| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
groups, being a bitmask, should be unsigned; and let's also use pid_t
for pid.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
Because in most cases, it won't be a nul-terminated string :)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
| |
I do not quite see the point of using strlen in conjunction with
non-string data; so let's use char * as argument types to catch
misuses.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
Spelling, grammer, and synchronization of the readme.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
| |
This patch update the git tree address (now at netfilter.org) and
it also fixes a minor problem with the doxygen output in one of the
socket helpers.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Davem spotted during the Netfilter Workshop that user-space applications
should use 8KB buffers for recv(). I accidentally found that NFLOG is
not following this approach (in this case we're using 131072 bytes
messages), we have to document this.
Anyway, according to linux/netlink.h (and to complete this log message):
"skb should fit one page. This choice is good for headerless malloc.
But we should limit to 8K so that userspace does not have to
use enormous buffer sizes on recvmsg() calls just to avoid
MSG_TRUNC when PAGE_SIZE is very large."
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
Besides that -ldl should be in _LDADD (not _LDFLAGS), I do not see any
dlopen calls at all that would make the library a requirement.
I also see no reason to use -Wc,-nostartfiles.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
| |
nlmsg.c: In function "mnl_nlmsg_fprintf":
nlmsg.c:260:4: warning: format "%.3d" expects type "int", but
argument 3 has type "size_t"
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Macro usage has changed over the last few years. Update it to the
current specification using autoupdate(1).
Manually update INCLUDES -> CPPFLAGS, because autoupdate did not
catch that.
Remove $(all_includes) and $(LIBS) because it is not used anywhere.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
I like this quote.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
If the portID/sequence number that we specify is zero, we skip
the sequence tracking. This is useful if we use the same socket
to listen to events and to send commands and receive their
result.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
These functions are too simple wrappers that bloat the library.
We can use mnl_socket_get_fd() to obtain the file descriptor
and invoke message-oriented system call instead.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch relaxes strict attribute checkings in the example files.
I have also changed the errno value, now it's EOPNOTSUPP instead of
EINVAL.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes the errno value of mnl_cb_run[2]() in the
following two cases:
* Invalid expected portID: ESRCH.
* Invalid sequence number: EPROTO.
I didn't find any better generic errno value. EINVAL is reserved
for malformed messages, to avoid confusions.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Based on code from Jozsef Kadlecsik and its ipset-5 implementation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
AM_CFLAGS=-fPIC -Wall -Wextra -Wno-unused-parameter
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
callback.c: In function ‘mnl_cb_run2’:
callback.c:106: warning: pointer targets in passing argument 2 of ‘mnl_nlmsg_next’ differ in signednes
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
MNL_NLMSG_HDRLEN already provides the aligned size of the netlink header.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
This patch includes the following changes:
* use uint16_t for attribute types in mnl_attr_put_*() function
* use uint16_t for maximun type in mnl_attr_type_valid(...)
* use size_t for attribute size validation in mnl_attr_validate2(...)
* use unsigned int for offset in mnl_attr_parse(...) instead of int
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
mnl_attr_parse does not take into account the length of the netlink
message header and the offset. Thus when validating attributes, it
goes over the end of the real attribute stream and catches invalid
data areas.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org
|
| |
|
|
|
|
| |
This function is still quite preliminary, comments welcome!
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
Remove mnl_nlmsg_get_len() since it returns a field of a structure
that is public (struct nlmsghdr). We can directly access the header
fields and they are not likely to change in the future (at least
for this version of Netlink I think).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This includes renaming get_tail() to get_payload_tail()
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| | |
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
better to rename this function since its return value is not similar
to other _ok() functions, for consistency.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
msg.c: In function ‘mnl_nlmsg_ok’:
msg.c:136: warning: comparison between signed and unsigned
msg.c:138: warning: comparison between signed and unsigned
attr.c: In function ‘mnl_attr_ok’:
attr.c:79: warning: comparison between signed and unsigned
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
attr.c: In function ‘mnl_attr_validate’:
attr.c:189: warning: comparison of unsigned expression < 0 is always false
attr.c: In function ‘mnl_attr_validate2’:
attr.c:210: warning: comparison of unsigned expression < 0 is always false
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
And include the prototype in libmnl.h, since it was missing
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
We remove mnl_align() since it has been replaced by the macro
MNL_ALIGN(). The macro allows its use in static arrays and
such.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch changes the callback handlers to include netlink portID
checking. Thus, we avoid that any malicious process can spoof
messages.
If portid, sequence number of the message is != 0, we check if the
message is what we expect. This allows to use the same netlink channel
for dumps (portid, seq != 0) and event-based notifications (portid, seq == 0).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch includes the new validation infrastructure which is
decoupled from the attribute parsing. It is composed of:
- mnl_attr_type_invalid: that allows to check if the attribute type
is valid (ie. the type is not higher than WXYZ_MAX).
- mnl_attr_validate: that allows to validate that there's enough room
for the attribute data.
The patch includes the rework of the attribute parsers. Now, you don't
have to use an array of pointer to store the result of the parsing,
you can use whatever data structure instead.
The prototype as it follows:
typedef int (*mnl_attr_cb_t)(const struct nlattr *attr, void *data);
extern int mnl_attr_parse(const struct nlmsghdr *nlh, int offset, mnl_attr_cb_t cb, void *data)
There are three versions of rtnl-link-dump.c that show how attribute
parsing can be done now. Probably that many examples are not good idea,
I may remove some of them from the tree in the future.
This patch also merges mnl_attr_parse_at_offset into mnl_attr_parse.
This patch modifies MNL_ALIGN so that we can use it in static
arrays (the use of mnl_align() is not allowed in compilation time
to initialize an array field).
I have added the mnl_attr_for_each() macro and I have changed
mnl_attr_for_each_nested() to declare the length variable internally.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| | |
|
| |
|
|
|
| |
the use of unsigned int in the number of bytes affects other message
handling helper function, hold on with this.
|
| | |
|
| |
|
|
|
|
| |
This library is distributed under GPLv2+.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
