/*
- * Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
ofpbuf_prealloc_tailroom(msg, NLMSG_ALIGN(size));
}
-static uint32_t
-get_nlmsg_seq(void)
-{
- /* Next nlmsghdr sequence number.
- *
- * This implementation uses sequence numbers that are unique process-wide,
- * to avoid a hypothetical race: send request, close socket, open new
- * socket that reuses the old socket's PID value, send request on new
- * socket, receive reply from kernel to old socket but with same PID and
- * sequence number. (This race could be avoided other ways, e.g. by
- * preventing PIDs from being quickly reused). */
- static uint32_t next_seq;
-
- if (next_seq == 0) {
- /* Pick initial sequence number. */
- next_seq = getpid() ^ time_wall();
- }
- return next_seq++;
-}
-
/* Puts a nlmsghdr at the beginning of 'msg', which must be initially empty.
* Uses the given 'type' and 'flags'. 'expected_payload' should be
* an estimate of the number of payload bytes to be supplied; if the size of
* is often NLM_F_REQUEST indicating that a request is being made, commonly
* or'd with NLM_F_ACK to request an acknowledgement.
*
- * Sets the new nlmsghdr's nlmsg_pid field to 0 for now. nl_sock_send() will
- * fill it in just before sending the message.
+ * Sets the new nlmsghdr's nlmsg_len, nlmsg_seq, and nlmsg_pid fields to 0 for
+ * now. Functions that send Netlink messages will fill these in just before
+ * sending the message.
*
* nl_msg_put_genlmsghdr() is more convenient for composing a Generic Netlink
* message. */
nlmsghdr->nlmsg_len = 0;
nlmsghdr->nlmsg_type = type;
nlmsghdr->nlmsg_flags = flags;
- nlmsghdr->nlmsg_seq = get_nlmsg_seq();
+ nlmsghdr->nlmsg_seq = 0;
nlmsghdr->nlmsg_pid = 0;
}
[NL_A_NESTED] = { 0, SIZE_MAX },
};
+bool
+nl_attr_validate(const struct nlattr *nla, const struct nl_policy *policy)
+{
+ uint16_t type = nl_attr_type(nla);
+ size_t min_len;
+ size_t max_len;
+ size_t len;
+
+ if (policy->type == NL_A_NO_ATTR) {
+ return true;
+ }
+
+ /* Figure out min and max length. */
+ min_len = policy->min_len;
+ if (!min_len) {
+ min_len = attr_len_range[policy->type][0];
+ }
+ max_len = policy->max_len;
+ if (!max_len) {
+ max_len = attr_len_range[policy->type][1];
+ }
+
+ /* Verify length. */
+ len = nl_attr_get_size(nla);
+ if (len < min_len || len > max_len) {
+ VLOG_DBG_RL(&rl, "attr %"PRIu16" length %zu not in "
+ "allowed range %zu...%zu", type, len, min_len, max_len);
+ return false;
+ }
+
+ /* Strings must be null terminated and must not have embedded nulls. */
+ if (policy->type == NL_A_STRING) {
+ if (((char *) nla)[nla->nla_len - 1]) {
+ VLOG_DBG_RL(&rl, "attr %"PRIu16" lacks null at end", type);
+ return false;
+ }
+ if (memchr(nla + 1, '\0', len - 1) != NULL) {
+ VLOG_DBG_RL(&rl, "attr %"PRIu16" has bad length", type);
+ return false;
+ }
+ }
+
+ return true;
+}
+
/* Parses the 'msg' starting at the given 'nla_offset' as a sequence of Netlink
* attributes. 'policy[i]', for 0 <= i < n_attrs, specifies how the attribute
* with nla_type == i is parsed; a pointer to attribute i is stored in
const struct nl_policy policy[],
struct nlattr *attrs[], size_t n_attrs)
{
- void *p, *tail;
- size_t n_required;
+ struct nlattr *nla;
+ size_t left;
size_t i;
- n_required = 0;
- for (i = 0; i < n_attrs; i++) {
- attrs[i] = NULL;
-
- assert(policy[i].type < N_NL_ATTR_TYPES);
- if (policy[i].type != NL_A_NO_ATTR
- && policy[i].type != NL_A_FLAG
- && !policy[i].optional) {
- n_required++;
- }
- }
+ memset(attrs, 0, n_attrs * sizeof *attrs);
- p = ofpbuf_at(msg, nla_offset, 0);
- if (p == NULL) {
+ if (msg->size < nla_offset) {
VLOG_DBG_RL(&rl, "missing headers in nl_policy_parse");
return false;
}
- tail = ofpbuf_tail(msg);
-
- while (p < tail) {
- size_t offset = (char*)p - (char*)msg->data;
- struct nlattr *nla = p;
- size_t len, aligned_len;
- uint16_t type;
-
- /* Make sure its claimed length is plausible. */
- if (nla->nla_len < NLA_HDRLEN) {
- VLOG_DBG_RL(&rl, "%zu: attr shorter than NLA_HDRLEN (%"PRIu16")",
- offset, nla->nla_len);
- return false;
- }
- len = nla->nla_len - NLA_HDRLEN;
- aligned_len = NLA_ALIGN(len);
- if (aligned_len > (char*)tail - (char*)p) {
- VLOG_DBG_RL(&rl, "%zu: attr %"PRIu16" aligned data len (%zu) "
- "> bytes left (%tu)",
- offset, nl_attr_type(nla), aligned_len,
- (char*)tail - (char*)p);
- return false;
- }
- type = nl_attr_type(nla);
+ NL_ATTR_FOR_EACH (nla, left,
+ (struct nlattr *) ((char *) msg->data + nla_offset),
+ msg->size - nla_offset)
+ {
+ uint16_t type = nl_attr_type(nla);
if (type < n_attrs && policy[type].type != NL_A_NO_ATTR) {
const struct nl_policy *e = &policy[type];
- size_t min_len, max_len;
-
- /* Validate length and content. */
- min_len = e->min_len ? e->min_len : attr_len_range[e->type][0];
- max_len = e->max_len ? e->max_len : attr_len_range[e->type][1];
- if (len < min_len || len > max_len) {
- VLOG_DBG_RL(&rl, "%zu: attr %"PRIu16" length %zu not in "
- "allowed range %zu...%zu",
- offset, type, len, min_len, max_len);
+ if (!nl_attr_validate(nla, e)) {
return false;
}
- if (e->type == NL_A_STRING) {
- if (((char *) nla)[nla->nla_len - 1]) {
- VLOG_DBG_RL(&rl, "%zu: attr %"PRIu16" lacks null at end",
- offset, type);
- return false;
- }
- if (memchr(nla + 1, '\0', len - 1) != NULL) {
- VLOG_DBG_RL(&rl, "%zu: attr %"PRIu16" has bad length",
- offset, type);
- return false;
- }
- }
- if (!e->optional && attrs[type] == NULL) {
- assert(n_required > 0);
- --n_required;
- }
if (attrs[type]) {
- VLOG_DBG_RL(&rl, "%zu: duplicate attr %"PRIu16, offset, type);
+ VLOG_DBG_RL(&rl, "duplicate attr %"PRIu16, type);
}
attrs[type] = nla;
- } else {
- /* Skip attribute type that we don't care about. */
}
- p = (char*)p + NLA_ALIGN(nla->nla_len);
}
- if (n_required) {
- VLOG_DBG_RL(&rl, "%zu required attrs missing", n_required);
+ if (left) {
+ VLOG_DBG_RL(&rl, "attributes followed by garbage");
return false;
}
+
+ for (i = 0; i < n_attrs; i++) {
+ const struct nl_policy *e = &policy[i];
+ if (!e->optional && e->type != NL_A_NO_ATTR && !attrs[i]) {
+ VLOG_DBG_RL(&rl, "required attr %zu missing", i);
+ return false;
+ }
+ }
return true;
}
size_t left;
NL_ATTR_FOR_EACH (nla, left, attrs, size) {
- if (nl_attr_type (nla) == type) {
+ if (nl_attr_type(nla) == type) {
return nla;
}
}
projects / openvswitch / blobdiff