]> granicus.if.org Git - libnl/log
libnl
8 years agolib: merge branch 'bridge-flags'
Thomas Haller [Sat, 24 Sep 2016 12:49:21 +0000 (14:49 +0200)]
lib: merge branch 'bridge-flags'

http://lists.infradead.org/pipermail/libnl/2016-August/002208.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agobridge: change return values for rtnl_link_bridge_get_hwmode()
Thomas Haller [Sat, 24 Sep 2016 12:42:57 +0000 (14:42 +0200)]
bridge: change return values for rtnl_link_bridge_get_hwmode()

Unfortunately, libnl3 is rather inconsistent about the getters.
- some return the value directly, and don't have a dedicated
  error return value.
- some don't check whether the attribute was set and just
  return the default value
- some fail with -NLE_INVAL or -NLE_NOATTR if the value is
  unset.

I think the best pattern is to fail if the attribue is unset.
However, the return value should be negative to indicate an error,
while 0 should mean success.

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agotrivial: whitespace
Thomas Haller [Sat, 24 Sep 2016 12:35:18 +0000 (14:35 +0200)]
trivial: whitespace

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: Support IFLA_BRIDGE_MODE
Jef Oliver [Thu, 1 Sep 2016 00:27:09 +0000 (17:27 -0700)]
lib/route: Support IFLA_BRIDGE_MODE

This patch adds support for hardware assisted bridge modes stored
in IFLA_AF_SPEC[IFLA_BRIDGE_MODE].

This patch adds rtnl_link_[g/s]et_hwmode() functions, allowing
for getting and setting the hardware mode for a bridged link.

This patch adds the convenience functions for translating between
integer and string names for hardware modes.

This patch adds rtnl_link_bridge_set_self(), a function that
stores flags in IFLA_AF_SPEC[IFLA_BRIDGE_FLAGS], an attribute
that tells the kernel whether it should apply settings to the
virtual bridge device or the hardware device itself. This requires
hardware that supports the hardware flags.

This patch adds bridge_fill_af(), a function to fill IFLA_AF_SPEC
with AF_BRIDGE specific information.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: Allow override of IFLA_AF_SPEC nesting
Jef Oliver [Thu, 1 Sep 2016 00:27:08 +0000 (17:27 -0700)]
lib/route: Allow override of IFLA_AF_SPEC nesting

This patch adds the ability to override nesting into an AF specific
attribute. An example of this is the bridge module.

Regular Nesting:
[IFLA_AF_SPEC]
    [AF_INET]
        [AF_INET_ATTRS]

Bridge Nesting:
[IFLA_AF_SPEC]
    [AF_BRIDGE_ATTRS]

This patch adds ao_fill_af_no_nest to struct rtnl_link_af_ops.
When set to non-zero, this will override the nested AF attribute
and allow nesting of attributes directly into IFLA_AF_SPEC.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: Extend Bridge Flags
Jef Oliver [Thu, 1 Sep 2016 00:27:07 +0000 (17:27 -0700)]
lib/route: Extend Bridge Flags

This patch adds support for the following bridge port flags:

IFLA_BRPORT_UNICAST_FLOOD
IFLA_BRPORT_LEARNING
IFLA_BRPORT_LEARNING_SYNC

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: Add port state translation functions
Jef Oliver [Thu, 1 Sep 2016 00:27:06 +0000 (17:27 -0700)]
lib/route: Add port state translation functions

This patch adds translation functions for translating the port
state between integers and strings.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: Fix appending IFLA_BRPORT_FASTLEAVE
Jef Oliver [Thu, 1 Sep 2016 00:27:05 +0000 (17:27 -0700)]
lib/route: Fix appending IFLA_BRPORT_FASTLEAVE

This patch fixes IFLA_BRPORT_FASTLEAVE to append to the correct
netlink attribute. (Turned up in automated testing.)

Fixes: 55bc931a7272e6ac8f555bcc2a373eb2b6b58377
Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agomacsec: merge branch 'macsec-fix'
Thomas Haller [Sat, 24 Sep 2016 10:53:16 +0000 (12:53 +0200)]
macsec: merge branch 'macsec-fix'

https://github.com/thom311/libnl/pull/108

8 years agoremove multiple implementations of htonll(), ntohll()
Davide Caratti [Tue, 6 Sep 2016 09:17:47 +0000 (11:17 +0200)]
remove multiple implementations of htonll(), ntohll()

use a single #define in include/netlink-private/utils.h

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
8 years agomacsec: fix maximum ICV length
Davide Caratti [Mon, 5 Sep 2016 16:20:16 +0000 (18:20 +0200)]
macsec: fix maximum ICV length

Update copy of kernel header 'if_macsec.h' to Linux 4.8-rc5, so that
upstream commit 2ccbe2cb79f2f74ab739252299b6f9ff27586f2c ("macsec: limit
ICV length to 16 octets") is included. Return -NLE_INVAL when trying to
configure an ICV length greater than 16 octets.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
8 years agomacsec: fix endianness of 'sci' parameter
Davide Caratti [Mon, 5 Sep 2016 16:18:22 +0000 (18:18 +0200)]
macsec: fix endianness of 'sci' parameter

'sci' passed to kernel is meant to be in network byte order: use
ntohll() and htonll() accordingly.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
8 years agolib/route: merge branch 'bride-protinfo'
Thomas Haller [Mon, 29 Aug 2016 11:10:04 +0000 (13:10 +0200)]
lib/route: merge branch 'bride-protinfo'

http://lists.infradead.org/pipermail/libnl/2016-August/002204.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: modify link/bridge to set attributes
Jef Oliver [Sat, 27 Aug 2016 02:19:51 +0000 (19:19 -0700)]
lib/route: modify link/bridge to set attributes

This patch modifies link/bridge to set link attributes in a
request message. It adds set support for currently implemented
functionality.

This patch adds bridge_fill_pi, a function to fill in the
IFLA_PROTINFO nested attribute.

This patch modifies the bridge_ops structure to support
modifications made to properly set RTM_SETLINK during modifcation
of a link, append the NLA_F_NESTED flag to IFLA_PROTINFO, and
to call the newly added bridge_fill_pi.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: set IFLA_PROTINFO attribute in request message
Jef Oliver [Sat, 27 Aug 2016 02:19:50 +0000 (19:19 -0700)]
lib/route: set IFLA_PROTINFO attribute in request message

This patch adds the functionality to set IFLA_PROTINFO in a
request. This allows for appending protocol specific information
to a request message.

This patch adds ao_fill_pi to the rtnl_link_af_ops structure. This
registers a function to fill the IFLA_PROTINFO attribute. This
function follows the makeup of ao_fill_af.

This patch adds ao_fill_pi_flags to the rtnl_link_af_ops
structure. This registers an extra flag that can be bitmasked
onto the IFLA_PROTINFO definition. This is useful for address
families that require NLA_F_NESTED.

This patch adds a function named af_fill_pi, which is called by
build_link_msg. This function calls the registered function
pointers for an address family to fill IFLA_PROTINFO and to
bitmask any extra flags.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: allow override of message type during link change
Jef Oliver [Sat, 27 Aug 2016 02:19:49 +0000 (19:19 -0700)]
lib/route: allow override of message type during link change

When rtnl_link_build_change_request() builds a change request,
it sets the message type to RTM_NEWLINK by default. If the
request fails, it changes the type to RTM_SETLINK, and resubmits.

For some address families, this will result in a requested change
never being applied by the kernel. An exmaple of this is the Linux
bridge. When a netlink message of type RTM_NEWLINK is recieved,
rather than failing, it simply ignores the message and does not
return a failure.

To fix this, this patch implements an override for address
families that require it. The override can be set when an address
family registers itself in libnl.

This patch adds ao_override_rtm to the rtnl_link_af_ops structure.
This patch adds a static function named af_request_type.
This patch modifies rtnl_link_build_change_request to call
  af_request_type to properly set the request type if an address
  family wishes to override.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agocompat: add linux/socket.h for __kernel_sa_family_t
Jeff Squyres [Thu, 18 Aug 2016 22:40:27 +0000 (15:40 -0700)]
compat: add linux/socket.h for __kernel_sa_family_t

The __kernel_sa_family_t type is not present on older systems (e.g.,
RHEL 6), and libnl3 will not built without it.  Copy
/usr/include/linux/socket.h from a RHEL7 system to
include/linux-private/linux/socket.h so that it will be found by the
build system.

Fortunately, this socket.h is small and self-contained; it contains
very little (and does not #include any other files) beyond necessary
type.

https://github.com/thom311/libnl/pull/107

Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoall: merge branch 'strerror_l'
Thomas Haller [Thu, 25 Aug 2016 15:53:47 +0000 (17:53 +0200)]
all: merge branch 'strerror_l'

http://lists.infradead.org/pipermail/libnl/2016-August/002192.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agosrc: switch to using strerror_l() instead of strerror_r()
André Draszik [Thu, 25 Aug 2016 12:15:01 +0000 (13:15 +0100)]
src: switch to using strerror_l() instead of strerror_r()

glibc provides two versions of strerror_r(), which
can be chosen between using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE. libnl is built using
the former, hence we get the glibc special version,
and all code so far has been written for this.

Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.

Uses in libnl hence generally cause printf() of an *int*
with a *string format* specifier for that reason.

Additionally, strerror_r() has been deprecated:
  http://austingroupbugs.net/view.php?id=655

Switch to using strerror_l().

Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib: switch to using strerror_l() instead of strerror_r()
André Draszik [Thu, 25 Aug 2016 12:15:00 +0000 (13:15 +0100)]
lib: switch to using strerror_l() instead of strerror_r()

glibc provides two versions of strerror_r(), which
can be chosen between using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE. libnl is built using
the former, hence we get the glibc special version,
and all code so far has been written for this.

Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.

Uses in libnl hence generally cause printf() of an *int*
with a *string format* specifier for that reason.

Additionally, strerror_r() has been deprecated:
  http://austingroupbugs.net/view.php?id=655

Switch to using strerror_l() (via our wrapper just
introduced).

Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib: add utility function nl_strerror_l()
André Draszik [Thu, 25 Aug 2016 12:14:59 +0000 (13:14 +0100)]
lib: add utility function nl_strerror_l()

libnl currently uses strerror_r() throughout, but this is
problematic because there is a non-standard GNU version
implemented in glibc, and the standard POSIX version, which
differ in signature. When using glibc, one can choose
between the two versions using feature test macros
_GNU_SOURCE and _POSIX_C_SOURCE.

Given libnl is built using the former, we always get the
glibc special version, and all code so far has been written
for that non-standard version.

Other C libraries like musl on the other hand only try
to be posix compliant, and only ever provide the posix
version of strerror_r(), which has a different signature.

The alternative is to use strerror_l() rather than
strerror_r() http://austingroupbugs.net/view.php?id=655
- this will avoid the non-confirming versions issue
- strerror_l() is now recommended by POSIX to replace
  strerror_r() usage

So rather than changing all uses of strerror_r() to be in
line with posix, we are going to switch to the recommended
interface strerror_l().

Since strerror_l() is slightly more difficuly to use, we
add a little (private) wrapper that we can use from all
current callsites of strerror_r().

Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agonl-addr: avoid read-out-of-bound in nl_addr_fill_sockaddr()
Thomas Haller [Sun, 14 Aug 2016 09:44:53 +0000 (11:44 +0200)]
nl-addr: avoid read-out-of-bound in nl_addr_fill_sockaddr()

https://github.com/thom311/libnl/issues/103

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoroute/addr: merge branch 'toanju-fix-addr_id_attrs_get' (#105)
Thomas Haller [Sun, 14 Aug 2016 09:08:19 +0000 (11:08 +0200)]
route/addr: merge branch 'toanju-fix-addr_id_attrs_get' (#105)

https://github.com/thom311/libnl/pull/105

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib: capability NL_CAPABILITY_RTNL_ADDR_PEER_ID_FIX for ID comparison of v4 addresses
Thomas Haller [Sun, 14 Aug 2016 09:05:48 +0000 (11:05 +0200)]
lib: capability NL_CAPABILITY_RTNL_ADDR_PEER_ID_FIX for ID comparison of v4 addresses

The ID attributes for IPv4 addresses were broken which causes wrong
nl_object_identical() and cache lookup.

This capability shall indicate that the bug was fixed.

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoroute/addr: address attributes based on object
Tobias Jungel [Thu, 4 Aug 2016 08:01:43 +0000 (10:01 +0200)]
route/addr: address attributes based on object

addr_id_attrs_get returned a fixed set of attributes for AF_INET. This
leads to an invalid cache in case the default cache manager is used.

The error was cause by nl_object_identical, which checkes the ce_mask
of an object against the req_attrs. For route/addr objects the ce_mask
may contain the ADDR_ATTR_PEER, but the addr_id_attrs_get always
includes this attribute. Thus nl_object_identical fails always in case
no peer exists, which is the default for local addresses.

Fixes: 83e851ca9c842ccb6dae411d3fff9c7e9561269a
https://github.com/thom311/libnl/pull/105

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoall: merge branch 'various-fixes'
Thomas Haller [Sun, 14 Aug 2016 08:06:13 +0000 (10:06 +0200)]
all: merge branch 'various-fixes'

http://lists.infradead.org/pipermail/libnl/2016-August/002177.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agodoc: fix URLs and typo
Peter Wu [Mon, 8 Aug 2016 09:58:53 +0000 (11:58 +0200)]
doc: fix URLs and typo

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoexp: fix a GCC 6 -Wmisleading-indentation warning
Peter Wu [Mon, 8 Aug 2016 09:58:52 +0000 (11:58 +0200)]
exp: fix a GCC 6 -Wmisleading-indentation warning

Replaced the spaces by tabs to fix it.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: fix memleak in another error path of build_xfrm_sa_message
Peter Wu [Mon, 8 Aug 2016 09:58:51 +0000 (11:58 +0200)]
xfrm: fix memleak in another error path of build_xfrm_sa_message

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agocli: add noreturn attributes
Peter Wu [Mon, 8 Aug 2016 09:58:50 +0000 (11:58 +0200)]
cli: add noreturn attributes

Teach static code analyzers (such as Clang static analyzer) that code
following nl_cli_fatal can never be executed. Avoids false positives
such as detecting use of NULL pointers when that cannot happen.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agotrivial: whitespace-only fixes for src and lib
Peter Wu [Mon, 8 Aug 2016 10:04:01 +0000 (12:04 +0200)]
trivial: whitespace-only fixes for src and lib

Fixes alignment, lines with just whitespace and mixed tab/space
indentation. Searched, reviewed and optionally fixed in vim using
regex ^\t* [\t ]*\([^*us ]\|$\)\|\t\+$

http://lists.infradead.org/pipermail/libnl/2016-August/002183.html

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agobuild: fixup headers for C++ inclusion
Craig Gallek [Fri, 15 Jul 2016 14:29:06 +0000 (10:29 -0400)]
build: fixup headers for C++ inclusion

- Fix typos in extern "C" wrappers.
- 'class' is a reserved word, change to cls.
- int -> enum casts are not automatic.
- Static strings must be of type const char*
- Add a few implicit header dependencies explicitly.

http://lists.infradead.org/pipermail/libnl/2016-July/002165.html

Signed-off-by: Craig Gallek <kraig@google.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolibnl-3.2.28 release libnl3_2_28
Thomas Haller [Fri, 8 Jul 2016 09:41:40 +0000 (11:41 +0200)]
libnl-3.2.28 release

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolibnl-3.2.28-rc1 release libnl3_2_28rc1
Thomas Haller [Thu, 30 Jun 2016 10:44:01 +0000 (12:44 +0200)]
libnl-3.2.28-rc1 release

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agobuild: fix adding macsec files to include/Makefile.am
Thomas Haller [Thu, 30 Jun 2016 10:53:48 +0000 (12:53 +0200)]
build: fix adding macsec files to include/Makefile.am

Fixes: 885ff4ae1efce35f8db378b2533025c3c931823c
8 years agoroute/addr: merge branch 'ip-addr-fixes'
Thomas Haller [Wed, 29 Jun 2016 08:27:14 +0000 (10:27 +0200)]
route/addr: merge branch 'ip-addr-fixes'

http://lists.infradead.org/pipermail/libnl/2016-June/002156.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoroute/addr: add capability NL_CAPABILITY_RTNL_ADDR_PEER_FIX to indicate address fixes
Thomas Haller [Wed, 29 Jun 2016 08:25:13 +0000 (10:25 +0200)]
route/addr: add capability NL_CAPABILITY_RTNL_ADDR_PEER_FIX to indicate address fixes

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoroute/addr: fix handling peer addresses for IPv4 addresses
Thomas Haller [Tue, 28 Jun 2016 14:56:22 +0000 (16:56 +0200)]
route/addr: fix handling peer addresses for IPv4 addresses

For IPv4, a "normal" route has IFA_LOCAL and IFA_ADDRESS set
to the same destination. An address with a explicit peer, has
them differing. A peer of 0.0.0.0 is also valid and must
be treated different from a normal address.

    unshare -n
    ip link add T type dummy
    ip link set T up
    ip addr add 192.168.5.10 peer 192.168.5.10/24 dev T
    ip addr add 192.168.5.10/24 dev T
    #RTNETLINK answers: File exists
    ip addr add 192.168.5.10 peer 192.168.6.10/24 dev T
    ip addr add 192.168.5.10 peer 0.0.0.0/24 dev T

Previously, that would give:

    nl-addr-list
    #192.168.5.10/24 inet dev T scope global <permanent>
    #192.168.5.10 peer 192.168.6.10/24 inet dev T scope global <permanent>
    #192.168.5.10/24 inet dev T scope global <permanent>

With this change, we properly get:

    nl-addr-list
    #192.168.5.10/24 inet dev T scope global <permanent>
    #192.168.5.10/24 peer 192.168.6.10 inet dev T scope global <permanent>
    #192.168.5.10/24 peer 0.0.0.0 inet dev T scope global <permanent>

http://lists.infradead.org/pipermail/libnl/2016-June/002157.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoroute/addr: fix ID comparison for AF_INET and AF_INET6 addresses
Thomas Haller [Tue, 28 Jun 2016 14:56:21 +0000 (16:56 +0200)]
route/addr: fix ID comparison for AF_INET and AF_INET6 addresses

For AF_INET/IPv4 addresses, the ID equality comparison must include
the net-part of the peer address:

    unshare -n
    ip link add T type dummy
    ip link set T up
    ip addr add 192.168.5.10/24 dev T
    ip addr add 192.168.5.10 peer 192.168.6.1/24 dev T
    ip addr add 192.168.5.10 peer 192.168.7.1/24 dev T
    ip addr add 192.168.5.10 peer 192.168.7.2/24 dev T
    # RTNETLINK answers: File exists

    ip addr change 192.168.5.10 peer 192.168.7.2/24 dev T
    ip addr show | grep 192.168.7.
    # inet 192.168.5.10 peer 192.168.7.1/24 scope global T

For AF_INET6/IPv6 addresses, the prefix length of the address
is not part of the ID:

    unshare -n
    ip link add T type dummy
    ip link set T up
    ip addr add 192.168.7.10/24 dev T
    ip addr add 192.168.7.10/23 dev T
    ip addr add 1:2:3:4:5::1/64 dev T
    ip addr add 1:2:3:4:5::1/63 dev T
    # RTNETLINK answers: File exists

    ip addr change 1:2:3:4:5::1/63 dev T
    ip addr show | grep 1:2:3:4:5::1
    # inet6 1:2:3:4:5::1/64 scope global

*sigh*

http://lists.infradead.org/pipermail/libnl/2016-June/002158.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: allow avoiding buffer overflow for key in xfrmnl_sa_get_*_params()
Thomas Haller [Mon, 27 Jun 2016 18:06:07 +0000 (20:06 +0200)]
xfrm: allow avoiding buffer overflow for key in xfrmnl_sa_get_*_params()

The previous API of xfrmnl_sa_get_*_params() would always require
a @key buffer, but it was not possible to avoid buffer overflow
because the required size was unknown.

That is not really fixable, because the old API is broken.

Now, allow omitting the @key argument to only request the @key_size.
That allows the caller to ask beforehand how large the @key buffer
must be: ((@key_size + 7) / 8).

Unfortunately, omitting the key against previous versions of libnl
leads to a crash. And passing a key against older versions makes it
impossible to avoid buffer-overflow.

Another option would be to add functions like
xfrmnl_sa_get_crypto_params_keylen() so the user can query the required
buffer size by calling that instead of xfrmnl_sa_get_crypto_params().
However, then the user also requires a backport of the new API
and this will not be possible against older libnl3 versions either.
Thus, if the user already requires the fix, he can just as well
require a backport of this patch and then safely call xfrmnl_sa_get_crypto_params()
without @key argument. This way has the advantage/disadvantage, that
it can detect the presence of the patch at runtime.

The cumbersome way to get it right would be:

    unsiged key_len;
    char *key;
    int r;

    if (!nl_has_capability(17 /*NL_CAPABILITY_XFRM_SA_KEY_SIZE*/)) {
        /* no way to use this API safely. Abort. */
        return -NLE_OPNOTSUPP;
    }

    r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, NULL);
    if (r < 0)
         return r;
    key = malloc((key_len + 7) / 8);
    if (!key)
         return -NLE_NOMEM;
    r = xfrmnl_sa_get_crypto_params(sa, NULL, &key_len, &key);
    if (r < 0) {
        free(key);
        return r;
    }
    ...

http://lists.infradead.org/pipermail/libnl/2016-June/002155.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agomacsec: merge branch 'qsn-macsec'
Thomas Haller [Mon, 27 Jun 2016 19:41:41 +0000 (21:41 +0200)]
macsec: merge branch 'qsn-macsec'

https://github.com/thom311/libnl/pull/100

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/route: add macsec support
Sabrina Dubroca [Fri, 24 Jun 2016 14:34:39 +0000 (16:34 +0200)]
lib/route: add macsec support

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
8 years agoimport macsec uapi headers
Sabrina Dubroca [Fri, 24 Jun 2016 14:34:28 +0000 (16:34 +0200)]
import macsec uapi headers

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
8 years agolink: merge branch 'qsn-io_compare' (#99)
Thomas Haller [Sat, 25 Jun 2016 15:52:08 +0000 (17:52 +0200)]
link: merge branch 'qsn-io_compare' (#99)

https://github.com/thom311/libnl/pull/99

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agovxlan: properly handle LOOSE_COMPARISON in ->io_compare
Sabrina Dubroca [Tue, 7 Jun 2016 11:57:22 +0000 (13:57 +0200)]
vxlan: properly handle LOOSE_COMPARISON in ->io_compare

This lets us match links only on the attributes that have actually been
set, instead of comparing all attributes.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agopass flags through ->io_compare op
Sabrina Dubroca [Tue, 7 Jun 2016 10:27:54 +0000 (12:27 +0200)]
pass flags through ->io_compare op

Currently rtnl_link_info_data_compare doesn't pass
flags (LOOSE_COMPARISON) to the ->io_compare op, so we cannot do a match
on only the attributes that are actually set in the filter object used
in a cache lookup via nl_cache_find().

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: merge branch 'xfrm/various-fixes'
Thomas Haller [Sat, 25 Jun 2016 15:36:07 +0000 (17:36 +0200)]
xfrm: merge branch 'xfrm/various-fixes'

http://lists.infradead.org/pipermail/libnl/2016-June/002138.html

8 years agoxfrm: fix memleak in build_xfrm_sa_message() error-path
Thomas Haller [Sat, 25 Jun 2016 15:33:31 +0000 (17:33 +0200)]
xfrm: fix memleak in build_xfrm_sa_message() error-path

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: attach only one xfrm alg attribute to netlink message
Thomas Egerer [Fri, 10 Jun 2016 09:57:57 +0000 (11:57 +0200)]
xfrm: attach only one xfrm alg attribute to netlink message

The kernel only uses the xfrm alg auth attribute if the xfrm alg auth
truncated attribute is not present. Hence sending both attributes in one
message does not make sense.
This piece of code also removes the call to nla_reserve in favor of the
NLA_PUT macro.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002139.html

8 years agoxfrm: fix memory leak for encap original address
Thomas Egerer [Fri, 10 Jun 2016 09:57:55 +0000 (11:57 +0200)]
xfrm: fix memory leak for encap original address

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002141.html

8 years agoxfrm: reuse encap data in xfrmnl_sa_set_encap_tmpl()
Thomas Haller [Sat, 25 Jun 2016 15:31:20 +0000 (17:31 +0200)]
xfrm: reuse encap data in xfrmnl_sa_set_encap_tmpl()

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoxfrm: fix segfault when using encapsulation templates
Thomas Egerer [Fri, 10 Jun 2016 09:57:53 +0000 (11:57 +0200)]
xfrm: fix segfault when using encapsulation templates

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002140.html

8 years agoxfrm: make character pointers in setters const
Thomas Egerer [Mon, 6 Jun 2016 13:21:35 +0000 (15:21 +0200)]
xfrm: make character pointers in setters const

All of these pointers are either strcpy'd or memcpy'd and usually const
in a calling application. Changing them to const in the header does not
break the compatibility and allows for users with const pointers to use
the library without compiler warnings.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-June/002137.html

8 years agoxfrm: merge branch 'xfrm/buffer-overflows'
Thomas Haller [Sat, 25 Jun 2016 11:55:59 +0000 (13:55 +0200)]
xfrm: merge branch 'xfrm/buffer-overflows'

http://lists.infradead.org/pipermail/libnl/2016-May/002134.html

8 years agoxfrm: check length of alg_name before strcpying it
Thomas Egerer [Tue, 31 May 2016 15:30:03 +0000 (17:30 +0200)]
xfrm: check length of alg_name before strcpying it

If the parameter alg_name points to a string longer then what libnl
accepts as alg_name, the call to strcpy may write far beyond the
particular data structure.
Instead of truncating the string (using strncpy) this patch adds a check
and returns -1 for strings being longer than 63 bytes.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Fixes: 917154470895520a77f527343f3a0cc1605934b0
http://lists.infradead.org/pipermail/libnl/2016-May/002133.html

8 years agoxfrm: fix buffer overflow when copying keys
Thomas Egerer [Tue, 31 May 2016 15:29:58 +0000 (17:29 +0200)]
xfrm: fix buffer overflow when copying keys

A colleague of mine came to notice that -- when adding keys to the
xfrm-part of libnl -- memcpy is given newlen, which copies sizeof(struct
xfrmnl_...) plus keysize instead of only the keysize.
This patch uses a keysize parameter to only copy the required number of
bytes.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Fixes: 917154470895520a77f527343f3a0cc1605934b0
http://lists.infradead.org/pipermail/libnl/2016-May/002132.html

8 years agolib: return error on Netlink attribute length overflow
Przemyslaw Szczerbik [Mon, 30 May 2016 21:26:00 +0000 (23:26 +0200)]
lib: return error on Netlink attribute length overflow

Netlink attribute length is defined as u16. It's possible to exceed nla_len when
creating nested attributes. Storing incorrect length due to overflow will cause
a reader to read only a part of nested attribute or skip it entirely.

As a solution cancel the addition of a nested attribute when nla_len size is
exceeded.

Signed-off-by: Przemyslaw Szczerbik <przemek.szczerbik@gmail.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-May/002131.html

8 years agolib: merge branch 'ext_filter_mask'
Thomas Haller [Fri, 24 Jun 2016 17:26:10 +0000 (19:26 +0200)]
lib: merge branch 'ext_filter_mask'

This adds RTEXT_FILTER_VF mask support for SRIOV VFs.

http://lists.infradead.org/pipermail/libnl/2016-May/002115.html
http://lists.infradead.org/pipermail/libnl/2016-May/002123.html

8 years agolink: allow overwriting IFLA_EXT_MASK flag in ao_get_af() function
Thomas Haller [Sun, 29 May 2016 14:26:59 +0000 (16:26 +0200)]
link: allow overwriting IFLA_EXT_MASK flag in ao_get_af() function

Instead of setting it twice, once during link_request_update() and
later in bridge_get_af(), pass ext_filter_mask to ao_get_af().

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolink: support RTEXT_FILTER_VF
Jef Oliver [Mon, 16 May 2016 23:23:23 +0000 (16:23 -0700)]
link: support RTEXT_FILTER_VF

This patch adds RTEXT_FILTER_VF mask support for SRIOV VFs. Since
SRIOV VFs don't have a defined address family (ie bridge), there
are no new address family specific operations defined.

Exposing this mask makes rtnl_link_get_num_vfs() properly return
the number of loaded SRIOV VFs.

Signed-off-by: Jef Oliver <jef.oliver@intel.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-May/002115.html
http://lists.infradead.org/pipermail/libnl/2016-May/002123.html

8 years agoneigh: add function to look up neighbour (fdb) by ifindex, mac and vlan
Jonas Johansson [Thu, 28 Apr 2016 14:07:11 +0000 (16:07 +0200)]
neigh: add function to look up neighbour (fdb) by ifindex, mac and vlan

The rtnl_neigh_get() function can not be used to look up a fdb entry in the
neigh cache. This is due to that the function searches among destination
addresses (NDA_DST) and not among link layer addresses (NDA_LLADDR), which is
used by fdb entries. A fdb entry can also exist in several vlans, so a vlan id
parameter is also needed to find a unique entry.
This commit adds a function, rtnl_neigh_get_by_vlan() which searches the neigh
cache for a specific neighbour (fdb) entry by interface index, link layer
address and vlan id.

Signed-off-by: Jonas Johansson <jonas.johansson@westermo.se>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-May/002124.html
https://github.com/thom311/libnl/pull/98

8 years agoneigh: support neighbour flag NTF_SELF
Jonas Johansson [Fri, 29 Apr 2016 14:26:22 +0000 (16:26 +0200)]
neigh: support neighbour flag NTF_SELF

Signed-off-by: Jonas Johansson <jonas.johansson@westermo.se>
Signed-off-by: Thomas Haller <thaller@redhat.com>
https://github.com/thom311/libnl/pull/96

8 years agosit: merge branch 'sit-ip6rd'
Thomas Haller [Tue, 19 Apr 2016 14:17:00 +0000 (16:17 +0200)]
sit: merge branch 'sit-ip6rd'

http://lists.infradead.org/pipermail/libnl/2016-February/002086.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agosit: add public API for sit 6RD support
Thomas Haller [Thu, 31 Mar 2016 14:07:08 +0000 (16:07 +0200)]
sit: add public API for sit 6RD support

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agosit: fix invalid declaration of rtnl_link_sit_get_proto() in sit.h
Thomas Haller [Fri, 15 Apr 2016 13:51:26 +0000 (15:51 +0200)]
sit: fix invalid declaration of rtnl_link_sit_get_proto() in sit.h

Fixes: d715b8a5f6ec8faf205ae77950a1c625440be22f
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agosit: refactor IS_SIT_LINK_ASSERT()
Thomas Haller [Thu, 31 Mar 2016 14:19:10 +0000 (16:19 +0200)]
sit: refactor IS_SIT_LINK_ASSERT()

Also check for NULL link and dereference link before
basic error checking.

Also move the declaration of the @sit member inside
the macro. Obviously, the macro must now always come at
first, after declaring local auto variables.

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agosit: don't print ip6rd_prefix as integer in sit_dump_details()
Thomas Haller [Thu, 31 Mar 2016 13:44:56 +0000 (15:44 +0200)]
sit: don't print ip6rd_prefix as integer in sit_dump_details()

First of all, inet_ntop() has no reason to fail (ever). As long
as the input arguments point to valid data and family is not bogus.

But when it fails, we cannot pass a 'struct in6_addr' to "%x"
either, so just don't do that.

Same for printing ip6rd_relay_prefix as AF_INET. If our addr-to-str
method fails, we don't want to come up with something fancy. Otherwise,
we'd just implement a inet_ntop() that does not fail.

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agosit/trivial: whitespace
Thomas Haller [Thu, 31 Mar 2016 13:43:51 +0000 (15:43 +0200)]
sit/trivial: whitespace

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agosit: add 6RD support
Thadeu Lima de Souza Cascardo [Mon, 8 Feb 2016 10:05:29 +0000 (08:05 -0200)]
sit: add 6RD support

Handle 6RD prefixes from sit linkinfo.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-February/002086.html

8 years agoipgre: add support for gretap tunnel
Haishuang Yan [Fri, 1 Apr 2016 10:18:50 +0000 (18:18 +0800)]
ipgre: add support for gretap tunnel

Since kernel support both gre/gretap tunnel, so add support
for gretap appropriately.

Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
[thaller@redhat.com: modified original patch to move symbols
 in libnl-route-3.sym to proper section]

http://lists.infradead.org/pipermail/libnl/2016-April/002102.html

8 years agoroute: sort entries in libnl-route-3.sym by name
Thomas Haller [Fri, 15 Apr 2016 13:45:49 +0000 (15:45 +0200)]
route: sort entries in libnl-route-3.sym by name

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agobuild: move -rdynamic from CPPFLAGS to LDFLAGS
Tobias Klauser [Thu, 31 Mar 2016 12:42:31 +0000 (14:42 +0200)]
build: move -rdynamic from CPPFLAGS to LDFLAGS

The -rdynamic flag is a linker flag, not a compiler/preprocessor flag,
so move it to LDFLAGS.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-March/002100.html

8 years agolib: add type casting for nla_for_each_nested macro
Przemyslaw Szczerbik [Thu, 25 Feb 2016 18:01:20 +0000 (19:01 +0100)]
lib: add type casting for nla_for_each_nested macro

g++ is unable to compile code with nla_for_each_nested macro due to
implicit type conversion from void* to nlattr*. This patch adds type
casting for nla_for_each_nested macro to address this issue.

Signed-off-by: Przemyslaw Szczerbik <przemek.szczerbik@gmail.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
http://lists.infradead.org/pipermail/libnl/2016-February/002095.html

8 years agolib: merge branch 'nl-object-diff64'
Thomas Haller [Fri, 12 Feb 2016 17:22:14 +0000 (18:22 +0100)]
lib: merge branch 'nl-object-diff64'

http://lists.infradead.org/pipermail/libnl/2015-December/002078.html
http://lists.infradead.org/pipermail/libnl/2015-December/002083.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib/utils: add NL_CAPABILITY_NL_OBJECT_DIFF64 capability
Thomas Haller [Fri, 12 Feb 2016 17:20:35 +0000 (18:20 +0100)]
lib/utils: add NL_CAPABILITY_NL_OBJECT_DIFF64 capability

Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolibnl: add nl_object_diff64() to libnl-3.sym
Thomas Haller [Fri, 12 Feb 2016 17:15:08 +0000 (18:15 +0100)]
libnl: add nl_object_diff64() to libnl-3.sym

Fixes: a09b8558148b31e469d463907d103fa78d81612c
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agolib: update ce-mask to uint64_t
David Ahern [Fri, 18 Dec 2015 17:50:03 +0000 (09:50 -0800)]
lib: update ce-mask to uint64_t

lib/route/link.c already defines 32 attributes which fills the current
uint32_t used for ce_mask. To accommodate more attributes the mask needs
to be expanded. This patch updates the definition to uint64_t.

The nl_object_diff API is maintained for ABI with existing users. A new
nl_object_diff64 API is added for the expanded attribute list. The MSB
of the 32-bit API is used to indicate if higher order attributes had a
mismatch. (Suggested by Thomas).

Note that LINK_ATTR_LINK_NETNSID changes. But since the attribute flags
are not public API it shouldn't be a problem.

http://lists.infradead.org/pipermail/libnl/2015-December/002078.html
http://lists.infradead.org/pipermail/libnl/2015-December/002083.html

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
8 years agoremove null dereference from netlink/link.h
Nick Lewycky [Fri, 29 Jan 2016 03:49:31 +0000 (19:49 -0800)]
remove null dereference from netlink/link.h

Replace a null pointer dereference with a use of the 'offsetof' macro in stddef.h.

http://lists.infradead.org/pipermail/libnl/2016-January/002085.html

Signed-off-by: Nick Lewycky <nlewycky@google.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agolib/route: potential memory leak in pktloc.c
Amit Khatri [Thu, 17 Dec 2015 05:03:05 +0000 (10:33 +0530)]
lib/route: potential memory leak in pktloc.c

In scneario, where file modification time is unchanged, code is returning 0
form read_pktlocs(). It causes memory leak for path variable.
Memory for this variable is allocated inside build_sysconf_path()
by asprintf() function.

http://lists.infradead.org/pipermail/libnl/2015-December/002079.html

Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/link: add support for IN6_ADDR_GEN_MODE_STABLE_PRIVACY
Quentin Armitage [Thu, 17 Dec 2015 13:00:22 +0000 (13:00 +0000)]
route/link: add support for IN6_ADDR_GEN_MODE_STABLE_PRIVACY

IN6_ADDR_GEN_MODE_STABLE_PRIVACY was introduced in Linux 4.1

https://github.com/thom311/libnl/pull/95

Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/link/bridge: fixed return type
Tobias Jungel [Wed, 16 Dec 2015 13:20:53 +0000 (14:20 +0100)]
route/link/bridge: fixed return type

Fixes: 6555b0d
https://github.com/thom311/libnl/pull/94

9 years agoroute/bridge: merge branch 'bridge-vlan'
Thomas Haller [Mon, 7 Dec 2015 11:21:16 +0000 (12:21 +0100)]
route/bridge: merge branch 'bridge-vlan'

Add support for vlan attributes for bridges.

http://lists.infradead.org/pipermail/libnl/2015-November/002032.html
http://lists.infradead.org/pipermail/libnl/2015-November/002047.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/link: handle RTEXT_FILTER_BRVLAN_COMPRESSED
Tobias Jungel [Thu, 26 Nov 2015 15:47:58 +0000 (16:47 +0100)]
route/link: handle RTEXT_FILTER_BRVLAN_COMPRESSED

notifications from the kernel regarding vlan ids are now handled

[thaller@redhat.com: split ao_parse_af_full() to previous patch]
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agobridge: add support for VLANs
David Ahern [Wed, 25 Nov 2015 19:14:16 +0000 (11:14 -0800)]
bridge: add support for VLANs

Add operation for requesting VLAN data for AF_BRIDGE and parsing of
IFLA_AF_SPEC for AF_BRIDGE. VLANs are saved in a bitmap.

Also add dumping of vlan info to link list and neigh list.
For example:

$ nl-link-list --details --family=bridge
br1 ether 8e:6e:0e:86:e5:86 master br1 <broadcast,multicast,up,running,lowerup>
    mtu 1500 txqlen 0 weight 0 index 18
    mode default carrier down
    bridge: pvid 1   all vlans: 1 301-400 601-610   untagged vlans: 1
bond1 ether 46:ef:e1:c9:46:fe <broadcast,multicast,master>
    mtu 1500 txqlen 0 weight 0 index 20
    state down mode default carrier down
    bridge:

Signed-off-by: Wilson Kok <wkok@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
[thaller@redhat.com: modified original patch to use ao_parse_af_full().
  Also renaming new API and drop some #defines]
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoinclude/linux: update copy of kernel headers
Thomas Haller [Wed, 2 Dec 2015 14:50:51 +0000 (15:50 +0100)]
include/linux: update copy of kernel headers

Taken from upstream kernel commit 6a13feb9c82803e2b815eca72fa7a9f5561d7861
(v4.3)).

Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agolib: handle family-based parsing of IFLA_AF_SPEC attribute
David Ahern [Wed, 25 Nov 2015 19:14:15 +0000 (11:14 -0800)]
lib: handle family-based parsing of IFLA_AF_SPEC attribute

The encoding of the IFLA_AF_SPEC attribute varies depending on the family
used for the request (RTM_GETLINK) message. For AF_UNSPEC the encoding
has another level of nesting for each address family with the type encoded
first. i.e.,
    af_spec = nla_nest_start(skb, IFLA_AF_SPEC)
    for each family:
        af = nla_nest_start(skb, af_ops->family)
        af_ops->fill_link_af(skb, dev, ext_filter_mask)
        nest_end
    nest_end

This allows the parser to find the address family by looking at the first
type.

Whereas AF_BRIDGE encoding is just:
    af_spec = nla_nest_start(skb, IFLA_AF_SPEC)
    br_fill_ifvlaninfo{_compressed}(skb, vg)
    nest_end

which means the parser can not use the attribute itself to know the family
to which the attribute belongs.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
[thaller@redhat.com: refactor code by merging a later patch by
 tobias.jungel@bisdn.de and introduce new function ao_parse_af_full()]
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agolink: add AF operation to append attributes to a GETLINK message
David Ahern [Wed, 25 Nov 2015 19:14:14 +0000 (11:14 -0800)]
link: add AF operation to append attributes to a GETLINK message

Upcoming bridge patch wants to add IFLA_EXT_MASK attribute to RTM_GETLINK
requests to retrieve VLAN data. Expand request message to a full ifinfomsg
header and call to hook to append attributes if it exists for an address
family.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
[thaller@redhat.com: fix memleak in link_request_update()]
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agolibnl: don't use out-of-scope buffer in nl_send_iovec()
Andrew Vagin [Mon, 23 Nov 2015 14:23:20 +0000 (17:23 +0300)]
libnl: don't use out-of-scope buffer in nl_send_iovec()

The control message buffer is desclared in the if body
and then this buffer is used outside.

http://lists.infradead.org/pipermail/libnl/2015-November/002013.html

Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/link/vxlan: merge branch 'vxlan-io-compare'
Thomas Haller [Fri, 20 Nov 2015 10:26:23 +0000 (11:26 +0100)]
route/link/vxlan: merge branch 'vxlan-io-compare'

http://lists.infradead.org/pipermail/libnl/2015-October/001997.html

9 years agoroute/link/vxlan: add support for link_info compare
David Ahern [Fri, 30 Oct 2015 22:08:41 +0000 (15:08 -0700)]
route/link/vxlan: add support for link_info compare

Signed-off-by: Balki Raman <ramanb@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
[thaller@redhat.com: whitespace, add capability, consider local6/group6]
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/link/vxlan: trivial rename VXLAN_HAS_ prefix and vxi_mask
David Ahern [Fri, 30 Oct 2015 22:08:40 +0000 (15:08 -0700)]
route/link/vxlan: trivial rename VXLAN_HAS_ prefix and vxi_mask

Global search and replace of VXLAN_HAS_ for VXLAN_ATTR_
and vxi_mask for ce_mask. Preparation step for using ATTR_DIFF
infrastructure in a vxlan_compare.

Signed-off-by: Balki Raman <ramanb@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
[thaller@redhat.com: rebased patch and changed whitespace]
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/link: add link info compare operation
David Ahern [Fri, 30 Oct 2015 22:08:39 +0000 (15:08 -0700)]
route/link: add link info compare operation

Signed-off-by: Balki Raman <ramanb@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/link: corrected array size for inet_policy
Tobias Jungel [Thu, 19 Nov 2015 15:50:14 +0000 (16:50 +0100)]
route/link: corrected array size for inet_policy

Using now the macro for inet instead of inet6

Fixes: 53015f83811bd56d4b66331656633ad39051babf
https://github.com/thom311/libnl/pull/92

9 years agoroute/link: merge branch 'bg/vxlan-ipv6'
Thomas Haller [Thu, 19 Nov 2015 16:40:32 +0000 (17:40 +0100)]
route/link: merge branch 'bg/vxlan-ipv6'

http://lists.infradead.org/pipermail/libnl/2015-October/001981.html

Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/link: add ipv6 support to vxlan links
Beniamino Galvani [Fri, 16 Oct 2015 09:21:26 +0000 (11:21 +0200)]
route/link: add ipv6 support to vxlan links

Extend vxlan links to support the IFLA_VXLAN_GROUP6 and
IFLA_VXLAN_LOCAL6 attributes used to represent IPv6 endpoints.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/link: fix dump of parent link for some link types
Beniamino Galvani [Fri, 16 Oct 2015 09:21:25 +0000 (11:21 +0200)]
route/link: fix dump of parent link for some link types

Some link types incorrectly dump their own interface name as parent
link; fix this.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/link: add macvtap support
Beniamino Galvani [Mon, 5 Oct 2015 08:55:38 +0000 (10:55 +0200)]
route/link: add macvtap support

This adds support for MAC-VLAN based tap interfaces (macvtap).

http://lists.infradead.org/pipermail/libnl/2015-October/001976.html

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agogitignore: ignore test binaries in "tests/"
Thomas Haller [Thu, 19 Nov 2015 16:14:29 +0000 (17:14 +0100)]
gitignore: ignore test binaries in "tests/"

Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agolink/neigh: add flags option to link and neighbor caches
David Ahern [Tue, 27 Oct 2015 22:40:48 +0000 (15:40 -0700)]
link/neigh: add flags option to link and neighbor caches

Both link and neighbor cache support specify multiple groups (nl_af_group),
but the alloc_cache functions for both do not set the NL_CACHE_AF_ITER
flag before populating the cache so only the first group is used by
default. This patch adds an API to pass in flags to make that happen
and updates the nl-neigh-list command to make use of it.

http://lists.infradead.org/pipermail/libnl/2015-October/001996.html

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
9 years agoroute/vlan: allow clearing vlan ingress map
Thomas Haller [Wed, 21 Oct 2015 16:01:02 +0000 (18:01 +0200)]
route/vlan: allow clearing vlan ingress map

An entry of the ingress map can be cleared by setting
the "to" part to zero.

Previously, vlan_put_attrs() would skip over zero "to"
and thus the user cannot unset an ingress map entry.

Add a modified-mask to record the state of each ingress
map entry and also sent explicit zeros to kernel.

when we receive a IFLA_VLAN_INGRESS_QOS message from kernel,
vlan_parse() similarly sets the received entries as modified.
This preserves previous behavior when using a received object
to modify a vlan.

Add a capability NL_CAPABILITY_RTNL_LINK_VLAN_INGRESS_MAP_CLEAR
to indicate the behavioral change.

Signed-off-by: Thomas Haller <thaller@redhat.com>