| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
Logging with a level of "0" means to always enable the logging statement.
Also, only construct the message if the logging is actually enabled.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Objects used to be marked as NL_OBJ_DUMP in ce_flags. Then,
later, the flag was evaluated to decide whether:
- append/prepend the object in the hash-table (relevant for for routes)
- ignore duplicate nexthops for routes during oo_update().
That becomes for example rather confusing for pickup_checkdup_cb()
which marks the object as NL_OBJ_DUMP for nl_cache_add(), but not during
nl_object_update() (why?).
Another example where that is confusing is nl_cache_move(), which would
append/prepend the object based on (obj->ce_msgflags & NLM_F_APPEND).
Is that correct behavior? Maybe, maybe it doesn't matter. Either way
it is confusing to have the decision whether to append/prepend the
object in the hash-table 3 functions down the call stack, instead
as explict argument to __cache_add().
Instead, callers must tell nl_cache_add() whether to append the flag,
and they must tell nl_object_update() whether the object was received
during a dump.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
nl_hash_table_add() should not ask the object whether to append/prepend.
Instead, the caller should decide on that.
Add an internal function _nl_hash_table_add() which accepts an
@append argument.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hide the internal data structures for hashtable from public header
"hashtable.h".
Note that we just recently broke ABI/API by modifying these structs.
Maybe the entire hashtable API should be private. Anyway, that seems
to late now.
Fixes: c6f89ed02f04ac4984be34418774a7b06ff54f79
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem (ipv4 only):
Todays libnl route cache looks at prefix + tos + priority to lookup a
route object. To support route append operation, where routes with same
prefix + tos + priority but different nexthop information can co-exist,
we need to also look at nexthop info. Else we will wrongly store only
one route for all appended routes. This happens Because the libnl cache
inclusion process looks up a route by prefix + tos + priority and replaces
it with the new object with the same prefix + tos + priority.
Only adding nexthop attribute during lookup does not solve the whole
problem. Because NLM_F_REPLACE of objects needs special handling.
This patch implements route cache callback .co_cache_search_attrs_get and
route object callback .oo_hash_attrs_get to return appropriate attributes
for searching route objects depending on type of route and the netlink message
flags (NLM_F_APPEND or NLM_F_REPLACE). This is used during cache inclusion
process. Also adds ROUTE_ATTR_MULTIPATH to the list of route attribute keys to
search.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
This callback supports querying of hash key attributes of an object.
This will be used by caches (like the route cache) to decide on search
attributes during cache inclusion depending on netlink message flags.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a new cache operation co_cache_search_attrs_get to request for
attributes to use in the search. This gives the cache an opportunity to
use search attributes based on netlink message flags.
This is mainly to give the route cache an ability to decide on the cache
inclusion depending on the netlink header flags like NLM_F_APPEND and
NLM_F_REPLACE.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch converts hashtable bucket list to a circular doubly linked list
for O(1) enqueue/dequeue. This helps support:
- a netlink object append that causes enqueue at tail and
- support for non-exclusive (ie create only flag) netlink objects
causes an enqueue at head
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
| |
kernel does not include NLM_F_APPEND or NLM_F_REPLACE flags
during dumps. This flag helps distinguish object cache inclusion due to
netlink dumps from those resulting from netlink notifications.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds a new flag ce_msgflags to nl_object and
adds a first user of this flag, the route object.
This enables the route cache to make proper cache inclusion
decisions based on netlink msg flags like NLM_F_APPEND,
NLM_F_REPLACE
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
|
| |
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
| |
Fixes: 885ff4ae1efce35f8db378b2533025c3c931823c
|
| |\
| |
| |
| |
| | |
http://lists.infradead.org/pipermail/libnl/2016-June/002156.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
address fixes
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For IPv4, a "normal" route has IFA_LOCAL and IFA_ADDRESS set
to the same destination. An address with a explicit peer, has
them differing. A peer of 0.0.0.0 is also valid and must
be treated different from a normal address.
unshare -n
ip link add T type dummy
ip link set T up
ip addr add 192.168.5.10 peer 192.168.5.10/24 dev T
ip addr add 192.168.5.10/24 dev T
#RTNETLINK answers: File exists
ip addr add 192.168.5.10 peer 192.168.6.10/24 dev T
ip addr add 192.168.5.10 peer 0.0.0.0/24 dev T
Previously, that would give:
nl-addr-list
#192.168.5.10/24 inet dev T scope global <permanent>
#192.168.5.10 peer 192.168.6.10/24 inet dev T scope global <permanent>
#192.168.5.10/24 inet dev T scope global <permanent>
With this change, we properly get:
nl-addr-list
#192.168.5.10/24 inet dev T scope global <permanent>
#192.168.5.10/24 peer 192.168.6.10 inet dev T scope global <permanent>
#192.168.5.10/24 peer 0.0.0.0 inet dev T scope global <permanent>
http://lists.infradead.org/pipermail/libnl/2016-June/002157.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For AF_INET/IPv4 addresses, the ID equality comparison must include
the net-part of the peer address:
unshare -n
ip link add T type dummy
ip link set T up
ip addr add 192.168.5.10/24 dev T
ip addr add 192.168.5.10 peer 192.168.6.1/24 dev T
ip addr add 192.168.5.10 peer 192.168.7.1/24 dev T
ip addr add 192.168.5.10 peer 192.168.7.2/24 dev T
# RTNETLINK answers: File exists
ip addr change 192.168.5.10 peer 192.168.7.2/24 dev T
ip addr show | grep 192.168.7.
# inet 192.168.5.10 peer 192.168.7.1/24 scope global T
For AF_INET6/IPv6 addresses, the prefix length of the address
is not part of the ID:
unshare -n
ip link add T type dummy
ip link set T up
ip addr add 192.168.7.10/24 dev T
ip addr add 192.168.7.10/23 dev T
ip addr add 1:2:3:4:5::1/64 dev T
ip addr add 1:2:3:4:5::1/63 dev T
# RTNETLINK answers: File exists
ip addr change 1:2:3:4:5::1/63 dev T
ip addr show | grep 1:2:3:4:5::1
# inet6 1:2:3:4:5::1/64 scope global
*sigh*
http://lists.infradead.org/pipermail/libnl/2016-June/002158.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous API of xfrmnl_sa_get_*_params() would always require
a @key buffer, but it was not possible to avoid buffer overflow
because the required size was unknown.
That is not really fixable, because the old API is broken.
Now, allow omitting the @key argument to only request the @key_size.
That allows the caller to ask beforehand how large the @key buffer
must be: ((@key_size + 7) / 8).
Unfortunately, omitting the key against previous versions of libnl
leads to a crash. And passing a key against older versions makes it
impossible to avoid buffer-overflow.
Another option would be to add functions like
xfrmnl_sa_get_crypto_params_keylen() so the user can query the required
buffer size by calling that instead of xfrmnl_sa_get_crypto_params().
However, then the user also requires a backport of the new API
and this will not be possible against older libnl3 versions either.
Thus, if the user already requires the fix, he can just as well
require a backport of this patch and then safely call xfrmnl_sa_get_crypto_params()
without @key argument. This way has the advantage/disadvantage, that
it can detect the presence of the patch at runtime.
The cumbersome way to get it right would be:
unsiged key_len;
char *key;
int r;
if (!nl_has_capability(17 /*NL_CAPABILITY_XFRM_SA_KEY_SIZE*/)) {
/* no way to use this API safely. Abort. */
return -NLE_OPNOTSUPP;
}
r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, NULL);
if (r < 0)
return r;
key = malloc((key_len + 7) / 8);
if (!key)
return -NLE_NOMEM;
r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, &key);
if (r < 0) {
free(key);
return r;
}
...
http://lists.infradead.org/pipermail/libnl/2016-June/002155.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |\
| |
| |
| |
| |
| | |
https://github.com/thom311/libnl/pull/100
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
|
| |/
|
|
| |
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
|
| |\
| |
| |
| |
| |
| | |
https://github.com/thom311/libnl/pull/99
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This lets us match links only on the attributes that have actually been
set, instead of comparing all attributes.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Currently rtnl_link_info_data_compare doesn't pass
flags (LOOSE_COMPARISON) to the ->io_compare op, so we cannot do a match
on only the attributes that are actually set in the filter object used
in a cache lookup via nl_cache_find().
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |\
| |
| |
| | |
http://lists.infradead.org/pipermail/libnl/2016-June/002138.html
|
| | |
| |
| |
| | |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The kernel only uses the xfrm alg auth attribute if the xfrm alg auth
truncated attribute is not present. Hence sending both attributes in one
message does not make sense.
This piece of code also removes the call to nla_reserve in favor of the
NLA_PUT macro.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002139.html
|
| | |
| |
| |
| |
| |
| |
| | |
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002141.html
|
| | |
| |
| |
| | |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |/
|
|
|
|
|
| |
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002140.html
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All of these pointers are either strcpy'd or memcpy'd and usually const
in a calling application. Changing them to const in the header does not
break the compatibility and allows for users with const pointers to use
the library without compiler warnings.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002137.html
|
| |\
| |
| |
| | |
http://lists.infradead.org/pipermail/libnl/2016-May/002134.html
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the parameter alg_name points to a string longer then what libnl
accepts as alg_name, the call to strcpy may write far beyond the
particular data structure.
Instead of truncating the string (using strncpy) this patch adds a check
and returns -1 for strings being longer than 63 bytes.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Fixes: 917154470895520a77f527343f3a0cc1605934b0
http://lists.infradead.org/pipermail/libnl/2016-May/002133.html
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A colleague of mine came to notice that -- when adding keys to the
xfrm-part of libnl -- memcpy is given newlen, which copies sizeof(struct
xfrmnl_...) plus keysize instead of only the keysize.
This patch uses a keysize parameter to only copy the required number of
bytes.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Fixes: 917154470895520a77f527343f3a0cc1605934b0
http://lists.infradead.org/pipermail/libnl/2016-May/002132.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Netlink attribute length is defined as u16. It's possible to exceed nla_len when
creating nested attributes. Storing incorrect length due to overflow will cause
a reader to read only a part of nested attribute or skip it entirely.
As a solution cancel the addition of a nested attribute when nla_len size is
exceeded.
Signed-off-by: Przemyslaw Szczerbik <przemek.szczerbik@gmail.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-May/002131.html
|
| |\
| |
| |
| |
| |
| |
| | |
This adds RTEXT_FILTER_VF mask support for SRIOV VFs.
http://lists.infradead.org/pipermail/libnl/2016-May/002115.html
http://lists.infradead.org/pipermail/libnl/2016-May/002123.html
|
| | |
| |
| |
| |
| |
| |
| | |
Instead of setting it twice, once during link_request_update() and
later in bridge_get_af(), pass ext_filter_mask to ao_get_af().
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds RTEXT_FILTER_VF mask support for SRIOV VFs. Since
SRIOV VFs don't have a defined address family (ie bridge), there
are no new address family specific operations defined.
Exposing this mask makes rtnl_link_get_num_vfs() properly return
the number of loaded SRIOV VFs.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-May/002115.html
http://lists.infradead.org/pipermail/libnl/2016-May/002123.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rtnl_neigh_get() function can not be used to look up a fdb entry in the
neigh cache. This is due to that the function searches among destination
addresses (NDA_DST) and not among link layer addresses (NDA_LLADDR), which is
used by fdb entries. A fdb entry can also exist in several vlans, so a vlan id
parameter is also needed to find a unique entry.
This commit adds a function, rtnl_neigh_get_by_vlan() which searches the neigh
cache for a specific neighbour (fdb) entry by interface index, link layer
address and vlan id.
Signed-off-by: Jonas Johansson <jonas.johansson@westermo.se>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-May/002124.html
https://github.com/thom311/libnl/pull/98
|
| |
|
|
|
|
|
| |
Signed-off-by: Jonas Johansson <jonas.johansson@westermo.se>
Signed-off-by: Thomas Haller <thaller@redhat.com>
https://github.com/thom311/libnl/pull/96
|
| |\
| |
| |
| |
| |
| | |
http://lists.infradead.org/pipermail/libnl/2016-February/002086.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Fixes: d715b8a5f6ec8faf205ae77950a1c625440be22f
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also check for NULL link and dereference link before
basic error checking.
Also move the declaration of the @sit member inside
the macro. Obviously, the macro must now always come at
first, after declaring local auto variables.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
First of all, inet_ntop() has no reason to fail (ever). As long
as the input arguments point to valid data and family is not bogus.
But when it fails, we cannot pass a 'struct in6_addr' to "%x"
either, so just don't do that.
Same for printing ip6rd_relay_prefix as AF_INET. If our addr-to-str
method fails, we don't want to come up with something fancy. Otherwise,
we'd just implement a inet_ntop() that does not fail.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
Handle 6RD prefixes from sit linkinfo.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-February/002086.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since kernel support both gre/gretap tunnel, so add support
for gretap appropriately.
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
[thaller@redhat.com: modified original patch to move symbols
in libnl-route-3.sym to proper section]
http://lists.infradead.org/pipermail/libnl/2016-April/002102.html
|
