check source of the netlink message and fix sequence tracking logic

This patch changes the callback handlers to include netlink portID
checking. Thus, we avoid that any malicious process can spoof
messages.

If portid, sequence number of the message is != 0, we check if the
message is what we expect. This allows to use the same netlink channel
for dumps (portid, seq != 0) and event-based notifications (portid, seq == 0).

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 3 insertions, 2 deletions

diff --git a/examples/rtnl-link-dump3.c b/examples/rtnl-link-dump3.c
index d5e4458..ce59f9f 100644
--- a/examples/rtnl-link-dump3.c
+++ b/examples/rtnl-link-dump3.c
@@ -58,7 +58,7 @@ int main()
 	struct nlmsghdr *nlh;
 	struct rtgenmsg *rt;
 	int ret;
-	unsigned int seq;
+	unsigned int seq, portid;
 
 	nlh = mnl_nlmsg_put_header(buf);
 	nlh->nlmsg_type	= RTM_GETLINK;
@@ -77,6 +77,7 @@ int main()
 		perror("mnl_socket_bind");
 		exit(EXIT_FAILURE);
 	}
+	portid = mnl_socket_get_portid(nl);
 
 	if (mnl_socket_sendto(nl, nlh, mnl_nlmsg_get_len(nlh)) < 0) {
 		perror("mnl_socket_send");
@@ -85,7 +86,7 @@ int main()
 
 	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
 	while (ret > 0) {
-		ret = mnl_cb_run(buf, ret, seq, data_cb, NULL);
+		ret = mnl_cb_run(buf, ret, seq, portid, data_cb, NULL);
 		if (ret <= MNL_CB_STOP)
 			break;
 		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));