Boccassi's avatarLuca Boccassi <bluca@debian.org>
      9b13cc98
  9. 09 May, 2018 3 commits
  10. 02 May, 2018 3 commits
  11. 25 Apr, 2018 2 commits
  12. 20 Apr, 2018 5 commits
  13. 17 Apr, 2018 1 commit
    • David Ahern's avatar
      utils: Do not reset family for default, any, all addresses · d42c7891
      David Ahern authored
      Thomas reported a change in behavior with respect to autodectecting
      address families. Specifically, 'ip ro add default via fe80::1'
      syntax was failing to treat fe80::1 as an IPv6 address as it did in
      prior releases. The root causes appears to be a change in family when
      the default keyword is parsed.
      
      'default', 'any' and 'all' are relevant outside of AF_INET. Leave the
      family arg as is for these when setting addr.
      
      Fixes: 93fa1241 ("utils: Always specify family and ->bytelen in get_prefix_1()")
      Reported-by: 's avatarThomas Deutschmann <whissi@gentoo.org>
      Signed-off-by: 's avatarDavid Ahern <dsahern@gmail.com>
      Cc: Serhey Popovych <serhe.popovych@gmail.com>
      d42c7891
  14. 16 Apr, 2018 1 commit
    • Jakub Sitnicki's avatar
      iproute: Abort if nexthop cannot be parsed · ee53b42f
      Jakub Sitnicki authored
      Attempt to add a multipath route where a nexthop definition refers to a
      non-existent device causes 'ip' to crash and burn due to stack buffer
      overflow:
      
        # ip -6 route add fd00::1/64 nexthop dev fake1
        Cannot find device "fake1"
        Cannot find device "fake1"
        Cannot find device "fake1"
        ...
        Segmentation fault (core dumped)
      
      Don't ignore errors from the helper routine that parses the nexthop
      definition, and abort immediately if parsing fails.
      Signed-off-by: 's avatarJakub Sitnicki <jkbs@redhat.com>
      ee53b42f
  15. 10 Apr, 2018 3 commits
  16. 09 Apr, 2018 1 commit
  17. 05 Apr, 2018 1 commit
  18. 04 Apr, 2018 3 commits