]> granicus.if.org Git - libnl/log
libnl
8 years agocache_mngr: add include callback v2
Tobias Jungel [Sun, 13 Nov 2016 14:21:46 +0000 (15:21 +0100)]
cache_mngr: add include callback v2

This patch adds change_func_v2_t to add a more detailed callback in
case of a cache change. The change function is registered using the new
nl_cache_mngr_add_cache_v2. In case the new change function is set,
nl_cache_include_v2 and thus cache_include_v2 will be used to perform the cache
inclusion.

The parameter of change_func_v2_t are the following:
* struct nl_cache * => cache
* struct nl_object * => the old/deleted nl_object
* struct nl_object * => the new nl_object
* uint64_t => the result of nl_object_diff64 in case of a change
* int => NL_ACT_*
* void * => data

https://github.com/thom311/libnl/issues/71
http://lists.infradead.org/pipermail/libnl/2016-September/002214.html
http://lists.infradead.org/pipermail/libnl/2016-October/002229.html
http://lists.infradead.org/pipermail/libnl/2016-November/002250.html

8 years agolib: use MSG_PEEK by default for nl_recvmsgs()
Thomas Haller [Wed, 30 Nov 2016 14:09:41 +0000 (15:09 +0100)]
lib: use MSG_PEEK by default for nl_recvmsgs()

The MSG_PEEK API of recvmsg() should be avoid because it requires an additional
syscall. But worse is to choose a too small buffer size and failing to receive
the message.

A user who is aware of the issue can avoid MSG_PEEK by either
nl_socket_disable_msg_peek()/nl_socket_enable_msg_peek() or by setting
a buffer size via nl_socket_set_msg_buf_size().

By default however we now use MSG_PEEK. This is more important since commit
90c6ebec9bd7a where the link dump request can be rather large.

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolink: set ifi_change flags for rtnl_link_build_add_request()
Thomas Haller [Tue, 29 Nov 2016 21:41:46 +0000 (22:41 +0100)]
link: set ifi_change flags for rtnl_link_build_add_request()

For the add-request, we should set ifi_change flags together with the
ifi_flags. A similar thing is done by rtnl_link_build_change_request()
in commit 34ccb7210f1238f89229c117dc3d28cea7ae00bb.

https://github.com/thom311/libnl/issues/111

8 years agolib/route: merge branch 'link-stats-rxnohandler'
Thomas Haller [Tue, 29 Nov 2016 11:41:42 +0000 (12:41 +0100)]
lib/route: merge branch 'link-stats-rxnohandler'

https://github.com/thom311/libnl/pull/117

8 years agolib/route: pass sizeof() argument to nl_memcpy()
Thomas Haller [Tue, 29 Nov 2016 11:38:03 +0000 (12:38 +0100)]
lib/route: pass sizeof() argument to nl_memcpy()

nl_memcpy() internally already never copies more then
nla_len(tb). The previous code might overflow if the
netlink attribute is longer then the size of the destination.

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agonl-link-stats: prefer RTNL_LINK_STATS_MAX over __RTNL_LINK_STATS_MAX
Thomas Haller [Tue, 29 Nov 2016 11:33:27 +0000 (12:33 +0100)]
nl-link-stats: prefer RTNL_LINK_STATS_MAX over __RTNL_LINK_STATS_MAX

The result is basically the same, but I feel that __RTNL_LINK_STATS_MAX
is an internal variable that shouldn't be used. Thus, let's iterate
instead until <= MAX.

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: add rx_nohandler link stats field
Tobias Klauser [Tue, 29 Nov 2016 07:50:31 +0000 (08:50 +0100)]
lib/route: add rx_nohandler link stats field

A new counter rx_nohandler was added to the link stats in kernel commit
6e7333d315a7 ("net: add rx_nohandler stat counter"). Wire it up in the
libnl link stats as well.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
8 years agosrc: nl-link-stats: use correct rtnl link stats maximum
Tobias Klauser [Tue, 29 Nov 2016 08:13:01 +0000 (09:13 +0100)]
src: nl-link-stats: use correct rtnl link stats maximum

Use __RTNL_LINK_STATS_MAX instead of RTNL_LINK_STATS_MAX when iterating
over all rtnl link stat counters. Otherwise, the last stat counter will
always be missing, as RTNL_LINK_STATS_MAX is the value of the last valid
index.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
8 years agoroute/cls: support setting of selector fields
Sushma Sitaram [Fri, 21 Oct 2016 21:06:39 +0000 (14:06 -0700)]
route/cls: support setting of selector fields

Enables to set the shift, offset, mask and flags of the position to next header

http://lists.infradead.org/pipermail/libnl/2016-September/002227.html
http://lists.infradead.org/pipermail/libnl/2016-October/002232.html

Signed-off-by: Sushma Sitaram <sushma.sitaram@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/ppp: merge branch 'ppp-support'
Thomas Haller [Mon, 28 Nov 2016 21:26:15 +0000 (22:26 +0100)]
lib/ppp: merge branch 'ppp-support'

https://github.com/thom311/libnl/pull/112

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoppp: fix API in ppp.h header
Thomas Haller [Mon, 28 Nov 2016 21:24:15 +0000 (22:24 +0100)]
ppp: fix API in ppp.h header

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoppp: fix type of file descriptor; uint32_t -> int32_t
Jonas Johansson [Mon, 7 Nov 2016 07:58:03 +0000 (08:58 +0100)]
ppp: fix type of file descriptor; uint32_t -> int32_t

Signed-off-by: Jonas Johansson <jonasj76@gmail.com>
8 years agoppp: rename local struct ppp_info* variables; pi -> info
Jonas Johansson [Mon, 7 Nov 2016 07:43:21 +0000 (08:43 +0100)]
ppp: rename local struct ppp_info* variables; pi -> info

Signed-off-by: Jonas Johansson <jonasj76@gmail.com>
8 years agoppp: update code after review
Jonas Johansson [Mon, 7 Nov 2016 07:25:08 +0000 (08:25 +0100)]
ppp: update code after review

Signed-off-by: Jonas Johansson <jonasj76@gmail.com>
8 years agoAdd PPP support
Jonas Johansson [Wed, 26 Oct 2016 14:30:52 +0000 (16:30 +0200)]
Add PPP support

This patch add support for kernel PPP interfaces.

Signed-off-by: Jonas Johansson <jonasj76@gmail.com>
8 years agolib/router: merge branch 'rtnl-link-policy-minlen'
Thomas Haller [Mon, 28 Nov 2016 20:51:03 +0000 (21:51 +0100)]
lib/router: merge branch 'rtnl-link-policy-minlen'

https://github.com/thom311/libnl/pull/116

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: use _nl_offset_plus_sizeof() macro for minlen field for rtln_link_policy
Thomas Haller [Mon, 28 Nov 2016 20:42:39 +0000 (21:42 +0100)]
lib/route: use _nl_offset_plus_sizeof() macro for minlen field for rtln_link_policy

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoutils: add internal _nl_offset_plus_sizeof() macro
Thomas Haller [Mon, 28 Nov 2016 20:39:34 +0000 (21:39 +0100)]
utils: add internal _nl_offset_plus_sizeof() macro

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: keep link stats minlen compatible with kernel < 4.6
Tobias Klauser [Tue, 15 Nov 2016 15:35:48 +0000 (16:35 +0100)]
lib/route: keep link stats minlen compatible with kernel < 4.6

Since linux/if_link.h was synced in libnl commit d533736e2258 ("vxlan:
add support for additional VXLAN attributes."), the minlen check in
validate_nla() fails on kernels < 4.6 - or more precisely, on kernels
not containing kernel commit 6e7333d315a7 ("net: add rx_nohandler stat
counter"). The check fails because rtnl_link_stats and rtnl_link_stats64
sent by the kernel don't have the rx_nohandler member yet, but libnl
expects them to have it.

Account for this by decreasing the minlen by one member and add an
explanatory comment.

https://github.com/thom311/libnl/pull/116

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/sriov: merge branch 'sriov'
Thomas Haller [Mon, 28 Nov 2016 20:21:27 +0000 (21:21 +0100)]
lib/sriov: merge branch 'sriov'

http://lists.infradead.org/pipermail/libnl/2016-November/002234.html
http://lists.infradead.org/pipermail/libnl/2016-November/002243.html

8 years agoroute: remove symbols of internal API from ABI
Thomas Haller [Thu, 24 Nov 2016 12:32:20 +0000 (13:32 +0100)]
route: remove symbols of internal API from ABI

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: SRIOV Set Functionality
Jef Oliver [Mon, 7 Nov 2016 21:33:58 +0000 (13:33 -0800)]
lib/route: SRIOV Set Functionality

* This patch adds functionality to set attributes on an SRIOV
  VF object.
* This patch adds functionality to append attributes to the
  link change request sent to the kernel.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: SRIOV Info Dump Functions
Jef Oliver [Mon, 7 Nov 2016 21:33:57 +0000 (13:33 -0800)]
lib/route: SRIOV Info Dump Functions

This patch adds functions to dump information and stats for each
SRIOV VF.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: SRIOV Utility Functions
Jef Oliver [Mon, 7 Nov 2016 21:33:56 +0000 (13:33 -0800)]
lib/route: SRIOV Utility Functions

This patch adds utility functions for translating link state and
VLAN protocols for SRIOV VFs.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: SRIOV Clone Support
Jef Oliver [Mon, 7 Nov 2016 21:33:55 +0000 (13:33 -0800)]
lib/route: SRIOV Clone Support

This patch adds support for cloning SRIOV VF specific data in the
link object.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: SRIOV Parse and Read support
Jef Oliver [Mon, 7 Nov 2016 21:33:54 +0000 (13:33 -0800)]
lib/route: SRIOV Parse and Read support

* This patch adds support for parsing SRIOV VF specific
  information on a link.
  * Adds LINK_ATTR_VF_LIST to add to link->ce_mask.
  * Extends the rtnl_link object to include 'l_vf_list', a member
    to carry information for SRIOV VFs.
  * Adds rtnl_link_sriov, a private structure to fill link->l_vf_list.

* This patch adds support for reading parsed SRIOV VF specific
  informatino on a link.

* This patch adds support for freeing stored SRIOV VF specific
  information on a link.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: merge branch 'spellingmistake-fix_xfrm_sec_ctx'
Thomas Haller [Sun, 6 Nov 2016 21:22:42 +0000 (22:22 +0100)]
xfrm: merge branch 'spellingmistake-fix_xfrm_sec_ctx'

https://github.com/thom311/libnl/pull/113
https://github.com/thom311/libnl/pull/114

8 years agoxfrm: remove unused struct xfrmnl_sec_ctx from header files
Thomas Haller [Sun, 6 Nov 2016 21:07:11 +0000 (22:07 +0100)]
xfrm: remove unused struct xfrmnl_sec_ctx from header files

8 years agoxfrm: add capability reference to xfrmnl_sa_set_*
Thomas Egerer [Sun, 6 Nov 2016 20:34:50 +0000 (21:34 +0100)]
xfrm: add capability reference to xfrmnl_sa_set_*

Just for consistency(tm)'s sake: add the reference to what capability
introduced the modified API.

Signed-off-by: Thomas Egerer <hakke_007@gmx.de>
8 years agoxfrm: fix xfrm security context management
Thomas Egerer [Tue, 25 Oct 2016 15:38:19 +0000 (17:38 +0200)]
xfrm: fix xfrm security context management

The data structure of choice when adding/processing a security context
for xfrm is struct xfrm(nl)_user_sec_ctx. The previous code did however
use the (also exported) struct xfrm(nl)_sec_ctx. While sizeof(struct
xfrm(nl)_*sec_ctx) yields the same result, the interpretation of one of
the data structures as the other one messes up the contents.
With this fix, the wrong data structure has been replaced with the
correct one. Also -- since the size of the context string is not known
-- one can now call xfrmnl_sa_get_sec_ctx with ctx_str being NULL, thus
retrieving the length of the context string.
A new capability has been introduced, to test whether libnl3 supports
the modified semantics of this function.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
8 years agoroute/ipgre: merge branch 'route_ipgre_api'
Thomas Haller [Sat, 5 Nov 2016 17:14:23 +0000 (18:14 +0100)]
route/ipgre: merge branch 'route_ipgre_api'

http://lists.infradead.org/pipermail/libnl/2016-October/002228.html

8 years agolib/route: preserve old ABI for rtnl_link_get_pmtudisc()
Thomas Haller [Sat, 5 Nov 2016 17:08:02 +0000 (18:08 +0100)]
lib/route: preserve old ABI for rtnl_link_get_pmtudisc()

Yes, rtnl_link_get_pmtudisc() was not in a public header.
But dropping it from ABI results in warnings of ABI checkers.

Just avoid that.

8 years agolib/route: Export correct ipgre functionality
Jef Oliver [Wed, 5 Oct 2016 20:20:35 +0000 (13:20 -0700)]
lib/route: Export correct ipgre functionality

* Rename rtnl_link_get_pmtudisc to rtnl_link_ipgre_get_pmtudisc
  in ipgre.c, making the function correctly match the exported
  functionality in ipgre.h. This fixes an error when trying to
  use the function, returning an incorrect type usage due to the
  link module already having a function of the same name.

* Export rtnl_link_is_[ipgre/ipgretap] allowing for usage per
  documentation.

Reported-by: Sharada Shiddibhavi <sharada.shiddibhavi@intel.com>
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
8 years agovxlan: merge branch 'hashstat-vxlan-attributes'
Thomas Haller [Sat, 5 Nov 2016 16:36:12 +0000 (17:36 +0100)]
vxlan: merge branch 'hashstat-vxlan-attributes'

https://github.com/thom311/libnl/pull/110

8 years agovxlan: fix error code for missing attribute
Thomas Haller [Sat, 5 Nov 2016 16:32:02 +0000 (17:32 +0100)]
vxlan: fix error code for missing attribute

Other VXLAN getters wrongly fail with -NLE_AGAIN.
That maybe should be fixed, but would be an API change.

New API should use the correct error code.

8 years agovxlan: refactor setting/getting vxlan flags
Thomas Haller [Sat, 5 Nov 2016 16:12:03 +0000 (17:12 +0100)]
vxlan: refactor setting/getting vxlan flags

As these properties are FLAG types in the netlink
API, we should also expose them as such in the
libnl API.

It is less code and require less code to support a new
flag.

The point is really to keep the API smaller instead of
wasting a getter and setter for each flag.

8 years agovxlan: don't store vxlan flags as ce_mask
Thomas Haller [Sat, 5 Nov 2016 16:00:53 +0000 (17:00 +0100)]
vxlan: don't store vxlan flags as ce_mask

The ce_mask is there to indicate whether a certain attribute is
set or not. The VXLAN flags are different, because the flag is
either set or not. It cannot have the meaning of being missing.

Therefore, it should not be stored as a VXLAN_ATTR in ce_mask.

8 years agovxlan: restore previous VXLAN_ATTR flag values
Thomas Haller [Sat, 5 Nov 2016 15:41:20 +0000 (16:41 +0100)]
vxlan: restore previous VXLAN_ATTR flag values

The VXLAN_ATTR flags are internal and not public API.
Still, they are exposed as part of nl_object_diff().
There is no reason to change previous behavior, restore
the previous numeric values.

8 years agovxlan: remove redundant enable/disable API from vxlan
Thomas Haller [Sat, 5 Nov 2016 15:31:24 +0000 (16:31 +0100)]
vxlan: remove redundant enable/disable API from vxlan

The enable/disable API is redundant and increases the library
in binary size and documentation. There should be one sensible way
to do something, not several.

Yes, there is prior act to that like rtnl_link_vxlan_disable_proxy().
That doesn't mean it should be repeated.

8 years agovxlan: fix exporting new symbols
Thomas Haller [Sat, 5 Nov 2016 15:23:57 +0000 (16:23 +0100)]
vxlan: fix exporting new symbols

Once a version is released, the existing symbol version
must not be extended.

Fixes: d533736e2258457c090d396586da5c2ea32e5836
8 years agovxlan: add support for additional VXLAN attributes.
Brandon Carpenter [Fri, 30 Sep 2016 22:44:25 +0000 (15:44 -0700)]
vxlan: add support for additional VXLAN attributes.

Includes all VXLAN attributes as of Linux kernel 4.7.5. In particular it
adds the following attributes:

    * IFLA_VXLAN_PORT,
    * IFLA_VXLAN_UDP_CSUM,
    * IFLA_VXLAN_UDP_ZERO_CSUM6_TX,
    * IFLA_VXLAN_UDP_ZERO_CSUM6_RX,
    * IFLA_VXLAN_REMCSUM_TX,
    * IFLA_VXLAN_REMCSUM_RX,
    * IFLA_VXLAN_GBP,
    * IFLA_VXLAN_REMCSUM_NOPARTIAL,
    * IFLA_VXLAN_COLLECT_METADATA,
    * IFLA_VXLAN_LABEL,
    * IFLA_VXLAN_GPE

https://github.com/thom311/libnl/pull/110

8 years agomacvlan: merge branch 'feature/macvlan-source-mode'
Thomas Haller [Tue, 27 Sep 2016 08:47:39 +0000 (10:47 +0200)]
macvlan: merge branch 'feature/macvlan-source-mode'

https://github.com/thom311/libnl/pull/109

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agomacvlan: adjust types and merge MACVLAN_HAS_MACCOUNT and MACVLAN_HAS_MACDATA
Thomas Haller [Tue, 27 Sep 2016 07:52:11 +0000 (09:52 +0200)]
macvlan: adjust types and merge MACVLAN_HAS_MACCOUNT and MACVLAN_HAS_MACDATA

mvi_maccount only makes sense together with the data. They should be
treated as one setting, and both should be consistent.
That means, if there are no addresses, mvi_maccount should always be set to
zero. This is regardless of whether the mvi_mask indicates that MACVLAN_HAS_MACADDR
is set. Similarly, if mvi_maccount is larger then zero, the mvi_macaddr
must point to some valid addresses.
The only exception is, when mvi_maccount is zero, mvi_macaddr may be
NULL or point to some data of zero allocated bytes.

Also, ensure that uint32_t is used for all the types that compare with
mvi_maccount.

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agomacvlan: add support for "source" mode
Michael Braun [Sun, 25 Sep 2016 18:25:10 +0000 (20:25 +0200)]
macvlan: add support for "source" mode

This adds libnl support for new "source" mode.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
8 years agolib: merge branch 'bridge-flags'
Thomas Haller [Sat, 24 Sep 2016 12:49:21 +0000 (14:49 +0200)]
lib: merge branch 'bridge-flags'

http://lists.infradead.org/pipermail/libnl/2016-August/002208.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agobridge: change return values for rtnl_link_bridge_get_hwmode()
Thomas Haller [Sat, 24 Sep 2016 12:42:57 +0000 (14:42 +0200)]
bridge: change return values for rtnl_link_bridge_get_hwmode()

Unfortunately, libnl3 is rather inconsistent about the getters.
- some return the value directly, and don't have a dedicated
  error return value.
- some don't check whether the attribute was set and just
  return the default value
- some fail with -NLE_INVAL or -NLE_NOATTR if the value is
  unset.

I think the best pattern is to fail if the attribue is unset.
However, the return value should be negative to indicate an error,
while 0 should mean success.

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agotrivial: whitespace
Thomas Haller [Sat, 24 Sep 2016 12:35:18 +0000 (14:35 +0200)]
trivial: whitespace

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: Support IFLA_BRIDGE_MODE
Jef Oliver [Thu, 1 Sep 2016 00:27:09 +0000 (17:27 -0700)]
lib/route: Support IFLA_BRIDGE_MODE

This patch adds support for hardware assisted bridge modes stored
in IFLA_AF_SPEC[IFLA_BRIDGE_MODE].

This patch adds rtnl_link_[g/s]et_hwmode() functions, allowing
for getting and setting the hardware mode for a bridged link.

This patch adds the convenience functions for translating between
integer and string names for hardware modes.

This patch adds rtnl_link_bridge_set_self(), a function that
stores flags in IFLA_AF_SPEC[IFLA_BRIDGE_FLAGS], an attribute
that tells the kernel whether it should apply settings to the
virtual bridge device or the hardware device itself. This requires
hardware that supports the hardware flags.

This patch adds bridge_fill_af(), a function to fill IFLA_AF_SPEC
with AF_BRIDGE specific information.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: Allow override of IFLA_AF_SPEC nesting
Jef Oliver [Thu, 1 Sep 2016 00:27:08 +0000 (17:27 -0700)]
lib/route: Allow override of IFLA_AF_SPEC nesting

This patch adds the ability to override nesting into an AF specific
attribute. An example of this is the bridge module.

Regular Nesting:
[IFLA_AF_SPEC]
    [AF_INET]
        [AF_INET_ATTRS]

Bridge Nesting:
[IFLA_AF_SPEC]
    [AF_BRIDGE_ATTRS]

This patch adds ao_fill_af_no_nest to struct rtnl_link_af_ops.
When set to non-zero, this will override the nested AF attribute
and allow nesting of attributes directly into IFLA_AF_SPEC.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: Extend Bridge Flags
Jef Oliver [Thu, 1 Sep 2016 00:27:07 +0000 (17:27 -0700)]
lib/route: Extend Bridge Flags

This patch adds support for the following bridge port flags:

IFLA_BRPORT_UNICAST_FLOOD
IFLA_BRPORT_LEARNING
IFLA_BRPORT_LEARNING_SYNC

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: Add port state translation functions
Jef Oliver [Thu, 1 Sep 2016 00:27:06 +0000 (17:27 -0700)]
lib/route: Add port state translation functions

This patch adds translation functions for translating the port
state between integers and strings.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: Fix appending IFLA_BRPORT_FASTLEAVE
Jef Oliver [Thu, 1 Sep 2016 00:27:05 +0000 (17:27 -0700)]
lib/route: Fix appending IFLA_BRPORT_FASTLEAVE

This patch fixes IFLA_BRPORT_FASTLEAVE to append to the correct
netlink attribute. (Turned up in automated testing.)

Fixes: 55bc931a7272e6ac8f555bcc2a373eb2b6b58377
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agomacsec: merge branch 'macsec-fix'
Thomas Haller [Sat, 24 Sep 2016 10:53:16 +0000 (12:53 +0200)]
macsec: merge branch 'macsec-fix'

https://github.com/thom311/libnl/pull/108

8 years agoremove multiple implementations of htonll(), ntohll()
Davide Caratti [Tue, 6 Sep 2016 09:17:47 +0000 (11:17 +0200)]
remove multiple implementations of htonll(), ntohll()

use a single #define in include/netlink-private/utils.h

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
8 years agomacsec: fix maximum ICV length
Davide Caratti [Mon, 5 Sep 2016 16:20:16 +0000 (18:20 +0200)]
macsec: fix maximum ICV length

Update copy of kernel header 'if_macsec.h' to Linux 4.8-rc5, so that
upstream commit 2ccbe2cb79f2f74ab739252299b6f9ff27586f2c ("macsec: limit
ICV length to 16 octets") is included. Return -NLE_INVAL when trying to
configure an ICV length greater than 16 octets.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
8 years agomacsec: fix endianness of 'sci' parameter
Davide Caratti [Mon, 5 Sep 2016 16:18:22 +0000 (18:18 +0200)]
macsec: fix endianness of 'sci' parameter

'sci' passed to kernel is meant to be in network byte order: use
ntohll() and htonll() accordingly.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
8 years agolib/route: merge branch 'bride-protinfo'
Thomas Haller [Mon, 29 Aug 2016 11:10:04 +0000 (13:10 +0200)]
lib/route: merge branch 'bride-protinfo'

http://lists.infradead.org/pipermail/libnl/2016-August/002204.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: modify link/bridge to set attributes
Jef Oliver [Sat, 27 Aug 2016 02:19:51 +0000 (19:19 -0700)]
lib/route: modify link/bridge to set attributes

This patch modifies link/bridge to set link attributes in a
request message. It adds set support for currently implemented
functionality.

This patch adds bridge_fill_pi, a function to fill in the
IFLA_PROTINFO nested attribute.

This patch modifies the bridge_ops structure to support
modifications made to properly set RTM_SETLINK during modifcation
of a link, append the NLA_F_NESTED flag to IFLA_PROTINFO, and
to call the newly added bridge_fill_pi.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: set IFLA_PROTINFO attribute in request message
Jef Oliver [Sat, 27 Aug 2016 02:19:50 +0000 (19:19 -0700)]
lib/route: set IFLA_PROTINFO attribute in request message

This patch adds the functionality to set IFLA_PROTINFO in a
request. This allows for appending protocol specific information
to a request message.

This patch adds ao_fill_pi to the rtnl_link_af_ops structure. This
registers a function to fill the IFLA_PROTINFO attribute. This
function follows the makeup of ao_fill_af.

This patch adds ao_fill_pi_flags to the rtnl_link_af_ops
structure. This registers an extra flag that can be bitmasked
onto the IFLA_PROTINFO definition. This is useful for address
families that require NLA_F_NESTED.

This patch adds a function named af_fill_pi, which is called by
build_link_msg. This function calls the registered function
pointers for an address family to fill IFLA_PROTINFO and to
bitmask any extra flags.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: allow override of message type during link change
Jef Oliver [Sat, 27 Aug 2016 02:19:49 +0000 (19:19 -0700)]
lib/route: allow override of message type during link change

When rtnl_link_build_change_request() builds a change request,
it sets the message type to RTM_NEWLINK by default. If the
request fails, it changes the type to RTM_SETLINK, and resubmits.

For some address families, this will result in a requested change
never being applied by the kernel. An exmaple of this is the Linux
bridge. When a netlink message of type RTM_NEWLINK is recieved,
rather than failing, it simply ignores the message and does not
return a failure.

To fix this, this patch implements an override for address
families that require it. The override can be set when an address
family registers itself in libnl.

This patch adds ao_override_rtm to the rtnl_link_af_ops structure.
This patch adds a static function named af_request_type.
This patch modifies rtnl_link_build_change_request to call
  af_request_type to properly set the request type if an address
  family wishes to override.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agocompat: add linux/socket.h for __kernel_sa_family_t
Jeff Squyres [Thu, 18 Aug 2016 22:40:27 +0000 (15:40 -0700)]
compat: add linux/socket.h for __kernel_sa_family_t

The __kernel_sa_family_t type is not present on older systems (e.g.,
RHEL 6), and libnl3 will not built without it.  Copy
/usr/include/linux/socket.h from a RHEL7 system to
include/linux-private/linux/socket.h so that it will be found by the
build system.

Fortunately, this socket.h is small and self-contained; it contains
very little (and does not #include any other files) beyond necessary
type.

https://github.com/thom311/libnl/pull/107

Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoall: merge branch 'strerror_l'
Thomas Haller [Thu, 25 Aug 2016 15:53:47 +0000 (17:53 +0200)]
all: merge branch 'strerror_l'

http://lists.infradead.org/pipermail/libnl/2016-August/002192.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agosrc: switch to using strerror_l() instead of strerror_r()
André Draszik [Thu, 25 Aug 2016 12:15:01 +0000 (13:15 +0100)]
src: switch to using strerror_l() instead of strerror_r()

glibc provides two versions of strerror_r(), which
can be chosen between using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE. libnl is built using
the former, hence we get the glibc special version,
and all code so far has been written for this.

Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.

Uses in libnl hence generally cause printf() of an *int*
with a *string format* specifier for that reason.

Additionally, strerror_r() has been deprecated:
  http://austingroupbugs.net/view.php?id=655

Switch to using strerror_l().

Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib: switch to using strerror_l() instead of strerror_r()
André Draszik [Thu, 25 Aug 2016 12:15:00 +0000 (13:15 +0100)]
lib: switch to using strerror_l() instead of strerror_r()

glibc provides two versions of strerror_r(), which
can be chosen between using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE. libnl is built using
the former, hence we get the glibc special version,
and all code so far has been written for this.

Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.

Uses in libnl hence generally cause printf() of an *int*
with a *string format* specifier for that reason.

Additionally, strerror_r() has been deprecated:
  http://austingroupbugs.net/view.php?id=655

Switch to using strerror_l() (via our wrapper just
introduced).

Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib: add utility function nl_strerror_l()
André Draszik [Thu, 25 Aug 2016 12:14:59 +0000 (13:14 +0100)]
lib: add utility function nl_strerror_l()

libnl currently uses strerror_r() throughout, but this is
problematic because there is a non-standard GNU version
implemented in glibc, and the standard POSIX version, which
differ in signature. When using glibc, one can choose
between the two versions using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE.

Given libnl is built using the former, we always get the
glibc special version, and all code so far has been written
for that non-standard version.

Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.

The alternative is to use strerror_l() rather than
strerror_r() http://austingroupbugs.net/view.php?id=655
- this will avoid the non-confirming versions issue
- strerror_l() is now recommended by POSIX to replace
  strerror_r() usage

So rather than changing all uses of strerror_r() to be in
line with posix, we are going to switch to the recommended
interface strerror_l().

Since strerror_l() is slightly more difficuly to use, we
add a little (private) wrapper that we can use from all
current callsites of strerror_r().

Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agonl-addr: avoid read-out-of-bound in nl_addr_fill_sockaddr()
Thomas Haller [Sun, 14 Aug 2016 09:44:53 +0000 (11:44 +0200)]
nl-addr: avoid read-out-of-bound in nl_addr_fill_sockaddr()

https://github.com/thom311/libnl/issues/103

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoroute/addr: merge branch 'toanju-fix-addr_id_attrs_get' (#105)
Thomas Haller [Sun, 14 Aug 2016 09:08:19 +0000 (11:08 +0200)]
route/addr: merge branch 'toanju-fix-addr_id_attrs_get' (#105)

https://github.com/thom311/libnl/pull/105

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib: capability NL_CAPABILITY_RTNL_ADDR_PEER_ID_FIX for ID comparison of v4 addresses
Thomas Haller [Sun, 14 Aug 2016 09:05:48 +0000 (11:05 +0200)]
lib: capability NL_CAPABILITY_RTNL_ADDR_PEER_ID_FIX for ID comparison of v4 addresses

The ID attributes for IPv4 addresses were broken which causes wrong
nl_object_identical() and cache lookup.

This capability shall indicate that the bug was fixed.

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoroute/addr: address attributes based on object
Tobias Jungel [Thu, 4 Aug 2016 08:01:43 +0000 (10:01 +0200)]
route/addr: address attributes based on object

addr_id_attrs_get returned a fixed set of attributes for AF_INET. This
leads to an invalid cache in case the default cache manager is used.

The error was cause by nl_object_identical, which checkes the ce_mask
of an object against the req_attrs. For route/addr objects the ce_mask
may contain the ADDR_ATTR_PEER, but the addr_id_attrs_get always
includes this attribute. Thus nl_object_identical fails always in case
no peer exists, which is the default for local addresses.

Fixes: 83e851ca9c842ccb6dae411d3fff9c7e9561269a
https://github.com/thom311/libnl/pull/105

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoall: merge branch 'various-fixes'
Thomas Haller [Sun, 14 Aug 2016 08:06:13 +0000 (10:06 +0200)]
all: merge branch 'various-fixes'

http://lists.infradead.org/pipermail/libnl/2016-August/002177.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agodoc: fix URLs and typo
Peter Wu [Mon, 8 Aug 2016 09:58:53 +0000 (11:58 +0200)]
doc: fix URLs and typo

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoexp: fix a GCC 6 -Wmisleading-indentation warning
Peter Wu [Mon, 8 Aug 2016 09:58:52 +0000 (11:58 +0200)]
exp: fix a GCC 6 -Wmisleading-indentation warning

Replaced the spaces by tabs to fix it.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: fix memleak in another error path of build_xfrm_sa_message
Peter Wu [Mon, 8 Aug 2016 09:58:51 +0000 (11:58 +0200)]
xfrm: fix memleak in another error path of build_xfrm_sa_message

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agocli: add noreturn attributes
Peter Wu [Mon, 8 Aug 2016 09:58:50 +0000 (11:58 +0200)]
cli: add noreturn attributes

Teach static code analyzers (such as Clang static analyzer) that code
following nl_cli_fatal can never be executed. Avoids false positives
such as detecting use of NULL pointers when that cannot happen.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agotrivial: whitespace-only fixes for src and lib
Peter Wu [Mon, 8 Aug 2016 10:04:01 +0000 (12:04 +0200)]
trivial: whitespace-only fixes for src and lib

Fixes alignment, lines with just whitespace and mixed tab/space
indentation. Searched, reviewed and optionally fixed in vim using
regex ^\t* [\t ]*\([^*us ]\|$\)\|\t\+$

http://lists.infradead.org/pipermail/libnl/2016-August/002183.html

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agobuild: fixup headers for C++ inclusion
Craig Gallek [Fri, 15 Jul 2016 14:29:06 +0000 (10:29 -0400)]
build: fixup headers for C++ inclusion

- Fix typos in extern "C" wrappers.
- 'class' is a reserved word, change to cls.
- int -> enum casts are not automatic.
- Static strings must be of type const char*
- Add a few implicit header dependencies explicitly.

http://lists.infradead.org/pipermail/libnl/2016-July/002165.html

Signed-off-by: Craig Gallek <kraig@google.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolibnl-3.2.28 release libnl3_2_28
Thomas Haller [Fri, 8 Jul 2016 09:41:40 +0000 (11:41 +0200)]
libnl-3.2.28 release

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolibnl-3.2.28-rc1 release libnl3_2_28rc1
Thomas Haller [Thu, 30 Jun 2016 10:44:01 +0000 (12:44 +0200)]
libnl-3.2.28-rc1 release

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agobuild: fix adding macsec files to include/Makefile.am
Thomas Haller [Thu, 30 Jun 2016 10:53:48 +0000 (12:53 +0200)]
build: fix adding macsec files to include/Makefile.am

Fixes: 885ff4ae1efce35f8db378b2533025c3c931823c
8 years agoroute/addr: merge branch 'ip-addr-fixes'
Thomas Haller [Wed, 29 Jun 2016 08:27:14 +0000 (10:27 +0200)]
route/addr: merge branch 'ip-addr-fixes'

http://lists.infradead.org/pipermail/libnl/2016-June/002156.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoroute/addr: add capability NL_CAPABILITY_RTNL_ADDR_PEER_FIX to indicate address fixes
Thomas Haller [Wed, 29 Jun 2016 08:25:13 +0000 (10:25 +0200)]
route/addr: add capability NL_CAPABILITY_RTNL_ADDR_PEER_FIX to indicate address fixes

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoroute/addr: fix handling peer addresses for IPv4 addresses
Thomas Haller [Tue, 28 Jun 2016 14:56:22 +0000 (16:56 +0200)]
route/addr: fix handling peer addresses for IPv4 addresses

For IPv4, a "normal" route has IFA_LOCAL and IFA_ADDRESS set
to the same destination. An address with a explicit peer, has
them differing. A peer of 0.0.0.0 is also valid and must
be treated different from a normal address.

    unshare -n
    ip link add T type dummy
    ip link set T up
    ip addr add 192.168.5.10 peer 192.168.5.10/24 dev T
    ip addr add 192.168.5.10/24 dev T
    #RTNETLINK answers: File exists
    ip addr add 192.168.5.10 peer 192.168.6.10/24 dev T
    ip addr add 192.168.5.10 peer 0.0.0.0/24 dev T

Previously, that would give:

    nl-addr-list
    #192.168.5.10/24 inet dev T scope global <permanent>
    #192.168.5.10 peer 192.168.6.10/24 inet dev T scope global <permanent>
    #192.168.5.10/24 inet dev T scope global <permanent>

With this change, we properly get:

    nl-addr-list
    #192.168.5.10/24 inet dev T scope global <permanent>
    #192.168.5.10/24 peer 192.168.6.10 inet dev T scope global <permanent>
    #192.168.5.10/24 peer 0.0.0.0 inet dev T scope global <permanent>

http://lists.infradead.org/pipermail/libnl/2016-June/002157.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoroute/addr: fix ID comparison for AF_INET and AF_INET6 addresses
Thomas Haller [Tue, 28 Jun 2016 14:56:21 +0000 (16:56 +0200)]
route/addr: fix ID comparison for AF_INET and AF_INET6 addresses

For AF_INET/IPv4 addresses, the ID equality comparison must include
the net-part of the peer address:

    unshare -n
    ip link add T type dummy
    ip link set T up
    ip addr add 192.168.5.10/24 dev T
    ip addr add 192.168.5.10 peer 192.168.6.1/24 dev T
    ip addr add 192.168.5.10 peer 192.168.7.1/24 dev T
    ip addr add 192.168.5.10 peer 192.168.7.2/24 dev T
    # RTNETLINK answers: File exists

    ip addr change 192.168.5.10 peer 192.168.7.2/24 dev T
    ip addr show | grep 192.168.7.
    # inet 192.168.5.10 peer 192.168.7.1/24 scope global T

For AF_INET6/IPv6 addresses, the prefix length of the address
is not part of the ID:

    unshare -n
    ip link add T type dummy
    ip link set T up
    ip addr add 192.168.7.10/24 dev T
    ip addr add 192.168.7.10/23 dev T
    ip addr add 1:2:3:4:5::1/64 dev T
    ip addr add 1:2:3:4:5::1/63 dev T
    # RTNETLINK answers: File exists

    ip addr change 1:2:3:4:5::1/63 dev T
    ip addr show | grep 1:2:3:4:5::1
    # inet6 1:2:3:4:5::1/64 scope global

*sigh*

http://lists.infradead.org/pipermail/libnl/2016-June/002158.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: allow avoiding buffer overflow for key in xfrmnl_sa_get_*_params()
Thomas Haller [Mon, 27 Jun 2016 18:06:07 +0000 (20:06 +0200)]
xfrm: allow avoiding buffer overflow for key in xfrmnl_sa_get_*_params()

The previous API of xfrmnl_sa_get_*_params() would always require
a @key buffer, but it was not possible to avoid buffer overflow
because the required size was unknown.

That is not really fixable, because the old API is broken.

Now, allow omitting the @key argument to only request the @key_size.
That allows the caller to ask beforehand how large the @key buffer
must be: ((@key_size + 7) / 8).

Unfortunately, omitting the key against previous versions of libnl
leads to a crash. And passing a key against older versions makes it
impossible to avoid buffer-overflow.

Another option would be to add functions like
xfrmnl_sa_get_crypto_params_keylen() so the user can query the required
buffer size by calling that instead of xfrmnl_sa_get_crypto_params().
However, then the user also requires a backport of the new API
and this will not be possible against older libnl3 versions either.
Thus, if the user already requires the fix, he can just as well
require a backport of this patch and then safely call xfrmnl_sa_get_crypto_params()
without @key argument. This way has the advantage/disadvantage, that
it can detect the presence of the patch at runtime.

The cumbersome way to get it right would be:

    unsiged key_len;
    char *key;
    int r;

    if (!nl_has_capability(17 /*NL_CAPABILITY_XFRM_SA_KEY_SIZE*/)) {
        /* no way to use this API safely. Abort. */
        return -NLE_OPNOTSUPP;
    }

    r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, NULL);
    if (r < 0)
         return r;
    key = malloc((key_len + 7) / 8);
    if (!key)
         return -NLE_NOMEM;
    r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, &key);
    if (r < 0) {
        free(key);
        return r;
    }
    ...

http://lists.infradead.org/pipermail/libnl/2016-June/002155.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agomacsec: merge branch 'qsn-macsec'
Thomas Haller [Mon, 27 Jun 2016 19:41:41 +0000 (21:41 +0200)]
macsec: merge branch 'qsn-macsec'

https://github.com/thom311/libnl/pull/100

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: add macsec support
Sabrina Dubroca [Fri, 24 Jun 2016 14:34:39 +0000 (16:34 +0200)]
lib/route: add macsec support

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
8 years agoimport macsec uapi headers
Sabrina Dubroca [Fri, 24 Jun 2016 14:34:28 +0000 (16:34 +0200)]
import macsec uapi headers

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
8 years agolink: merge branch 'qsn-io_compare' (#99)
Thomas Haller [Sat, 25 Jun 2016 15:52:08 +0000 (17:52 +0200)]
link: merge branch 'qsn-io_compare' (#99)

https://github.com/thom311/libnl/pull/99

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agovxlan: properly handle LOOSE_COMPARISON in ->io_compare
Sabrina Dubroca [Tue, 7 Jun 2016 11:57:22 +0000 (13:57 +0200)]
vxlan: properly handle LOOSE_COMPARISON in ->io_compare

This lets us match links only on the attributes that have actually been
set, instead of comparing all attributes.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agopass flags through ->io_compare op
Sabrina Dubroca [Tue, 7 Jun 2016 10:27:54 +0000 (12:27 +0200)]
pass flags through ->io_compare op

Currently rtnl_link_info_data_compare doesn't pass
flags (LOOSE_COMPARISON) to the ->io_compare op, so we cannot do a match
on only the attributes that are actually set in the filter object used
in a cache lookup via nl_cache_find().

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: merge branch 'xfrm/various-fixes'
Thomas Haller [Sat, 25 Jun 2016 15:36:07 +0000 (17:36 +0200)]
xfrm: merge branch 'xfrm/various-fixes'

http://lists.infradead.org/pipermail/libnl/2016-June/002138.html

8 years agoxfrm: fix memleak in build_xfrm_sa_message() error-path
Thomas Haller [Sat, 25 Jun 2016 15:33:31 +0000 (17:33 +0200)]
xfrm: fix memleak in build_xfrm_sa_message() error-path

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: attach only one xfrm alg attribute to netlink message
Thomas Egerer [Fri, 10 Jun 2016 09:57:57 +0000 (11:57 +0200)]
xfrm: attach only one xfrm alg attribute to netlink message

The kernel only uses the xfrm alg auth attribute if the xfrm alg auth
truncated attribute is not present. Hence sending both attributes in one
message does not make sense.
This piece of code also removes the call to nla_reserve in favor of the
NLA_PUT macro.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002139.html

8 years agoxfrm: fix memory leak for encap original address
Thomas Egerer [Fri, 10 Jun 2016 09:57:55 +0000 (11:57 +0200)]
xfrm: fix memory leak for encap original address

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002141.html

8 years agoxfrm: reuse encap data in xfrmnl_sa_set_encap_tmpl()
Thomas Haller [Sat, 25 Jun 2016 15:31:20 +0000 (17:31 +0200)]
xfrm: reuse encap data in xfrmnl_sa_set_encap_tmpl()

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: fix segfault when using encapsulation templates
Thomas Egerer [Fri, 10 Jun 2016 09:57:53 +0000 (11:57 +0200)]
xfrm: fix segfault when using encapsulation templates

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002140.html

8 years agoxfrm: make character pointers in setters const
Thomas Egerer [Mon, 6 Jun 2016 13:21:35 +0000 (15:21 +0200)]
xfrm: make character pointers in setters const

All of these pointers are either strcpy'd or memcpy'd and usually const
in a calling application. Changing them to const in the header does not
break the compatibility and allows for users with const pointers to use
the library without compiler warnings.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002137.html

8 years agoxfrm: merge branch 'xfrm/buffer-overflows'
Thomas Haller [Sat, 25 Jun 2016 11:55:59 +0000 (13:55 +0200)]
xfrm: merge branch 'xfrm/buffer-overflows'

http://lists.infradead.org/pipermail/libnl/2016-May/002134.html

8 years agoxfrm: check length of alg_name before strcpying it
Thomas Egerer [Tue, 31 May 2016 15:30:03 +0000 (17:30 +0200)]
xfrm: check length of alg_name before strcpying it

If the parameter alg_name points to a string longer then what libnl
accepts as alg_name, the call to strcpy may write far beyond the
particular data structure.
Instead of truncating the string (using strncpy) this patch adds a check
and returns -1 for strings being longer than 63 bytes.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Fixes: 917154470895520a77f527343f3a0cc1605934b0
http://lists.infradead.org/pipermail/libnl/2016-May/002133.html

8 years agoxfrm: fix buffer overflow when copying keys
Thomas Egerer [Tue, 31 May 2016 15:29:58 +0000 (17:29 +0200)]
xfrm: fix buffer overflow when copying keys

A colleague of mine came to notice that -- when adding keys to the
xfrm-part of libnl -- memcpy is given newlen, which copies sizeof(struct
xfrmnl_...) plus keysize instead of only the keysize.
This patch uses a keysize parameter to only copy the required number of
bytes.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Fixes: 917154470895520a77f527343f3a0cc1605934b0
http://lists.infradead.org/pipermail/libnl/2016-May/002132.html