summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * nflog: add mac_header supportMichael Braun2022-03-094-2/+119
| | | | | | | | Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
| * nflog: add vlan attributeMichael Braun2022-03-094-0/+103
| | | | | | | | | | | | | | Signed-off-by: Michael Braun <michael-dev@fami-braun.de> -- v2: use new kernel api like for nfqueue
| * refresh linux/netfilter/nfnetlink_log.h with linux 5.4Michael Braun2022-03-091-0/+11
|/ | | | Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* route/link: Add IPv6 GRE supportScott Parlane2022-03-095-0/+997
| | | | | | | This patch adds support for IPv6 GRE tunneling that uses the ip6_gre kernel module. https://github.com/thom311/libnl/pull/255
* route: add global sectin in "libnl-route-3.sym"Thomas Haller2022-03-091-0/+1
|
* neigh: support to add fdb entrywangli092022-03-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | rtnl_neigh.n_family should be set as AF_BRIDGE when we want to add a fdb entry, but the func build_neigh_msg does not allow dst addr to be put at that time. Here is the example: struct rtnl_neigh *neigh = rtnl_neigh_alloc(); struct nl_addr *mac = nl_addr_build(AF_LLC, eth, ETH_ALEN); struct nl_addr *dst = nl_addr_build(AF_INET, addr, 4); rtnl_neigh_set_ifindex(neigh, rtnl_link_get_ifindex(vxlan_link)); rtnl_neigh_set_state(neigh, NUD_NOARP | NUD_PERMANENT); rtnl_neigh_set_lladdr(neigh, mac); rtnl_neigh_set_flags(neigh, NTF_SELF); rtnl_neigh_set_dst(neigh, dst); rtnl_neigh_set_family(neigh, AF_BRIDGE); rtnl_neigh_add(sk, neigh, NLM_F_CREATE); Then command "bridge fdb show" will print out the fdb entry: 02:68:60:19:6b:a4 dev flannel.1 dst 10.40.252.12 self permanent Signed-off-by: huangxuesen <huangxuesen@kuaishou.com> Signed-off-by: wangli09 <wangli09@kuaishou.com> https://github.com/thom311/libnl/pull/260
* cls:u32: fix u32_clone() functionMagnus Öberg2022-03-041-12/+77
| | | | | | | | | | | | | | | | Spit the function into 2 parts: - where first being responsible for memory allocation/cloning - and second for populating the destination object Make proper cloning of 'action' attribute. For now, only the first action in chain is included in the clone. Signed-off-by: Magnus Öberg <magnus.oberg@westermo.se> Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga@westermo.se> [thaller@redhat.com: fix using the correct cleanup macros] https://github.com/thom311/libnl/pull/245
* route:tc: fix rtnl_tc_clone() calling to_clone() and add commentThomas Haller2022-03-041-10/+8
| | | | | | | | | | | | | | | | | | | | | rtnl_tc_data() allocates a data if necessary (or ENOMEM). So the code void *a = rtnl_tc_data(dst), *b = rtnl_tc_data(src); if (!a) return 0; else if (!b) return -NLE_NOMEM; is not right. It also means, rtnl_tc_clone() will always add the data pointers if the previously doesn't exist. In particular, it means that clone modifies "src", and that "dst" will always have an allocated pointer afterwards. Fix that. Also, add a comment about the subtleties for how to_clone() must fix the aliased pointers. Otherwise, we will crash. All implementations actually got this wrong earlier, and it only worked if they didn't encounter ENOMEM.
* route:cls: fix dangling pointers in to_clone() implementationsThomas Haller2022-03-044-1/+14
| | | | | | | | | | | rtnl_tc_clone() first does a shallow-copy (nl_data_clone()), and then calls the to_clone() implementation. We need the shallow-copy, because we want that by default all simple fields get cloned automatically. But it means, we *must* take care of all pointers in the to_clone() implementation, and must never return without fixing them. Otherwise we will do a double free. An early "return -NLE_NOMEM;" leaves the pointer unchanged, and two objects own the same data (double free and use-after-free says hello).
* route:act: drop unnecessary implementations for to_clone()Thomas Haller2022-03-044-36/+4
| | | | | Of the struct has no pointers that require a deep copy, there is no need to implement to_clone().
* tests: add test for cloning cls:u32 objectThomas Haller2022-03-041-4/+50
|
* github: run unit tests under valgrindThomas Haller2022-03-041-1/+9
|
* tests: cleanup tests and avoid leaksThomas Haller2022-03-041-12/+10
| | | | | | | It's important to have no leaks in tests. Otherwise, we cannot distinguish irrelevant leaks from actual bugs in valgrind. Do some cleanup.
* lib: add more _nl_auto* cleanup macrosThomas Haller2022-03-041-10/+32
|
* tests: replace libcheck's fail_if() macro by ck_assert*()Thomas Haller2022-03-043-25/+21
| | | | | | fail_if() is deprecated. See also commit 3d1fb006c859 ('tests/check-addr: replace deprecated fail_if() macro from libcheck with ck_assert_msg()').
* log: fix typo in dumping msgMichael Braun2022-03-041-1/+1
| | | | | | | | This fixes an incorrect output. Signed-off-by: Michael Braun <michael-dev@fami-braun.de> https://github.com/thom311/libnl/pull/250
* route: fix memory leak of l_info_ops in link_msg_parser()Finikssky2022-03-041-0/+3
| | | | | | [thaller@redhat.com: whitespace fix] https://github.com/thom311/libnl/pull/254
* route: merge branch 'qbdwlr:mplsPR'Thomas Haller2022-03-044-13/+33
|\ | | | | | | | | | | Upstream SONiC MPLS changes to libnl3. https://github.com/thom311/libnl/pull/284
| * route: add accessors for setting/getting ENCAP_MPLS attributesAnn Pokora2022-03-043-1/+33
| | | | | | | | | | [thaller@redhat.com: split original patch, reword commit message and fix symbols in "libnl-route-3.sym"]
| * route: remove incorrect nl_addr_valid() from rtnl_route_nh_set_newdst(), etc.Ann Pokora2022-03-042-12/+0
|/ | | | | | | | | | | | | | | | | | nl_addr_valid() expects an address family as argument, not the length. It also expects an address in string form, not in binary. Those checks were wrong. Also, it seems not necessary to validate the argument, purely based on some criteria of the argument alone. Just set the provided address. Drop those checks. This is relevant for NEWDST and ENCAP_MPLS DST processing. Fixes: 760d74f99c88 ('route: Add support for MPLS encap') Fixes: 0a6d27ce90a1 ('route: Add support for MPLS address family') [thaller@redhat.com: split original patch and rewrite commit message].
* netfilter/ct: fix use of reply/orig for conntrack requestsAnisse Astier2022-03-041-6/+10
| | | | | | https://github.com/thom311/libnl/issues/281 https://github.com/thom311/libnl/pull/282
* route: don't use internal bit mask constants in NLA_PUT in can_put_attrs()Anders Piniesjö2022-03-041-7/+7
| | | | | | | | [thaller@redhat.com: split original patch and rewrite commit message] Fixes: 5251188673e4 ('link: basic socket-CAN support') https://github.com/thom311/libnl/pull/274
* lib: fix descriptions for nl_cache_pickup()/nl_cache_pickup_checkdup()t0mmmy902022-03-041-5/+5
| | | | | | [thaller@redhat.com: picked partial patch and rewrite commit message] https://github.com/thom311/libnl/pull/277
* route: merge branch ↵Thomas Haller2022-03-041-0/+10
|\ | | | | | | | | | | 't0mmmy90:check-if-nh-exists-while-updating-ipv6-multipath-route' https://github.com/thom311/libnl/pull/290
| * route: fix duplicate check for next hop for IPv6 multipath routesThomas Haller2022-03-041-1/+2
| | | | | | | | | | | | The check is right, that we skip adding the next hop if it already exists. However, we must not return a failure. Instead, we need to return success, that the old object is already good.
| * route: check if nh exists while updating routet0mmmy902022-03-041-0/+9
|/
* ci: add github-actionsThomas Haller2022-03-033-30/+27
| | | | and drop the defunct travis.
* tests/check-addr: replace deprecated fail_if() macro from libcheck with ↵Thomas Haller2022-03-031-40/+40
| | | | | | | | | ck_assert_msg() fail_if() is long deprecated. Worse, it triggers a "-Wformat-extra-args" warning due to a trailing NULL. See [1]. [1] https://github.com/libcheck/check/commit/82540c5428d3818b64d6a8aefb601e722520651f
* xfrm: fix naming consistency in xfrmnl_sp_get_curlifetime()Balaji Marisetti2022-03-031-6/+6
| | | | | | Trivial name change for consistency. https://github.com/thom311/libnl/pull/276
* cli: Add C++ linkage supportLevend Sayar2022-03-0311-0/+87
| | | | https://github.com/thom311/libnl/pull/291
* yyerror: update to POSIX standardheitbaum2022-03-032-0/+2
| | | | | | | | | | | | | | | | | | To comply with the latest POSIX standard, in Yacc compatibility mode (options `-y`/`--yacc`) Bison now generates prototypes for yyerror and yylex. In some situations, this is breaking compatibility: if the user has already declared these functions but with some differences (e.g., to declare them as static, or to use specific attributes), the generated parser will fail to compile. To disable these prototypes, #define yyerror (to `yyerror`), and likewise for yylex. refer: https://git.savannah.gnu.org/cgit/bison.git/tree/NEWS GNU Bison 3.8 https://github.com/thom311/libnl/issues/294 https://github.com/thom311/libnl/pull/295
* xfrm: merge branch 'spellingmistake:master'Thomas Haller2022-03-034-0/+101
|\ | | | | | | https://github.com/thom311/libnl/pull/296
| * xfrm: fix libnl-xfrm-3.sym linker versioningThomas Haller2022-03-031-2/+5
| | | | | | | | | | Sections with already released API must not be modified or extended. A new section must be added for each release.
| * xfrm: ensure minlen in policy for XFRMA_OFFLOAD_DEVThomas Haller2022-03-031-0/+1
| | | | | | | | | | | | Otherwise, we cannot just access the netlink attribute and be sure it has the right size. Add the length to the policy, so it gets validated.
| * xfrm: Add support for xfrm user offloadingThomas Egerer2022-03-034-0/+97
|/ | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* Supporting Hardware offload capability for MACsecJohan Alexis Duque Cadena2022-03-034-1/+50
| | | | | | [thaller@redhat.com: adjust libnl-route-3.sym file] https://github.com/thom311/libnl/pull/300
* route/link: check calloc() return valueBeniamino Galvani2022-03-031-0/+4
| | | | https://github.com/thom311/libnl/pull/292
* zero stack allocated memory in xfrmnl_build_sa_delete_requestNeil Horman2022-03-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running valgrind on an application that uses xfrmnl_build_sa_delete_request, it reports the following error: ==783216== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) ==783216== at 0x4DF771D: sendmsg (in /usr/lib64/libpthread-2.33.so) ==783216== by 0x48627D9: nl_sendmsg (nl.c:336) ==783216== by 0x4862993: nl_send_iovec (nl.c:401) ==783216== by 0x48629F9: nl_send (nl.c:453) ==783216== by 0x48629F9: nl_send (nl.c:441) ==783216== by 0x4931B89: xfrmnl_sa_delete (sa.c:1379) ==783216== by 0x40A390: delete_associated_state (net-api.c:88) ==783216== by 0x40C191: del_tunnel (net-api.c:883) ==783216== by 0x414EB0: net_api_test_tunnel (net-api_test.c:181) ==783216== by 0x4DD763A: ??? (in /usr/lib64/libcunit.so.1.0.1) ==783216== by 0x4DD79C0: ??? (in /usr/lib64/libcunit.so.1.0.1) ==783216== by 0x4DD8966: CU_run_all_tests (in /usr/lib64/libcunit.so.1.0.1) ==783216== by 0x422E13: RunAllTests (test.c:87) ==783216== by 0x422FA9: main (test.c:150) ==783216== Address 0x5217394 is 20 bytes inside a block of size 4,096 alloc'd ==783216== at 0x4845464: calloc (vg_replace_malloc.c:1117) ==783216== by 0x4860CF5: __nlmsg_alloc (msg.c:269) ==783216== by 0x4860FFE: nlmsg_inherit (msg.c:321) ==783216== by 0x4861091: nlmsg_alloc_simple (msg.c:352) ==783216== by 0x4931AA5: build_xfrm_sa_delete_message (sa.c:1340) ==783216== by 0x4931AA5: xfrmnl_sa_build_delete_request (sa.c:1367) ==783216== by 0x4931B58: xfrmnl_sa_delete (sa.c:1375) ==783216== by 0x40A390: delete_associated_state (net-api.c:88) ==783216== by 0x40C191: del_tunnel (net-api.c:883) ==783216== by 0x414EB0: net_api_test_tunnel (net-api_test.c:181) ==783216== by 0x4DD763A: ??? (in /usr/lib64/libcunit.so.1.0.1) ==783216== by 0x4DD79C0: ??? (in /usr/lib64/libcunit.so.1.0.1) ==783216== by 0x4DD8966: CU_run_all_tests (in /usr/lib64/libcunit.so.1.0.1) ==783216== by 0x422E13: RunAllTests (test.c:87) ==783216== by 0x422FA9: main (test.c:150) ==783216== Uninitialised value was created by a stack allocation ==783216== at 0x492DA10: ??? (in /home/nhorman/git/privafy/microedge-c/external_libs/install/lib/libnl-xfrm-3.so.200.26.0) It occurs because the sa_id value thats allocated on the stack isn't completely initalized (if you're using ipv4, the daddr winds up with garbage in the extra bytes). Its not critical, but it would be nice to avoid sending that garbage into the kernel, and it would silence the valgrind error. Easy fix, just memset the sa_id before copying it into the nlmsg. Signed-off-by: Neil Horman <nhorman@gmail.com> https://github.com/thom311/libnl/pull/297
* merge branch 'bengal/coverity'Beniamino Galvani2021-06-283-20/+16
|\ | | | | | | https://github.com/thom311/libnl/pull/283
| * route/qdisc: handle error of calloc()Beniamino Galvani2021-06-161-3/+6
| |
| * route/qdisc: fix memory leak in netem.cBeniamino Galvani2021-06-161-6/+4
| | | | | | | | | | 'data' was leaked when returning -NLE_INVAL. Fix this by using the cleanup attribute.
| * route/link: fix copy-paste error in geneve.cBeniamino Galvani2021-06-161-1/+1
| |
| * route/cls: fix cgroup's clone() functionBeniamino Galvani2021-06-161-10/+5
|/ | | | | | The destination object doesn't have to be allocated because it's passed as _dst argument. Also, the function doesn't have to copy plain fields.
* route: let route/link join RTNLGRP_IPV6_IFINFO mcast groupReto Buerki2020-12-251-0/+1
| | | | | | | | Required to be notified about inet6 managed/otherconf flag changes, see occurrences of inet6_ifinfo_notify in net/ipv6/ndisc.c of the Linux kernel. https://github.com/thom311/libnl/pull/264
* doc: update link to mscgen-filterratijas2020-12-251-1/+1
| | | | https://github.com/thom311/libnl/pull/266
* addr: merge branch 'lcrestez-dn:dadfailed'Thomas Haller2020-12-252-0/+17
|\ | | | | | | https://github.com/thom311/libnl/pull/267
| * tests: Add test for rtnl_addr_flags2strLeonard Crestez2020-12-141-0/+16
| | | | | | | | Signed-off-by: Leonard Crestez <cdleonard@gmail.com>
| * addr: Add address flag `dadfailed`Leonard Crestez2020-12-031-0/+1
|/ | | | | | | This has been defined in linux for a long time but libnl does not show it. Signed-off-by: Leonard Crestez <cdleonard@gmail.com>
* xfrm: remove superfluous xfrm_userpolicy_id from dump requestThomas Egerer2020-04-211-5/+1
| | | | | | | | | | Analogous to the dump request for states this data structure is unnecessary for policy dumps, too. Unlike with states it does however not create an error message. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> https://github.com/thom311/libnl/pull/249
* lib/trivial: whitespaceThomas Haller2020-04-171-17/+17
|
generated by cgit v0.12 at 2025-04-24 10:13:00 (GMT)