| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Signed-off-by: Robert Dabrowski <rdabrowski@maxlinear.com>
Co-Authored-By: Kacper Ludwinski <kludwinski@maxlinear.com>
|
| |/
|
|
|
|
|
|
| |
And functions to access some new bridge attributes.
Signed-off-by: Langer Thomas <tlanger@maxlinear.com>
Co-Authored-By: Kacper Ludwinski <kludwinski@maxlinear.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
related to goto label nla_put_failure
Signed-off-by: Langer Thomas <tlanger@maxlinear.com>
Co-Authored-By: Kacper Ludwinski <kludwinski@maxlinear.com>
|
| | |
|
| |\
| |
| |
| | |
https://github.com/thom311/libnl/pull/330
|
| | | |
|
| |/ |
|
| |\
| |
| |
| | |
https://github.com/thom311/libnl/pull/320
|
| | |
| |
| |
| |
| |
| |
| | |
A zero length address is not a valid address in netlink, so we should
not try to send them to the kernel.
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A default route is equivalent to a 0.0.0.0/0 or ::/0 route, so we should
construct the dst as such with a all-zero address.
Since this breaks the assumption that a dst with a 0 address length is a
default route, switch to checking the prefix length being 0, and make
sure that there is an address part that is all-zero.
This ensures we will print the actual dst in case the address is not
zero, or does not exist.
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Allow easy contruction of all-zero addresses by not passing a buf to
copy. Since the object is allocated with calloc, the address data will
default to all-zero, and only the length needs to be set.
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
When calling nl_addr_parse() is called with "any" or "default", the
constructed address will have zero-length address data. This has the
side effect that a comparison with e.g. an address contructed from
"0.0.0.0/0" will fail, since their address has different lengths, even
if they should be equal.
Fix this by allocating an appropriate zeroed address for "any" and
"default", but do not for "none", since "none" implies no address.
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
|
| | |
|
| |
|
|
|
|
| |
Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga@westermo.com>
https://github.com/thom311/libnl/pull/319
|
| |
|
|
| |
https://github.com/thom311/libnl/pull/327
|
| |
|
|
|
|
| |
https://github.com/thom311/libnl/pull/324
Fixes: 5d6e43ebef12 ('lib/route: SRIOV Parse and Read support')
|
| |
|
|
| |
https://github.com/thom311/libnl/pull/325
|
| | |
|
| |
|
|
| |
https://github.com/thom311/libnl/pull/326
|
| | |
|
| |
|
|
|
|
|
| |
Signed-off-by: Magnus Öberg <magnus.oberg@westermo.se>
Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga@gmail.com>
https://github.com/thom311/libnl/pull/317
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The following API has been added:
rtnl_flower_set_ipv4_src
rtnl_flower_get_ipv4_src
rtnl_flower_set_ipv4_dst
rtnl_flower_get_ipv4_dst
Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga@westermo.com>
https://github.com/thom311/libnl/pull/309
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga@westermo.com>
Fixes: ef46de143206 ('route/cls: add flower classifier')
https://github.com/thom311/libnl/pull/316
|
| |\
| |
| |
| | |
https://github.com/thom311/libnl/pull/314
|
| | |
| |
| |
| |
| |
| | |
Based-on-patch-by: Susant Sahani <susant@redhat.com>
https://src.fedoraproject.org/rpms/libnl3/pull-request/4
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
`make check` swallows the output, which is kinda important
to debug a problem. I guess, I could print the log file, but
it seems simpler to just run the test directly.
While at it, run it a few times. It's fast enough, and with
the randomization, it might actually hit a faulty code path.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=2081279
Fixes: b50be8fa869b ('rtnl/route: use cleanup attribute in "lib/route/route_obj.c"')
|
| |
|
|
|
|
|
|
|
| |
The cache ops needs to be included in a cloned link for link methods
to work as expected.
Signed-off-by: Jacques de Laval <Jacques.De.Laval@westermo.com>
https://github.com/thom311/libnl/pull/311
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
valgrind reported this memory leak to me in testing an application that
I'm building:
==1807969== 24 bytes in 1 blocks are definitely lost in loss record 2 of 12
==1807969== at 0x4849464: calloc (vg_replace_malloc.c:1328)
==1807969== by 0x160F2F: nl_addr_alloc (addr.c:184)
==1807969== by 0x160F2F: nl_addr_build (addr.c:215)
==1807969== by 0x15CEF1: xfrmnl_sa_parse (sa.c:693)
==1807969== by 0x18F95D: parse_sa (xfrm_monitor.c:82)
==1807969== by 0x18FC5A: parse_nlmsg (xfrm_monitor.c:170)
==1807969== by 0x18FC5A: xfrm_cb (xfrm_monitor.c:181)
==1807969== by 0x169D21: nl_cb_call (netlink.h:138)
==1807969== by 0x169D21: recvmsgs (nl.c:868)
==1807969== by 0x16A42C: nl_recvmsgs_report (nl.c:1051)
==1807969== by 0x16A42C: nl_recvmsgs (nl.c:1075)
==1807969== by 0x16A42C: nl_recvmsgs_default (nl.c:1089)
==1807969== by 0x18FD6F: monitor_xfrm (xfrm_monitor.c:233)
==1807969== by 0x49D8B19: start_thread (pthread_create.c:443)
==1807969== by 0x4A5C8F3: clone (clone.S:100)
when calling xfrmnl_sa_parse, we accidentally get a refcount of 2 on the
selector source and destination addresses. The nl_addr_build calls for
these addresses set the count to one, and the subsequent calls to
xfrmnl_sel_set_[s|d]addr increase the reference count to two.
One of the references is dropped when we call xfrmnl_sa_put, which calls
down through xfrmnl_sa_free_data->xfrmnl_sel_put->nl_addr_put(), but the
other reference count is leaked, leading to the above leak of both the
saddr and daddr pointers.
Not sure if this is the ideal fix, but it works for me, we just drop
the refrence count incremented by the call to set_[s|d]addr.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
https://github.com/thom311/libnl/pull/312
|
| |\
| |
| |
| | |
https://github.com/thom311/libnl/pull/310
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Error: UNINIT (CWE-457):
libnl-3.6.0/lib/xfrm/ae.c:377: var_decl: Declaring variable "ae_id" without initializer.
libnl-3.6.0/lib/xfrm/ae.c:402: uninit_use_in_call: Using uninitialized value "ae_id". Field "ae_id.flags" is uninitialized when calling "nlmsg_append".
# 400| return -NLE_NOMEM;
# 401|···
# 402|-> if (nlmsg_append(msg, &ae_id, sizeof(ae_id), NLMSG_ALIGNTO) < 0)
# 403| goto nla_put_failure;
# 404|···
Error: UNINIT (CWE-457):
libnl-3.6.0/lib/xfrm/ae.c:377: var_decl: Declaring variable "ae_id" without initializer.
libnl-3.6.0/lib/xfrm/ae.c:402: uninit_use_in_call: Using uninitialized value "ae_id". Field "ae_id.reqid" is uninitialized when calling "nlmsg_append".
# 400| return -NLE_NOMEM;
# 401|···
# 402|-> if (nlmsg_append(msg, &ae_id, sizeof(ae_id), NLMSG_ALIGNTO) < 0)
# 403| goto nla_put_failure;
# 404|···
Error: UNINIT (CWE-457):
libnl-3.6.0/lib/xfrm/ae.c:377: var_decl: Declaring variable "ae_id" without initializer.
libnl-3.6.0/lib/xfrm/ae.c:402: uninit_use_in_call: Using uninitialized value "ae_id". Field "ae_id.saddr" is uninitialized when calling "nlmsg_append".
# 400| return -NLE_NOMEM;
# 401|···
# 402|-> if (nlmsg_append(msg, &ae_id, sizeof(ae_id), NLMSG_ALIGNTO) < 0)
# 403| goto nla_put_failure;
# 404|···
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Error: REVERSE_INULL (CWE-476):
libnl-3.6.0/lib/route/nexthop_encap.c:35: deref_ptr: Directly dereferencing pointer "rtnh_encap->ops".
libnl-3.6.0/lib/route/nexthop_encap.c:37: check_after_deref: Null-checking "rtnh_encap->ops" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
# 35| nh_encap_type2str(rtnh_encap->ops->encap_type));
# 36|···
# 37|-> if (rtnh_encap->ops && rtnh_encap->ops->dump)
# 38| rtnh_encap->ops->dump(rtnh_encap->priv, dp);
# 39| }
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
rtnl_qdisc_mqprio_set_*()
rtnl_qdisc_mqprio_set_priomap() would access the input array prio after
len.
Also these setters did the wrong argument checking (arguably, the caller
is not supposed to provide an invalid argument, so that part is less
severe).
Coverity:
Error: OVERRUN (CWE-119):
libnl-3.6.0/lib/route/qdisc/mqprio.c:363: cond_at_most: Checking "len / 2UL > 16UL" implies that "len" may be up to 33 on the false branch.
libnl-3.6.0/lib/route/qdisc/mqprio.c:366: overrun-buffer-arg: Overrunning array "mqprio->qm_count" of 32 bytes by passing it to a function which accesses it at byte offset 65 using argument "len * 2UL" (which evaluates to 66). [Note: The source code implementation of the function has been overridden by a builtin model.]
# 364| return -NLE_RANGE;
# 365|···
# 366|-> memcpy(mqprio->qm_count, count, len * sizeof(uint16_t));
# 367| memcpy(mqprio->qm_offset, offset, len * sizeof(uint16_t));
# 368| mqprio->qm_mask |= SCH_MQPRIO_ATTR_QUEUE;
Error: OVERRUN (CWE-119):
libnl-3.6.0/lib/route/qdisc/mqprio.c:363: cond_at_most: Checking "len / 2UL > 16UL" implies that "len" may be up to 33 on the false branch.
libnl-3.6.0/lib/route/qdisc/mqprio.c:367: overrun-buffer-arg: Overrunning array "mqprio->qm_offset" of 32 bytes by passing it to a function which accesses it at byte offset 65 using argument "len * 2UL" (which evaluates to 66). [Note: The source code implementation of the function has been overridden by a builtin model.]
# 365|···
# 366| memcpy(mqprio->qm_count, count, len * sizeof(uint16_t));
# 367|-> memcpy(mqprio->qm_offset, offset, len * sizeof(uint16_t));
# 368| mqprio->qm_mask |= SCH_MQPRIO_ATTR_QUEUE;
# 369|···
Error: OVERRUN (CWE-119):
libnl-3.6.0/lib/route/qdisc/mqprio.c:496: cond_at_most: Checking "len / 8UL > 16UL" implies that "len" may be up to 135 on the false branch.
libnl-3.6.0/lib/route/qdisc/mqprio.c:499: overrun-buffer-arg: Overrunning array "mqprio->qm_min_rate" of 128 bytes by passing it to a function which accesses it at byte offset 1079 using argument "len * 8UL" (which evaluates to 1080). [Note: The source code implementation of the function has been overridden by a builtin model.]
# 497| return -NLE_RANGE;
# 498|···
# 499|-> memcpy(mqprio->qm_min_rate, min, len * sizeof(uint64_t));
# 500| mqprio->qm_mask |= SCH_MQPRIO_ATTR_MIN_RATE;
# 501|···
Error: OVERRUN (CWE-119):
libnl-3.6.0/lib/route/qdisc/mqprio.c:545: cond_at_most: Checking "len / 8UL > 16UL" implies that "len" may be up to 135 on the false branch.
libnl-3.6.0/lib/route/qdisc/mqprio.c:548: overrun-buffer-arg: Overrunning array "mqprio->qm_max_rate" of 128 bytes by passing it to a function which accesses it at byte offset 1079 using argument "len * 8UL" (which evaluates to 1080). [Note: The source code implementation of the function has been overridden by a builtin model.]
# 546| return -NLE_RANGE;
# 547|···
# 548|-> memcpy(mqprio->qm_max_rate, max, len * sizeof(uint64_t));
# 549| mqprio->qm_mask |= SCH_MQPRIO_ATTR_MAX_RATE;
# 550|···
Fixes: 25cf1d39eded ('route:qdisc: add MQPRIO Qdisc'
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Coverity:
Error: OVERRUN (CWE-119):
libnl-3.6.0/lib/route/link/sriov.c:653: overrun-buffer-arg: Overrunning array "stb" of 6 8-byte elements by passing it to a function which accesses it at element index 8 (byte offset 71) u
# 651|···
# 652| if (t[IFLA_VF_STATS]) {
# 653|-> err = nla_parse_nested(stb, IFLA_VF_STATS_MAX,
# 654| t[IFLA_VF_STATS],
# 655| sriov_stats_policy);
Fixes: 5d6e43ebef12 ('lib/route: SRIOV Parse and Read support')
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Coverity thinks that we can bitshift by a negative number:
Error: BAD_SHIFT (CWE-682):
libnl-3.6.0/lib/socket.c:69: return_constant: Function call "time(NULL)" may return -1.
libnl-3.6.0/lib/socket.c:69: assignment: Assigning: "t" = "time(NULL)". The value of "t" is now 4294967295.
libnl-3.6.0/lib/socket.c:73: assignment: Assigning: "idx_state" = "t ^ (t >> 16) ^ 0x3047U". The value of "idx_state" is now 12359.
libnl-3.6.0/lib/socket.c:78: assignment: Assigning: "n" = "idx_state". The value of "n" is now -53177.
libnl-3.6.0/lib/socket.c:94: assignment: Assigning: "n" = "(n + 13) % 32". The value of "n" is now -12.
libnl-3.6.0/lib/socket.c:95: negative_shift: In expression "used_ports_map[i] >> n", shifting by a negative amount has undefined behavior. The shift amount, "n", is -12.
# 93| for (m = 0; m < 32; m++) {
# 94| n = (n + 13) % 32;
# 95|-> if (1UL & (used_ports_map[i] >> n))
# 96| continue;
# 97|···
Error: BAD_SHIFT (CWE-682):
libnl-3.6.0/lib/socket.c:69: return_constant: Function call "time(NULL)" may return -1.
libnl-3.6.0/lib/socket.c:69: assignment: Assigning: "t" = "time(NULL)". The value of "t" is now 4294967295.
libnl-3.6.0/lib/socket.c:73: assignment: Assigning: "idx_state" = "t ^ (t >> 16) ^ 0x3047U". The value of "idx_state" is now 12359.
libnl-3.6.0/lib/socket.c:78: assignment: Assigning: "n" = "idx_state". The value of "n" is now -53177.
libnl-3.6.0/lib/socket.c:94: assignment: Assigning: "n" = "(n + 13) % 32". The value of "n" is now -12.
libnl-3.6.0/lib/socket.c:98: negative_shift: In expression "1UL << n", shifting by a negative amount has undefined behavior. The shift amount, "n", is -12.
# 96| continue;
# 97|···
# 98|-> used_ports_map[i] |= (1UL << n);
# 99| n += (i * 32);
# 100|···
I don't see how that can happen. "n" was type int (32 bit, in practice),
but was initialized from an uint16_t (idx_state). Thus the number is positive
and small. Then we keep adding small numbers and modulo 32.
Anyway, try to silence the warning by using unsigned.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While at it, avoid global variables.
Coverity also warned at this place, though the warning from
coverity was bogus:
Error: STRING_OVERFLOW (CWE-120):
libnl-3.6.0/src/nl-pktloc-lookup.c:72: fixed_size_dest: You might overrun the 16-character fixed-size string "buf" by copying "align_txt[loc->align]" without checking the length.
# 70|···
# 71| if (loc->align <= 4)
# 72|-> strcpy(buf, align_txt[loc->align]);
# 73| else
# 74| snprintf(buf, sizeof(buf), "%u", loc->align);
|
