| Age | Commit message (Collapse) | Author |
|---|
|
|
|
- existing API/ABI must stay unchanged. We cannot change parameter
types. Ad most we can add new variants that support 64 bit integers.
- rtnl_tc_calc_txtime64() and rtnl_tc_calc_bufsize64() are trivial.
We should not blow up the public API of libnl for such a thing.
If the users needs it, they can just reimplement it.
- getters should return an error code. Especially if the return type
does not support encoding an error there.
- don't add separate rs_rate64/rs_ceil64 field. Instead, extend the
"rs_rate" field of "struct rtnl_ratespec" to 64 bits. It's internal
API.
|
|
Htb class has already supported 64bit rate and ceil settings for times.
Now, in this patch, we grant this ability to libnl library.
|
|
Returning the value directly as uint32_t does not leave room for an error
code. E.g. we want to indicate to the caller whether the attribute is present
or not (-NLE_NOATTR). Currenlty, the code is quite unforgiving and will just
crash/assert against invalid arguments. In theory, we could also be more forgiving
and return a error code if the link argument is invalid.
|
|
XFRM interfaces were introduced in kernel 4.19.
This commit adds link support for these interfaces.
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
|
|
Otherwise we return success but don't actually set the output
result. This can lead to a crash, in case of out-of-memory.
Found by Coverity.
https://bugzilla.redhat.com/show_bug.cgi?id=1606988
|
|
Just be more forgiving. Also, this avoids a coverity warning:
Error: FORWARD_NULL (CWE-476): [#def1]
libnl-3.4.0/lib/route/addr.c:502: var_compare_op: Comparing "a->a_peer" to null implies that "a->a_peer" might be null.
libnl-3.4.0/lib/route/addr.c:513: var_deref_model: Passing null pointer "a->a_peer" to "nl_addr_cmp", which dereferences it.
libnl-3.4.0/lib/addr.c:587:8: deref_parm: Directly dereferencing parameter "a".
# 585| int nl_addr_cmp(const struct nl_addr *a, const struct nl_addr *b)
# 586| {
# 587|-> int d = a->a_family - b->a_family;
# 588|
# 589| if (d == 0) {
https://bugzilla.redhat.com/show_bug.cgi?id=1606988
|
|
8 bit flags
Related: https://github.com/thom311/libnl/pull/222#issuecomment-521956236
|
|
This fixes the build with musl libc.
Additionally, several changes were made to account for changes to the
headers:
- ip_mp_alg.h was removed, since it was removed in linux commit e06e7c61
(v2.6.23), and the last use of those constants was removed in libnl
commit 535e8316.
- Uses of TCF_META_ID_SK_ROUTE_CAPS were updated to
__TCF_META_ID_SK_ROUTE_CAPS, since it was renamed in linux commit
e20e6940 (v3.1).
- Uses of IF_CARRIER_DOWN and IF_CARRIER_UP were replaced with their
values, 0 and 1, since they are not in linux/if.h (they appear to be
libnl-specific, added in libnl commit 3540e44b).
https://github.com/thom311/libnl/pull/222
|
|
|
|
|
|
|
|
ISO C requires that the pointer operand to the binary + operator be to
a complete object type[0].
[0] http://port70.net/~nsz/c/c11/n1570.html#6.5.6p2
|
|
These behave the same, except when used at top-level. This can't happen
since the macro body is a statement.
__func__ is standardized since C99, while __PRETTY_FUNCTION__ is a
GNU extension.
|
|
Fixes: 7d3991b87b59b538cb98a7b11646760f23a7c19b
|
|
Software Package Data Exchange identifiers help to detect source file
licenses and hence simplify the FOSS compliance process.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
https://github.com/thom311/libnl/pull/219
---
FILES=(
lib/addr.c
lib/attr.c
lib/cache.c
lib/cache_mngr.c
lib/cache_mngt.c
lib/data.c
lib/error.c
lib/fib_lookup/lookup.c
lib/fib_lookup/request.c
lib/genl/ctrl.c
lib/genl/family.c
lib/genl/genl.c
lib/genl/mngt.c
lib/handlers.c
lib/hash.c
lib/hashtable.c
lib/idiag/idiag.c
lib/idiag/idiag_meminfo_obj.c
lib/idiag/idiag_msg_obj.c
lib/idiag/idiag_req_obj.c
lib/idiag/idiag_vegasinfo_obj.c
lib/mpls.c
lib/msg.c
lib/netfilter/ct.c
lib/netfilter/ct_obj.c
lib/netfilter/exp.c
lib/netfilter/exp_obj.c
lib/netfilter/log.c
lib/netfilter/log_msg.c
lib/netfilter/log_msg_obj.c
lib/netfilter/log_obj.c
lib/netfilter/netfilter.c
lib/netfilter/nfnl.c
lib/netfilter/queue.c
lib/netfilter/queue_msg.c
lib/netfilter/queue_msg_obj.c
lib/netfilter/queue_obj.c
lib/nl.c
lib/object.c
lib/route/act.c
lib/route/addr.c
lib/route/class.c
lib/route/classid.c
lib/route/cls.c
lib/route/link.c
lib/route/neigh.c
lib/route/neightbl.c
lib/route/netconf.c
lib/route/nexthop.c
lib/route/nexthop_encap.c
lib/route/nh_encap_mpls.c
lib/route/pktloc.c
lib/route/qdisc.c
lib/route/route.c
lib/route/route_obj.c
lib/route/route_utils.c
lib/route/rtnl.c
lib/route/rule.c
lib/route/tc.c
lib/socket.c
lib/utils.c
lib/version.c
lib/xfrm/ae.c
lib/xfrm/lifetime.c
lib/xfrm/sa.c
lib/xfrm/selector.c
lib/xfrm/sp.c
lib/xfrm/template.c
src/genl-ctrl-list.c
src/idiag-socket-details.c
src/lib/addr.c
src/lib/class.c
src/lib/cls.c
src/lib/ct.c
src/lib/exp.c
src/lib/link.c
src/lib/neigh.c
src/lib/qdisc.c
src/lib/route.c
src/lib/rule.c
src/lib/tc.c
src/lib/utils.c
src/nf-ct-add.c
src/nf-ct-events.c
src/nf-ct-list.c
src/nf-exp-add.c
src/nf-exp-delete.c
src/nf-exp-list.c
src/nf-log.c
src/nf-monitor.c
src/nf-queue.c
src/nl-addr-add.c
src/nl-addr-delete.c
src/nl-addr-list.c
src/nl-class-add.c
src/nl-class-delete.c
src/nl-class-list.c
src/nl-classid-lookup.c
src/nl-cls-add.c
src/nl-cls-delete.c
src/nl-cls-list.c
src/nl-fib-lookup.c
src/nl-link-enslave.c
src/nl-link-ifindex2name.c
src/nl-link-list.c
src/nl-link-name2ifindex.c
src/nl-link-release.c
src/nl-link-set.c
src/nl-link-stats.c
src/nl-list-caches.c
src/nl-list-sockets.c
src/nl-monitor.c
src/nl-neigh-add.c
src/nl-neigh-delete.c
src/nl-neigh-list.c
src/nl-neightbl-list.c
src/nl-pktloc-lookup.c
src/nl-qdisc-add.c
src/nl-qdisc-delete.c
src/nl-qdisc-list.c
src/nl-route-add.c
src/nl-route-delete.c
src/nl-route-get.c
src/nl-route-list.c
src/nl-rule-list.c
src/nl-tctree-list.c
src/nl-util-addr.c
)
sed '1s#^#/* SPDX-License-Identifier: LGPL-2.1-only */\n#' "${FILES[@]}" -i
|
|
The compiler warns about string truncation:
In function ‘genl_family_add_grp’,
inlined from ‘family_clone’ at lib/genl/family.c:81:9,
inlined from ‘family_clone’ at lib/genl/family.c:66:12:
lib/genl/family.c:376:2: error: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 15 [-Werror=stringop-truncation]
376 | strncpy(grp->name, name, GENL_NAMSIZ - 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Obvioulsy, it's a bug to use an invalid group name. But better
handle it by checking for a suitable string length.
Also use _nl_strncpy() which asserts that no truncation occurs.
|
|
The compiler warns:
In function ‘rtnl_tc_set_kind’,
inlined from ‘rtnl_tc_msg_parse’ at lib/route/tc.c:81:2:
lib/route/tc.c:532:2: error: ‘strncpy’ output may be truncated copying 31 bytes from a string of length 31 [-Werror=stringop-truncation]
532 | strncpy(tc->tc_kind, kind, sizeof(tc->tc_kind) - 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now, there are two choices: either accept the truncation
or rejecting it.
While rejecting it is a change in behavior and API, I don't think that
any caller actually relied on that. That is because such "kind" name would
be invalid anyway (and rejected from kernel too).
So, tighten up the API and check for a suitable string length.
Also, use _nl_strncpy() instead of strncpy(). Note that that doesn't suppress
the warning, it merely (also) adds an _nl_assert() for something that already
shouldn't happen.
|
|
Compiler warnings:
lib/route/link/inet6.c: In function ‘inet6_dump_details’:
lib/route/link/inet6.c:383:3: error: ‘strncpy’ output may be truncated copying between 0 and 63 bytes from a string of length 63 [-Werror=stringop-truncation]
383 | strncpy(&buf[offset], buf2, strlen(buf2));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also, passing "strlen(buf2)" as length argument to strncpy() is
certainly wrong.
|
|
The follow leaves a dangling pointer when the name argument is too long:
xfrmnl_sa_set_aead_params:
if (sa->aead)
free (sa->aead);
if ( strlen (alg_name) >= sizeof (sa->aead->alg_name)
|| (sa->aead = calloc (1, newlen)) == NULL)
return -1;
Fix that, but do more:
- ensure that we don't modify the object when the setter is going to
fail. That means, first check whether we can succeed with all the
steps that are requested, and (in case we cannot) fail without
modifing the target object.
- bonus points for making the setter self-assignment safe by reordering
the setting and freeing of the memory.
|
|
We want to build with -Wvla, because VLAs interfere with static asserts
(if the condition of a static assert is not actually static, then VLAs
make it silently pass).
Also, VLAs should be avoided because we want to be in contol how much
we allocate on the stack.
|
|
Found by Coverity.
|
|
Coverity says:
Error: BUFFER_SIZE_WARNING (CWE-120): [#def1]
libnl-3.4.0/lib/route/cls/ematch/text.c:94: buffer_size_warning: Calling strncpy with a maximum size argument of 16 bytes on destination array "t->cfg.algo" of size 16 bytes might leave the destination string unterminated.
# 92| struct text_data *t = rtnl_ematch_data(e);
# 93|
# 94|-> strncpy(t->cfg.algo, algo, sizeof(t->cfg.algo));
# 95| }
# 96|
Error: BUFFER_SIZE_WARNING (CWE-120): [#def11]
libnl-3.4.0/lib/xfrm/sa.c:1192: buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array "auth->alg_name" of size 64 bytes might leave the destination string unterminated.
# 1190| }
# 1191|
# 1192|-> strncpy(auth->alg_name, tmpl->auth->alg_name, sizeof(auth->alg_name));
# 1193| auth->alg_key_len = tmpl->auth->alg_key_len;
# 1194| memcpy(auth->alg_key, tmpl->auth->alg_key, (tmpl->auth->alg_key_len + 7) / 8);
|
|
Kernel 5.2 is adding stricter checking for netlink messages.
In particular, for certain API it checks now that NLA_F_NESTED flag is
set for nested attributes ([1]).
Do like libmnl, which always adds this flag ([2]). So we should do
that as well.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b424e432e770d6dd572765459d5b6a96a19c5286
[2] https://git.netfilter.org/libmnl/tree/src/attr.c?id=5937dfcb0185f5cb9cf275992ea701ec4e619d9c#n535
|
|
https://github.com/thom311/libnl/issues/210
|
|
- don't leave a dangling pointer, in case we unset the
kind.
- try first to clone the string. If that fails, return early
without modifying the link. Only start modifying the link,
after we know it's going to succeed.
|
|
add rtnl_link_{get,set}_slave_type functions to expose the
IFLA_INFO_SLAVE_KIND attribute.
|
|
|
|
1. While parsing flags, it overrides mode.
2. Before, dump-line and dump-details are same leading that macvlan info will be shown twice while dumpping details.
So make dump-line show nothing.
3. Add some spaces to show dump-details more prettier.
Signed-off-by: Wang Jian <jianjian.wang1@gmail.com>
Fixes: c76393e2037d78eb60c32f95b26f5b1e5b9422a6
http://lists.infradead.org/pipermail/libnl/2018-August/002405.html
http://lists.infradead.org/pipermail/libnl/2018-September/002406.html
http://lists.infradead.org/pipermail/libnl/2018-September/002411.html
|
|
A detailed explanation is provided in the original Linux kernel commit that
fixes the bug: 1045b03e07d85f3545118510a587035536030c1c
Valgrind spotted the issue when the remaining was negative.
This bug was triggering application crashes.
Signed-off-by: Patrick Havelange <patrick.havelange@tessares.net>
https://github.com/thom311/libnl/pull/199
|
|
rtnl_act_append() cannot add more than TCA_ACT_MAX_PRIO actions to the
same list. Because of that rtnl_basic_add_action() and
rtnl_u32_add_action() should not increment the reference counter of the
given action until it is successfully added to the filter's list.
Signed-off-by: Ilya Pronin <ipronin@twitter.com>
Fixes: e5d9b828f6ec64fd77854578fbf1c33f214f3ac4
https://github.com/thom311/libnl/pull/201
|
|
Our API is unfortunately not consistent about this.
However, in general, getters should aim to return an
error code whether the attribute could be retrieved.
|
|
|
|
For more information please see:
http://man7.org/linux/man-pages/man8/tc-vlan.8.html
Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga@westermo.se>
|
|
Our API is unfortunately not consistent about this.
However, in general, getters should aim to return an
error code whether the attribute could be retrieved.
|
|
This is useful when one wants to chain filters.
Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga@westermo.se>
|
|
Fixes: 52cd3c14ce42db53637f8f5dafaf0d5c24d724db
|
|
BUG() raises an assertion. It seems overly harsh.
For example, rtnl_tc_data() can fail if we fail to allocate
memory. Asserting against that, makes libnl3 not out-of-memory
safe.
Just return a regular error.
|
|
|
|
|
|
More about Qdisc mqprio can be found at:
http://man7.org/linux/man-pages/man8/tc-mqprio.8.html
Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga@westermo.se>
|
|
IPv4 VTI tunnels use the VTI defines.
Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
Fixes: 8f6301426a00d992d00238c7ddd666e96aa63e28
|
|
IPv4 GRE tunnels use the GRE defines.
Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
Fixes: 57bdc4ff4895dd91cc723d22eecadcf48945e87c
|
|
NTF_EXT_LEARNED, NTF_OFFLOADED and NTF_MASTER are added to neigh_flags.
https://github.com/thom311/libnl/pull/186
|
|
rtnl_link_vxlan_set_local() removes the bit for the other IP version in
ce_mask. A missing flag inversion in the v4 part made this removal
reset all bits to 0 except the v6 one, screwing all link configuration.
Fixes: 2e68fb5b02304fa6a3e6429c4fdabb084e61b501
https://github.com/thom311/libnl/pull/192
|
|
In this commit, we implement ematch_tree_clone(), which is basis of
cgroup_clone() interface. The whole ematch tree is deep-copied except
the e_ops filed.
Also, a new unit test is added for testing the interface, which named as
check-ematch-tree-clone.c located in tests directory.
https://github.com/thom311/libnl/pull/176
|
|
In case NEIGH_ATTR_MASTER is set this dumps as well the master
interface.
https://github.com/thom311/libnl/pull/190
|
|
Beeing able to set NEIGH_ATTR_MASTER hash based lookups are possible for
AF_BRIDGE neighbours.
https://github.com/thom311/libnl/pull/189
|
|
|
|
This commit adds the query for AF_BRIDGE neighbours. A cache refresh now
includes these objects as well. The result of `./src/nl-neigh-list
--family=bridge` includes now as well the same entries you would
retrieve from the kernel by calling `bridge fdb show`.
|
