This example no longer works on more recent kernels:
genl-family-get
error: Invalid argument
dmesg says:
netlink: 'genl-family-get': attribute type 1 has an invalid length.
Fix this and also zero out the reserved field in the genl header,
while not validated yet for dumps this could change.
Reported-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Florian Westphal <fw@strlen.de>
Two distinct actions:
1. Remove trailing spaces and tabs.
2. Remove spaces that are followed by a tab, inserting extra tabs
as required.
Action 2 is only performed in the indent region of a line.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Make it optional. After this update it is still possible to build the
documentation via:
./configure --with-doxygen=yes
if ./configure finds doxygen. Update README to include this information.
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This function is modelled after rta_getattr_uint() in libnetlink to fetch the
netlink attribute payload of NLA_UINT, although it was extended to make it
universal for 8-bit, 16-bit, 32-bit or 64-bit integers.
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Remove now-obsolete DOT_TRANSPARENT.
Add `nstats` to EXCLUDE_SYMBOLS (struct defined in example nfct-daemon.c).
While being about it, remove EXPORT_SYMBOL from EXCLUDE_SYMBOLS:
only INPUT_FILTER can suppress EXPORT_SYMBOL.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
The libmnl patch submission process is currently undocumented. Add a small
paragraph to README that deals with it.
Signed-off-by: Petr Machata <petrm@nvidia.com>
NLA_UINT attributes have a 4-byte payload if possible, and an 8-byte one
if necessary.
There are some NLA_UINT attributes that lack an appropriate getter function.
Add a function mnl_attr_get_uint() to cover that extract these. Since we
need to dispatch on length anyway, make the getter truly universal by
supporting also u8 and u16.
Signed-off-by: Danielle Ratson <danieller@nvidia.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
The `len` parameter of `mnl_nlmsg_ok`, which holds the buffer length and
is compared to the size of the object expected to fit into the buffer,
is signed because the function validates the length, and it can be
negative in the case of malformed messages. Comparing it to unsigned
operands used to lead to compiler warnings:
msg.c: In function 'mnl_nlmsg_ok':
msg.c:136: warning: comparison between signed and unsigned
msg.c:138: warning: comparison between signed and unsigned
and so commit 73661922bc3b ("fix warning in compilation due to different
signess") added casts of the unsigned operands to `int`. However, the
comparison to `nlh->nlmsg_len`:
(int)nlh->nlmsg_len <= len
is problematic, since `nlh->nlmsg_len` is of type `__u32` and so may
hold values greater than `INT_MAX`. In the case where `len` is positive
and `nlh->nlmsg_len` is greater than `INT_MAX`, the cast will yield a
negative value and `mnl_nlmsg_ok` will incorrectly return true.
Instead, assign `len` to an unsigned local variable, check for a
negative value first, then use the unsigned local for the other
comparisons, and remove the casts.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1691
Fixes: 73661922bc3b ("fix warning in compilation due to different signess")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Ensure that rtnl-link-can example compiles in any installation. These
headers are not installed in the system.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
The patch adds and modifies the .gitignore files to hide all the
examples generated by the compilation.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
I developed this application to test the Linux kernel series referenced below.
I could not use the iproute2 package since the microcontroller is without MMU.
On suggestion of the Linux CAN subsystem maintainer I decided to upstream it.
Cc: Marc Kleine-Budde <mkl@pengutronix.de>
Link: https://marc.info/?l=linux-netdev&m=167999323611710&w=2
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
"allows to" -> "allows ${pronoun} to". We use "you" if that appears in context,
"one" otherwise.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Use a more modern alternative to bzip2.
Suggested-by: Jan Engelhardt <jengelh@inai.de>
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
We use `$(SHELL)` to run the script and exec bash if `$(SHELL)` is something
else. We don't hard-code the path to bash.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
Now that the `INPUT` directory is correct, we can update `OUTPUT_DIRECTORY` to
`.` and we don't need to cd out of the doxygen directory to run doxygen.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
It avoids the need to move src directories in doxygen/Makefile.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
This locates bash according to its presence in the PATH, not at a
hard-coded path which may not exist or may not be the most suitable bash
to use.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Acked-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
Update the function comments in lib/attr.c to use the \return notation,
which produces better man page output.
Suggested-by: Duncan Roe <duncan.roe2@gmail.com>
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Acked-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Check isatty() to skip colors for non-terminals.
Add mnl_fprintf_attr_color() and mnl_fprintf_attr_raw() helper function.
Joint work with Pablo.
Signed-off-by: Kerin Millar <kfm@plushkava.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
The request to dump neighbours was attaching a generic route message
header but the proper header (used by iproute2) is to use ndmsg.
The original way works but better to format the message as a
neighbour request.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Put the diagram in a *verbatim* block (like all the other diagrams)
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Also fix bogus "Doxygen not found ..." warning if --without-doxygen given
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
There used to be 3 things in doxygen/Makefile.am that developers had to update:
1. The dependency list (i.e. all C sources)
2. The setgroup lines, which renamed each module man page to be the page for the
first described function. setgroup also set the target for:
3. The add2group lines, which symlinked pages for other documented functions
in the group.
The new system eliminates all of the above.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Repeat what we did for libnetfilter_queue:
- New makefile in doxygen directory. Rebuilds documentation if any sources
change that contain doxygen comments:
- Renames each group man page to the first function listed therein
- Creates symlinks for subsequently listed functions
- Deletes _* temp files and moves sctruct-describing man pages to man7
- Update top-level makefile to visit new subdir doxygen
- Update top-level configure to only build documentation if doxygen installed
- Add --with/without-doxygen switch
- Check whether dot is available when configuring doxygen
- Reduce size of doxygen.cfg and doxygen build o/p
- `make distcheck` passes with doxygen enabled
Aditionally, exclude opaque structs mnl_nlmsg_batch & mnl_socket
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Add definition to recommend a new buffer size for netlink dumps.
Details are available here:
commit d35c99ff77ecb2eb239731b799386f3b3637a31e
Author: Eric Dumazet <edumazet@google.com>
Date: Thu Oct 6 04:13:18 2016 +0900
netlink: do not enter direct reclaim from netlink_dump()
iproute2 is using 32 KBytes buffer in netlink dumps to speed up netlink
dumps for a while. Let's recommend this buffer size through this new
definition. Update examples too.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Add input filter to remove the internal EXPORT_SYMBOL macro that turns
on the compiler visibility attribute.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Duncan Roe <duncan_roe@optusnet.com.au>
This corrects an oddity in the web doco (and presumably in the man pages as
well) whereby "Netlink message batch helpers" was showing up as a sub-topic of
"Netlink message helpers".
This was included in my original (rejected) patch "Enable doxygen to generate
Function Documentation" with a comment "(didn't think it warrantied an extra
patch)" - clearly wrong
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Currently clang requires EXPORT_SYMBOL() to be above the function
implementation. At the same time doxygen is not generating the proper
documentation because of that.
This patch solves that problem but EXPORT_SYMBOL looks less like the Linux
kernel way exporting symbols.
Reported-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Use NDA_MAX for neigh maximum attributes instead of IFA_MAX,
which is only for interfaces.
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Adding ARP example in order to dump the info in the form:
index=<interface> family=<family> dst=<destination ip> lladdr=<mac address> state=<arp status>
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Sergei Trofimovich reports 'uninitialized bytes' warnings from nftables:
Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
at 0x55B9EFB: sendmsg (in /lib64/libc-2.25.so)
by 0x43E658: mnl_nft_socket_sendmsg (mnl.c:239)
by 0x43E658: mnl_batch_talk (mnl.c:254)
by 0x407898: nft_netlink (libnftables.c:58)
by 0x407898: nft_run (libnftables.c:96)
by 0x407CD5: nft_run_cmd_from_buffer (libnftables.c:291)
by 0x406EDE: main (main.c:274)
This is harmless, the uninitialized memory is the padding
that sometimes needs to be inserted between end of an attribute
and the beginning of the new attribute.
Zero it to silence memory sanitizer output.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
The example about addresses uses link attributes when it meant to use
address attributes.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Users of mnl_cb_run2() would typically pass a 'static const' array as
cb_ctl_array parameter. Unfortunately this triggers a compiler warning
because the prototype doesn't declare cb_ctl_array with the 'const'
qualifier.
Since mnl_cb_run2() and __mnl_cb_run() don't modify cb_ctl_array (and
don't have any reason to do so in the future), we can mark this
parameter as 'const'.
There should be no impact on existing users beyond removing the
compiler warning when using a constant array.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
On musl libc, sys/select.h is where FD_* definitions are located.
Signed-off-by: Kylie McClain <somasis@exherbo.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
When compiling with clang, the visibility attributes are ignored
since they are after the definition of the exported function.
Fix this by moving the attribute declaration before the function.
attr.c:439:1: error: attribute declaration must precede definition [-Werror,-Wignored-attributes]
EXPORT_SYMBOL(mnl_attr_put_u8);
^
./internal.h:7:41: note: expanded from macro 'EXPORT_SYMBOL'
^
./internal.h:6:35: note: expanded from macro '__visible'
^
attr.c:435:6: note: previous definition is here
void mnl_attr_put_u8(struct nlmsghdr *nlh, uint16_t type, uint8_t data)
^
Signed-off-by: Peter Foley <pefoley2@pefoley.com>
It makes more sense to use isprint() than isalnum() because we use non
alphanumeric characters like '%', '_', etc. And, in case of non
printable character, print a space is preferable to print a NULL (0) in
order to keep alignment.
Before:
...
|00012|--|00002| |len |flags| type|
| 5f 5f 73 65 | | data | s e
| 74 25 64 00 | | data | t d
...
After:
...
|00012|--|00002| |len |flags| type|
| 5f 5f 73 65 | | data | _ _ s e
| 74 25 64 00 | | data | t % d
...
Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Define mnl_socket_open2() so that user can pass a set of SOCK_* flags
at socket creation time.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This is defined in <linux/types.h>, which is included by the nfnetlink_* header
files.
Thus, we can get rid of u_int64_t which causes problems to musl according to
Felix Janda.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
