The follow leaves a dangling pointer when the name argument is too long:
xfrmnl_sa_set_aead_params:
if (sa->aead)
free (sa->aead);
if ( strlen (alg_name) >= sizeof (sa->aead->alg_name)
|| (sa->aead = calloc (1, newlen)) == NULL)
return -1;
Fix that, but do more:
- ensure that we don't modify the object when the setter is going to
fail. That means, first check whether we can succeed with all the
steps that are requested, and (in case we cannot) fail without
modifing the target object.
- bonus points for making the setter self-assignment safe by reordering
the setting and freeing of the memory.
We want to build with -Wvla, because VLAs interfere with static asserts
(if the condition of a static assert is not actually static, then VLAs
make it silently pass).
Also, VLAs should be avoided because we want to be in contol how much
we allocate on the stack.
- don't leave a dangling pointer, in case we unset the
kind.
- try first to clone the string. If that fails, return early
without modifying the link. Only start modifying the link,
after we know it's going to succeed.
A detailed explanation is provided in the original Linux kernel commit that
fixes the bug: 1045b03e07d85f3545118510a587035536030c1c
Valgrind spotted the issue when the remaining was negative.
This bug was triggering application crashes.
Signed-off-by: Patrick Havelange <patrick.havelange@tessares.net>
https://github.com/thom311/libnl/pull/199
rtnl_act_append() cannot add more than TCA_ACT_MAX_PRIO actions to the
same list. Because of that rtnl_basic_add_action() and
rtnl_u32_add_action() should not increment the reference counter of the
given action until it is successfully added to the filter's list.
Signed-off-by: Ilya Pronin <ipronin@twitter.com>
Fixes: e5d9b828f6https://github.com/thom311/libnl/pull/201
Our API is unfortunately not consistent about this.
However, in general, getters should aim to return an
error code whether the attribute could be retrieved.
Our API is unfortunately not consistent about this.
However, in general, getters should aim to return an
error code whether the attribute could be retrieved.
BUG() raises an assertion. It seems overly harsh.
For example, rtnl_tc_data() can fail if we fail to allocate
memory. Asserting against that, makes libnl3 not out-of-memory
safe.
Just return a regular error.
rtnl_link_vxlan_set_local() removes the bit for the other IP version in
ce_mask. A missing flag inversion in the v4 part made this removal
reset all bits to 0 except the v6 one, screwing all link configuration.
Fixes: 2e68fb5b02https://github.com/thom311/libnl/pull/192
In this commit, we implement ematch_tree_clone(), which is basis of
cgroup_clone() interface. The whole ematch tree is deep-copied except
the e_ops filed.
Also, a new unit test is added for testing the interface, which named as
check-ematch-tree-clone.c located in tests directory.
https://github.com/thom311/libnl/pull/176
This commit adds the query for AF_BRIDGE neighbours. A cache refresh now
includes these objects as well. The result of `./src/nl-neigh-list
--family=bridge` includes now as well the same entries you would
retrieve from the kernel by calling `bridge fdb show`.
This function searches a class cache previously allocated with
rtnl_class_alloc_cache() and searches for a class matching the interface
index and parent qdisc.
https://github.com/thom311/libnl/pull/185
When rtnl_link_change() fails with -NLE_OPNOTSUPP, it retries
with RTM_SETLINK operation. However, it also needs to re-adjust
the sequence number. Otherwise, the second request might fail
with NLE_SEQ_MISMATCH, although it actually succeeded.
[thaller@redhat.com: changed commit message]
https://github.com/thom311/libnl/issues/179https://github.com/thom311/libnl/pull/184
This simple classifier allows any traffic pass through.
Useful as an example for port mirroring.
Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga@westermo.se>
bridge entries used for switching into vxlan interfaces do not include a
vlan. A comparison of such entires currently always fails which leads
to an invalid cache. This patch selectively adds the NEIGH_ATTR_VLAN
flag based on the passed entry.
https://github.com/thom311/libnl/pull/182
In case using a VXLAN interface at a bridge you will set L2 bridging
entries using a IP destination to tunnel the according L2 traffic. The
current behavior for the dst entries for a neighbor is to use the AF of
the neighbor itself thus in this case AF_BRIDGE is set. This is changed
in the PR to update the family of the dst using nl_addr_guess_family.
https://github.com/thom311/libnl/pull/180
Add support for recent fib rule features - specifying a protocol
that installed a rule and an IP protocol plus port range for rules.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Both functions are almost identical. Merge them into a common helper
function with an @keep_empty argument, so it is clear at which point
they differ.
Also, fix symbols versioning for nl_attr_keep_empty(). For symbol
versioning, once released a version cannot be modifified/extended.
Currently, due to the incomplete netlink datagram sent by libnl, cgroup
filter addition is not fully functional. The datagram generated by `tc`
command includes an empty attribute section, which is stripped off
in the libnl counterpart.
In this commit, a new `interface nla_nest_end_keep_empty()` is added.
This function closes attribute without stripping off empty attribute.
After rethinking, "tcm_params" doesn't seem like a good name. Change it to
"tc_params".
Also, an already released section in the linker file must never be
modified. It defeats the purpose of symbol versioning. Move the symbol
to the right section.
It is not good to give classifier cache users only one chance to
set interface index and parent handle when allocte new cache.
Sometimes we want to reuse classifier cache to reduce the overhead
of allocating new memory everytime a new cache is created.
