| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Fix the capability numbers for the next few releases already. While not
yet in use, the number is reserved and stable.
|
| |
|
|
|
|
|
|
|
|
|
| |
Otherwise, whether libnl-3.so exports nl_debug_dp depends on NL_DEBUG.
That is ugly. It also breaks the linker checking the symbol versioning
file with the "--no-undefined-version" flag.
Instead, always define it. It's small anyway.
Reported-by: lch361 <lch361@skiff.com>
See-also: https://github.com/thom311/libnl/pull/375
|
| |
|
|
|
|
|
|
|
|
| |
Checking conditional defines with #ifdef is error prone because we don't
get a compiler warning when the define wrongly is missing.
Instead, always define it to either 0 or 1.
The benefit is also that now we can use NL_DEBUG in C (not only in the
preprocessor).
|
| | |
|
| | |
|
| |
|
|
| |
Avoid non-threadsafe libc API.
|
| | |
|
| |
|
|
|
|
| |
As we now copy all linux headers, and we have include/linux-private
in our include search path, just include the linux headers as we commonly
do.
|
| | |
|
| |
|
|
|
|
|
| |
We have copies of the linux headers in include/linux-private.
For those files, include the copies explicitly.
No practice there is no difference, since we build with :-Ilinux-private".
|
| | |
|
| | |
|
| |
|
|
|
| |
Move all the declarations from "netlink-private/types.h" to places
closer to where they are used.
|
| |
|
|
|
|
|
|
|
|
| |
"base/nl-base-utils.h" (formerly "netlink-private/utils.h") contains
no libnl3 specific references, just a bunch of C helpers.
It's also a header-only "library", so it can be freely used by all our
C-code.
Move it to a separate directory, to make that clear.
|
| |
|
|
|
| |
We should have things with "nl" prefix in our headers. Also, netlink-private/netlink.h
is not header-only, preferably header-only stuff is in netlink-private/utils.h
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nl_object_identical() gets the ID attributes and then checks whether
these attributes are identical for both objects, by calling the compare
implementation.
If an object doesn't have all ID attributes set, previously there was no
way that this object would compare identical to anything.
That seems not right. For example, kernel has for many objects a rather
fuzzy understanding of what constitutes the ID attributes of an object.
For routes and routing rules for example, most attributes are part of
their ID, but also most of them are commonly missing and unset (note
that libnl3's understanding of about equality for routes is not correct
and does not correspond to kernels understanding. That is a known bug).
Anyway, such incomplete objects, if we have them at hand, we still shall
give them a chance to be evaluated as identical. Of course, and object
that has a certain ID attribute set must not compare identical to an
object that has the attribute missing. But if both objects miss the
attribute, they shall still be able to compare identical.
While at it, use uint64_t for the attribute mask. That corresponds to
the object's ce_mask and the API of oo_compare().
Note that if the object's ops would return id-attributes as 0xFFFFFFFF,
it previously would choose the intersection of the present attributes.
That is not correct either. If the ops don't specify any attributes,
then all present attributes shall be compared, not those that are
present in both.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also fixes a few wrong SPDX license identifiers, where the original
license comment indicates GPL-2.0-only.
This is not done manually, but by running the following script:
---
#!/bin/bash
# Tool to drop license comments, adding SPDX license identifiers, while preserving
# copyright comments. The point is not to manually do this task, but perform some
# hacked up string replacement.
_cp() {
/bin/cp "$@"
}
_cat() {
/bin/cat "$@"
}
in_file() {
local T=$(mktemp)
_cp -f "$1" "$T"
_cat "$T"
rm -f "$T"
}
out_file() {
local T=$(mktemp)
_cat - > "$T"
_cp -f "$T" "$1"
rm -f "$T"
}
join() {
_cat "$@" | awk '{ printf("%s#x#", $0)}'
}
unjoin() {
_cat - | sed 's/#x#/\n/g'
}
files_all() {
git ls-files |
grep -v '\.png$' |
grep -v '^include/linux-private/'
}
adjust() {
NEWLINES='\(#x#\)\+'
COPYRIGHTS='\(\( \* Copyright (c) 20..\(-20..\|, 20..\)\? [^#]\+#x#\)\+\( \*#x# \* \(Stolen[^#]*\|Based on [^#]*\)#x#\)\?\)'
_cat - |
\
sed '1s%^\(/\* SPDX-License-Identifier: LGPL-2.1-only \*/\|\)#x#/\*#x# \* [^#]*#x# \*#x# \*[ ]\+This library is free software; you can redistribute it and/or#x# \*[ ]\+modify it under the terms of the GNU Lesser General Public#x# \*[ ]\+License as published by the Free Software Foundation version 2.1#x# \*[ ]\+of the License.#x# \*#x#'"$COPYRIGHTS"' \*/'"$NEWLINES"'%/\* SPDX-License-Identifier: LGPL-2.1-only \*/#x#/*#x#\2 */#x##x#%' |
\
sed '1s%^/\*#x# \* [^#]*#x# \*#x# \*[ ]\+This library is free software; you can redistribute it and/or#x# \*[ ]\+modify it under the terms of the GNU Lesser General Public#x# \*[ ]\+License as published by the Free Software Foundation version 2.1#x# \*[ ]\+of the License.#x# \*/'"$NEWLINES"'%/\* SPDX-License-Identifier: LGPL-2.1-only \*/#x##x#%' |
\
sed '1s%^\(\)/\*#x# \* [^#]*#x# \*#x# \*[ ]\+This library is free software; you can redistribute it and/or#x# \*[ ]\+modify it under the terms of the GNU Lesser General Public#x# \*[ ]\+License as published by the Free Software Foundation version 2.1#x# \*[ ]\+of the License.#x# \*#x#'"$COPYRIGHTS"' \*/'"$NEWLINES"'%/\* SPDX-License-Identifier: LGPL-2.1-only \*/#x#/*#x#\2 */#x##x#%' |
\
sed '1s%^\(/\* SPDX-License-Identifier: LGPL-2.1-only \*/\|\)#x#/\*#x# \* [^#]*#x# \*#x# \*[ ]\+This library is free software; you can redistribute it and/or#x# \*[ ]\+modify it under the terms of the GNU General Public License as#x# \*[ ]\+published by the Free Software Foundation version 2 of the License.#x# \*#x#'"$COPYRIGHTS"' \*/'"$NEWLINES"'%/\* SPDX-License-Identifier: GPL-2.0-only \*/#x#/*#x#\2 */#x##x#%'
}
FILES=( $(files_all) )
for f in "${FILES[@]}"; do
echo "processing \"$f\"..."
in_file "$f" | join | adjust | unjoin | out_file "$f"
done
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There wasn't really a bug previously, but it's ugly and raises
questions about the correct use of strncpy().
For example,
void genl_family_set_name(struct genl_family *family, const char *name)
{
strncpy(family->gf_name, name, GENL_NAMSIZ-1);
was in fact correct, because family->gf_name will (presumably) always have a NUL
character as last position.
Still use _nl_strncpy*() wrappers, to avoid raising such questions.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Software Package Data Exchange identifiers help to detect source file
licenses and hence simplify the FOSS compliance process.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
https://github.com/thom311/libnl/pull/219
---
FILES=(
lib/addr.c
lib/attr.c
lib/cache.c
lib/cache_mngr.c
lib/cache_mngt.c
lib/data.c
lib/error.c
lib/fib_lookup/lookup.c
lib/fib_lookup/request.c
lib/genl/ctrl.c
lib/genl/family.c
lib/genl/genl.c
lib/genl/mngt.c
lib/handlers.c
lib/hash.c
lib/hashtable.c
lib/idiag/idiag.c
lib/idiag/idiag_meminfo_obj.c
lib/idiag/idiag_msg_obj.c
lib/idiag/idiag_req_obj.c
lib/idiag/idiag_vegasinfo_obj.c
lib/mpls.c
lib/msg.c
lib/netfilter/ct.c
lib/netfilter/ct_obj.c
lib/netfilter/exp.c
lib/netfilter/exp_obj.c
lib/netfilter/log.c
lib/netfilter/log_msg.c
lib/netfilter/log_msg_obj.c
lib/netfilter/log_obj.c
lib/netfilter/netfilter.c
lib/netfilter/nfnl.c
lib/netfilter/queue.c
lib/netfilter/queue_msg.c
lib/netfilter/queue_msg_obj.c
lib/netfilter/queue_obj.c
lib/nl.c
lib/object.c
lib/route/act.c
lib/route/addr.c
lib/route/class.c
lib/route/classid.c
lib/route/cls.c
lib/route/link.c
lib/route/neigh.c
lib/route/neightbl.c
lib/route/netconf.c
lib/route/nexthop.c
lib/route/nexthop_encap.c
lib/route/nh_encap_mpls.c
lib/route/pktloc.c
lib/route/qdisc.c
lib/route/route.c
lib/route/route_obj.c
lib/route/route_utils.c
lib/route/rtnl.c
lib/route/rule.c
lib/route/tc.c
lib/socket.c
lib/utils.c
lib/version.c
lib/xfrm/ae.c
lib/xfrm/lifetime.c
lib/xfrm/sa.c
lib/xfrm/selector.c
lib/xfrm/sp.c
lib/xfrm/template.c
src/genl-ctrl-list.c
src/idiag-socket-details.c
src/lib/addr.c
src/lib/class.c
src/lib/cls.c
src/lib/ct.c
src/lib/exp.c
src/lib/link.c
src/lib/neigh.c
src/lib/qdisc.c
src/lib/route.c
src/lib/rule.c
src/lib/tc.c
src/lib/utils.c
src/nf-ct-add.c
src/nf-ct-events.c
src/nf-ct-list.c
src/nf-exp-add.c
src/nf-exp-delete.c
src/nf-exp-list.c
src/nf-log.c
src/nf-monitor.c
src/nf-queue.c
src/nl-addr-add.c
src/nl-addr-delete.c
src/nl-addr-list.c
src/nl-class-add.c
src/nl-class-delete.c
src/nl-class-list.c
src/nl-classid-lookup.c
src/nl-cls-add.c
src/nl-cls-delete.c
src/nl-cls-list.c
src/nl-fib-lookup.c
src/nl-link-enslave.c
src/nl-link-ifindex2name.c
src/nl-link-list.c
src/nl-link-name2ifindex.c
src/nl-link-release.c
src/nl-link-set.c
src/nl-link-stats.c
src/nl-list-caches.c
src/nl-list-sockets.c
src/nl-monitor.c
src/nl-neigh-add.c
src/nl-neigh-delete.c
src/nl-neigh-list.c
src/nl-neightbl-list.c
src/nl-pktloc-lookup.c
src/nl-qdisc-add.c
src/nl-qdisc-delete.c
src/nl-qdisc-list.c
src/nl-route-add.c
src/nl-route-delete.c
src/nl-route-get.c
src/nl-route-list.c
src/nl-rule-list.c
src/nl-tctree-list.c
src/nl-util-addr.c
)
sed '1s#^#/* SPDX-License-Identifier: LGPL-2.1-only */\n#' "${FILES[@]}" -i
|
| |
|
|
|
|
|
| |
rtnl_link_vlan_set_egress_map()
Without this fix/capablity, adding more then 4 mappings in
rtnl_link_vlan_set_egress_map() overflows the heap.
|
| |
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
uClibc doesn't implement strerror_l() and thus libnl starting from
3.2.29 couldn't be compiled with it any longer.
To work-around that problem we'll just do a check on strerror_l()
availability during configuration and if it's not there just fall back
to locale-less strerror().
See-also: 6c2d111177e91184073c44f83d4a6182aaba06d7
http://lists.infradead.org/pipermail/libnl/2017-March/002301.html
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The previous API of xfrmnl_sp_get_sec_ctx() is totally broken,
as it requires all out-arguments to be set. The user can thus
not know how large the ctx_str buffer must be.
Fix the API by allowing all arguments to be optional. Thus,
a user can first query the size only, and then in a second
step query the ctx_str. Previous version are broken.
|
| |
|
|
|
|
|
|
|
|
| |
Add O_CLOEXEC to various fopen() calls. This avoids file descriptors
leaking across an exec() boundary in a multi-threaded program. Please
see "man 2 open" for additional information about O_CLOEXEC.
Signed-off-by: Nick Kralevich <nnk@google.com>
https://github.com/thom311/libnl/pull/128
|
| |
|
|
|
|
|
|
|
| |
Let's add a mutex to get_psched_settings() hoping to solve worst
case scenarios when calling get_psched_settings() from multiple
threads.
Also, only read the environment variables once, who knows whether
they are modified concurrently.
|
| |
|
|
| |
nl_us2ticks()/nl_ticks2us()
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than initializing user_hz and psched_hz when libnl is loaded,
defer initialization of these variables to the first time they are used.
This has several advantages:
1) Avoids an unnecessary permission denied error on /proc/net/psched,
which can occur on systems where /proc/net isn't readable due to
security policy.
2) Allows program code to initialize the environment variables
PROC_NET_PSCHED and/or PROC_ROOT prior to the first libnl call, giving a
program more flexibility about where libnl should look.
3) Trivially faster startup time (although unlikely to be significant).
4) Compiler may be able to prove that the get_psched_settings() function
is unreachable and optimize appropriately, because the callers never
(directly or indirectly) use this method. This could occur, for
instance, in doing dead code elimination for programs which statically
link libnl.
Signed-off-by: Nick Kralevich <nnk@google.com>
https://github.com/thom311/libnl/pull/123
|
| |
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The MSG_PEEK API of recvmsg() should be avoid because it requires an additional
syscall. But worse is to choose a too small buffer size and failing to receive
the message.
A user who is aware of the issue can avoid MSG_PEEK by either
nl_socket_disable_msg_peek()/nl_socket_enable_msg_peek() or by setting
a buffer size via nl_socket_set_msg_buf_size().
By default however we now use MSG_PEEK. This is more important since commit
90c6ebec9bd7a where the link dump request can be rather large.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
| |
For the add-request, we should set ifi_change flags together with the
ifi_flags. A similar thing is done by rtnl_link_build_change_request()
in commit 34ccb7210f1238f89229c117dc3d28cea7ae00bb.
https://github.com/thom311/libnl/issues/111
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The data structure of choice when adding/processing a security context
for xfrm is struct xfrm(nl)_user_sec_ctx. The previous code did however
use the (also exported) struct xfrm(nl)_sec_ctx. While sizeof(struct
xfrm(nl)_*sec_ctx) yields the same result, the interpretation of one of
the data structures as the other one messes up the contents.
With this fix, the wrong data structure has been replaced with the
correct one. Also -- since the size of the context string is not known
-- one can now call xfrmnl_sa_get_sec_ctx with ctx_str being NULL, thus
retrieving the length of the context string.
A new capability has been introduced, to test whether libnl3 supports
the modified semantics of this function.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libnl currently uses strerror_r() throughout, but this is
problematic because there is a non-standard GNU version
implemented in glibc, and the standard POSIX version, which
differ in signature. When using glibc, one can choose
between the two versions using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE.
Given libnl is built using the former, we always get the
glibc special version, and all code so far has been written
for that non-standard version.
Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.
The alternative is to use strerror_l() rather than
strerror_r() http://austingroupbugs.net/view.php?id=655
- this will avoid the non-confirming versions issue
- strerror_l() is now recommended by POSIX to replace
strerror_r() usage
So rather than changing all uses of strerror_r() to be in
line with posix, we are going to switch to the recommended
interface strerror_l().
Since strerror_l() is slightly more difficuly to use, we
add a little (private) wrapper that we can use from all
current callsites of strerror_r().
Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
| |
https://github.com/thom311/libnl/issues/103
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
addresses
The ID attributes for IPv4 addresses were broken which causes wrong
nl_object_identical() and cache lookup.
This capability shall indicate that the bug was fixed.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes alignment, lines with just whitespace and mixed tab/space
indentation. Searched, reviewed and optionally fixed in vim using
regex ^\t* [\t ]*\([^*us ]\|$\)\|\t\+$
http://lists.infradead.org/pipermail/libnl/2016-August/002183.html
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
| |
address fixes
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous API of xfrmnl_sa_get_*_params() would always require
a @key buffer, but it was not possible to avoid buffer overflow
because the required size was unknown.
That is not really fixable, because the old API is broken.
Now, allow omitting the @key argument to only request the @key_size.
That allows the caller to ask beforehand how large the @key buffer
must be: ((@key_size + 7) / 8).
Unfortunately, omitting the key against previous versions of libnl
leads to a crash. And passing a key against older versions makes it
impossible to avoid buffer-overflow.
Another option would be to add functions like
xfrmnl_sa_get_crypto_params_keylen() so the user can query the required
buffer size by calling that instead of xfrmnl_sa_get_crypto_params().
However, then the user also requires a backport of the new API
and this will not be possible against older libnl3 versions either.
Thus, if the user already requires the fix, he can just as well
require a backport of this patch and then safely call xfrmnl_sa_get_crypto_params()
without @key argument. This way has the advantage/disadvantage, that
it can detect the presence of the patch at runtime.
The cumbersome way to get it right would be:
unsiged key_len;
char *key;
int r;
if (!nl_has_capability(17 /*NL_CAPABILITY_XFRM_SA_KEY_SIZE*/)) {
/* no way to use this API safely. Abort. */
return -NLE_OPNOTSUPP;
}
r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, NULL);
if (r < 0)
return r;
key = malloc((key_len + 7) / 8);
if (!key)
return -NLE_NOMEM;
r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, &key);
if (r < 0) {
free(key);
return r;
}
...
http://lists.infradead.org/pipermail/libnl/2016-June/002155.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Balki Raman <ramanb@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
[thaller@redhat.com: whitespace, add capability, consider local6/group6]
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An entry of the ingress map can be cleared by setting
the "to" part to zero.
Previously, vlan_put_attrs() would skip over zero "to"
and thus the user cannot unset an ingress map entry.
Add a modified-mask to record the state of each ingress
map entry and also sent explicit zeros to kernel.
when we receive a IFLA_VLAN_INGRESS_QOS message from kernel,
vlan_parse() similarly sets the received entries as modified.
This preserves previous behavior when using a received object
to modify a vlan.
Add a capability NL_CAPABILITY_RTNL_LINK_VLAN_INGRESS_MAP_CLEAR
to indicate the behavioral change.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: 57bdc4ff4895dd91cc723d22eecadcf48945e87c
http://lists.infradead.org/pipermail/libnl/2015-November/002004.html
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
[thaller@redhat.com: add capability to indicate bug-fix]
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
