| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `len` parameter of `mnl_nlmsg_ok`, which holds the buffer length and
is compared to the size of the object expected to fit into the buffer,
is signed because the function validates the length, and it can be
negative in the case of malformed messages. Comparing it to unsigned
operands used to lead to compiler warnings:
msg.c: In function 'mnl_nlmsg_ok':
msg.c:136: warning: comparison between signed and unsigned
msg.c:138: warning: comparison between signed and unsigned
and so commit 73661922bc3b ("fix warning in compilation due to different
signess") added casts of the unsigned operands to `int`. However, the
comparison to `nlh->nlmsg_len`:
(int)nlh->nlmsg_len <= len
is problematic, since `nlh->nlmsg_len` is of type `__u32` and so may
hold values greater than `INT_MAX`. In the case where `len` is positive
and `nlh->nlmsg_len` is greater than `INT_MAX`, the cast will yield a
negative value and `mnl_nlmsg_ok` will incorrectly return true.
Instead, assign `len` to an unsigned local variable, check for a
negative value first, then use the unsigned local for the other
comparisons, and remove the casts.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1691
Fixes: 73661922bc3b ("fix warning in compilation due to different signess")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
"allows to" -> "allows ${pronoun} to". We use "you" if that appears in context,
"one" otherwise.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
Update the function comments in lib/attr.c to use the \return notation,
which produces better man page output.
Suggested-by: Duncan Roe <duncan.roe2@gmail.com>
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Acked-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Check isatty() to skip colors for non-terminals.
Add mnl_fprintf_attr_color() and mnl_fprintf_attr_raw() helper function.
Joint work with Pablo.
Signed-off-by: Kerin Millar <kfm@plushkava.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Put the diagram in a *verbatim* block (like all the other diagrams)
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Old link no longer worked.
Also upgraded it to https.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This corrects an oddity in the web doco (and presumably in the man pages as
well) whereby "Netlink message batch helpers" was showing up as a sub-topic of
"Netlink message helpers".
This was included in my original (rejected) patch "Enable doxygen to generate
Function Documentation" with a comment "(didn't think it warrantied an extra
patch)" - clearly wrong
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently clang requires EXPORT_SYMBOL() to be above the function
implementation. At the same time doxygen is not generating the proper
documentation because of that.
This patch solves that problem but EXPORT_SYMBOL looks less like the Linux
kernel way exporting symbols.
Reported-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sergei Trofimovich reports 'uninitialized bytes' warnings from nftables:
Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
at 0x55B9EFB: sendmsg (in /lib64/libc-2.25.so)
by 0x43E658: mnl_nft_socket_sendmsg (mnl.c:239)
by 0x43E658: mnl_batch_talk (mnl.c:254)
by 0x407898: nft_netlink (libnftables.c:58)
by 0x407898: nft_run (libnftables.c:96)
by 0x407CD5: nft_run_cmd_from_buffer (libnftables.c:291)
by 0x406EDE: main (main.c:274)
This is harmless, the uninitialized memory is the padding
that sometimes needs to be inserted between end of an attribute
and the beginning of the new attribute.
Zero it to silence memory sanitizer output.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Users of mnl_cb_run2() would typically pass a 'static const' array as
cb_ctl_array parameter. Unfortunately this triggers a compiler warning
because the prototype doesn't declare cb_ctl_array with the 'const'
qualifier.
Since mnl_cb_run2() and __mnl_cb_run() don't modify cb_ctl_array (and
don't have any reason to do so in the future), we can mark this
parameter as 'const'.
There should be no impact on existing users beyond removing the
compiler warning when using a constant array.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Place the returned value, function name and parameters (as many as can
fit) in the same line.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When compiling with clang, the visibility attributes are ignored
since they are after the definition of the exported function.
Fix this by moving the attribute declaration before the function.
attr.c:439:1: error: attribute declaration must precede definition [-Werror,-Wignored-attributes]
EXPORT_SYMBOL(mnl_attr_put_u8);
^
./internal.h:7:41: note: expanded from macro 'EXPORT_SYMBOL'
^
./internal.h:6:35: note: expanded from macro '__visible'
^
attr.c:435:6: note: previous definition is here
void mnl_attr_put_u8(struct nlmsghdr *nlh, uint16_t type, uint8_t data)
^
Signed-off-by: Peter Foley <pefoley2@pefoley.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It makes more sense to use isprint() than isalnum() because we use non
alphanumeric characters like '%', '_', etc. And, in case of non
printable character, print a space is preferable to print a NULL (0) in
order to keep alignment.
Before:
...
|00012|--|00002| |len |flags| type|
| 5f 5f 73 65 | | data | s e
| 74 25 64 00 | | data | t d
...
After:
...
|00012|--|00002| |len |flags| type|
| 5f 5f 73 65 | | data | _ _ s e
| 74 25 64 00 | | data | t % d
...
Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Define mnl_socket_open2() so that user can pass a set of SOCK_* flags
at socket creation time.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
mnl_attr_next(): remove unused param - len
Signed-off-by: Hisao Tanabe <xtanabe@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
mnl_attr_ok(): fix return value type
mnl_attr_put_u8(): remove unused param - len
mnl_attr_put_u8_check(): remove unused param - len
mnl_nlmsg_ok(): fix return value type
mnl_nlmsg_batch_stop(): not return batch size, but release it
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
| |
This patch defines a new function mnl_socket_fdopen() which creates a
struct mnl_socket object from a pre-existing socket like obtained from
other process and different domain/type from the same prodess.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
The parameters where accidentally swapped.
Reported-by: Chris Rapier <rapier@psc.edu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
| |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
| |
Propagate the error to the user-space application, that should retry.
[ I have mangled this patch to document EINTR in mnl_cb_run. --pablo ]
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Variable name in doxygen description was not correct.
Signed-off-by: Eric Leblond <eric@regit.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function allows you to parse the payload of the Netlink message.
Thus, you can skip the headers and go down to the part of the message
you want to parse.
This patch has updated the LIBVERSION and it also bumps the version
to 1.0.3, in case that someone wants to package some snapshot, not to
mess with the new symbol we have added.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
When using mnl_nlmsg_put_extra_header() it pads out the addtional
header but only zeros the original size not the padded value. Which
cause valgrind to complain about sendto() with uninitialized byte.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Sean says: "I did find a discrepancy in the comments versus
practice in one function and I have attached a patch fixing those
comments to this message."
Sligtly mangled by myself.
Signed-off-by: Sean Robinson <seankrobinson@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
values.h is not present on other systems, and the glibc copy reads
right away: Old compatibility names for <limits.h> and <float.h>
constants.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patrick reports that the doxygen output shows up EXPORT_SYMBOL
and tells how to fix this:
> I just noticed the EXPORT_SYMBOLs in libmnl showing up in
> the doxygen output. Just in case you want to avoid this,
> what I'm doing in libdect is (besides the appopriate linker
> flags):
>
> #define __visible __attribute__((visibility("default")))
>
> #define EXPORT_SYMBOL(x) typeof(x) (x) __visible
>
>
> This allows to use EXPORT_SYMBOL as in the kernel, IOW
> after the function definition.
This patch also removes -Wredundant-decls to avoid a warning in every
single use of this new approach.
Now, this looks more like the Linux kernel way of exporting symbols.
Reported-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch adds the new message batching infrastructure that allows to
store several messages into one single datagram.
This patch includes an example for ctnetlink.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a set of function that allows to check the
size of the buffer. This is useful for attribute batching.
This is strongly based on a patch from Jozsef.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch defines a new function __mnl_cb_run() which is inlined in
mnl_cb_run() and mnl_cb_run2(). This patch increases the size of the
library in ~1KB. IIRC, Davem suggested this during the Netfilter
Workshop.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds mnl_attr_nest_cancel() that allows to cancel the
current nest that we are building.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This fixes `make distcheck'.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the new CFLAGS, a notification pops up:
nlmsg.c:64:8: warning: no previous prototype for "mnl_nlmsg_aligned_size"
Marking it thus as static reveals it can be removed.
nlmsg.c:64:15: warning: "mnl_nlmsg_aligned_size" defined but not used
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Remove function whose implementation does not exist. It seems to me
like a leftover from the early days of the library.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
Existing contributors ACK'ed the license change via email:
* Jozsef Kadlecsik
* Jan Engelhardt
* Cristian Rodríguez
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
sendto/recvfrom return ssize_t, so libmnl should not truncate the
result range.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
| |
When nesting two mnl_attr_for_each loops, the __len__ variable will be
declared twice, eliciting a warning when -Wshadow is turned on. There
can also be warnings in pre-C99 because declarations and code are
mixed. Do without any temporaries that are not explicitly specified as
macro parameters.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
| |
Read "How to write shared libraries" from Ulrich Drepper for more
information on this patch. Specifically section 2.2: Export control
and section 3: Maintaining APIs and ABIs.
Signed-off-by: Cristian Rodríguez <cristian.rodriguez@opensuse.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Calling mnl_attr_parse with cb==NULL is pointless, because the
function will do nothing else.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch reworks mnl_nlmsg_fprintf. It breaks backward compatibility
of this function, there was no way to improve it without doing so
(and we are still in time to break thing, BTW).
Signed-off-bu: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
A small little pedantism: NULL (as in, the pointer) isn't NUL (as in,
the character with value zero, '\0'). I propose to rename it to strz,
for the zero-terminated string (sometimes referred to as ASCIZ string,
but of course C isn't tied to ASCII).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
groups, being a bitmask, should be unsigned; and let's also use pid_t
for pid.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
| |
Because in most cases, it won't be a nul-terminated string :)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
I do not quite see the point of using strlen in conjunction with
non-string data; so let's use char * as argument types to catch
misuses.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
| |
Spelling, grammer, and synchronization of the readme.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|