On some 32 bit platforms, the printf was causing warning:
ipmacsec.c: In function ‘getattr_u64’:
ipmacsec.c:655:47: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘unsigned int’ [-Wformat=]
fprintf(stderr, "invalid attribute length %lu\n",
Resolve by computing length as size_t first.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
No function, filter, or print function uses the sockaddr_nl arg,
so just drop it.
Signed-off-by: David Ahern <dsahern@gmail.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
I seem to have had a massive brainfart with uses of
parse_rtattr_nested(). The rtattr* array must have MAX+1 elements, and
the call to parse_rtattr_nested must have MAX as its bound. Let's fix
those.
Fixes: b26fc590ce ("ip: add MACsec support")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Common pattern in iproute commands is to print a line seperator
in non-json mode. Make that a simple function.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
print_uint() will silently promote its variable type to uint64_t, but there
is nothing that ensures that the format string specifier passed along with
it fits (and the function name suggest to pass "%u").
Fix this by changing print_uint() to use a native 'unsigned int' type, and
introduce a separate print_u64() function for printing 64-bit values. All
call sites that were actually printing 64-bit values using print_uint() are
converted to use print_u64() instead.
Since print_int() was already using native int types, just add a
print_s64() to match, but don't convert any call sites. For symmetry,
also add a print_luint() method (with no users).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The JSON support in macsec code was mostly missing and what was
there was broken. This uses new json_print utilities to complete
output.
Compile tested only.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Several places copy/paste same code for printing array of statistics.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Break long lines and use const as recommended by checkpatch.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
1) Rename @hdr parameter to @n to be coherent with rest of the parsing
code.
2) Use NLMSG_DATA() to get pointer to the data after nlmsghdr instead
of calculating it directly in ip/tunnel code.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
This is an update for 460c03f3f3 ("iplink: double the buffer size also in
iplink_get()"). After update, we will not need to double the buffer size
every time when VFs number increased.
With call like rtnl_talk(&rth, &req.n, NULL, 0), we can simply remove the
length parameter.
With call like rtnl_talk(&rth, nlh, nlh, sizeof(req), I add a new variable
answer to avoid overwrite data in nlh, because it may has more info after
nlh. also this will avoid nlh buffer not enough issue.
We need to free answer after using.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
The original bond/bridge/vrf and slaves use same id, which make people
confused. Use bond/bridge/vrf_slave as id name will make code more clear.
Acked-by: Phil Sutter <psutter@redhat.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
the maximum possible ICV length in a MACsec frame is 16 octects, not 32:
fix get_icvlen() accordingly, so that a proper error message is displayed
in case input 'icvlen' is greater than 16.
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Phil Sutter <phil@nwl.cc>
Acked-by: Sabrina Dubroca <sd@queasysnail.net>
use get_be64() in place of get_u64() when parsing input 'sci' parameter,
so that 'sci' can be entered using network byte order regardless the
endianness of target system; use ntohll() when printing out 'sci'. While
at it, improve documentation of 'sci' in ip-link.8.
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
remove hardcoded base 10 parsing of 'port' parameter, update man page
and fix usage() functions as well. Fix misleading line in man page that
theoretically allowed specifying 'port' keyword right after 'sci' keyword.
Provide documentation of 'address' parameter in man pages and in usage()
functions as well.
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Currently, the `ip macsec` command tries to initialize a genl context
even when we just want to see the help for the command, which doesn't
require to talk to the kernel at all.
Delay genl initialization, which can fail if the module isn't loaded,
until the point where we will actually need it.
Fixes: b26fc590ce ("ip: add MACsec support")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
All users of genl have the same code to open a genl socket and resolve
the family for their specific protocol. Introduce a helper to initialize
the handle, and use it in all the genl code.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
since kernel driver has valid default values for 'cipher' and 'icvlen',
there is no need for requiring users to specify both of them when a new
link is added. Also, prompt an error message and exit with appropriate
exit status in case of unsupported cipher suite.
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Extend ip-link to create MACsec devices
ip link add link <master> <macsec> type macsec [options]
Add `ip macsec` command to configure receive-side secure channels and
secure associations within a macsec netdevice.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Phil Sutter <phil@nwl.cc>
