Tobias Klauser [Mon, 16 Jan 2017 13:35:36 +0000 (14:35 +0100)]
qdisc/red: Add missing prototypes for rtnl_red_set_limit() and rtnl_red_get_limit()
This fixes the following GCC warnings when compiling with
-Wmissing-prototypes:
route/qdisc/red.c:136:6: warning: no previous prototype for ‘rtnl_red_set_limit’ [-Wmissing-prototypes]
route/qdisc/red.c:152:5: warning: no previous prototype for ‘rtnl_red_get_limit’ [-Wmissing-prototypes]
Nick Kralevich [Tue, 17 Jan 2017 18:56:52 +0000 (10:56 -0800)]
fopen: add O_CLOEXEC
Add O_CLOEXEC to various fopen() calls. This avoids file descriptors
leaking across an exec() boundary in a multi-threaded program. Please
see "man 2 open" for additional information about O_CLOEXEC.
Signed-off-by: Nick Kralevich <nnk@google.com>
https://github.com/thom311/libnl/pull/128
Nick Kralevich [Sat, 14 Jan 2017 19:11:34 +0000 (11:11 -0800)]
lib/utils.c: lazy initialize user_hz and psched_hz
Rather than initializing user_hz and psched_hz when libnl is loaded,
defer initialization of these variables to the first time they are used.
This has several advantages:
1) Avoids an unnecessary permission denied error on /proc/net/psched,
which can occur on systems where /proc/net isn't readable due to
security policy.
2) Allows program code to initialize the environment variables
PROC_NET_PSCHED and/or PROC_ROOT prior to the first libnl call, giving a
program more flexibility about where libnl should look.
3) Trivially faster startup time (although unlikely to be significant).
4) Compiler may be able to prove that the get_psched_settings() function
is unreachable and optimize appropriately, because the callers never
(directly or indirectly) use this method. This could occur, for
instance, in doing dead code elimination for programs which statically
link libnl.
Signed-off-by: Nick Kralevich <nnk@google.com>
https://github.com/thom311/libnl/pull/123
Laine Stump [Tue, 17 Jan 2017 15:47:34 +0000 (10:47 -0500)]
sriov: fix crash in rtnl_link_sriov_parse_vflist
vf_vlan_info was incorrectly indexed with "len" (the length in bytes
of the entire vfinfo_list rather than list_len (the index of the
current end of the vf_vlan_info array)
Tobias Klauser [Fri, 13 Jan 2017 17:18:20 +0000 (18:18 +0100)]
route/tc: Remove unused function tca_set_kind()
The public prototype and the last internal user of the function were
removed in commit 8eb5b5532e ("Unified TC API") and it was unexported in
commit 4280dfb85d ("build: don't export internal symbols"), so it is
safe to remove it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Thomas Haller <thaller@redhat.com>
https://github.com/thom311/libnl/pull/122
Tobias Klauser [Tue, 6 Dec 2016 14:22:11 +0000 (15:22 +0100)]
link: fix documentation for rtnl_link_get_carrier_changes
The doxygen comment of rtnl_link_get_carrier_changes still describes the
initially implemented behaviour and was not updated, when the signature
was changed as part of #119. Adjust it accordingly.
Fixes: 0c4b2ea6d17b ("link: add support for IFLA_CARRIER_CHANGES") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
https://github.com/thom311/libnl/pull/120
Tobias Klauser [Fri, 2 Dec 2016 10:46:51 +0000 (11:46 +0100)]
cache: fix GCC warning and avoid variable shadowing
Fix the following GCC warning, introduced in commit 66d032ad443a
("cache_mngr: add include callback v2"):
cache.c: In function ‘cache_include.isra.3’:
cache.c:810:6: warning: ‘diff’ may be used uninitialized in this function [-Wmaybe-uninitialized]
cb_v2(cache, clone, obj, diff,
^
Also don't redeclare the uint64_t diff variable, to avoid shadowing.
Tobias Jungel [Sun, 13 Nov 2016 14:21:46 +0000 (15:21 +0100)]
cache_mngr: add include callback v2
This patch adds change_func_v2_t to add a more detailed callback in
case of a cache change. The change function is registered using the new
nl_cache_mngr_add_cache_v2. In case the new change function is set,
nl_cache_include_v2 and thus cache_include_v2 will be used to perform the cache
inclusion.
The parameter of change_func_v2_t are the following:
* struct nl_cache * => cache
* struct nl_object * => the old/deleted nl_object
* struct nl_object * => the new nl_object
* uint64_t => the result of nl_object_diff64 in case of a change
* int => NL_ACT_*
* void * => data
Thomas Haller [Wed, 30 Nov 2016 14:09:41 +0000 (15:09 +0100)]
lib: use MSG_PEEK by default for nl_recvmsgs()
The MSG_PEEK API of recvmsg() should be avoid because it requires an additional
syscall. But worse is to choose a too small buffer size and failing to receive
the message.
A user who is aware of the issue can avoid MSG_PEEK by either
nl_socket_disable_msg_peek()/nl_socket_enable_msg_peek() or by setting
a buffer size via nl_socket_set_msg_buf_size().
By default however we now use MSG_PEEK. This is more important since commit 90c6ebec9bd7a where the link dump request can be rather large.
Thomas Haller [Tue, 29 Nov 2016 21:41:46 +0000 (22:41 +0100)]
link: set ifi_change flags for rtnl_link_build_add_request()
For the add-request, we should set ifi_change flags together with the
ifi_flags. A similar thing is done by rtnl_link_build_change_request()
in commit 34ccb7210f1238f89229c117dc3d28cea7ae00bb.
Thomas Haller [Tue, 29 Nov 2016 11:38:03 +0000 (12:38 +0100)]
lib/route: pass sizeof() argument to nl_memcpy()
nl_memcpy() internally already never copies more then
nla_len(tb). The previous code might overflow if the
netlink attribute is longer then the size of the destination.
Thomas Haller [Tue, 29 Nov 2016 11:33:27 +0000 (12:33 +0100)]
nl-link-stats: prefer RTNL_LINK_STATS_MAX over __RTNL_LINK_STATS_MAX
The result is basically the same, but I feel that __RTNL_LINK_STATS_MAX
is an internal variable that shouldn't be used. Thus, let's iterate
instead until <= MAX.
Tobias Klauser [Tue, 29 Nov 2016 07:50:31 +0000 (08:50 +0100)]
lib/route: add rx_nohandler link stats field
A new counter rx_nohandler was added to the link stats in kernel commit 6e7333d315a7 ("net: add rx_nohandler stat counter"). Wire it up in the
libnl link stats as well.
Tobias Klauser [Tue, 29 Nov 2016 08:13:01 +0000 (09:13 +0100)]
src: nl-link-stats: use correct rtnl link stats maximum
Use __RTNL_LINK_STATS_MAX instead of RTNL_LINK_STATS_MAX when iterating
over all rtnl link stat counters. Otherwise, the last stat counter will
always be missing, as RTNL_LINK_STATS_MAX is the value of the last valid
index.
Tobias Klauser [Tue, 15 Nov 2016 15:35:48 +0000 (16:35 +0100)]
lib/route: keep link stats minlen compatible with kernel < 4.6
Since linux/if_link.h was synced in libnl commit d533736e2258 ("vxlan:
add support for additional VXLAN attributes."), the minlen check in
validate_nla() fails on kernels < 4.6 - or more precisely, on kernels
not containing kernel commit 6e7333d315a7 ("net: add rx_nohandler stat
counter"). The check fails because rtnl_link_stats and rtnl_link_stats64
sent by the kernel don't have the rx_nohandler member yet, but libnl
expects them to have it.
Account for this by decreasing the minlen by one member and add an
explanatory comment.
https://github.com/thom311/libnl/pull/116
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Thomas Haller <thaller@redhat.com>
Jef Oliver [Mon, 7 Nov 2016 21:33:58 +0000 (13:33 -0800)]
lib/route: SRIOV Set Functionality
* This patch adds functionality to set attributes on an SRIOV
VF object.
* This patch adds functionality to append attributes to the
link change request sent to the kernel.
Signed-off-by: Jef Oliver <jef.oliver@intel.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
Jef Oliver [Mon, 7 Nov 2016 21:33:54 +0000 (13:33 -0800)]
lib/route: SRIOV Parse and Read support
* This patch adds support for parsing SRIOV VF specific
information on a link.
* Adds LINK_ATTR_VF_LIST to add to link->ce_mask.
* Extends the rtnl_link object to include 'l_vf_list', a member
to carry information for SRIOV VFs.
* Adds rtnl_link_sriov, a private structure to fill link->l_vf_list.
* This patch adds support for reading parsed SRIOV VF specific
informatino on a link.
* This patch adds support for freeing stored SRIOV VF specific
information on a link.
Signed-off-by: Jef Oliver <jef.oliver@intel.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
Thomas Egerer [Tue, 25 Oct 2016 15:38:19 +0000 (17:38 +0200)]
xfrm: fix xfrm security context management
The data structure of choice when adding/processing a security context
for xfrm is struct xfrm(nl)_user_sec_ctx. The previous code did however
use the (also exported) struct xfrm(nl)_sec_ctx. While sizeof(struct
xfrm(nl)_*sec_ctx) yields the same result, the interpretation of one of
the data structures as the other one messes up the contents.
With this fix, the wrong data structure has been replaced with the
correct one. Also -- since the size of the context string is not known
-- one can now call xfrmnl_sa_get_sec_ctx with ctx_str being NULL, thus
retrieving the length of the context string.
A new capability has been introduced, to test whether libnl3 supports
the modified semantics of this function.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Jef Oliver [Wed, 5 Oct 2016 20:20:35 +0000 (13:20 -0700)]
lib/route: Export correct ipgre functionality
* Rename rtnl_link_get_pmtudisc to rtnl_link_ipgre_get_pmtudisc
in ipgre.c, making the function correctly match the exported
functionality in ipgre.h. This fixes an error when trying to
use the function, returning an incorrect type usage due to the
link module already having a function of the same name.
* Export rtnl_link_is_[ipgre/ipgretap] allowing for usage per
documentation.
Reported-by: Sharada Shiddibhavi <sharada.shiddibhavi@intel.com> Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Thomas Haller [Sat, 5 Nov 2016 16:00:53 +0000 (17:00 +0100)]
vxlan: don't store vxlan flags as ce_mask
The ce_mask is there to indicate whether a certain attribute is
set or not. The VXLAN flags are different, because the flag is
either set or not. It cannot have the meaning of being missing.
Therefore, it should not be stored as a VXLAN_ATTR in ce_mask.
Thomas Haller [Sat, 5 Nov 2016 15:41:20 +0000 (16:41 +0100)]
vxlan: restore previous VXLAN_ATTR flag values
The VXLAN_ATTR flags are internal and not public API.
Still, they are exposed as part of nl_object_diff().
There is no reason to change previous behavior, restore
the previous numeric values.
Thomas Haller [Sat, 5 Nov 2016 15:31:24 +0000 (16:31 +0100)]
vxlan: remove redundant enable/disable API from vxlan
The enable/disable API is redundant and increases the library
in binary size and documentation. There should be one sensible way
to do something, not several.
Yes, there is prior act to that like rtnl_link_vxlan_disable_proxy().
That doesn't mean it should be repeated.
Thomas Haller [Tue, 27 Sep 2016 07:52:11 +0000 (09:52 +0200)]
macvlan: adjust types and merge MACVLAN_HAS_MACCOUNT and MACVLAN_HAS_MACDATA
mvi_maccount only makes sense together with the data. They should be
treated as one setting, and both should be consistent.
That means, if there are no addresses, mvi_maccount should always be set to
zero. This is regardless of whether the mvi_mask indicates that MACVLAN_HAS_MACADDR
is set. Similarly, if mvi_maccount is larger then zero, the mvi_macaddr
must point to some valid addresses.
The only exception is, when mvi_maccount is zero, mvi_macaddr may be
NULL or point to some data of zero allocated bytes.
Also, ensure that uint32_t is used for all the types that compare with
mvi_maccount.
Thomas Haller [Sat, 24 Sep 2016 12:42:57 +0000 (14:42 +0200)]
bridge: change return values for rtnl_link_bridge_get_hwmode()
Unfortunately, libnl3 is rather inconsistent about the getters.
- some return the value directly, and don't have a dedicated
error return value.
- some don't check whether the attribute was set and just
return the default value
- some fail with -NLE_INVAL or -NLE_NOATTR if the value is
unset.
I think the best pattern is to fail if the attribue is unset.
However, the return value should be negative to indicate an error,
while 0 should mean success.
Jef Oliver [Thu, 1 Sep 2016 00:27:09 +0000 (17:27 -0700)]
lib/route: Support IFLA_BRIDGE_MODE
This patch adds support for hardware assisted bridge modes stored
in IFLA_AF_SPEC[IFLA_BRIDGE_MODE].
This patch adds rtnl_link_[g/s]et_hwmode() functions, allowing
for getting and setting the hardware mode for a bridged link.
This patch adds the convenience functions for translating between
integer and string names for hardware modes.
This patch adds rtnl_link_bridge_set_self(), a function that
stores flags in IFLA_AF_SPEC[IFLA_BRIDGE_FLAGS], an attribute
that tells the kernel whether it should apply settings to the
virtual bridge device or the hardware device itself. This requires
hardware that supports the hardware flags.
This patch adds bridge_fill_af(), a function to fill IFLA_AF_SPEC
with AF_BRIDGE specific information.
Signed-off-by: Jef Oliver <jef.oliver@intel.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
This patch adds ao_fill_af_no_nest to struct rtnl_link_af_ops.
When set to non-zero, this will override the nested AF attribute
and allow nesting of attributes directly into IFLA_AF_SPEC.
Signed-off-by: Jef Oliver <jef.oliver@intel.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
Update copy of kernel header 'if_macsec.h' to Linux 4.8-rc5, so that
upstream commit 2ccbe2cb79f2f74ab739252299b6f9ff27586f2c ("macsec: limit
ICV length to 16 octets") is included. Return -NLE_INVAL when trying to
configure an ICV length greater than 16 octets.
Jef Oliver [Sat, 27 Aug 2016 02:19:51 +0000 (19:19 -0700)]
lib/route: modify link/bridge to set attributes
This patch modifies link/bridge to set link attributes in a
request message. It adds set support for currently implemented
functionality.
This patch adds bridge_fill_pi, a function to fill in the
IFLA_PROTINFO nested attribute.
This patch modifies the bridge_ops structure to support
modifications made to properly set RTM_SETLINK during modifcation
of a link, append the NLA_F_NESTED flag to IFLA_PROTINFO, and
to call the newly added bridge_fill_pi.
Signed-off-by: Jef Oliver <jef.oliver@intel.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
Jef Oliver [Sat, 27 Aug 2016 02:19:50 +0000 (19:19 -0700)]
lib/route: set IFLA_PROTINFO attribute in request message
This patch adds the functionality to set IFLA_PROTINFO in a
request. This allows for appending protocol specific information
to a request message.
This patch adds ao_fill_pi to the rtnl_link_af_ops structure. This
registers a function to fill the IFLA_PROTINFO attribute. This
function follows the makeup of ao_fill_af.
This patch adds ao_fill_pi_flags to the rtnl_link_af_ops
structure. This registers an extra flag that can be bitmasked
onto the IFLA_PROTINFO definition. This is useful for address
families that require NLA_F_NESTED.
This patch adds a function named af_fill_pi, which is called by
build_link_msg. This function calls the registered function
pointers for an address family to fill IFLA_PROTINFO and to
bitmask any extra flags.
Signed-off-by: Jef Oliver <jef.oliver@intel.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
Jef Oliver [Sat, 27 Aug 2016 02:19:49 +0000 (19:19 -0700)]
lib/route: allow override of message type during link change
When rtnl_link_build_change_request() builds a change request,
it sets the message type to RTM_NEWLINK by default. If the
request fails, it changes the type to RTM_SETLINK, and resubmits.
For some address families, this will result in a requested change
never being applied by the kernel. An exmaple of this is the Linux
bridge. When a netlink message of type RTM_NEWLINK is recieved,
rather than failing, it simply ignores the message and does not
return a failure.
To fix this, this patch implements an override for address
families that require it. The override can be set when an address
family registers itself in libnl.
This patch adds ao_override_rtm to the rtnl_link_af_ops structure.
This patch adds a static function named af_request_type.
This patch modifies rtnl_link_build_change_request to call
af_request_type to properly set the request type if an address
family wishes to override.
Signed-off-by: Jef Oliver <jef.oliver@intel.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
Jeff Squyres [Thu, 18 Aug 2016 22:40:27 +0000 (15:40 -0700)]
compat: add linux/socket.h for __kernel_sa_family_t
The __kernel_sa_family_t type is not present on older systems (e.g.,
RHEL 6), and libnl3 will not built without it. Copy
/usr/include/linux/socket.h from a RHEL7 system to
include/linux-private/linux/socket.h so that it will be found by the
build system.
Fortunately, this socket.h is small and self-contained; it contains
very little (and does not #include any other files) beyond necessary
type.
https://github.com/thom311/libnl/pull/107
Signed-off-by: Jeff Squyres <jsquyres@cisco.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
André Draszik [Thu, 25 Aug 2016 12:15:01 +0000 (13:15 +0100)]
src: switch to using strerror_l() instead of strerror_r()
glibc provides two versions of strerror_r(), which
can be chosen between using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE. libnl is built using
the former, hence we get the glibc special version,
and all code so far has been written for this.
Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.
Uses in libnl hence generally cause printf() of an *int*
with a *string format* specifier for that reason.
Additionally, strerror_r() has been deprecated:
http://austingroupbugs.net/view.php?id=655
Switch to using strerror_l().
Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Stephane Ayotte <sayotte@tycoint.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
André Draszik [Thu, 25 Aug 2016 12:15:00 +0000 (13:15 +0100)]
lib: switch to using strerror_l() instead of strerror_r()
glibc provides two versions of strerror_r(), which
can be chosen between using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE. libnl is built using
the former, hence we get the glibc special version,
and all code so far has been written for this.
Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.
Uses in libnl hence generally cause printf() of an *int*
with a *string format* specifier for that reason.
Additionally, strerror_r() has been deprecated:
http://austingroupbugs.net/view.php?id=655
Switch to using strerror_l() (via our wrapper just
introduced).
Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Stephane Ayotte <sayotte@tycoint.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
André Draszik [Thu, 25 Aug 2016 12:14:59 +0000 (13:14 +0100)]
lib: add utility function nl_strerror_l()
libnl currently uses strerror_r() throughout, but this is
problematic because there is a non-standard GNU version
implemented in glibc, and the standard POSIX version, which
differ in signature. When using glibc, one can choose
between the two versions using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE.
Given libnl is built using the former, we always get the
glibc special version, and all code so far has been written
for that non-standard version.
Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.
The alternative is to use strerror_l() rather than
strerror_r() http://austingroupbugs.net/view.php?id=655
- this will avoid the non-confirming versions issue
- strerror_l() is now recommended by POSIX to replace
strerror_r() usage
So rather than changing all uses of strerror_r() to be in
line with posix, we are going to switch to the recommended
interface strerror_l().
Since strerror_l() is slightly more difficuly to use, we
add a little (private) wrapper that we can use from all
current callsites of strerror_r().
Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Stephane Ayotte <sayotte@tycoint.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
Tobias Jungel [Thu, 4 Aug 2016 08:01:43 +0000 (10:01 +0200)]
route/addr: address attributes based on object
addr_id_attrs_get returned a fixed set of attributes for AF_INET. This
leads to an invalid cache in case the default cache manager is used.
The error was cause by nl_object_identical, which checkes the ce_mask
of an object against the req_attrs. For route/addr objects the ce_mask
may contain the ADDR_ATTR_PEER, but the addr_id_attrs_get always
includes this attribute. Thus nl_object_identical fails always in case
no peer exists, which is the default for local addresses.
projects / libnl / log