Add functions to access the IPv6 specific flags of a link object.
Also the functions for IPv6 link flags translation are now exported, similar
to the non IPv6 specific translation functions.
https://github.com/thom311/libnl/pull/136
uClibc doesn't implement strerror_l() and thus libnl starting from
3.2.29 couldn't be compiled with it any longer.
To work-around that problem we'll just do a check on strerror_l()
availability during configuration and if it's not there just fall back
to locale-less strerror().
See-also: 6c2d111177http://lists.infradead.org/pipermail/libnl/2017-March/002301.html
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
It would be desirable not to include kernel headers in our public
libnl3 headers. As a test, remove all those includes, and fix
compilation by explicitly including the kernel headers where needed.
In some cases, that requires forward declaration for kernel
structures, as we use them as part of our own headers.
Realistically, we cannot drop those includes as it probalby breaks
compilation for users that expect to get a certain kernel header
when including a libnl3 header. So, this will not be done and the
includes will be restored in the next commit.
Do this step to show how it would be and to verify that we could
build with such a change. The reason not to do this is backward
compatibility (at compile-time).
and xfrmnl_sp_set_sec_ctx(). The user already must pass a NUL
terminated string, where the NUL is included in ctx_len.
Just allocate one more by and ensure the buffer is '\0' terminated.
The previous API of xfrmnl_sp_get_sec_ctx() is totally broken,
as it requires all out-arguments to be set. The user can thus
not know how large the ctx_str buffer must be.
Fix the API by allowing all arguments to be optional. Thus,
a user can first query the size only, and then in a second
step query the ctx_str. Previous version are broken.
security policy can be identified with direction, selector and security context
too. Therefore the code to append approptiate data to delete message is added.
Identification of policy are possible with:
1. direction and index
2. direction and selector
Theoretically second one needs a security context, but non existing context is
valid too.
Fixed xfrmnl_sp->sec_ctx length parameters in xfrmnl_sp_set_sec_ctx,
because former use of only one value wasn't right.
Therefore parameter len is unsued and could be removed.
fdb cache is per bridge and hence hashed by:
<bridge_ifindex, family, mac>
newer kernels send bridge ifindex in NDA_MASTER.
Use NDA_MASTER for neigh->n_master when available.
Also imports a few more NDA_* attributes from upstream
to keep linux/neighbour.h NDA_* attributes in sync with
upstream.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
In general, libnl functions are not robust against calling with
invalid arguments. Thus, never call libnl functions with invalid
arguments. In case of nlmsg_reserve() this means never provide
a @len argument that causes overflow.
Still, add an additional safeguard to avoid exploiting such bugs.
Assume that @pad is a trusted, small integer.
Assume that n->nm_size is a valid number of allocated bytes (and thus
much smaller then SIZE_T_MAX).
Assume, that @len may be set to an untrusted value. Then the patch
avoids an integer overflow resulting in reserving too few bytes.
Now that all -Wmissing-prototypes warnings are fixed, add it to the
default CPPFLAGS.
This should hopefully prevent additions of public functions with wrong
prototype or no prototype at all to the public header.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Older versions of flex (namely the one used on Travis CI) don't properly
emit function prototypes for ematch_get_column() and
ematch_set_column(), leading to GCC -Wmissing-prototypes warnings. Fix
them by manually adding these prototypes.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Older versions of flex (namely the one used on Travis CI) don't properly
emit function prototypes for pktloc_get_column() and
pktloc_set_column(), leading to GCC -Wmissing-prototypes warnings. Fix
them by manually adding these prototypes.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Include the own public header in order to get function prototypes for
all public functions defined in this module.
This fixes GCC -Wmissing-prototype warnings.
Also adjust the implementation of xfrmnl_user_tmpl_set_family() to match
the declaration (family parameter is unsigned int, not int).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Include the own public header in order to get function prototypes for
all public functions defined in this module.
This fixes GCC -Wmissing-prototype warnings.
Also adjust the implementation of xfrmnl_sel_set_family() to match the
declaration (family parameter is unsigned int, not int).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Include the own public header in order to get function prototypes for
all public functions defined in this module.
This fixes GCC -Wmissing-prototype warnings.
Also adjust the function prototype of xfrmnl_sa_get_sec_ctx() to
match the definition.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Include the own public header in order to get function prototypes for
all public functions defined in this module.
This fixes GCC -Wmissing-prototype warnings.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Include the own public header in order to get function prototypes for
all public functions defined in this module.
This fixes GCC -Wmissing-prototype warnings.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Avoid a GCC -Wmissing-prototypes warning by explicitely adding a
prototype for the ABI-preserving wrapper added in commit 8d04ebf554
("lib/route: preserve old ABI for rtnl_link_get_pmtudisc()") and add an
explanatory comment.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Include the own public header in order to get function prototypes for
all public functions defined in this module.
This fixes GCC -Wmissing-prototype warnings
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Include the own public header in order to get function prototypes for
all public functions defined in this module.
This fixes GCC -Wmissing-prototype warnings.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Include the own public header in order to get function prototypes for
all public functions defined in this module.
This fixes GCC -Wmissing-prototype warnings.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Include the own public header in order to get function prototypes for
all public functions defined in this module.
This fixes GCC -Wmissing-prototype warnings.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Add O_CLOEXEC to various fopen() calls. This avoids file descriptors
leaking across an exec() boundary in a multi-threaded program. Please
see "man 2 open" for additional information about O_CLOEXEC.
Signed-off-by: Nick Kralevich <nnk@google.com>
https://github.com/thom311/libnl/pull/128
Let's add a mutex to get_psched_settings() hoping to solve worst
case scenarios when calling get_psched_settings() from multiple
threads.
Also, only read the environment variables once, who knows whether
they are modified concurrently.
Rather than initializing user_hz and psched_hz when libnl is loaded,
defer initialization of these variables to the first time they are used.
This has several advantages:
1) Avoids an unnecessary permission denied error on /proc/net/psched,
which can occur on systems where /proc/net isn't readable due to
security policy.
2) Allows program code to initialize the environment variables
PROC_NET_PSCHED and/or PROC_ROOT prior to the first libnl call, giving a
program more flexibility about where libnl should look.
3) Trivially faster startup time (although unlikely to be significant).
4) Compiler may be able to prove that the get_psched_settings() function
is unreachable and optimize appropriately, because the callers never
(directly or indirectly) use this method. This could occur, for
instance, in doing dead code elimination for programs which statically
link libnl.
Signed-off-by: Nick Kralevich <nnk@google.com>
https://github.com/thom311/libnl/pull/123
The public prototype and the last internal user of the function were
removed in commit 8eb5b5532e ("Unified TC API") and it was unexported in
commit 4280dfb85d ("build: don't export internal symbols"), so it is
safe to remove it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Thomas Haller <thaller@redhat.com>
https://github.com/thom311/libnl/pull/122
Document that the SCI is in network order while the port is in host
order.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
The commit changed the API from libnl 3.2.28: restore the old
behavior.
This reverts commit cd758fbfee.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Kernel calls a very similar macro "offsetofend". So use that name
as it migth be more familiar to the reader.
Signed-off-by: Thomas Haller <thaller@redhat.com>
The doxygen comment of rtnl_link_get_carrier_changes still describes the
initially implemented behaviour and was not updated, when the signature
was changed as part of #119. Adjust it accordingly.
Fixes: 0c4b2ea6d1 ("link: add support for IFLA_CARRIER_CHANGES")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
https://github.com/thom311/libnl/pull/120
Fix the following GCC warning, introduced in commit 66d032ad44
("cache_mngr: add include callback v2"):
cache.c: In function ‘cache_include.isra.3’:
cache.c:810:6: warning: ‘diff’ may be used uninitialized in this function [-Wmaybe-uninitialized]
cb_v2(cache, clone, obj, diff,
^
Also don't redeclare the uint64_t diff variable, to avoid shadowing.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Fixes: 66d032ad44http://lists.infradead.org/pipermail/libnl/2016-December/002258.html
The MSG_PEEK API of recvmsg() should be avoid because it requires an additional
syscall. But worse is to choose a too small buffer size and failing to receive
the message.
A user who is aware of the issue can avoid MSG_PEEK by either
nl_socket_disable_msg_peek()/nl_socket_enable_msg_peek() or by setting
a buffer size via nl_socket_set_msg_buf_size().
By default however we now use MSG_PEEK. This is more important since commit
90c6ebec9b where the link dump request can be rather large.
Signed-off-by: Thomas Haller <thaller@redhat.com>
nl_memcpy() internally already never copies more then
nla_len(tb). The previous code might overflow if the
netlink attribute is longer then the size of the destination.
Signed-off-by: Thomas Haller <thaller@redhat.com>
A new counter rx_nohandler was added to the link stats in kernel commit
6e7333d315a7 ("net: add rx_nohandler stat counter"). Wire it up in the
libnl link stats as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Since linux/if_link.h was synced in libnl commit d533736e22 ("vxlan:
add support for additional VXLAN attributes."), the minlen check in
validate_nla() fails on kernels < 4.6 - or more precisely, on kernels
not containing kernel commit 6e7333d315a7 ("net: add rx_nohandler stat
counter"). The check fails because rtnl_link_stats and rtnl_link_stats64
sent by the kernel don't have the rx_nohandler member yet, but libnl
expects them to have it.
Account for this by decreasing the minlen by one member and add an
explanatory comment.
https://github.com/thom311/libnl/pull/116
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Thomas Haller <thaller@redhat.com>
* This patch adds functionality to set attributes on an SRIOV
VF object.
* This patch adds functionality to append attributes to the
link change request sent to the kernel.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch adds functions to dump information and stats for each
SRIOV VF.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch adds utility functions for translating link state and
VLAN protocols for SRIOV VFs.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch adds support for cloning SRIOV VF specific data in the
link object.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
* This patch adds support for parsing SRIOV VF specific
information on a link.
* Adds LINK_ATTR_VF_LIST to add to link->ce_mask.
* Extends the rtnl_link object to include 'l_vf_list', a member
to carry information for SRIOV VFs.
* Adds rtnl_link_sriov, a private structure to fill link->l_vf_list.
* This patch adds support for reading parsed SRIOV VF specific
informatino on a link.
* This patch adds support for freeing stored SRIOV VF specific
information on a link.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
The data structure of choice when adding/processing a security context
for xfrm is struct xfrm(nl)_user_sec_ctx. The previous code did however
use the (also exported) struct xfrm(nl)_sec_ctx. While sizeof(struct
xfrm(nl)_*sec_ctx) yields the same result, the interpretation of one of
the data structures as the other one messes up the contents.
With this fix, the wrong data structure has been replaced with the
correct one. Also -- since the size of the context string is not known
-- one can now call xfrmnl_sa_get_sec_ctx with ctx_str being NULL, thus
retrieving the length of the context string.
A new capability has been introduced, to test whether libnl3 supports
the modified semantics of this function.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* Rename rtnl_link_get_pmtudisc to rtnl_link_ipgre_get_pmtudisc
in ipgre.c, making the function correctly match the exported
functionality in ipgre.h. This fixes an error when trying to
use the function, returning an incorrect type usage due to the
link module already having a function of the same name.
* Export rtnl_link_is_[ipgre/ipgretap] allowing for usage per
documentation.
Reported-by: Sharada Shiddibhavi <sharada.shiddibhavi@intel.com>
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
As these properties are FLAG types in the netlink
API, we should also expose them as such in the
libnl API.
It is less code and require less code to support a new
flag.
The point is really to keep the API smaller instead of
wasting a getter and setter for each flag.
The ce_mask is there to indicate whether a certain attribute is
set or not. The VXLAN flags are different, because the flag is
either set or not. It cannot have the meaning of being missing.
Therefore, it should not be stored as a VXLAN_ATTR in ce_mask.
The VXLAN_ATTR flags are internal and not public API.
Still, they are exposed as part of nl_object_diff().
There is no reason to change previous behavior, restore
the previous numeric values.
The enable/disable API is redundant and increases the library
in binary size and documentation. There should be one sensible way
to do something, not several.
Yes, there is prior act to that like rtnl_link_vxlan_disable_proxy().
That doesn't mean it should be repeated.
Includes all VXLAN attributes as of Linux kernel 4.7.5. In particular it
adds the following attributes:
* IFLA_VXLAN_PORT,
* IFLA_VXLAN_UDP_CSUM,
* IFLA_VXLAN_UDP_ZERO_CSUM6_TX,
* IFLA_VXLAN_UDP_ZERO_CSUM6_RX,
* IFLA_VXLAN_REMCSUM_TX,
* IFLA_VXLAN_REMCSUM_RX,
* IFLA_VXLAN_GBP,
* IFLA_VXLAN_REMCSUM_NOPARTIAL,
* IFLA_VXLAN_COLLECT_METADATA,
* IFLA_VXLAN_LABEL,
* IFLA_VXLAN_GPE
https://github.com/thom311/libnl/pull/110
mvi_maccount only makes sense together with the data. They should be
treated as one setting, and both should be consistent.
That means, if there are no addresses, mvi_maccount should always be set to
zero. This is regardless of whether the mvi_mask indicates that MACVLAN_HAS_MACADDR
is set. Similarly, if mvi_maccount is larger then zero, the mvi_macaddr
must point to some valid addresses.
The only exception is, when mvi_maccount is zero, mvi_macaddr may be
NULL or point to some data of zero allocated bytes.
Also, ensure that uint32_t is used for all the types that compare with
mvi_maccount.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Unfortunately, libnl3 is rather inconsistent about the getters.
- some return the value directly, and don't have a dedicated
error return value.
- some don't check whether the attribute was set and just
return the default value
- some fail with -NLE_INVAL or -NLE_NOATTR if the value is
unset.
I think the best pattern is to fail if the attribue is unset.
However, the return value should be negative to indicate an error,
while 0 should mean success.
Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch adds support for hardware assisted bridge modes stored
in IFLA_AF_SPEC[IFLA_BRIDGE_MODE].
This patch adds rtnl_link_[g/s]et_hwmode() functions, allowing
for getting and setting the hardware mode for a bridged link.
This patch adds the convenience functions for translating between
integer and string names for hardware modes.
This patch adds rtnl_link_bridge_set_self(), a function that
stores flags in IFLA_AF_SPEC[IFLA_BRIDGE_FLAGS], an attribute
that tells the kernel whether it should apply settings to the
virtual bridge device or the hardware device itself. This requires
hardware that supports the hardware flags.
This patch adds bridge_fill_af(), a function to fill IFLA_AF_SPEC
with AF_BRIDGE specific information.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch adds the ability to override nesting into an AF specific
attribute. An example of this is the bridge module.
Regular Nesting:
[IFLA_AF_SPEC]
[AF_INET]
[AF_INET_ATTRS]
Bridge Nesting:
[IFLA_AF_SPEC]
[AF_BRIDGE_ATTRS]
This patch adds ao_fill_af_no_nest to struct rtnl_link_af_ops.
When set to non-zero, this will override the nested AF attribute
and allow nesting of attributes directly into IFLA_AF_SPEC.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch adds support for the following bridge port flags:
IFLA_BRPORT_UNICAST_FLOOD
IFLA_BRPORT_LEARNING
IFLA_BRPORT_LEARNING_SYNC
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch adds translation functions for translating the port
state between integers and strings.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch fixes IFLA_BRPORT_FASTLEAVE to append to the correct
netlink attribute. (Turned up in automated testing.)
Fixes: 55bc931a72
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Update copy of kernel header 'if_macsec.h' to Linux 4.8-rc5, so that
upstream commit 2ccbe2cb79f2f74ab739252299b6f9ff27586f2c ("macsec: limit
ICV length to 16 octets") is included. Return -NLE_INVAL when trying to
configure an ICV length greater than 16 octets.
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
'sci' passed to kernel is meant to be in network byte order: use
ntohll() and htonll() accordingly.
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
This patch modifies link/bridge to set link attributes in a
request message. It adds set support for currently implemented
functionality.
This patch adds bridge_fill_pi, a function to fill in the
IFLA_PROTINFO nested attribute.
This patch modifies the bridge_ops structure to support
modifications made to properly set RTM_SETLINK during modifcation
of a link, append the NLA_F_NESTED flag to IFLA_PROTINFO, and
to call the newly added bridge_fill_pi.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch adds the functionality to set IFLA_PROTINFO in a
request. This allows for appending protocol specific information
to a request message.
This patch adds ao_fill_pi to the rtnl_link_af_ops structure. This
registers a function to fill the IFLA_PROTINFO attribute. This
function follows the makeup of ao_fill_af.
This patch adds ao_fill_pi_flags to the rtnl_link_af_ops
structure. This registers an extra flag that can be bitmasked
onto the IFLA_PROTINFO definition. This is useful for address
families that require NLA_F_NESTED.
This patch adds a function named af_fill_pi, which is called by
build_link_msg. This function calls the registered function
pointers for an address family to fill IFLA_PROTINFO and to
bitmask any extra flags.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
When rtnl_link_build_change_request() builds a change request,
it sets the message type to RTM_NEWLINK by default. If the
request fails, it changes the type to RTM_SETLINK, and resubmits.
For some address families, this will result in a requested change
never being applied by the kernel. An exmaple of this is the Linux
bridge. When a netlink message of type RTM_NEWLINK is recieved,
rather than failing, it simply ignores the message and does not
return a failure.
To fix this, this patch implements an override for address
families that require it. The override can be set when an address
family registers itself in libnl.
This patch adds ao_override_rtm to the rtnl_link_af_ops structure.
This patch adds a static function named af_request_type.
This patch modifies rtnl_link_build_change_request to call
af_request_type to properly set the request type if an address
family wishes to override.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
glibc provides two versions of strerror_r(), which
can be chosen between using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE. libnl is built using
the former, hence we get the glibc special version,
and all code so far has been written for this.
Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.
Uses in libnl hence generally cause printf() of an *int*
with a *string format* specifier for that reason.
Additionally, strerror_r() has been deprecated:
http://austingroupbugs.net/view.php?id=655
Switch to using strerror_l() (via our wrapper just
introduced).
Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
libnl currently uses strerror_r() throughout, but this is
problematic because there is a non-standard GNU version
implemented in glibc, and the standard POSIX version, which
differ in signature. When using glibc, one can choose
between the two versions using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE.
Given libnl is built using the former, we always get the
glibc special version, and all code so far has been written
for that non-standard version.
Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.
The alternative is to use strerror_l() rather than
strerror_r() http://austingroupbugs.net/view.php?id=655
- this will avoid the non-confirming versions issue
- strerror_l() is now recommended by POSIX to replace
strerror_r() usage
So rather than changing all uses of strerror_r() to be in
line with posix, we are going to switch to the recommended
interface strerror_l().
Since strerror_l() is slightly more difficuly to use, we
add a little (private) wrapper that we can use from all
current callsites of strerror_r().
Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
The ID attributes for IPv4 addresses were broken which causes wrong
nl_object_identical() and cache lookup.
This capability shall indicate that the bug was fixed.
Signed-off-by: Thomas Haller <thaller@redhat.com>
addr_id_attrs_get returned a fixed set of attributes for AF_INET. This
leads to an invalid cache in case the default cache manager is used.
The error was cause by nl_object_identical, which checkes the ce_mask
of an object against the req_attrs. For route/addr objects the ce_mask
may contain the ADDR_ATTR_PEER, but the addr_id_attrs_get always
includes this attribute. Thus nl_object_identical fails always in case
no peer exists, which is the default for local addresses.
Fixes: 83e851ca9chttps://github.com/thom311/libnl/pull/105
Signed-off-by: Thomas Haller <thaller@redhat.com>
Fixes alignment, lines with just whitespace and mixed tab/space
indentation. Searched, reviewed and optionally fixed in vim using
regex ^\t* [\t ]*\([^*us ]\|$\)\|\t\+$
http://lists.infradead.org/pipermail/libnl/2016-August/002183.html
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
For IPv4, a "normal" route has IFA_LOCAL and IFA_ADDRESS set
to the same destination. An address with a explicit peer, has
them differing. A peer of 0.0.0.0 is also valid and must
be treated different from a normal address.
unshare -n
ip link add T type dummy
ip link set T up
ip addr add 192.168.5.10 peer 192.168.5.10/24 dev T
ip addr add 192.168.5.10/24 dev T
#RTNETLINK answers: File exists
ip addr add 192.168.5.10 peer 192.168.6.10/24 dev T
ip addr add 192.168.5.10 peer 0.0.0.0/24 dev T
Previously, that would give:
nl-addr-list
#192.168.5.10/24 inet dev T scope global <permanent>
#192.168.5.10 peer 192.168.6.10/24 inet dev T scope global <permanent>
#192.168.5.10/24 inet dev T scope global <permanent>
With this change, we properly get:
nl-addr-list
#192.168.5.10/24 inet dev T scope global <permanent>
#192.168.5.10/24 peer 192.168.6.10 inet dev T scope global <permanent>
#192.168.5.10/24 peer 0.0.0.0 inet dev T scope global <permanent>
http://lists.infradead.org/pipermail/libnl/2016-June/002157.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
For AF_INET/IPv4 addresses, the ID equality comparison must include
the net-part of the peer address:
unshare -n
ip link add T type dummy
ip link set T up
ip addr add 192.168.5.10/24 dev T
ip addr add 192.168.5.10 peer 192.168.6.1/24 dev T
ip addr add 192.168.5.10 peer 192.168.7.1/24 dev T
ip addr add 192.168.5.10 peer 192.168.7.2/24 dev T
# RTNETLINK answers: File exists
ip addr change 192.168.5.10 peer 192.168.7.2/24 dev T
ip addr show | grep 192.168.7.
# inet 192.168.5.10 peer 192.168.7.1/24 scope global T
For AF_INET6/IPv6 addresses, the prefix length of the address
is not part of the ID:
unshare -n
ip link add T type dummy
ip link set T up
ip addr add 192.168.7.10/24 dev T
ip addr add 192.168.7.10/23 dev T
ip addr add 1:2:3:4:5::1/64 dev T
ip addr add 1:2:3:4:5::1/63 dev T
# RTNETLINK answers: File exists
ip addr change 1:2:3:4:5::1/63 dev T
ip addr show | grep 1:2:3:4:5::1
# inet6 1:2:3:4:5::1/64 scope global
*sigh*
http://lists.infradead.org/pipermail/libnl/2016-June/002158.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
The previous API of xfrmnl_sa_get_*_params() would always require
a @key buffer, but it was not possible to avoid buffer overflow
because the required size was unknown.
That is not really fixable, because the old API is broken.
Now, allow omitting the @key argument to only request the @key_size.
That allows the caller to ask beforehand how large the @key buffer
must be: ((@key_size + 7) / 8).
Unfortunately, omitting the key against previous versions of libnl
leads to a crash. And passing a key against older versions makes it
impossible to avoid buffer-overflow.
Another option would be to add functions like
xfrmnl_sa_get_crypto_params_keylen() so the user can query the required
buffer size by calling that instead of xfrmnl_sa_get_crypto_params().
However, then the user also requires a backport of the new API
and this will not be possible against older libnl3 versions either.
Thus, if the user already requires the fix, he can just as well
require a backport of this patch and then safely call xfrmnl_sa_get_crypto_params()
without @key argument. This way has the advantage/disadvantage, that
it can detect the presence of the patch at runtime.
The cumbersome way to get it right would be:
unsiged key_len;
char *key;
int r;
if (!nl_has_capability(17 /*NL_CAPABILITY_XFRM_SA_KEY_SIZE*/)) {
/* no way to use this API safely. Abort. */
return -NLE_OPNOTSUPP;
}
r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, NULL);
if (r < 0)
return r;
key = malloc((key_len + 7) / 8);
if (!key)
return -NLE_NOMEM;
r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, &key);
if (r < 0) {
free(key);
return r;
}
...
http://lists.infradead.org/pipermail/libnl/2016-June/002155.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
This lets us match links only on the attributes that have actually been
set, instead of comparing all attributes.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Currently rtnl_link_info_data_compare doesn't pass
flags (LOOSE_COMPARISON) to the ->io_compare op, so we cannot do a match
on only the attributes that are actually set in the filter object used
in a cache lookup via nl_cache_find().
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Thomas Haller <thaller@redhat.com>
The kernel only uses the xfrm alg auth attribute if the xfrm alg auth
truncated attribute is not present. Hence sending both attributes in one
message does not make sense.
This piece of code also removes the call to nla_reserve in favor of the
NLA_PUT macro.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002139.html
All of these pointers are either strcpy'd or memcpy'd and usually const
in a calling application. Changing them to const in the header does not
break the compatibility and allows for users with const pointers to use
the library without compiler warnings.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002137.html
If the parameter alg_name points to a string longer then what libnl
accepts as alg_name, the call to strcpy may write far beyond the
particular data structure.
Instead of truncating the string (using strncpy) this patch adds a check
and returns -1 for strings being longer than 63 bytes.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Fixes: 9171544708http://lists.infradead.org/pipermail/libnl/2016-May/002133.html
A colleague of mine came to notice that -- when adding keys to the
xfrm-part of libnl -- memcpy is given newlen, which copies sizeof(struct
xfrmnl_...) plus keysize instead of only the keysize.
This patch uses a keysize parameter to only copy the required number of
bytes.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Fixes: 9171544708http://lists.infradead.org/pipermail/libnl/2016-May/002132.html
Netlink attribute length is defined as u16. It's possible to exceed nla_len when
creating nested attributes. Storing incorrect length due to overflow will cause
a reader to read only a part of nested attribute or skip it entirely.
As a solution cancel the addition of a nested attribute when nla_len size is
exceeded.
Signed-off-by: Przemyslaw Szczerbik <przemek.szczerbik@gmail.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-May/002131.html
Instead of setting it twice, once during link_request_update() and
later in bridge_get_af(), pass ext_filter_mask to ao_get_af().
Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch adds RTEXT_FILTER_VF mask support for SRIOV VFs. Since
SRIOV VFs don't have a defined address family (ie bridge), there
are no new address family specific operations defined.
Exposing this mask makes rtnl_link_get_num_vfs() properly return
the number of loaded SRIOV VFs.
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-May/002115.htmlhttp://lists.infradead.org/pipermail/libnl/2016-May/002123.html
The rtnl_neigh_get() function can not be used to look up a fdb entry in the
neigh cache. This is due to that the function searches among destination
addresses (NDA_DST) and not among link layer addresses (NDA_LLADDR), which is
used by fdb entries. A fdb entry can also exist in several vlans, so a vlan id
parameter is also needed to find a unique entry.
This commit adds a function, rtnl_neigh_get_by_vlan() which searches the neigh
cache for a specific neighbour (fdb) entry by interface index, link layer
address and vlan id.
Signed-off-by: Jonas Johansson <jonas.johansson@westermo.se>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-May/002124.htmlhttps://github.com/thom311/libnl/pull/98
Also check for NULL link and dereference link before
basic error checking.
Also move the declaration of the @sit member inside
the macro. Obviously, the macro must now always come at
first, after declaring local auto variables.
Signed-off-by: Thomas Haller <thaller@redhat.com>
First of all, inet_ntop() has no reason to fail (ever). As long
as the input arguments point to valid data and family is not bogus.
But when it fails, we cannot pass a 'struct in6_addr' to "%x"
either, so just don't do that.
Same for printing ip6rd_relay_prefix as AF_INET. If our addr-to-str
method fails, we don't want to come up with something fancy. Otherwise,
we'd just implement a inet_ntop() that does not fail.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Since kernel support both gre/gretap tunnel, so add support
for gretap appropriately.
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
[thaller@redhat.com: modified original patch to move symbols
in libnl-route-3.sym to proper section]
http://lists.infradead.org/pipermail/libnl/2016-April/002102.html
lib/route/link.c already defines 32 attributes which fills the current
uint32_t used for ce_mask. To accommodate more attributes the mask needs
to be expanded. This patch updates the definition to uint64_t.
The nl_object_diff API is maintained for ABI with existing users. A new
nl_object_diff64 API is added for the expanded attribute list. The MSB
of the 32-bit API is used to indicate if higher order attributes had a
mismatch. (Suggested by Thomas).
Note that LINK_ATTR_LINK_NETNSID changes. But since the attribute flags
are not public API it shouldn't be a problem.
http://lists.infradead.org/pipermail/libnl/2015-December/002078.htmlhttp://lists.infradead.org/pipermail/libnl/2015-December/002083.html
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
In scneario, where file modification time is unchanged, code is returning 0
form read_pktlocs(). It causes memory leak for path variable.
Memory for this variable is allocated inside build_sysconf_path()
by asprintf() function.
http://lists.infradead.org/pipermail/libnl/2015-December/002079.html
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
IN6_ADDR_GEN_MODE_STABLE_PRIVACY was introduced in Linux 4.1
https://github.com/thom311/libnl/pull/95
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
Signed-off-by: Thomas Haller <thaller@redhat.com>
notifications from the kernel regarding vlan ids are now handled
[thaller@redhat.com: split ao_parse_af_full() to previous patch]
Signed-off-by: Thomas Haller <thaller@redhat.com>
Add operation for requesting VLAN data for AF_BRIDGE and parsing of
IFLA_AF_SPEC for AF_BRIDGE. VLANs are saved in a bitmap.
Also add dumping of vlan info to link list and neigh list.
For example:
$ nl-link-list --details --family=bridge
br1 ether 8e:6e:0e:86:e5:86 master br1 <broadcast,multicast,up,running,lowerup>
mtu 1500 txqlen 0 weight 0 index 18
mode default carrier down
bridge: pvid 1 all vlans: 1 301-400 601-610 untagged vlans: 1
bond1 ether 46:ef:e1:c9:46:fe <broadcast,multicast,master>
mtu 1500 txqlen 0 weight 0 index 20
state down mode default carrier down
bridge:
Signed-off-by: Wilson Kok <wkok@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
[thaller@redhat.com: modified original patch to use ao_parse_af_full().
Also renaming new API and drop some #defines]
Signed-off-by: Thomas Haller <thaller@redhat.com>
The encoding of the IFLA_AF_SPEC attribute varies depending on the family
used for the request (RTM_GETLINK) message. For AF_UNSPEC the encoding
has another level of nesting for each address family with the type encoded
first. i.e.,
af_spec = nla_nest_start(skb, IFLA_AF_SPEC)
for each family:
af = nla_nest_start(skb, af_ops->family)
af_ops->fill_link_af(skb, dev, ext_filter_mask)
nest_end
nest_end
This allows the parser to find the address family by looking at the first
type.
Whereas AF_BRIDGE encoding is just:
af_spec = nla_nest_start(skb, IFLA_AF_SPEC)
br_fill_ifvlaninfo{_compressed}(skb, vg)
nest_end
which means the parser can not use the attribute itself to know the family
to which the attribute belongs.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
[thaller@redhat.com: refactor code by merging a later patch by
tobias.jungel@bisdn.de and introduce new function ao_parse_af_full()]
Signed-off-by: Thomas Haller <thaller@redhat.com>
Upcoming bridge patch wants to add IFLA_EXT_MASK attribute to RTM_GETLINK
requests to retrieve VLAN data. Expand request message to a full ifinfomsg
header and call to hook to append attributes if it exists for an address
family.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
[thaller@redhat.com: fix memleak in link_request_update()]
Signed-off-by: Thomas Haller <thaller@redhat.com>
Global search and replace of VXLAN_HAS_ for VXLAN_ATTR_
and vxi_mask for ce_mask. Preparation step for using ATTR_DIFF
infrastructure in a vxlan_compare.
Signed-off-by: Balki Raman <ramanb@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
[thaller@redhat.com: rebased patch and changed whitespace]
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Balki Raman <ramanb@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Extend vxlan links to support the IFLA_VXLAN_GROUP6 and
IFLA_VXLAN_LOCAL6 attributes used to represent IPv6 endpoints.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Some link types incorrectly dump their own interface name as parent
link; fix this.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Both link and neighbor cache support specify multiple groups (nl_af_group),
but the alloc_cache functions for both do not set the NL_CACHE_AF_ITER
flag before populating the cache so only the first group is used by
default. This patch adds an API to pass in flags to make that happen
and updates the nl-neigh-list command to make use of it.
http://lists.infradead.org/pipermail/libnl/2015-October/001996.html
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
An entry of the ingress map can be cleared by setting
the "to" part to zero.
Previously, vlan_put_attrs() would skip over zero "to"
and thus the user cannot unset an ingress map entry.
Add a modified-mask to record the state of each ingress
map entry and also sent explicit zeros to kernel.
when we receive a IFLA_VLAN_INGRESS_QOS message from kernel,
vlan_parse() similarly sets the received entries as modified.
This preserves previous behavior when using a received object
to modify a vlan.
Add a capability NL_CAPABILITY_RTNL_LINK_VLAN_INGRESS_MAP_CLEAR
to indicate the behavioral change.
Signed-off-by: Thomas Haller <thaller@redhat.com>
