Thomas Haller [Mon, 5 Oct 2015 14:52:07 +0000 (16:52 +0200)]
lib/attr: add nla utility functions for signed integers
Commit 7bb956501ccd58ed3bbffc59de996f056e178683 added nla functions for
s32. We preferibly add all signed integer operations at the same time.
Thus, also add s8, s16, and s64.
Also, previously the NLA_TYPE_MAX enum was not extended to have
NLA_S32. Fix that too.
Reported-By: Jiri Pirko <jiri@resnulli.us> Fixes: 7bb956501ccd58ed3bbffc59de996f056e178683 Signed-off-by: Thomas Haller <thaller@redhat.com>
Tobias Klauser [Thu, 20 Aug 2015 13:46:22 +0000 (15:46 +0200)]
route/link: add missing link_attrs translations
Add LINK_ATTR_NSFD, LINK_ATTR_NS_PID and LINK_ATTR_LINK_NETNSID to the
link_attrs translation table after they were added in commits 760bfabad8cd ("add link netns support") and 66aab65595fb ("route/link:
add support for IFLA_LINK_NETNSID") respectively.
Thomas Haller [Mon, 24 Aug 2015 15:57:16 +0000 (17:57 +0200)]
socket: fix assertion in nl_connect() when all ports are already in use
When generating a port fails a few times (because they are already in used
outside of libnl's knowledge), we would back off generating a local
port and instead let kernel decide.
There was however a bug in nl_connect() that caused an assertion:
BUG at file position socket.c:147:_nl_socket_used_ports_release_all
app: socket.c:147: _nl_socket_used_ports_release_all: Assertion `0' failed.
Thomas Haller [Fri, 10 Jul 2015 12:58:51 +0000 (14:58 +0200)]
socket: add fallback for nl_connect() by trying to bind to unspecified local port
libnl allows the user to explicitly set the local port before connecting
the socket. A more convenient way is to leave the local port unspecified
and let libnl generate a port id.
As it is, generate_local_port() would try at most 1024 ports, that
means if a user tries to connect more sockets, the automatism will
fail.
Kernel also supports choosing the local port itself (via netlink_autobind()).
So, this could be fixed by always leaving the port unspecified and let
kernel decide on the port. For that we could entirely drop generate_local_port().
There are however problems with that:
- it is unclear why generate_local_port() was even introduced in the
first place instead of always relying kernel. This code already
appeared in libnl-1, so maybe there was a good reason for it or
it is necessary on some kernel versions.
- The deprecated libnl-1 library also uses a form of generate_local_port().
Its first guess would always be getpid(), but the problem is that
it would not retry on EADDRINUSE. Currently libnl-3 generates ports in
a different sequence and will not generate a conflicting port (until it
already exhausted 1016 other ports).
Hence, currently if your application uses libnl1 and libnl3
together, the automatism might just work without conflicts
(commit 1f734a8f892abcd3f81637df4a089155aca1b66a).
Accidently, kernel/netlink_autobind() also first tries the process
id as port. That means, if we change libnl-3 to leave the decision
to kernel, and
- the application connects sockets both via libnl-1 and libnl-3
- and the libnl-3 socket happens to connect first
then the libnl-1 socket would fail to connect without retrying
another port.
- Removing generate_local_port() entirely changes behavior in the
following case:
sk = nl_socket_alloc();
/* accessing local port before connecting the socket used to
* freeze the local port to the generated value. */
port = nl_socket_get_local_port(sk);
nl_connect(sk, NETLINK_...);
Maybe the issues are minor and it would simplify the code just to get
rid of the cruft. But instead fix the issue without changing behavior.
Just keep trying with generate_local_port() first, before fallback to
kernel.
Reported-by: Julien Courtat <julien.courtat@6wind.com> Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2015-June/001889.html
Thomas Haller [Fri, 10 Jul 2015 12:58:50 +0000 (14:58 +0200)]
socket: clear port when unable to generate local port
When running out of local ports, _nl_socket_generate_local_port_no_release()
would leave the socket with port UINT32_MAX. That means if nl_connect()
fails due to out-of-ports, it would leave the port id assigned to an
invalid port and the socket instance was not re-usable until the user
called nl_socket_set_local_port(). Fix that by resetting the local port
to zero.
Thereby, also change generate_local_port() to return zero when
running out of ports. zero is a more natural value for ~no port found~.
It also matches the port that _nl_socket_generate_local_port_no_release()
uses when failing to generate a port.
Also ensure that zero cannot be returned as valid port by generate_local_port().
Arguably, that would only be possible if (getpid() & 0x3FFFFF)
returns zero. Just be extra cautious.
Kir Kolyshkin [Tue, 7 Jul 2015 05:33:23 +0000 (22:33 -0700)]
doc/Makefile.am: don't use asciidoc if disabled
In case doc/configure.ac hasn't found asciidoc or any of its
prerequisites (such as pygmentize), make shouldn't try to run it.
One such case ("gendoc" target) is covered while the other
("%.html" target) is not. Fix it by adding a proper ifdef.
Kir Kolyshkin [Tue, 7 Jul 2015 05:23:45 +0000 (22:23 -0700)]
doc/configure.ac: simplify python check
A check for python binary that was originally introduced by commit 183e869 is needed because python is used for a couple of preprocessors
(doxygen-link.py and resolve-asciidoc-refs.py) and therefore it is
impossible to build docs without python.
While it is right to check for python, the check was both wrong and
excessive. Instead of just checking for python binary, it checked for
various versions of python and set a few variables that are not needed
here. More to say, the absense of python binary was not treated as
being fatal like it should.
Fix both problems by using AC_CHECK_PROG for python, terminating the
build in the same way as with doxygen absense. Also, remove the
m4/ax_python.m4 which is no longer needed.
Kir Kolyshkin [Tue, 7 Jul 2015 00:25:14 +0000 (17:25 -0700)]
m4/ax*.m4: remove
These files, as well as the proper configure.ac calls, were added
by commit f443be6, but the calls were later removed by commit b4b853e,
so these are no longer needed.
The ifi_change field can be set with the mask of the flags that need
to be changed as part of the link message to the kernel. This means only
the specific flags that have been changed will be modified in the kernel,
rather than the entire flags entry.
[thaller@redhat.com: add capability to indicate the change in behavior]
Thomas Haller [Fri, 26 Jun 2015 16:01:21 +0000 (18:01 +0200)]
ipvlan: don't check for valid @mode argument in rtnl_link_ipvlan_set_mode()
In the future kernel might support more modes. Don't be so
strict in rtnl_link_ipvlan_set_mode() and accept any uint16
mode.
This way when adding new modes, rtnl_link_ipvlan_set_mode() does not
need to be changed.
If the user passes an invalid value and sends a message to the kernel,
it will be rejected there.
Thomas Haller [Fri, 26 Jun 2015 15:07:26 +0000 (17:07 +0200)]
neigh: accept "norarp" in rtnl_neigh_state2str()
Commit 6a9335f101e22cd5eaba4dfcf0a44e2c3097b4ab fixed a typo in the
string-to-flags conversion. At least for rtnl_neigh_str2state()
we want to continue to parse "norarp" for backward compatiblity.
Thomas Egerer [Thu, 4 Jun 2015 12:43:58 +0000 (14:43 +0200)]
lib: return error if an incomplete message was read
If recvmsg indicates that the message read was truncated libnl retries
to read the complete message after increasing the message buffer. This
only works if the message flags MSG_PEEK | MSG_TRUNC are set. If
NL_MSG_PEEK is not enabled on the nl_sock structure, flags are left
empty and the rest of the truncated message is discarded, hence a
subsequent recvmsg returns the next message (in case of a multipart
message, the NLMSG_DONE) is read and returned.
This patch aborts message processing if the message was truncated and
the NL_MSG_PEEK flags was not activated for the nl_sock structure.
Tobias Klauser [Tue, 19 May 2015 11:40:24 +0000 (13:40 +0200)]
utils: update link layer protocol translations
Update the private copy of linux/if_arp.h and hook up the not yet
defined ARPHRD_* types in the llprotos translation table. Reorder the
entries such that they correspond to the order they're defined in
linux/if_arp.h. Also remove the #ifdef guards since these are
unnecessary given that the private copy of the kernel header is used.
Thomas Haller [Tue, 12 May 2015 13:04:48 +0000 (15:04 +0200)]
lib/doc: clearify return value of send_simple() functions
The return value of the *nl_send_simple() functions is
inconsistent and not according to the documentation.
nl_send_simple() is document to return the number of bytes sent.
Other *nl_send_simple() functions are documented to return 0 on
success -- for the most part.
See also commit b70174668b9867de573cf51471bc98bfe7fd2bc3 which
changed behavior of nl_rtgen_request() to be according to documenation.
Don't change behavior again, only adjust the documentation.
Arend van Spriel [Sun, 10 May 2015 10:22:17 +0000 (12:22 +0200)]
python: capi: add nla_put() function to python capi
Adding nla_put() to the capi using a typemap on the input
parameter which needs to be either a str or bytearray.
Otherwise a SWIG exception with be thrown.
Signed-off-by: Arend van Spriel <aspriel@gmail.com>
The define was left enabled during development on netlink (and genl)
python swig api. It is a bit annoying in production release so disable
the define.
Signed-off-by: Arend van Spriel <aspriel@gmail.com>
Tobias Klauser [Mon, 11 May 2015 12:49:01 +0000 (14:49 +0200)]
xfrm: fix potential NULL dereference
If xfrmnl_sel_alloc() returns NULL, the daddr and saddr members are
still accessed, leading to a potential NULL dereference. The same is the
case for xfrmnl_user_tmpl_alloc(). Fix this by returning NULL right away
if allocation fails.
utils: Add translations for NETLINK_RDMA and NETLINK_CRYPTO
Add translations for NETLINK_RDMA and NETLINK_CRYPTO to nlfamilies,
allowing to use nl_nlfamily2str() and nl_str2nlfamily() for these
families.
This makes it necessary to update the private copy of linux/netlink.h
and also includes the rename of NETLINK_INET_DIAG to NETLINK_SOCK_DIAG
in upstream commit 7f1fb60c4fc9fb29 ("inet_diag: Partly rename inet_ to
sock_") and the removal of the duplicate NLMSG_ALIGN in the
NLMSG_LENGTH() macro in upstream commit a88b9ce5ad4fc633 ("netlink:
remove duplicated NLMSG_ALIGN").
Thomas Haller [Thu, 19 Mar 2015 11:22:12 +0000 (12:22 +0100)]
utils: add code comment about capability number assignment
Also reserve a range of capabilities (0x7000 to 0x7FFF) that we won't
use upstream. Add a macro NL_CAPABILITY_IS_USER_RESERVED() to check
if the capability is in that range.
David Chappelle [Tue, 17 Mar 2015 04:40:20 +0000 (00:40 -0400)]
route: remove unnecessary include of private linux/if.h
Including linux/if.h in netlink/route/link.h causes issues
in cases where libnl is used in conjuntion with other third
party libraries that include net/if.h. Seems to be a long
checkered history of symbol collisions between these two
files. As it turns out, including linux/if.h from within
netlink/route/link.h is actually unecessary. I resurrected
a forgotten path from this thread:
Thomas Haller [Mon, 9 Mar 2015 16:16:56 +0000 (17:16 +0100)]
build: revert moving unstable symbols from libnl_3 linker section
In the past, libnl3 had only one section (libnl_3) in the
linker version script. Between 3.2.25 and 3.2.26 release,
this was cleaned up and new symbols were added to libnl_3_2_26
section. Commit d2a30fb also moved new symbols since 3.2.25
to that section.
Fedora 21 and later already uses these symbols in the previous
version (@libnl_3). Updating there would break symbol lookup.
As we have users of the unstable version from pre-3.2.26, move
those symbols back. Note that this now breaks unstable users since d2a30fb (5 weeks ago) -- which probably are much fewer affected
users.
Fixes: d2a30fbb36d668fe64f43bddfc9c53ee0362334f Signed-off-by: Thomas Haller <thaller@redhat.com>
Thomas Haller [Fri, 6 Mar 2015 11:33:49 +0000 (12:33 +0100)]
lib/socket: detect protocol in nl_socket_set_fd()
With support for socket option SO_PROTOCOL we don't need the protocol
argument to nl_socket_set_fd(). Maybe we should drop the protocol argument
and just not support nl_socket_set_fd() on older systems. But instead
keep the argument and allow passing -1 to autodetect it.
If the user sets a protocol option, we check via getsockopt() that the
value is correct and error out otherwise.
On older kernels, the user must set the value. Otherwise
nl_socket_set_fd() will fail.
Thomas Haller [Thu, 5 Mar 2015 09:39:43 +0000 (10:39 +0100)]
lib/socket: add nl_socket_set_fd() function
This is based on the patch by sagil@infinidat.com, but heavily modified.
Add a function nl_socket_set_fd(), I renamed it from nl_connect_fd().
Now nl_connect() and nl_socket_set_fd() are implemented independently as
they share little code. But they have similar functionality:
to initialize a libnl socket and set it's file descriptor.
A user who wants libnl to setup the socket can continue to use nl_connect().
A user with special requirements should setup the socket entirely. That includes
calling socket() (with or without SOCK_CLOEXEC), bind(), setting buffer size.
For the same reason I dropped nl_create_fd(). It didn't do much more then
calling socket() -- which the user can do directly.
Sagi Lowenhardt [Tue, 17 Feb 2015 13:22:27 +0000 (15:22 +0200)]
add socket nl_connect_fd() & nl_create_fd()
- Added option to create socket (fd) without bind.
It is now possible to forward the socket fd to another child process...
...later use nl_connect_fd() to connect to socket from the child process.
- Added option to disable CLOEXEC even if defined (in socket.h)
'nl_socket_enable_cloexec' & 'nl_socket_disable_cloexec'
No change to current default behavior.
Thomas Haller [Thu, 5 Mar 2015 09:50:04 +0000 (10:50 +0100)]
lib/nl: preserve s_local if nl_connect() fails
s_local.nl_pid is used to track the generated port unless NL_OWN_PORT is set.
Ensure that getsockname() doesn't overwrite the value and possibly reset
the local port manually to release the generated port.
Thomas Haller [Thu, 5 Mar 2015 07:46:31 +0000 (08:46 +0100)]
lib/socket: remove NL_SOCK_BUFSIZE_SET socket flag
The flag was not actually used.
NL_SOCK_BUFSIZE_SET was only set by nl_socket_set_buffer_size().
Note that you can only call nl_socket_set_buffer_size() on a socket that
is already connected via nl_connect().
On first call, nl_connect() would always see NL_SOCK_BUFSIZE_SET unset, and
call nl_socket_set_buffer_size().
Since the flag was never unset, when trying to connect a socket a second
time, we would not set the buffer size again. Which was a bug.
Thomas Haller [Wed, 4 Mar 2015 14:27:14 +0000 (15:27 +0100)]
build/trivial: reorder symbols in linker version scripts and add comment
We export some symbols that are in private headers. We shouldn't do
that. Highlight them in the version script by grouping them and add
a comment.
We might want to hide these symbols later.
Some of these symbols symbols are used by libnl internal libraries.
So removing those is more complicated and only possible if we don't
required compatibility of different libnl libraries between each other
(i.e. that we require that within one installation the library versions
match).
Lubomir Rintel [Sun, 25 Jan 2015 17:11:53 +0000 (18:11 +0100)]
lib: log errors from platform
nl_syserr2nlerr() reduces a lot of platform errors to NLE_FAILURE --
"Unspecific failure" which makes it somehow hard to track down the real reason
behind a failure.
Logging them with level of 4 makes it a little less painful.
Rohan Joyce [Fri, 13 Feb 2015 10:26:01 +0000 (18:26 +0800)]
lib: add const-ness to appropriate parameters in addr, attr, data
This patch changes the signatures of some functions to allow const pointers in
places where a const qualified pointer is enough access for what the function
does (e.g. nla_get_u8). It also changes some functions that take a pointer
parameter and return a pointer derived from it to use the strchr idiom.
This is not exhaustive in terms of places where const can be added, but it's
a decent chunk that should not make the external api any more restrictive.
Thomas Haller [Sun, 4 Jan 2015 16:24:38 +0000 (17:24 +0100)]
build: explicitly list exported symbols in linker scripts
Before all symbols (global: *;) were exported, which included some
symbols that should not be exported. Update the symbol files to
exclude everything by default and name the exported symbols
explicitly.
Still the same symbols as before are exported.
for SO in ./lib/.libs/*.so ./src/lib/.libs/*.so; do
SYM="$(basename "$SO")"
SYM="${SYM%.so}.sym"
cat <<EOF | sed 's/^ *>> //' > "$SYM"
>> libnl_3 {
>> global:
>> $(nm "$SO" | sed -n 's/^[a-fA-F0-9]\+ [BDRT] \(.*\)/\t\1;/p' | LANG=C sort)
>> local:
>> $(echo -e '\t')*;
>> };
EOF
done
Thomas Haller [Thu, 27 Nov 2014 12:09:05 +0000 (13:09 +0100)]
idiag: fix idiagnl_compare() to compare all attributes
This is not important for nl_object_identical() which only considers
the required attributes. But for using nl_object_diff() or nl_object_filter(),
all attributes must be compared.
Acked-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: Thomas Haller <thaller@redhat.com>