linux.git/tools/net, branch v7.1-rc4 Linux kernel source tree tools: ynl: add scope qualifier for definitions 2026-05-12T14:15:00+00:00 Jakub Kicinski kuba@kernel.org 2026-05-10T19:29:01+00:00 fbf5df34a4dbcd09d433dd4f0916bf9b2ddb16de Using definitions in kernel policies is awkward right now. On one hand we want defines for max values and such. On the other we don't have a way of adding kernel-only defines. Adding unnecessary defines to uAPI is a bad idea, we won't be able to delete them. And when it comes to policy user space should just query it via the policy dump, not use hard coded defines. Add a "scope" property to definitions, which will let us tell the codegen that a definition is for kernel use only. Support following values: - uapi: render into the uAPI header (default, today's behavior) - kernel: render to kernel header only - user: same as kernel but for the user-side generated header Definitions may have a header property (definition is "external", provided by existing header). Extend the scope to headers, too. If definition has both scope and header properties we will only generate the includes in the right scope. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Link: https://patch.msgid.link/20260510192904.3987113-8-kuba@kernel.org Signed-off-by: Paolo Abeni <pabeni@redhat.com> 
Using definitions in kernel policies is awkward right now.
On one hand we want defines for max values and such.
On the other we don't have a way of adding kernel-only defines.
Adding unnecessary defines to uAPI is a bad idea, we won't
be able to delete them. And when it comes to policy user
space should just query it via the policy dump, not use
hard coded defines.

Add a "scope" property to definitions, which will let us tell
the codegen that a definition is for kernel use only. Support
following values:
  - uapi: render into the uAPI header (default, today's behavior)
  - kernel: render to kernel header only
  - user: same as kernel but for the user-side generated header

Definitions may have a header property (definition is "external",
provided by existing header). Extend the scope to headers, too.
If definition has both scope and header properties we will only
generate the includes in the right scope.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://patch.msgid.link/20260510192904.3987113-8-kuba@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
tools/ynl: add missing uapi header deps in Makefile.deps 2026-05-10T15:37:33+00:00 Stanislav Fomichev sdf.kernel@gmail.com 2026-05-08T20:41:13+00:00 46e9b0224475abc739612ef72c35b7c90211a0c1 ethtool.h includes linux/typelimits.h which is a relatively new header not yet shipped in most distro kernel-header packages. Without the explicit entry, the build silently falls through to -idirafter. dev_energymodel.h is a new YNL family whose uapi header is not in system paths at all and was missing a CFLAGS entry entirely. Signed-off-by: Stanislav Fomichev <sdf@fomichev.me> Link: https://patch.msgid.link/20260508204114.205896-2-sdf@fomichev.me Signed-off-by: Jakub Kicinski <kuba@kernel.org> 
ethtool.h includes linux/typelimits.h which is a relatively new header
not yet shipped in most distro kernel-header packages. Without the
explicit entry, the build silently falls through to -idirafter.

dev_energymodel.h is a new YNL family whose uapi header is not in
system paths at all and was missing a CFLAGS entry entirely.

Signed-off-by: Stanislav Fomichev <sdf@fomichev.me>
Link: https://patch.msgid.link/20260508204114.205896-2-sdf@fomichev.me
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
tools: ynl: add sample for wireguard 2026-04-14T18:48:04+00:00 Asbjørn Sloth Tønnesen ast@fiberby.net 2026-04-14T15:39:42+00:00 121f416756d63f6e130f4b9c49676c2b132c48b9 Add a sample application for WireGuard, using the generated C library. The main benefit of this is to exercise the generated library, which might be useful for future self-tests. Example: $ make -C tools/net/ynl/lib $ make -C tools/net/ynl/generated $ make -C tools/net/ynl/tests wireguard $ ./tools/net/ynl/tests/wireguard usage: ./tools/net/ynl/tests/wireguard <ifindex|ifname> $ sudo ./tools/net/ynl/tests/wireguard wg-test Interface 3: wg-test Peer 6adfb183a4a2c94a2f92dab5ade762a4788[...]: Data: rx: 42 / tx: 42 bytes Allowed IPs: 0.0.0.0/0 ::/0 Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Link: https://patch.msgid.link/20260414153944.2742252-3-Jason@zx2c4.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 
Add a sample application for WireGuard, using the generated C library.

The main benefit of this is to exercise the generated library,
which might be useful for future self-tests.

Example:
  $ make -C tools/net/ynl/lib
  $ make -C tools/net/ynl/generated
  $ make -C tools/net/ynl/tests wireguard
  $ ./tools/net/ynl/tests/wireguard
  usage: ./tools/net/ynl/tests/wireguard <ifindex|ifname>
  $ sudo ./tools/net/ynl/tests/wireguard wg-test
  Interface 3: wg-test
      Peer 6adfb183a4a2c94a2f92dab5ade762a4788[...]:
          Data: rx: 42 / tx: 42 bytes
          Allowed IPs:
              0.0.0.0/0
              ::/0

Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://patch.msgid.link/20260414153944.2742252-3-Jason@zx2c4.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
tools/ynl: Make YnlFamily closeable as a context manager 2026-04-14T15:17:01+00:00 Daniel Borkmann daniel@iogearbox.net 2026-04-13T22:08:04+00:00 4a6fe5fe60040c31c25767ca815a06fab35c1eb7 YnlFamily opens an AF_NETLINK socket in __init__ but has no way to release it other than leaving it to the GC. YnlFamily holds a self reference cycle through SpecFamily's self.family = self in its super().__init__() call, so refcount GC cannot reclaim it and the socket stays open until the cyclic GC runs. If a test creates a guest netns, instantiates a YnlFamily inside it via NetNSEnter(), performs some test case work via Ynl, and then deletes the netns, then the 'ip netns del' only drops the mount binding and cleanup_net in the kernel never runs, so any subsequent test case assertions that objects got cleaned up would fail given this only gets triggered later via cyclic GC run. Add an explicit close() that closes the netlink socket and wire up the __enter__/__exit__ so callers can scope the instance deterministically via 'with YnlFamily(...) as ynl: ...'. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org> Link: https://patch.msgid.link/20260413220809.604592-2-daniel@iogearbox.net Signed-off-by: Jakub Kicinski <kuba@kernel.org> 
YnlFamily opens an AF_NETLINK socket in __init__ but has no way
to release it other than leaving it to the GC. YnlFamily holds a
self reference cycle through SpecFamily's self.family = self
in its super().__init__() call, so refcount GC cannot reclaim
it and the socket stays open until the cyclic GC runs.

If a test creates a guest netns, instantiates a YnlFamily inside
it via NetNSEnter(), performs some test case work via Ynl, and
then deletes the netns, then the 'ip netns del' only drops the
mount binding and cleanup_net in the kernel never runs, so any
subsequent test case assertions that objects got cleaned up would
fail given this only gets triggered later via cyclic GC run.

Add an explicit close() that closes the netlink socket and wire
up the __enter__/__exit__ so callers can scope the instance
deterministically via 'with YnlFamily(...) as ynl: ...'.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://patch.msgid.link/20260413220809.604592-2-daniel@iogearbox.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
tools: ynl: ethtool: add --dbg-small-recv option 2026-04-12T18:23:49+00:00 Hangbin Liu liuhangbin@gmail.com 2026-04-08T07:08:51+00:00 594ba4477164af58c9703039b63b8b07a3a55f18 Add a --dbg-small-recv debug option to control the recv() buffer size used by YNL, matching the same option already present in cli.py. This is useful if user need to get large netlink message. Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Link: https://patch.msgid.link/20260408-b4-ynl_ethtool-v2-3-7623a5e8f70b@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 
Add a --dbg-small-recv debug option to control the recv() buffer size
used by YNL, matching the same option already present in cli.py. This
is useful if user need to get large netlink message.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://patch.msgid.link/20260408-b4-ynl_ethtool-v2-3-7623a5e8f70b@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
tools: ynl: ethtool: use doit instead of dumpit for per-device GET 2026-04-12T18:23:49+00:00 Hangbin Liu liuhangbin@gmail.com 2026-04-08T07:08:50+00:00 1c43d471a513e93b5420d8af5d43afd3a75f95f1 Rename the local helper doit() to do_set() and dumpit() to do_get() to better reflect their purpose. Convert do_get() to use ynl.do() with an explicit device header instead of ynl.dump() followed by client-side filtering. This is more efficient as the kernel only processes and returns data for the requested device, rather than dumping all devices across the netns. Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Link: https://patch.msgid.link/20260408-b4-ynl_ethtool-v2-2-7623a5e8f70b@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 
Rename the local helper doit() to do_set() and dumpit() to do_get() to
better reflect their purpose.

Convert do_get() to use ynl.do() with an explicit device header instead
of ynl.dump() followed by client-side filtering. This is more efficient
as the kernel only processes and returns data for the requested device,
rather than dumping all devices across the netns.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://patch.msgid.link/20260408-b4-ynl_ethtool-v2-2-7623a5e8f70b@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
tools: ynl: move ethtool.py to selftest 2026-04-12T18:23:49+00:00 Hangbin Liu liuhangbin@gmail.com 2026-04-08T07:08:49+00:00 22ef8a263c17f02176e3a322b76da07411092c17 We have converted all the samples to selftests. This script is the last piece of random "PoC" code we still have lying around. Let's move it to tests. Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Link: https://patch.msgid.link/20260408-b4-ynl_ethtool-v2-1-7623a5e8f70b@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 
We have converted all the samples to selftests. This script is
the last piece of random "PoC" code we still have lying around.
Let's move it to tests.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://patch.msgid.link/20260408-b4-ynl_ethtool-v2-1-7623a5e8f70b@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
tools: ynl: tests: fix leading space on Makefile target 2026-04-10T03:41:40+00:00 Hangbin Liu liuhangbin@gmail.com 2026-04-08T07:19:05+00:00 42f9b4c6ef19e71d2c7d9bfd3c5037d4fe434ad7 The ../generated/protos.a rule had a spurious leading space before the target name. In make, target rules must start at column 0; only recipe lines are indented with a tab. The extra space caused make to misparse the rule. Remove the leading space to match the style of the adjacent ../lib/ynl.a rule. Fixes: e0aa0c61758f ("tools: ynl: move samples to tests") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Link: https://patch.msgid.link/20260408-ynl_makefile-v1-1-f9624acc2ad9@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 
The ../generated/protos.a rule had a spurious leading space before the
target name. In make, target rules must start at column 0; only recipe
lines are indented with a tab. The extra space caused make to misparse
the rule.

Remove the leading space to match the style of the adjacent
../lib/ynl.a rule.

Fixes: e0aa0c61758f ("tools: ynl: move samples to tests")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://patch.msgid.link/20260408-ynl_makefile-v1-1-f9624acc2ad9@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
tools: ynl: rework policy access to support recursion 2026-03-18T23:41:42+00:00 Jakub Kicinski kuba@kernel.org 2026-03-13T23:20:47+00:00 17a55ddb19567642aa404f5525be3cf4425c6c1a Donald points out that the current naive implementation using dicts breaks if policy is recursive (child nest uses policy idx already used by its parent). Lean more into the NlPolicy class. This lets us "render" the policy on demand, when user accesses it. If someone wants to do an infinite walk that's on them :) Show policy info as attributes of the class and use dict format to descend into sub-policies for extra neatness. Reviewed-by: Donald Hunter <donald.hunter@gmail.com> Link: https://patch.msgid.link/20260313232047.2068518-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> 
Donald points out that the current naive implementation using dicts
breaks if policy is recursive (child nest uses policy idx already
used by its parent).

Lean more into the NlPolicy class. This lets us "render" the policy
on demand, when user accesses it. If someone wants to do an infinite
walk that's on them :) Show policy info as attributes of the class
and use dict format to descend into sub-policies for extra neatness.

Reviewed-by: Donald Hunter <donald.hunter@gmail.com>
Link: https://patch.msgid.link/20260313232047.2068518-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
tools: ynl: cli: add --policy support 2026-03-11T02:33:00+00:00 Jakub Kicinski kuba@kernel.org 2026-03-10T00:53:37+00:00 d6df5e9b2a565be08330e46a8a615aac9ed8711b Add --policy flag which can be combined with --do or --dump to query the kernel's netlink policy for an operation instead of executing it. Examples: $ ynl --family netdev --do dev-get --policy {'ifindex': {'max-value': 4294967295, 'min-value': 1, 'type': 'u32'}} $ ynl --family ethtool --do channels-get --policy --output-json {"header": {"type": "nested", "policy": {"dev-index": ...}}} $ ynl --family netdev --dump dev-get --policy {} Link: https://patch.msgid.link/20260310005337.3594225-6-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> 
Add --policy flag which can be combined with --do or --dump to query
the kernel's netlink policy for an operation instead of executing it.

Examples:

  $ ynl --family netdev --do dev-get --policy
  {'ifindex': {'max-value': 4294967295, 'min-value': 1, 'type': 'u32'}}

  $ ynl --family ethtool --do channels-get --policy --output-json
  {"header": {"type": "nested", "policy": {"dev-index": ...}}}

  $ ynl --family netdev --dump dev-get --policy
  {}

Link: https://patch.msgid.link/20260310005337.3594225-6-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>