Re: [PATCH RFC 0/4] net: add bpfilter

Hi David, On Mon, Feb 19, 2018 at 12:15:37PM -0500, David Miller wrote: > From: Phil Sutter <p...@nwl.cc> > Date: Mon, 19 Feb 2018 18:09:39 +0100 > > > What puzzles me about your argumentation is that you seem to propose for > > the kernel to cover up flaws in users

Re: [PATCH RFC 0/4] net: add bpfilter

Hi David, On Mon, Feb 19, 2018 at 01:41:29PM -0500, David Miller wrote: > From: Phil Sutter <p...@nwl.cc> > Date: Mon, 19 Feb 2018 19:05:51 +0100 > > > On Mon, Feb 19, 2018 at 12:22:26PM -0500, David Miller wrote: > >> From: Phil Sutter <p...@nwl.cc> > &

Re: [PATCH RFC 0/4] net: add bpfilter

Hi David, On Mon, Feb 19, 2018 at 12:22:26PM -0500, David Miller wrote: > From: Phil Sutter <p...@nwl.cc> > Date: Mon, 19 Feb 2018 18:14:11 +0100 > > > OK, so reading between the lines you're saying that nftables project > > has failed to provide an adequate success

Re: [PATCH RFC 0/4] net: add bpfilter

Hi David, On Mon, Feb 19, 2018 at 10:44:59AM -0500, David Miller wrote: > From: Harald Welte > Date: Mon, 19 Feb 2018 16:38:08 +0100 > > > On Mon, Feb 19, 2018 at 10:27:27AM -0500, David Miller wrote: > >> > Would you be willing to merge nftables into kernel tools

Re: [PATCH RFC 0/4] net: add bpfilter

Hi David, On Mon, Feb 19, 2018 at 10:31:39AM -0500, David Miller wrote: > From: Harald Welte > Date: Mon, 19 Feb 2018 16:27:46 +0100 > > > On Mon, Feb 19, 2018 at 10:13:35AM -0500, David Miller wrote: > > > >> Florian, first of all, the whole "change the iptables binary"

Re: [PATCH iproute2] lib/namespace: don't try to mount rw /sys over a ro one

On Mon, Feb 12, 2018 at 08:23:12PM +0100, Lubomir Rintel wrote: > It will fail with EPERM on Linux 4.15. > > Signed-off-by: Lubomir Rintel <lkund...@v3.sk> Acked-by: Phil Sutter <p...@nwl.cc>

[iproute PATCH] Remove leftovers from removed Latex documentation

Since there is no documentation in Latex format left, there is no need to check for commands to build it. Also there is no need to ignore any of the temporary files which were created by them. Signed-off-by: Phil Sutter <p...@nwl.cc> --- .gitignore | 10 -- configure

Re: [iproute PATCH] ip-route: Propagate errors from parse_one_nh()

Hi, On Thu, Feb 08, 2018 at 02:26:05PM +0100, Élie Bouttier wrote: > On 24/01/2018 16:44, Stephen Hemminger wrote: > > On Wed, 24 Jan 2018 10:19:24 +0100 > > Phil Sutter <p...@nwl.cc> wrote: > >> On Tue, Jan 23, 2018 at 02:44:42PM -0800, Stephen Hemminger wr

Re: [iproute PATCH] ip-route: Propagate errors from parse_one_nh()

On Tue, Jan 23, 2018 at 02:44:42PM -0800, Stephen Hemminger wrote: [...] > Also, it looks like read_family converts any address family it doesn't know > about to unspec > that is stupid behavior as well. I had a closer look and it is the best thing it could do. In all but one cases, the function

Re: [iproute PATCH] ip-route: Propagate errors from parse_one_nh()

Hi Stephen, On Tue, Jan 23, 2018 at 02:44:42PM -0800, Stephen Hemminger wrote: > On Tue, 23 Jan 2018 17:40:47 +0100 > Phil Sutter <p...@nwl.cc> wrote: > > > The following command segfaults if enp0s31f6 does not exist: > > > > | # ip -6 route add default proto

[iproute PATCH] ip-route: Propagate errors from parse_one_nh()

oet...@redhat.com> Fixes: 2f406f2d0b4ef ("ip route: replace exits with returns") Signed-off-by: Phil Sutter <p...@nwl.cc> --- ip/iproute.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ip/iproute.c b/ip/iproute.c index bf886fda9d761..d7accf57ac8d1 100

[iproute PATCH] tc: Optimize gact action lookup

t;j...@mellanox.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: David Ahern <dsah...@gmail.com> Signed-off-by: Phil Sutter <p...@nwl.cc> --- tc/m_action.c | 5 - tc/tc_util.c | 10 ++ tc/tc_util.h | 2 ++ 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/tc/m_

Re: [patch iproute2 v8 1/2] lib/libnetlink: Add functions rtnl_talk_msg and rtnl_talk_iov

On Wed, Jan 10, 2018 at 09:12:45PM +0100, Phil Sutter wrote: > On Wed, Jan 10, 2018 at 12:20:36PM -0700, David Ahern wrote: > [...] > > 2. I am using a batch file with drop filters: > > > > filter add dev eth2 ingress protocol ip pref 273 flower dst_ip > >

Re: [patch iproute2 v8 1/2] lib/libnetlink: Add functions rtnl_talk_msg and rtnl_talk_iov

On Wed, Jan 10, 2018 at 12:20:36PM -0700, David Ahern wrote: [...] > 2. I am using a batch file with drop filters: > > filter add dev eth2 ingress protocol ip pref 273 flower dst_ip > 192.168.253.0/16 action drop > > and for each command tc is trying to dlopen m_drop.so: > >

Re: [patch iproute2 v7 1/2] lib/libnetlink: Add functions rtnl_talk_msg and rtnl_talk_iov

Hi Chris, On Wed, Jan 10, 2018 at 03:00:23AM +, Chris Mi wrote: [...] > > Drop this and use 'continue' instead of 'goto next' below? > Actually there are two loops, I need go to the outer while loop instead of > the inner for loop. Oh, I missed that. Sorry for the noise! Cheers, Phil

Re: [patch iproute2 v7 1/2] lib/libnetlink: Add functions rtnl_talk_msg and rtnl_talk_iov

Hi, On Tue, Jan 09, 2018 at 03:59:07PM +0900, Chris Mi wrote: [...] > diff --git a/lib/libnetlink.c b/lib/libnetlink.c > index 00e6ce0c..ae0059f9 100644 > --- a/lib/libnetlink.c > +++ b/lib/libnetlink.c > @@ -581,39 +581,43 @@ static void rtnl_talk_error(struct nlmsghdr *h, struct > nlmsgerr

Re: [patch iproute2 v6 0/3] tc: Add -bs option to batch mode

Hi Chris, On Mon, Jan 08, 2018 at 02:03:53AM +, Chris Mi wrote: > > On Thu, Jan 04, 2018 at 04:34:51PM +0900, Chris Mi wrote: > > > The insertion rate is improved more than 10%. > > > > Did you measure the effect of increasing batch sizes? > Yes. Even if we enlarge the batch size bigger than

Re: [patch iproute2 v6 0/3] tc: Add -bs option to batch mode

Hi Chris, On Thu, Jan 04, 2018 at 04:34:51PM +0900, Chris Mi wrote: > Currently in tc batch mode, only one command is read from the batch > file and sent to kernel to process. With this patchset, we can accumulate > several commands before sending to kernel. The batch size is specified > using

[PATCH net] ipv4: fib: Fix metrics match when deleting a route

RTAX_FEATURES value with that from userspace (which obviously has no knowledge about DST_FEATURE_ECN_CA) and fails. Fixes: 5f9ae3d9e7e4a ("ipv4: do metrics match when looking up and deleting a route") Signed-off-by: Phil Sutter <p...@nwl.cc> --- net/ipv4/fib_semantics.c | 8 ++--

Re: [PATCH net-next v3 7/8] netdevsim: add SR-IOV functionality

n...@netronome.com> > Reviewed-by: Quentin Monnet <quentin.mon...@netronome.com> Acked-by: Phil Sutter <p...@nwl.cc>

Re: [PATCH net-next v2 7/8] netdevsim: add SR-IOV functionality

On Fri, Dec 01, 2017 at 01:45:09PM -0800, Jakub Kicinski wrote: > On Fri, 1 Dec 2017 22:36:52 +0100, Phil Sutter wrote: > > On Fri, Dec 01, 2017 at 12:14:07PM -0800, Jakub Kicinski wrote: > > > On Fri, 1 Dec 2017 14:43:06 +0100, Phil Sutter wrote: > > > > On Thu, No

Re: [PATCH net-next v2 8/8] net: dummy: remove fake SR-IOV functionality

On Fri, Dec 01, 2017 at 12:19:52PM -0800, Jakub Kicinski wrote: > On Fri, 1 Dec 2017 14:46:34 +0100, Phil Sutter wrote: > > On Thu, Nov 30, 2017 at 05:35:40PM -0800, Jakub Kicinski wrote: > > > netdevsim driver seems like a better place for fake SR-IOV > > > func

Re: [PATCH net-next v2 7/8] netdevsim: add SR-IOV functionality

On Fri, Dec 01, 2017 at 12:14:07PM -0800, Jakub Kicinski wrote: > On Fri, 1 Dec 2017 14:43:06 +0100, Phil Sutter wrote: > > On Thu, Nov 30, 2017 at 05:35:39PM -0800, Jakub Kicinski wrote: > > [...] > > > +static int nsim_vfs_enable(struct netdevsim *ns, unsigned int num_

Re: [PATCH net-next v2 8/8] net: dummy: remove fake SR-IOV functionality

n Monnet <quentin.mon...@netronome.com> Acked-by: Phil Sutter <p...@nwl.cc>

Re: [PATCH net-next v2 7/8] netdevsim: add SR-IOV functionality

On Thu, Nov 30, 2017 at 05:35:39PM -0800, Jakub Kicinski wrote: [...] > +static int nsim_vfs_enable(struct netdevsim *ns, unsigned int num_vfs) > +{ > + ns->vfconfigs = kcalloc(num_vfs, sizeof(struct nsim_vf_config), > + GFP_KERNEL); > + if (!ns->vfconfigs) > +

[iproute PATCH] man: tc-csum.8: Fix inconsistency in example description

Commit 6bbe5e6290db5 ("man: tc-csum.8: Fix example") changed both source and destination IP addresses in example code but missed to update the example's description accordingly. Fixes: 6bbe5e6290db5 ("man: tc-csum.8: Fix example") Signed-off-by: Phil Sutter <p...@nwl.cc&g

[iproute PATCH] link_gre6: Detect invalid encaplimit values

Looks like a typo: get_u8() returns 0 on success and -1 on error, so the error checking here was ineffective. Fixes: a11b7b71a6eba ("link_gre6: really support encaplimit option") Signed-off-by: Phil Sutter <p...@nwl.cc> --- ip/link_gre6.c | 2 +- 1 file changed, 1 insertio

Re: [RFC net-next 4/6] netdevsim: add software driver for testing offloads

Hi, On Mon, Nov 27, 2017 at 11:42:49AM -0800, Jakub Kicinski wrote: > On Tue, 28 Nov 2017 04:30:26 +0900 (KST), David Miller wrote: > > From: Jakub Kicinski > > Date: Thu, 23 Nov 2017 18:36:11 -0800 > > > > > The dummy driver have previously been extended to test

[iproute PATCH 2/2] tc_util: Silence spurious compiler warning

GCC version 7.2.1 complains that 'result1' may be used uninitialized in parse_action_control_slash_spaces(). This should not be possible in practice, so the actual value 'result1' is initialized with does not matter. Signed-off-by: Phil Sutter <p...@nwl.cc> --- tc/tc_util.c | 2 +-

[iproute PATCH 1/2] tc_util: Drop needless pointer check

The function parse_action_control_slash() returns early if 'p' is NULL, so after the first call to action_a2n(), 'p' is guaranteed not to be NULL. Otherwise, the assignment '*p = 0' above would dereference the NULL pointer already anyway, so just drop this check here. Signed-off-by: Phil Sutter

[iproute PATCH 0/2] Review recent changes in tc_util.c

This silences a spurious compiler warning with gcc-7 and eliminates a needless conditional identified while investigating the warning. Phil Sutter (2): tc_util: Drop needless pointer check tc_util: Silence spurious compiler warning tc/tc_util.c | 5 ++--- 1 file changed, 2 insertions(+), 3

Re: [PATCHv5 iproute2 net-next 2/2] lib/libnetlink: re malloc buff if size is not enough

On Thu, Oct 26, 2017 at 09:42:46AM -0600, David Ahern wrote: > On 10/26/17 9:33 AM, Phil Sutter wrote: > > On Thu, Oct 26, 2017 at 09:28:00AM -0600, David Ahern wrote: > >> On 10/26/17 4:24 AM, Stephen Hemminger wrote: > >>>> > >>>> The ke

Re: [PATCHv5 iproute2 net-next 2/2] lib/libnetlink: re malloc buff if size is not enough

On Thu, Oct 26, 2017 at 09:28:00AM -0600, David Ahern wrote: > On 10/26/17 4:24 AM, Stephen Hemminger wrote: > >> > >> The kernel needs a flag that says "give me the message of the buffer is > >> large enough; if not just PEEK and tell me the length." That would avoid > >> the double call in most

Re: [PATCH] add additional explain in ss man page

On Thu, Oct 26, 2017 at 07:15:31AM +, yupeng wrote: > Add detail explains of -m, -o, -e and -i options, which are not documented > anywhere > > Signed-off-by: yupeng <yupeng0...@gmail.com> Acked-by: Phil Sutter <p...@nwl.cc>

Re: [iproute PATCH] ss: add detail explains of -m, -o, -e and -i options in ss man page

Hi Yupeng, On Wed, Oct 25, 2017 at 02:20:25PM -0700, peng yu wrote: > Thanks for your suggestion, below is a new patch. What I did: > 1. change all 'package' to 'packet' > 2. put my additional text as second paragraphs of the original options. > 3. checked the man page by aspell > If anything

Re: [PATCH iproute2] ip maddr: fix filtering by device

;ip: fix igmp parsing when iface is long") > Signed-off-by: Michal Kubecek <mkube...@suse.cz> Acked-by: Phil Sutter <p...@nwl.cc>

[iproute PATCH] ss: Detect IPPROTO_ICMPV6 sockets

Prefix IPPROTO_ICMPV6 sockets with 'icmp6' instead of '???'. Signed-off-by: Phil Sutter <p...@nwl.cc> --- misc/ss.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/misc/ss.c b/misc/ss.c index e37aba6022eb4..b5c6bbc05766e 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -784,6 +784,8 @@

[iproute PATCH] ss: Distinguish between IPv4 and IPv6 wildcard sockets

lt;eric.duma...@gmail.com> Signed-off-by: Phil Sutter <p...@nwl.cc> --- misc/ss.c | 36 +--- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/misc/ss.c b/misc/ss.c index 09bff8a7e2d28..e37aba6022eb4 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -10

Re: [iproute2] regression in ss output

On Mon, Oct 16, 2017 at 07:49:58PM -0700, Stephen Hemminger wrote: > On Mon, 16 Oct 2017 19:00:36 -0700 > Eric Dumazet wrote: > > > On Mon, 2017-10-16 at 14:28 -0700, Stephen Hemminger wrote: > > > On Mon, 16 Oct 2017 20:44:07 + > > > Humberto Alves

Re: [iproute2] regression in ss output

Hi, On Fri, Oct 13, 2017 at 09:57:37AM +, Humberto Alves wrote: > Hi! With the last iproute2 release, ss command output does not > differentiate between any-address IPv4 sockets from the IPv6 ones. > I don't know if this is an expected behaviour, but the old output looks > more useful.

Re: [PATCHv4 iproute2 2/2] lib/libnetlink: update rtnl_talk to support malloc buff at run time

On Thu, Oct 12, 2017 at 09:07:06AM -0700, Stephen Hemminger wrote: > On Wed, 11 Oct 2017 13:10:07 +0200 > Phil Sutter <p...@nwl.cc> wrote: > > > On Tue, Oct 10, 2017 at 09:47:43AM -0700, Stephen Hemminger wrote: > > > On Tue, 10 Oct 2017 08:41:17 +0200 > >

Re: [PATCHv4 iproute2 2/2] lib/libnetlink: update rtnl_talk to support malloc buff at run time

On Tue, Oct 10, 2017 at 09:47:43AM -0700, Stephen Hemminger wrote: > On Tue, 10 Oct 2017 08:41:17 +0200 > Michal Kubecek <mkube...@suse.cz> wrote: > > > On Mon, Oct 09, 2017 at 10:25:25PM +0200, Phil Sutter wrote: > > > Hi Stephen, > > > > > > O

Re: [PATCHv4 iproute2 2/2] lib/libnetlink: update rtnl_talk to support malloc buff at run time

> > With call like rtnl_talk(, nlh, nlh, sizeof(req), I add a new variable > > answer to avoid overwrite data in nlh, because it may has more info after > > nlh. also this will avoid nlh buffer not enough issue. > > > > We need to free answer after using. > &

[iproute PATCH v3 0/3] Check user supplied interface name lengths

: - Changed patch 3 as suggested in review. Changes since v1: - Patches 1 and 2 introduced. - Changes to patch 3 are listed in there. Phil Sutter (3): ip{6,}tunnel: Avoid copying user-supplied interface name around tc: flower: No need to cache indev arg Check user supplied interface name lengths

[iproute PATCH v3 1/3] ip{6,}tunnel: Avoid copying user-supplied interface name around

until the later lookup/strcpy. Signed-off-by: Phil Sutter <p...@nwl.cc> --- ip/ip6tunnel.c | 6 +++--- ip/iptunnel.c | 22 +- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/ip/ip6tunnel.c b/ip/ip6tunnel.c index b4a7def144226..c12d700e74189 100644 --

[iproute PATCH v3 2/3] tc: flower: No need to cache indev arg

Since addattrstrz() will copy the provided string into the attribute payload, there is no need to cache the data. Signed-off-by: Phil Sutter <p...@nwl.cc> --- tc/f_flower.c | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tc/f_flower.c b/tc/f_flower.c index 934832e

[iproute PATCH v3 3/3] Check user supplied interface name lengths

and is therefore looked up using ll_name_to_index(), so if_nametoindex() will perform the necessary checks already. Signed-off-by: Phil Sutter <p...@nwl.cc> --- Changes since v2: - Change implementation of check_ifname() and add get_ifname() just as Stephen suggested with one exception: Call s

Re: [iproute PATCH v2 0/3] Check user supplied interface name lengths

On Fri, Sep 29, 2017 at 10:31:07AM -0700, Stephen Hemminger wrote: [...] > I was thinking something like: > > > > diff --git a/include/utils.h b/include/utils.h > index c9ed230b9604..e2702b56f2e0 100644 > --- a/include/utils.h > +++ b/include/utils.h > @@ -105,6 +105,8 @@ int get_be64(__be64

[iproute PATCH] ip-route: Fix for listing routes with RTAX_LOCK attribute

although they are not. Fix this by taking mxlock value for the given metric into account before skipping it if it is not present. Reported-by: Thomas Haller <thal...@redhat.com> Signed-off-by: Phil Sutter <p...@nwl.cc> --- ip/iproute.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deleti

Re: [iproute PATCH v2 0/3] Check user supplied interface name lengths

On Wed, Sep 27, 2017 at 08:42:49AM +0100, Stephen Hemminger wrote: > On Tue, 26 Sep 2017 18:35:45 +0200 > Phil Sutter <p...@nwl.cc> wrote: > > > This series adds explicit checks for user-supplied interface names to > > make sure their length fits Linux's requireme

[iproute PATCH v2 2/3] tc: flower: No need to cache indev arg

Since addattrstrz() will copy the provided string into the attribute payload, there is no need to cache the data. Signed-off-by: Phil Sutter <p...@nwl.cc> --- tc/f_flower.c | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tc/f_flower.c b/tc/f_flower.c index 934832e

[iproute PATCH v2 1/3] ip{6,}tunnel: Avoid copying user-supplied interface name around

until the later lookup/strcpy. Signed-off-by: Phil Sutter <p...@nwl.cc> --- ip/ip6tunnel.c | 6 +++--- ip/iptunnel.c | 22 +- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/ip/ip6tunnel.c b/ip/ip6tunnel.c index b4a7def144226..c12d700e74189 100644 --

[iproute PATCH v2 0/3] Check user supplied interface name lengths

: - Patches 1 and 2 introduced. - Changes to patch 3 are listed in there. Phil Sutter (3): ip{6,}tunnel: Avoid copying user-supplied interface name around tc: flower: No need to cache indev arg Check user supplied interface name lengths include/utils.h | 1 + ip/ip6tunnel.c | 9

[iproute PATCH v2 3/3] Check user supplied interface name lengths

using ll_name_to_index(), so if_nametoindex() will perform the necessary checks already. Signed-off-by: Phil Sutter <p...@nwl.cc> --- Changes since v1: - added missing check to tc/f_flower.c - Drop some useless checks from ip/ip{6,}tunnel.c (ll_name_to_index() will detect illegal interface

Re: [PATCH] lib: fix multiple strlcpy definition

On Tue, Sep 26, 2017 at 02:08:49PM +0300, Baruch Siach wrote: [...] > diff --git a/configure b/configure > index 7be8fb113cc9..787b2e061af9 100755 > --- a/configure > +++ b/configure > @@ -326,6 +326,27 @@ EOF > rm -f $TMPDIR/dbtest.c $TMPDIR/dbtest > } > > +check_strlcpy() > +{ > +cat

Re: [PATCH iproute2] man: fix documentation for range of route table ID

On Thu, Sep 21, 2017 at 08:14:11PM +0200, Thomas Haller wrote: > Signed-off-by: Thomas Haller Fixes: 4ec1933dfddfc ("Update ip.8 man page to describe route table id values") (So that bug is over 7 years old. :) Cheers, Phil

[iproute PATCH v2] ipaddress: Fix segfault in 'addr showdump'

json output") Signed-off-by: Phil Sutter <p...@nwl.cc> -- Changes since v1: Align json output with that of 'ip -j addr show': - Interface index label is 'ifindex', not 'index' and it doesn't belong to 'addr_info' array. - Create one 'addr_info' array per dumped address, not one for all. --

Re: [iproute PATCH] ipaddress: Fix segfault in 'addr showdump'

On Tue, Sep 12, 2017 at 04:58:12PM +0200, Phil Sutter wrote: > Obviously, 'addr showdump' feature wasn't adjusted to json output > support. As a consequence, calls to print_string() in print_addrinfo() > tried to dereference a NULL FILE pointer. Please ignore this patch - it generates

[iproute PATCH] ipaddress: Fix segfault in 'addr showdump'

Obviously, 'addr showdump' feature wasn't adjusted to json output support. As a consequence, calls to print_string() in print_addrinfo() tried to dereference a NULL FILE pointer. Fixes: d0e720111aad2 ("ip: ipaddress.c: add support for json output") Signed-off-by: Phil Sutter <p...@nw

Re: [PATCH iproute2 1/2] lib/libnetlink: re malloc buff if size is not enough

Hi, On Fri, Sep 08, 2017 at 10:01:31PM +0800, Hangbin Liu wrote: [...] > > > diff --git a/lib/libnetlink.c b/lib/libnetlink.c > > > index be7ac86..37cfb5a 100644 > > > --- a/lib/libnetlink.c > > > +++ b/lib/libnetlink.c > > > @@ -402,6 +402,59 @@ static void rtnl_dump_error(const struct

Re: [PATCH iproute2 2/2] lib/libnetlink: update rtnl_talk to support malloc buff at run time

Hi Hangbin, On Fri, Sep 08, 2017 at 06:14:57PM +0800, Hangbin Liu wrote: [...] > diff --git a/genl/ctrl.c b/genl/ctrl.c > index 448988e..699657b 100644 > --- a/genl/ctrl.c > +++ b/genl/ctrl.c > @@ -55,6 +55,7 @@ int genl_ctrl_resolve_family(const char *family) > }; > struct nlmsghdr

Re: [PATCH iproute2 1/2] lib/libnetlink: re malloc buff if size is not enough

Hi Hangbin, On Fri, Sep 08, 2017 at 06:14:56PM +0800, Hangbin Liu wrote: [...] > diff --git a/lib/libnetlink.c b/lib/libnetlink.c > index be7ac86..37cfb5a 100644 > --- a/lib/libnetlink.c > +++ b/lib/libnetlink.c > @@ -402,6 +402,59 @@ static void rtnl_dump_error(const struct rtnl_handle > *rth,

[iproute PATCH] utils: Review strlcpy() and strlcat()

strlcat() by avoiding the call to strlcpy() if dst string is already full, not just as sanity check. Signed-off-by: Phil Sutter <p...@nwl.cc> --- lib/utils.c | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/utils.c b/lib/utils.c index 330ab073c2068..bbd3cbc

Re: [iproute PATCH 1/6] utils: Implement strlcpy() and strlcat()

On Mon, Sep 04, 2017 at 02:49:20PM +, David Laight wrote: > From: Phil Sutter > > Sent: 01 September 2017 17:53 > > By making use of strncpy(), both implementations are really simple so > > there is no need to add libbsd as additional dependency. > > > ... >

Re: [iproute PATCH 0/2] Fix and enhance link_gre6

Hi Stephen, On Fri, Sep 01, 2017 at 12:13:33PM -0700, Stephen Hemminger wrote: > On Fri, 1 Sep 2017 16:08:07 +0200 > Phil Sutter <p...@nwl.cc> wrote: > > > Changing a tunnel's flowlabel value was broken if it was set to a > > non-zero value before. Since the same

Re: [iproute PATCH 50/51] Check user supplied interface name lengths

Hi Stephen, On Tue, Aug 15, 2017 at 06:51:32PM +0200, Phil Sutter wrote: > On Tue, Aug 15, 2017 at 09:09:45AM -0700, Stephen Hemminger wrote: > > On Sat, 12 Aug 2017 14:05:09 +0200 > > Phil Sutter <p...@nwl.cc> wrote: > > > > > +void assert_val

[iproute PATCH 3/6] Convert harmful calls to strncpy() to strlcpy()

This patch converts spots where manual buffer termination was missing to strlcpy() since that does what is needed. Signed-off-by: Phil Sutter <p...@nwl.cc> --- genl/ctrl.c | 2 +- ip/ipvrf.c | 2 +- ip/xfrm_state.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff

[iproute PATCH 6/6] lnstat_util: Make sure buffer is NUL-terminated

Can't use strlcpy() here since lnstat is not linked against libutil. While being at it, fix coding style in that chunk as well. Signed-off-by: Phil Sutter <p...@nwl.cc> --- misc/lnstat_util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/misc/lnstat_util.c

[iproute PATCH 5/6] tc_util: No need to terminate an snprintf'ed buffer

snprintf() won't leave the buffer unterminated, so manually terminating is not necessary here. Signed-off-by: Phil Sutter <p...@nwl.cc> --- tc/tc_util.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tc/tc_util.c b/tc/tc_util.c index 371046839ba9f..50d355046bdad 100644 --- a/tc/tc_

[iproute PATCH 2/6] Convert the obvious cases to strlcpy()

This converts the typical idiom of manually terminating the buffer after a call to strncpy(). Signed-off-by: Phil Sutter <p...@nwl.cc> --- ip/ipnetns.c | 3 +-- ip/iproute_lwtunnel.c | 3 +-- ip/ipvrf.c| 3 +-- lib/bpf.c | 3 +-- lib/fs.c

[iproute PATCH 4/6] ipxfrm: Replace STRBUF_CAT macro with strlcat()

Signed-off-by: Phil Sutter <p...@nwl.cc> --- ip/ipxfrm.c | 21 + 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c index d5eb22e25476a..12c2f721571b6 100644 --- a/ip/ipxfrm.c +++ b/ip/ipxfrm.c @@ -40,17 +40,6 @@ #include "

[iproute PATCH 1/6] utils: Implement strlcpy() and strlcat()

By making use of strncpy(), both implementations are really simple so there is no need to add libbsd as additional dependency. Signed-off-by: Phil Sutter <p...@nwl.cc> --- include/utils.h | 3 +++ lib/utils.c | 19 +++ 2 files changed, 22 insertions(+) diff --git a/i

[iproute PATCH 0/6] strlcpy() and strlcat() for iproute2

sanitizes a call to strncpy() in misc/lnstat_util.c without using strlcpy() since lnstat is not being linked against libutil. I implemented both functions solely based on information in libbsd's man pages, so they are safe to be released under the GPL. Phil Sutter (6): utils: Implement strlcpy

[iproute PATCH 1/2] link_gre6: Fix for changing tclass/flowlabel

: af89576d7a8c4 ("iproute2: GRE over IPv6 tunnel support.") Signed-off-by: Phil Sutter <p...@nwl.cc> --- ip/link_gre6.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ip/link_gre6.c b/ip/link_gre6.c index 4d3d4b54210b9..447ac5d78ab7b 100644 --- a/ip/link_gre6.c +++ b/ip/link_

[iproute PATCH 0/2] Fix and enhance link_gre6

result. Phil Sutter (2): link_gre6: Fix for changing tclass/flowlabel link_gre6: Print the tunnel's tclass setting ip/link_gre6.c | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) -- 2.13.1

[iproute PATCH 2/2] link_gre6: Print the tunnel's tclass setting

Print the value analogous to flowlabel. While being at it, also break the overlong lines to not exceed 80 characters boundary. Signed-off-by: Phil Sutter <p...@nwl.cc> --- ip/link_gre6.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ip/link_gre6.c b/ip/link_

Re: [iproute PATCH] lib/bpf: Fix bytecode-file parsing

Hi Daniel, On Wed, Aug 30, 2017 at 03:53:59PM +0200, Daniel Borkmann wrote: > On 08/29/2017 05:09 PM, Phil Sutter wrote: [...] > > @@ -228,18 +229,20 @@ static int bpf_parse_string(char *arg, bool > > from_file, __u16 *bpf_len, > >

[iproute PATCH] lib/bpf: Fix bytecode-file parsing

detect double separator characters, so doesn't soften up the parser too much. Fixes: 3da3ebfca85b8 ("bpf: Make bytecode-file reading a little more robust") Cc: Daniel Borkmann <dan...@iogearbox.net> Signed-off-by: Phil Sutter <p...@nwl.cc> --- lib/bpf.c | 7 +-- 1 file chang

[iproute PATCH] ss: Fix for added diag support check

de returned from netlink reply") Signed-off-by: Phil Sutter <p...@nwl.cc> --- misc/ss.c | 20 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/misc/ss.c b/misc/ss.c index fcc3cf9282c49..2c9e80e696595 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -2753,7 +2753,7

[iproute PATCH v4 1/6] ipntable: Avoid memory allocation for filter.name

The original issue was that filter.name might end up unterminated if user provided string was too long. But in fact it is not necessary to copy the commandline parameter at all: just make filter.name point to it instead. Signed-off-by: Phil Sutter <p...@nwl.cc> --- ip/ipntable.c | 6 +++

[iproute PATCH v4 3/6] lib/inet_proto: Review inet_proto_{a2n,n2a}()

in get_u8() to find out whether passed 'buf' contains a valid decimal number instead of checking the first character's value manually. Signed-off-by: Phil Sutter <p...@nwl.cc> --- lib/inet_proto.c | 24 +--- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git

[iproute PATCH v4 0/6] Covscan: Fixes for string termination

upstream. Changes since v3: - Dropped patch 2 since upstream discussion in v3 is not conclusive yet. Phil Sutter (6): ipntable: Avoid memory allocation for filter.name lib/fs: Fix format string in find_fs_mount() lib/inet_proto: Review inet_proto_{a2n,n2a}() lnstat_util: Simplify alloc_and_open

[iproute PATCH v4 2/6] lib/fs: Fix format string in find_fs_mount()

A field width of 4096 allows fscanf() to store that amount of characters into the given buffer, though that doesn't include the terminating NULL byte. Decrease the value by one to leave space for it. Signed-off-by: Phil Sutter <p...@nwl.cc> --- lib/fs.c | 2 +- 1 file changed, 1 insertion

[iproute PATCH v4 4/6] lnstat_util: Simplify alloc_and_open() a bit

Relying upon callers and using unsafe strcpy() is probably not the best idea. Aside from that, using snprintf() allows to format the string for lf->path in one go. Signed-off-by: Phil Sutter <p...@nwl.cc> --- misc/lnstat_util.c | 7 ++- 1 file changed, 2 insertions(+), 5 deletions

[iproute PATCH v4 5/6] tc/m_xt: Fix for potential string buffer overflows

would overwrite the previously NULL'ed 'k[15]'. Also, the sanitization has to happen if 'tname' is exactly 16 bytes long as well. Signed-off-by: Phil Sutter <p...@nwl.cc> --- tc/m_xt.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tc/m_xt.c b/tc/

[iproute PATCH v4 6/6] lib/ll_map: Choose size of new cache items at run-time

Instead of having a fixed buffer of 16 bytes for the interface name, tailor size of new ll_cache entry using the interface name's actual length. This also makes sure the following call to strcpy() is safe. Signed-off-by: Phil Sutter <p...@nwl.cc> --- lib/ll_map.c | 4 ++-- 1 file chan

[iproute PATCH v4 4/4] tipc/bearer: Prevent NULL pointer dereference

Signed-off-by: Phil Sutter <p...@nwl.cc> --- Changes since v2: - Keep assignment and check in separate statements. --- tipc/bearer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tipc/bearer.c b/tipc/bearer.c index c3d4491f8f6ef..0d84570150624 100644 --- a/tipc/be

[iproute PATCH v4 1/4] ifstat, nstat: Check fdopen() return value

Prevent passing NULL FILE pointer to fgets() later. Fix both tools in a single patch since the code changes are basically identical. Signed-off-by: Phil Sutter <p...@nwl.cc> --- misc/ifstat.c | 16 +++- misc/nstat.c | 16 +++- 2 files changed, 22 insertions(

[iproute PATCH v4 3/4] tc/tc_filter: Make sure filter name is not empty

The later check for 'k[0] != 0' requires a non-empty filter name, otherwise NULL pointer dereference in 'q' might happen. Signed-off-by: Phil Sutter <p...@nwl.cc> --- Changes since v2: - Instead of calling strlen(), just make sure **argv is not 0. --- tc/tc_filter.c | 3 +++ 1 file chan

[iproute PATCH v4 2/4] tc/q_netem: Don't dereference possibly NULL pointer

Assuming 'opt' might be NULL, move the call to RTA_PAYLOAD to after the check since it dereferences its parameter. Signed-off-by: Phil Sutter <p...@nwl.cc> --- Changes since v2: - Dropped empty line between assignment and check. --- tc/q_netem.c | 3 ++- 1 file changed, 2 insertions

[iproute PATCH v4 0/4] Covscan: Fix potential NULL pointer dereferences

This series collects patches from v1 which eliminate possible cases of NULL pointer dereferences. Changes since v3: - Dropped upstream rejected patch 2. Phil Sutter (4): ifstat, nstat: Check fdopen() return value tc/q_netem: Don't dereference possibly NULL pointer tc/tc_filter: Make sure

[iproute PATCH v3 3/6] netem/maketable: Check return value of fscanf()

Signed-off-by: Phil Sutter <p...@nwl.cc> --- netem/maketable.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/netem/maketable.c b/netem/maketable.c index ad660e7d457f0..ccb8f0c68b062 100644 --- a/netem/maketable.c +++ b/netem/maketable.c @@ -38,8 +38,8 @@ readdouble

[iproute PATCH v3 5/6] lib/fs: Fix and simplify make_path()

Calling stat() before mkdir() is racey: The entry might change in between. Also, the call to stat() seems to exist only to check if the directory exists already. So simply call mkdir() unconditionally and catch only errors other than EEXIST. Signed-off-by: Phil Sutter <p...@nwl.cc> --- li

[iproute PATCH v3 0/6] Covscan: Misc fixes

This series collects patches from v1 addressing miscellaneous issues detected by covscan. Changes since v2: - Dropped patch 1 since v2 discussion is still inconclusive. - Replaced patch 2 by a more appropriate one given feedback from v2. Phil Sutter (6): ss: Make struct tcpstat fields 'timer

[iproute PATCH v3 2/6] ss: Make sure scanned index value to unix_state_map is sane

Signed-off-by: Phil Sutter <p...@nwl.cc> --- misc/ss.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/misc/ss.c b/misc/ss.c index c41d5169aba52..951aa877bcb01 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -3148,7 +3148,8 @@ static int unix_show(struct fil

[iproute PATCH v3 4/6] lib/bpf: Check return value of write()

This is merely to silence the compiler warning. If write to stderr failed, assume that printing an error message will fail as well so don't even try. Signed-off-by: Phil Sutter <p...@nwl.cc> --- lib/bpf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/bpf.c b/lib

[iproute PATCH v3 6/6] lib/libnetlink: Don't pass NULL parameter to memcpy()

Both addattr_l() and rta_addattr_l() may be called with NULL data pointer and 0 alen parameters. Avoid calling memcpy() in that case. Signed-off-by: Phil Sutter <p...@nwl.cc> --- lib/libnetlink.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/libnetlink.c

[iproute PATCH v3 1/6] ss: Make struct tcpstat fields 'timer' and 'timeout' unsigned

for negative values. Signed-off-by: Phil Sutter <p...@nwl.cc> --- misc/ss.c | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/misc/ss.c b/misc/ss.c index 34c6da5443642..c41d5169aba52 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -697,8 +697,8 @@ struct dctcpstat {

Re: [iproute PATCH v3 2/7] xfrm_state: Make sure alg_name is NULL-terminated

On Mon, Aug 21, 2017 at 05:28:20PM -0700, Stephen Hemminger wrote: > On Mon, 21 Aug 2017 15:23:36 +0200 > Phil Sutter <p...@nwl.cc> wrote: > > > Signed-off-by: Phil Sutter <p...@nwl.cc> > > --- > > ip/xfrm_state.c | 3 ++- > > 1 file changed, 2 ins

Re: [iproute PATCH v2 1/7] nstat: Avoid passing negative fd to fdopen()

On Mon, Aug 21, 2017 at 05:23:23PM -0700, Stephen Hemminger wrote: > On Mon, 21 Aug 2017 19:08:07 +0200 > Phil Sutter <p...@nwl.cc> wrote: > > > Introduce a wrapper which does the sanity checking and returns NULL > > in case fd is invalid. > > > >

<    1   2   3   4   5   6   7   8   9   10   >