Thomas Haller [Sun, 1 Sep 2019 12:56:19 +0000 (14:56 +0200)]
route/qdisc: adjust API for 64 bit rate/ceil support for htb class
- existing API/ABI must stay unchanged. We cannot change parameter
types. Ad most we can add new variants that support 64 bit integers.
- rtnl_tc_calc_txtime64() and rtnl_tc_calc_bufsize64() are trivial.
We should not blow up the public API of libnl for such a thing.
If the users needs it, they can just reimplement it.
- getters should return an error code. Especially if the return type
does not support encoding an error there.
- don't add separate rs_rate64/rs_ceil64 field. Instead, extend the
"rs_rate" field of "struct rtnl_ratespec" to 64 bits. It's internal
API.
Rebased original pull request #214 on master. One commit ("xfrmi: add
IFLA_XFRM_* definitions to if_link.h") was thereby dropped as it
is no longer necessary. Otherwise, the two remaining patches applied
cleanly. Then, add two more patches to the branch before merging.
Thomas Haller [Sun, 1 Sep 2019 12:38:22 +0000 (14:38 +0200)]
xfrmi: return error code from getters for XFRM links
Returning the value directly as uint32_t does not leave room for an error
code. E.g. we want to indicate to the caller whether the attribute is present
or not (-NLE_NOATTR). Currenlty, the code is quite unforgiving and will just
crash/assert against invalid arguments. In theory, we could also be more forgiving
and return a error code if the link argument is invalid.
Michael Forney [Fri, 16 Aug 2019 08:38:22 +0000 (01:38 -0700)]
Sync linux headers to 4.19.66
This fixes the build with musl libc.
Additionally, several changes were made to account for changes to the
headers:
- ip_mp_alg.h was removed, since it was removed in linux commit e06e7c61
(v2.6.23), and the last use of those constants was removed in libnl
commit 535e8316.
- Uses of TCF_META_ID_SK_ROUTE_CAPS were updated to
__TCF_META_ID_SK_ROUTE_CAPS, since it was renamed in linux commit e20e6940 (v3.1).
- Uses of IF_CARRIER_DOWN and IF_CARRIER_UP were replaced with their
values, 0 and 1, since they are not in linux/if.h (they appear to be
libnl-specific, added in libnl commit 3540e44b).
Thomas Haller [Fri, 9 Aug 2019 12:50:32 +0000 (14:50 +0200)]
genl: reject invalid group names in genl_family_add_grp()
The compiler warns about string truncation:
In function ‘genl_family_add_grp’,
inlined from ‘family_clone’ at lib/genl/family.c:81:9,
inlined from ‘family_clone’ at lib/genl/family.c:66:12:
lib/genl/family.c:376:2: error: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 15 [-Werror=stringop-truncation]
376 | strncpy(grp->name, name, GENL_NAMSIZ - 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Obvioulsy, it's a bug to use an invalid group name. But better
handle it by checking for a suitable string length.
Also use _nl_strncpy() which asserts that no truncation occurs.
Thomas Haller [Fri, 9 Aug 2019 14:33:57 +0000 (16:33 +0200)]
route/tc: ensure not string truncation in rtnl_tc_set_kind()
The compiler warns:
In function ‘rtnl_tc_set_kind’,
inlined from ‘rtnl_tc_msg_parse’ at lib/route/tc.c:81:2:
lib/route/tc.c:532:2: error: ‘strncpy’ output may be truncated copying 31 bytes from a string of length 31 [-Werror=stringop-truncation]
532 | strncpy(tc->tc_kind, kind, sizeof(tc->tc_kind) - 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now, there are two choices: either accept the truncation
or rejecting it.
While rejecting it is a change in behavior and API, I don't think that
any caller actually relied on that. That is because such "kind" name would
be invalid anyway (and rejected from kernel too).
So, tighten up the API and check for a suitable string length.
Also, use _nl_strncpy() instead of strncpy(). Note that that doesn't suppress
the warning, it merely (also) adds an _nl_assert() for something that already
shouldn't happen.
Thomas Haller [Fri, 9 Aug 2019 14:18:08 +0000 (16:18 +0200)]
route/inet6: fix strncpy() in inet6_dump_details()
Compiler warnings:
lib/route/link/inet6.c: In function ‘inet6_dump_details’:
lib/route/link/inet6.c:383:3: error: ‘strncpy’ output may be truncated copying between 0 and 63 bytes from a string of length 63 [-Werror=stringop-truncation]
383 | strncpy(&buf[offset], buf2, strlen(buf2));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also, passing "strlen(buf2)" as length argument to strncpy() is
certainly wrong.
- ensure that we don't modify the object when the setter is going to
fail. That means, first check whether we can succeed with all the
steps that are requested, and (in case we cannot) fail without
modifing the target object.
- bonus points for making the setter self-assignment safe by reordering
the setting and freeing of the memory.
Thomas Haller [Fri, 9 Aug 2019 11:12:30 +0000 (13:12 +0200)]
lib/genl: avoid VLA in cmd_msg_parser()
We want to build with -Wvla, because VLAs interfere with static asserts
(if the condition of a static assert is not actually static, then VLAs
make it silently pass).
Also, VLAs should be avoided because we want to be in contol how much
we allocate on the stack.
Thomas Haller [Thu, 8 Aug 2019 16:26:23 +0000 (18:26 +0200)]
utils: add internal helper macros for cleanup
Yes, these use gcc-isms like typeof(), __attribute__((__unused__)),
__attribute__((__cleanup__(fcn))) and expression statements.
First of all, this is now only required when building libnl3 itself.
The public headers still should to be conservative and only use C89
features.
Also, clang supports these too, so you can at least build libnl3 with
gcc and clang. Since libnl3 uses internally linux headers, and the linux
kernel also can only be compiled with gcc (and maybe clang), it seems
clear that on the target platform a suitable compiler is available.
If there is a reasonable request of a real-world compiler that is not
able to compile this, we can revisit some choices. But not having
__attribute__((__cleanup__(fcn))) is like programming C from a decade
ago. Especially during parsing (which libnl3 does obviously a lot), this
allows to return-early while cleanup up memory. While this sounds simple
to get right manually, in practice the resulting code is either
unnecessary complex or simply buggy.
To make implementing libnl3 more convenient, these helpers are
introduced.
Thomas Haller [Wed, 7 Aug 2019 12:53:26 +0000 (14:53 +0200)]
attr: mark nested attributes as NLA_F_NESTED
Kernel 5.2 is adding stricter checking for netlink messages.
In particular, for certain API it checks now that NLA_F_NESTED flag is
set for nested attributes ([1]).
Do like libmnl, which always adds this flag ([2]). So we should do
that as well.
Thomas Haller [Thu, 7 Mar 2019 10:28:14 +0000 (11:28 +0100)]
route/link: avoid dangling pointer in rtnl_link_set_slave_type()
- don't leave a dangling pointer, in case we unset the
kind.
- try first to clone the string. If that fails, return early
without modifying the link. Only start modifying the link,
after we know it's going to succeed.
Wang Jian [Sat, 29 Sep 2018 11:09:17 +0000 (11:09 +0000)]
link: macvlan fixes
1. While parsing flags, it overrides mode.
2. Before, dump-line and dump-details are same leading that macvlan info will be shown twice while dumpping details.
So make dump-line show nothing.
3. Add some spaces to show dump-details more prettier.
Signed-off-by: Wang Jian <jianjian.wang1@gmail.com> Fixes: c76393e2037d78eb60c32f95b26f5b1e5b9422a6
http://lists.infradead.org/pipermail/libnl/2018-August/002405.html
http://lists.infradead.org/pipermail/libnl/2018-September/002406.html
http://lists.infradead.org/pipermail/libnl/2018-September/002411.html
Ilya Pronin [Thu, 23 Aug 2018 23:12:25 +0000 (16:12 -0700)]
route/cls: fix potential memory leak
rtnl_act_append() cannot add more than TCA_ACT_MAX_PRIO actions to the
same list. Because of that rtnl_basic_add_action() and
rtnl_u32_add_action() should not increment the reference counter of the
given action until it is successfully added to the filter's list.
Thomas Haller [Wed, 10 Oct 2018 09:33:16 +0000 (11:33 +0200)]
route/act: return error code from act-vlan getters
Our API is unfortunately not consistent about this.
However, in general, getters should aim to return an
error code whether the attribute could be retrieved.
Thomas Haller [Wed, 10 Oct 2018 09:02:36 +0000 (11:02 +0200)]
route/tc: return error code from rtnl_tc_get_chain()
Our API is unfortunately not consistent about this.
However, in general, getters should aim to return an
error code whether the attribute could be retrieved.
rtnl_link_vxlan_set_local() removes the bit for the other IP version in
ce_mask. A missing flag inversion in the v4 part made this removal
reset all bits to 0 except the v6 one, screwing all link configuration.
d0u9 [Fri, 23 Mar 2018 13:21:11 +0000 (21:21 +0800)]
Add support for cloning cgroup filter object.
In this commit, we implement ematch_tree_clone(), which is basis of
cgroup_clone() interface. The whole ematch tree is deep-copied except
the e_ops filed.
Also, a new unit test is added for testing the interface, which named as
check-ematch-tree-clone.c located in tests directory.
neigh: cache updates as well query AF_BRIDGE neigh
This commit adds the query for AF_BRIDGE neighbours. A cache refresh now
includes these objects as well. The result of `./src/nl-neigh-list
--family=bridge` includes now as well the same entries you would
retrieve from the kernel by calling `bridge fdb show`.
route/class: add new api rtnl_class_get_by_parent()
This function searches a class cache previously allocated with
rtnl_class_alloc_cache() and searches for a class matching the interface
index and parent qdisc.
route/link: fix sequence number handling in rtnl_link_change()
When rtnl_link_change() fails with -NLE_OPNOTSUPP, it retries
with RTM_SETLINK operation. However, it also needs to re-adjust
the sequence number. Otherwise, the second request might fail
with NLE_SEQ_MISMATCH, although it actually succeeded.
neigh: support bridge entries for vxlan interfaces
bridge entries used for switching into vxlan interfaces do not include a
vlan. A comparison of such entires currently always fails which leads
to an invalid cache. This patch selectively adds the NEIGH_ATTR_VLAN
flag based on the passed entry.
In case using a VXLAN interface at a bridge you will set L2 bridging
entries using a IP destination to tunnel the according L2 traffic. The
current behavior for the dst entries for a neighbor is to use the AF of
the neighbor itself thus in this case AF_BRIDGE is set. This is changed
in the PR to update the family of the dst using nl_addr_guess_family.