Thomas Haller [Mon, 27 Feb 2017 17:02:06 +0000 (18:02 +0100)]
build: ensure build directory for generated sources exist
For out-of-tree builds, we must ensure that the build directory
for the generated sources exists. We do that by adding a dependency
to the .dirstamp file.
Thomas Haller [Mon, 27 Feb 2017 16:32:15 +0000 (17:32 +0100)]
xfrm: allow quering optional arguments from xfrmnl_sp_get_sec_ctx()
The previous API of xfrmnl_sp_get_sec_ctx() is totally broken,
as it requires all out-arguments to be set. The user can thus
not know how large the ctx_str buffer must be.
Fix the API by allowing all arguments to be optional. Thus,
a user can first query the size only, and then in a second
step query the ctx_str. Previous version are broken.
security policy can be identified with direction, selector and security context
too. Therefore the code to append approptiate data to delete message is added.
Identification of policy are possible with:
1. direction and index
2. direction and selector
Theoretically second one needs a security context, but non existing context is
valid too.
Fixed xfrmnl_sp->sec_ctx length parameters in xfrmnl_sp_set_sec_ctx,
because former use of only one value wasn't right.
Therefore parameter len is unsued and could be removed.
Thomas Haller [Mon, 27 Feb 2017 11:02:43 +0000 (12:02 +0100)]
build: enable building cli during tests
The cli programs don't have any additional external dependencies.
So, during a `make check`, we should always build them, even if
they were disabled during configure and won't be installed.
Thomas Haller [Mon, 6 Feb 2017 21:23:52 +0000 (22:23 +0100)]
lib: check for integer-overflow in nlmsg_reserve()
In general, libnl functions are not robust against calling with
invalid arguments. Thus, never call libnl functions with invalid
arguments. In case of nlmsg_reserve() this means never provide
a @len argument that causes overflow.
Still, add an additional safeguard to avoid exploiting such bugs.
Assume that @pad is a trusted, small integer.
Assume that n->nm_size is a valid number of allocated bytes (and thus
much smaller then SIZE_T_MAX).
Assume, that @len may be set to an untrusted value. Then the patch
avoids an integer overflow resulting in reserving too few bytes.
Tobias Klauser [Tue, 17 Jan 2017 08:22:01 +0000 (09:22 +0100)]
ematch: Add missing function prototypes
Older versions of flex (namely the one used on Travis CI) don't properly
emit function prototypes for ematch_get_column() and
ematch_set_column(), leading to GCC -Wmissing-prototypes warnings. Fix
them by manually adding these prototypes.
Tobias Klauser [Tue, 17 Jan 2017 07:56:03 +0000 (08:56 +0100)]
pktloc: Add missing function prototypes
Older versions of flex (namely the one used on Travis CI) don't properly
emit function prototypes for pktloc_get_column() and
pktloc_set_column(), leading to GCC -Wmissing-prototypes warnings. Fix
them by manually adding these prototypes.
Tobias Klauser [Mon, 16 Jan 2017 14:43:08 +0000 (15:43 +0100)]
netfilter/exp: Add missing function prototypes
Add missing function prototypes for nfnl_exp_unset_flags(),
nfnl_exp_flags2str() and nfnl_exp_str2flags() to the public header.
This fixes the following GCC warnings when compiling with
-Wmissing-prototypes:
netfilter/exp_obj.c:458:6: warning: no previous prototype for ‘nfnl_exp_unset_flags’ [-Wmissing-prototypes]
netfilter/exp_obj.c:475:8: warning: no previous prototype for ‘nfnl_exp_flags2str’ [-Wmissing-prototypes]
netfilter/exp_obj.c:481:5: warning: no previous prototype for ‘nfnl_exp_str2flags’ [-Wmissing-prototypes]
Tobias Klauser [Mon, 16 Jan 2017 14:21:35 +0000 (15:21 +0100)]
link/ipgre: Add prototype for ABI-preserving wrapper rtnl_link_get_pmtudisc()
Avoid a GCC -Wmissing-prototypes warning by explicitely adding a
prototype for the ABI-preserving wrapper added in commit 8d04ebf55400
("lib/route: preserve old ABI for rtnl_link_get_pmtudisc()") and add an
explanatory comment.
Tobias Klauser [Mon, 16 Jan 2017 13:58:20 +0000 (14:58 +0100)]
link/ipvti: Fix and add function prototypes in public header
Add missing "_ipvti" part to function prototypes so they match the
exported name. Also add the missing prototype for rtnl_link_is_ipvti().
This fixes the following GCC warnings when compiling with
-Wmissing-prototypes:
route/link/ipvti.c:281:5: warning: no previous prototype for ‘rtnl_link_is_ipvti’ [-Wmissing-prototypes]
route/link/ipvti.c:369:10: warning: no previous prototype for ‘rtnl_link_ipvti_get_ikey’ [-Wmissing-prototypes]
route/link/ipvti.c:403:10: warning: no previous prototype for ‘rtnl_link_ipvti_get_okey’ [-Wmissing-prototypes]
route/link/ipvti.c:437:10: warning: no previous prototype for ‘rtnl_link_ipvti_get_local’ [-Wmissing-prototypes]
route/link/ipvti.c:471:10: warning: no previous prototype for ‘rtnl_link_ipvti_get_remote’ [-Wmissing-prototypes]
Also fix the corresponding names in documentation.
Tobias Klauser [Mon, 16 Jan 2017 13:42:57 +0000 (14:42 +0100)]
fib_lookup: Add missing prototypes to public header
Add the function prototypes for the struct flnl_result attribute access
functions to the public header fib_lookup/lookup.h
This fixes the following GCC warnings when compiling with
-Wmissing-prototypes:
fib_lookup/lookup.c:284:5: warning: no previous prototype for ‘flnl_result_get_table_id’ [-Wmissing-prototypes]
fib_lookup/lookup.c:289:5: warning: no previous prototype for ‘flnl_result_get_prefixlen’ [-Wmissing-prototypes]
fib_lookup/lookup.c:294:5: warning: no previous prototype for ‘flnl_result_get_nexthop_sel’ [-Wmissing-prototypes]
fib_lookup/lookup.c:299:5: warning: no previous prototype for ‘flnl_result_get_type’ [-Wmissing-prototypes]
fib_lookup/lookup.c:304:5: warning: no previous prototype for ‘flnl_result_get_scope’ [-Wmissing-prototypes]
fib_lookup/lookup.c:309:5: warning: no previous prototype for ‘flnl_result_get_error’ [-Wmissing-prototypes]
Tobias Klauser [Mon, 16 Jan 2017 13:35:36 +0000 (14:35 +0100)]
qdisc/red: Add missing prototypes for rtnl_red_set_limit() and rtnl_red_get_limit()
This fixes the following GCC warnings when compiling with
-Wmissing-prototypes:
route/qdisc/red.c:136:6: warning: no previous prototype for ‘rtnl_red_set_limit’ [-Wmissing-prototypes]
route/qdisc/red.c:152:5: warning: no previous prototype for ‘rtnl_red_get_limit’ [-Wmissing-prototypes]
Nick Kralevich [Tue, 17 Jan 2017 18:56:52 +0000 (10:56 -0800)]
fopen: add O_CLOEXEC
Add O_CLOEXEC to various fopen() calls. This avoids file descriptors
leaking across an exec() boundary in a multi-threaded program. Please
see "man 2 open" for additional information about O_CLOEXEC.
Signed-off-by: Nick Kralevich <nnk@google.com>
https://github.com/thom311/libnl/pull/128
Nick Kralevich [Sat, 14 Jan 2017 19:11:34 +0000 (11:11 -0800)]
lib/utils.c: lazy initialize user_hz and psched_hz
Rather than initializing user_hz and psched_hz when libnl is loaded,
defer initialization of these variables to the first time they are used.
This has several advantages:
1) Avoids an unnecessary permission denied error on /proc/net/psched,
which can occur on systems where /proc/net isn't readable due to
security policy.
2) Allows program code to initialize the environment variables
PROC_NET_PSCHED and/or PROC_ROOT prior to the first libnl call, giving a
program more flexibility about where libnl should look.
3) Trivially faster startup time (although unlikely to be significant).
4) Compiler may be able to prove that the get_psched_settings() function
is unreachable and optimize appropriately, because the callers never
(directly or indirectly) use this method. This could occur, for
instance, in doing dead code elimination for programs which statically
link libnl.
Signed-off-by: Nick Kralevich <nnk@google.com>
https://github.com/thom311/libnl/pull/123
Laine Stump [Tue, 17 Jan 2017 15:47:34 +0000 (10:47 -0500)]
sriov: fix crash in rtnl_link_sriov_parse_vflist
vf_vlan_info was incorrectly indexed with "len" (the length in bytes
of the entire vfinfo_list rather than list_len (the index of the
current end of the vf_vlan_info array)
Tobias Klauser [Fri, 13 Jan 2017 17:18:20 +0000 (18:18 +0100)]
route/tc: Remove unused function tca_set_kind()
The public prototype and the last internal user of the function were
removed in commit 8eb5b5532e ("Unified TC API") and it was unexported in
commit 4280dfb85d ("build: don't export internal symbols"), so it is
safe to remove it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Thomas Haller <thaller@redhat.com>
https://github.com/thom311/libnl/pull/122
Tobias Klauser [Tue, 6 Dec 2016 14:22:11 +0000 (15:22 +0100)]
link: fix documentation for rtnl_link_get_carrier_changes
The doxygen comment of rtnl_link_get_carrier_changes still describes the
initially implemented behaviour and was not updated, when the signature
was changed as part of #119. Adjust it accordingly.
Fixes: 0c4b2ea6d17b ("link: add support for IFLA_CARRIER_CHANGES") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
https://github.com/thom311/libnl/pull/120
Tobias Klauser [Fri, 2 Dec 2016 10:46:51 +0000 (11:46 +0100)]
cache: fix GCC warning and avoid variable shadowing
Fix the following GCC warning, introduced in commit 66d032ad443a
("cache_mngr: add include callback v2"):
cache.c: In function ‘cache_include.isra.3’:
cache.c:810:6: warning: ‘diff’ may be used uninitialized in this function [-Wmaybe-uninitialized]
cb_v2(cache, clone, obj, diff,
^
Also don't redeclare the uint64_t diff variable, to avoid shadowing.
Tobias Jungel [Sun, 13 Nov 2016 14:21:46 +0000 (15:21 +0100)]
cache_mngr: add include callback v2
This patch adds change_func_v2_t to add a more detailed callback in
case of a cache change. The change function is registered using the new
nl_cache_mngr_add_cache_v2. In case the new change function is set,
nl_cache_include_v2 and thus cache_include_v2 will be used to perform the cache
inclusion.
The parameter of change_func_v2_t are the following:
* struct nl_cache * => cache
* struct nl_object * => the old/deleted nl_object
* struct nl_object * => the new nl_object
* uint64_t => the result of nl_object_diff64 in case of a change
* int => NL_ACT_*
* void * => data
Thomas Haller [Wed, 30 Nov 2016 14:09:41 +0000 (15:09 +0100)]
lib: use MSG_PEEK by default for nl_recvmsgs()
The MSG_PEEK API of recvmsg() should be avoid because it requires an additional
syscall. But worse is to choose a too small buffer size and failing to receive
the message.
A user who is aware of the issue can avoid MSG_PEEK by either
nl_socket_disable_msg_peek()/nl_socket_enable_msg_peek() or by setting
a buffer size via nl_socket_set_msg_buf_size().
By default however we now use MSG_PEEK. This is more important since commit 90c6ebec9bd7a where the link dump request can be rather large.
Thomas Haller [Tue, 29 Nov 2016 21:41:46 +0000 (22:41 +0100)]
link: set ifi_change flags for rtnl_link_build_add_request()
For the add-request, we should set ifi_change flags together with the
ifi_flags. A similar thing is done by rtnl_link_build_change_request()
in commit 34ccb7210f1238f89229c117dc3d28cea7ae00bb.
Thomas Haller [Tue, 29 Nov 2016 11:38:03 +0000 (12:38 +0100)]
lib/route: pass sizeof() argument to nl_memcpy()
nl_memcpy() internally already never copies more then
nla_len(tb). The previous code might overflow if the
netlink attribute is longer then the size of the destination.
Thomas Haller [Tue, 29 Nov 2016 11:33:27 +0000 (12:33 +0100)]
nl-link-stats: prefer RTNL_LINK_STATS_MAX over __RTNL_LINK_STATS_MAX
The result is basically the same, but I feel that __RTNL_LINK_STATS_MAX
is an internal variable that shouldn't be used. Thus, let's iterate
instead until <= MAX.
Tobias Klauser [Tue, 29 Nov 2016 07:50:31 +0000 (08:50 +0100)]
lib/route: add rx_nohandler link stats field
A new counter rx_nohandler was added to the link stats in kernel commit 6e7333d315a7 ("net: add rx_nohandler stat counter"). Wire it up in the
libnl link stats as well.
Tobias Klauser [Tue, 29 Nov 2016 08:13:01 +0000 (09:13 +0100)]
src: nl-link-stats: use correct rtnl link stats maximum
Use __RTNL_LINK_STATS_MAX instead of RTNL_LINK_STATS_MAX when iterating
over all rtnl link stat counters. Otherwise, the last stat counter will
always be missing, as RTNL_LINK_STATS_MAX is the value of the last valid
index.