From: David Ahern <dsahern@kernel.org>
To: netdev@vger.kernel.org
Cc: stephen@networkplumber.org, David Ahern <dsahern@gmail.com>
Subject: [PATCH iproute2-next 10/12] ip bridge: Set NETLINK_DUMP_STRICT_CHK on socket
Date: Wed, 19 Dec 2018 19:54:25 -0800 [thread overview]
Message-ID: <20181220035427.14453-11-dsahern@kernel.org> (raw)
In-Reply-To: <20181220035427.14453-1-dsahern@kernel.org>
From: David Ahern <dsahern@gmail.com>
iproute2 has been updated for the new strict policy in the kernel. Add a
helper to call setsockopt to enable the feature. Add a call to ip.c and
bridge.c
The setsockopt fails on older kernels and the error can be safely ignored
- any new fields or attributes are ignored by the older kernel.
Signed-off-by: David Ahern <dsahern@gmail.com>
---
bridge/bridge.c | 4 ++++
include/libnetlink.h | 1 +
ip/ip.c | 2 ++
lib/libnetlink.c | 9 +++++++++
4 files changed, 16 insertions(+)
diff --git a/bridge/bridge.c b/bridge/bridge.c
index a3d8154be898..a50d9d59b4c5 100644
--- a/bridge/bridge.c
+++ b/bridge/bridge.c
@@ -97,6 +97,8 @@ static int batch(const char *name)
return EXIT_FAILURE;
}
+ rtnl_set_strict_dump(&rth);
+
cmdlineno = 0;
while (getcmdline(&line, &len, stdin) != -1) {
char *largv[100];
@@ -205,6 +207,8 @@ main(int argc, char **argv)
if (rtnl_open(&rth, 0) < 0)
exit(1);
+ rtnl_set_strict_dump(&rth);
+
if (argc > 1)
return do_cmd(argv[1], argc-1, argv+1);
diff --git a/include/libnetlink.h b/include/libnetlink.h
index 2621bc99ce7b..dc0c9c4eb3f5 100644
--- a/include/libnetlink.h
+++ b/include/libnetlink.h
@@ -46,6 +46,7 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions,
__attribute__((warn_unused_result));
void rtnl_close(struct rtnl_handle *rth);
+void rtnl_set_strict_dump(struct rtnl_handle *rth);
typedef int (*req_filter_fn_t)(struct nlmsghdr *nlh, int reqlen);
diff --git a/ip/ip.c b/ip/ip.c
index a5bbacb4bb0f..e4131714018f 100644
--- a/ip/ip.c
+++ b/ip/ip.c
@@ -308,6 +308,8 @@ int main(int argc, char **argv)
if (rtnl_open(&rth, 0) < 0)
exit(1);
+ rtnl_set_strict_dump(&rth);
+
if (strlen(basename) > 2)
return do_cmd(basename+2, argc, argv);
diff --git a/lib/libnetlink.c b/lib/libnetlink.c
index 0ddd646a8775..7b02c754c1d0 100644
--- a/lib/libnetlink.c
+++ b/lib/libnetlink.c
@@ -161,6 +161,15 @@ static int nl_dump_ext_ack_done(const struct nlmsghdr *nlh, int error)
}
#endif
+/* Older kernels may not support strict dump and filtering */
+void rtnl_set_strict_dump(struct rtnl_handle *rth)
+{
+ int one = 1;
+
+ setsockopt(rth->fd, SOL_NETLINK, NETLINK_DUMP_STRICT_CHK,
+ &one, sizeof(one));
+}
+
void rtnl_close(struct rtnl_handle *rth)
{
if (rth->fd >= 0) {
--
2.11.0
next prev parent reply other threads:[~2018-12-20 3:53 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-20 3:54 [PATCH iproute2-next 00/12] Updates for strict checking and kernel side filtering David Ahern
2018-12-20 3:54 ` [PATCH iproute2-next 01/12] libnetlink: dump extack string in done message David Ahern
2018-12-20 3:54 ` [PATCH iproute2-next 02/12] libnetlink: Use NLMSG_LENGTH to set nlmsg_len David Ahern
2018-12-20 3:54 ` [PATCH iproute2-next 03/12] libnetlink: linkdump_req: Only AF_UNSPEC family expects an ext_filter_mask David Ahern
2018-12-20 3:54 ` [PATCH iproute2-next 04/12] ip route: Remove rtnl_rtcache_request David Ahern
2018-12-20 3:54 ` [PATCH iproute2-next 05/12] ip route: Add protocol, table id and device to dump request David Ahern
2018-12-20 3:54 ` [PATCH iproute2-next 06/12] mroute: fix up family handling David Ahern
2018-12-20 3:54 ` [PATCH iproute2-next 07/12] mroute: Add table id attribute for kernel side filtering David Ahern
2018-12-20 3:54 ` [PATCH iproute2-next 08/12] ip address: Split ip_linkaddr_list into link and addr functions David Ahern
2018-12-20 3:54 ` [PATCH iproute2-next 09/12] ip address: Set device index in dump request David Ahern
2018-12-20 3:54 ` David Ahern [this message]
2018-12-20 3:54 ` [PATCH iproute2-next 11/12] ip route: Rename do_ipv6 to dump_family David Ahern
2018-12-20 3:54 ` [PATCH iproute2-next 12/12] neighbor: Add support for protocol attribute David Ahern
2018-12-30 14:17 ` [PATCH iproute2-next 00/12] Updates for strict checking and kernel side filtering Ido Schimmel
2018-12-30 15:10 ` David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181220035427.14453-11-dsahern@kernel.org \
--to=dsahern@kernel.org \
--cc=dsahern@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.