ss: mptcp: print missing info counters

These new counters have been added in different kernel versions:

- v5.12: local_addr_used, local_addr_max

- v5.13: csum_enabled

- v6.5: retransmits, bytes_retrans, bytes_sent, bytes_received,
  bytes_acked

It is interesting to display them if they are available.

Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/415
Acked-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ss: mptcp: display seq related counters as decimal

This is aligned with what is printed for TCP sockets.

The main difference here is that these counters can be larger (u32 vs
u64) but WireShark and TCPDump are also printing these MPTCP counters as
decimal and they look fine.

So it sounds better to do the same here with ss for those who want to
easily count how many bytes have been exchanged between two runs without
having to think in hexa.

Acked-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ss: mptcp: display info counters as unsigned

Some counters from mptcp_info structure were stored as an unsigned
number (u8) but displayed as a signed one.

Even if it is unlikely these u8 counters -- number of subflows and
ADD_ADDR -- have a value bigger than 2^7, it still sounds better to
display them as unsigned.

Fixes: 9c3be2c0 ("ss: mptcp: add msk diag interface support")
Acked-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ip-vrf: recommend using CAP_BPF rather than CAP_SYS_ADMIN

The CAP_SYS_ADMIN capability allows far too much, to quote
`capabilities(7)`:

    Note: this capability is overloaded; see Notes to kernel developers, below.

In the case of `ip-vrf(8)` this is needed to load a BPF program.
According to the same section of the same man-page, using `CAP_BPF` is
preferred if that's the reason for `CAP_SYS_ADMIN`;

    perform  the  same BPF operations as are governed by CAP_BPF (but the latter, weaker capability is preferred for accessing
    that functionality).

Local testing revealed that `ip vrf exec` for an unprivileged user is
sufficient if the `CAP_BPF` capability is given rather than
`CAP_SYS_ADMIN`.

In a previous version of the patch[1] it was mentioned that
CAP_SYS_ADMIN was still required for Linux <5.8, however it was
suggested to not make man-pages dependent on the kernel version. Also,
it was suggested to improve the wording and the formatting of the entire
paragraph mentioning capabilities which was also done.

Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
[1] https://lore.kernel.org/netdev/e6t4ucjdrcitzneh2imygsaxyb2aasxfn2q2a4zh5yqdx3vold@kutwh5kwixva/T/#m628a1900a7e5012bb87e6cb3c94af6c7281cf2bf

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ss: Fix socket type check in packet_show_line()

The field is accessed before being assigned a meaningful value,
effectively disabling the checks.

Fixes: 4a0053b606a34 ("ss: Unify packet stats output from netlink and proc")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

devlink: spell out STATE in devlink port function help

Be in-sync with port help and port man page and spell out the possible
states instead of "STATE".

Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

tc/taprio: fix JSON output when TCA_TAPRIO_ATTR_ADMIN_SCHED is present

When the kernel reports that a configuration change is pending
(and that the schedule is still in the administrative state and
not yet operational), we (tc -j -p qdisc show) produce the following
output:

[ {
        "kind": "taprio",
        "handle": "8001:",
        "root": true,
        "refcnt": 9,
        "options": {
            "tc": 8,
            "map": [ 0,1,2,3,4,5,6,7,0,0,0,0,0,0,0,0 ],
            "queues": [ {
                    "offset": 0,
                    "count": 1
                },{
                    "offset": 1,
                    "count": 1
                },{
                    "offset": 2,
                    "count": 1
                },{
                    "offset": 3,
                    "count": 1
                },{
                    "offset": 4,
                    "count": 1
                },{
                    "offset": 5,
                    "count": 1
                },{
                    "offset": 6,
                    "count": 1
                },{
                    "offset": 7,
                    "count": 1
                } ],
            "clockid": "TAI",
            "base_time": 0,
            "cycle_time": 20000000,
            "cycle_time_extension": 0,
            "schedule": [ {
                    "index": 0,
                    "cmd": "S",
                    "gatemask": "0xff",
                    "interval": 20000000
                } ],{
                "base_time": 1691160103110424418,
                "cycle_time": 20000000,
                "cycle_time_extension": 0,
                "schedule": [ {
                        "index": 0,
                        "cmd": "S",
                        "gatemask": "0xff",
                        "interval": 20000000
                    } ]
            },
            "max-sdu": [ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ],
            "fp": [ "E","E","E","E","E","E","E","E","E","E","E","E","E","E","E","E" ]
        }
    } ]

which is invalid json, because the second group of "base_time",
"cycle_time", etc etc is placed in an unlabeled sub-object. If we pipe
it into jq, it complains:

parse error: Objects must consist of key:value pairs at line 53, column 14

Since it represents the administrative schedule, give this unnamed JSON
object the "admin" name. We now print valid JSON which looks like this:

[ {
        "kind": "taprio",
        "handle": "8001:",
        "root": true,
        "refcnt": 9,
        "options": {
            "tc": 8,
            "map": [ 0,1,2,3,4,5,6,7,0,0,0,0,0,0,0,0 ],
            "queues": [ {
                    "offset": 0,
                    "count": 1
                },{
                    "offset": 1,
                    "count": 1
                },{
                    "offset": 2,
                    "count": 1
                },{
                    "offset": 3,
                    "count": 1
                },{
                    "offset": 4,
                    "count": 1
                },{
                    "offset": 5,
                    "count": 1
                },{
                    "offset": 6,
                    "count": 1
                },{
                    "offset": 7,
                    "count": 1
                } ],
            "clockid": "TAI",
            "base_time": 0,
            "cycle_time": 20000000,
            "cycle_time_extension": 0,
            "schedule": [ {
                    "index": 0,
                    "cmd": "S",
                    "gatemask": "0xff",
                    "interval": 20000000
                } ],
            "admin": {
                "base_time": 1691160511783528178,
                "cycle_time": 20000000,
                "cycle_time_extension": 0,
                "schedule": [ {
                        "index": 0,
                        "cmd": "S",
                        "gatemask": "0xff",
                        "interval": 20000000
                    } ]
            },
            "max-sdu": [ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ],
            "fp": [ "E","E","E","E","E","E","E","E","E","E","E","E","E","E","E","E" ]
        }
    } ]

Fixes: 602fae856d80 ("taprio: Add support for changing schedules")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

tc/taprio: don't print netlink attributes which weren't reported by the kernel

When an admin schedule is pending and hasn't yet become operational, the
kernel will report only the parameters of the admin schedule in a nested
TCA_TAPRIO_ATTR_ADMIN_SCHED attribute.

However, we default to printing zeroes even for the parameters of the
operational base time, when that doesn't exist.

Fixes: 0dd16449356f ("tc: Add support for configuring the taprio scheduler")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

man: bridge: update bridge link show

Add missing man page documentation for bridge link show features added in
commit 13a5d8fcb41b ("bridge: link: allow filtering on bridge name") and
commit 64108901b737 ("bridge: Add support for setting bridge port attributes")

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

uapi: update headers

Based off ov 6.5-rc5

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

seg6: man: ip-link.8: add description of NEXT-C-SID flavor for SRv6 End.X behavior

This patch extends the manpage by providing the description of NEXT-C-SID
support for the SRv6 End.X behavior as defined in RFC 8986 [1].

The code/logic required to handle the "flavors" framework has already been
merged into iproute2 by commit:
    04a6b456bf74 ("seg6: add support for flavors in SRv6 End* behaviors").

Some examples:
ip -6 route add 2001:db8::1 encap seg6local action End.X nh6 fc00::1 flavors next-csid dev eth0

Standard Output:
ip -6 route show 2001:db8::1
2001:db8::1  encap seg6local action End.X nh6 fc00::1 flavors next-csid lblen 32 nflen 16 dev eth0 metric 1024 pref medium

JSON Output:
ip -6 -j -p route show 2001:db8::1
[ {
"dst": "2001:db8::1",
"encap": "seg6local",
        "action": "End.X",
        "nh6": "fc00::1",
        "flavors": [ "next-csid" ],
        "lblen": 32,
        "nflen": 16,
"dev": "eth0",
"metric": 1024,
"flags": [ ],
"pref": "medium"
} ]

[1] - https://datatracker.ietf.org/doc/html/rfc8986

Signed-off-by: Paolo Lungaroni <paolo.lungaroni@uniroma2.it>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ss: report when the RxNoPad optimization is set on TLS sockets

Similarly to RO ZC report when RxNoPad is set.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ip: error out if iplink does not consume all options

dummy does not define .parse_opt, which make ip ignore all
trailing arguments, for example:

 # ip link add type dummy a b c d e f name cheese

will work just fine (and won't call the device "cheese").
Error out in this case with a clear error message:

 # ip link add type dummy a b c d e f name cheese
 Garbage instead of arguments "a ...". Try "ip link help".

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

bridge: link: allow filtering on bridge name

When using 'brige link show' we can either dump all links enslaved to any bridge
(called without arg ) or display a single link (called with dev arg).
However there is no way to dummp all links of a single bridge.

To do so, this adds new optional 'master XXX' arg to 'bridge link show' command.
usage: bridge link show master br0

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

Read configuration files from /etc and /usr

Add support for the so called "stateless" configuration pattern (read
from /etc, fall back to /usr), giving system administrators a way to
define local configuration without changing any distro-provided files.

In practice this means that each configuration file FOO is loaded
from /usr/lib/iproute2/FOO unless /etc/iproute2/FOO exists.

Signed-off-by: Gioele Barabucci <gioele@svario.it>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

man: (ss) fix wrong margin

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

tc: fix a wrong file name in comment

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

bridge/mdb.c: include limits.h

While building iproute2 6.4.0 with musl using Yocto Project, errors such
as the following were encountered:

| mdb.c: In function 'mdb_parse_vni':
| mdb.c:666:47: error: 'ULONG_MAX' undeclared (first use in this function)
|   666 |         if ((endptr && *endptr) || vni_num == ULONG_MAX)
|       |                                               ^~~~~~~~~
| mdb.c:666:47: note: 'ULONG_MAX' is defined in header '<limits.h>'; did you forget to '#include <limits.h>'?

Include limits.h in bridge/mdb.c to fix this issue. This change is based
on one in Alpine Linux, but the author there had no plans to submit:
https://git.alpinelinux.org/aports/commit/main/iproute2/include.patch?id=bd46efb8a8da54948639cebcfa5b37bd608f1069

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

misc/ifstat: fix incorrect output data in json mode

Due to this bug, in json mode (with the -j flag), the output was
always in absolute mode (as if passing in the -a flag) and not in
relative mode.

Signed-off-by: Chander Govindarajan <mail@chandergovind.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

Add missing SPDX headers

All headers and source in iproute2 should be using SPDX license info.
Add a couple that were missed, and take off boilerplate.

Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

include: dual license the bpf helper includes

The files bpf_api.h and bpf_elf.h are useful for TC BPF programs
to use. And there is no requirement that those be GPL only;
we intend to allow BSD licensed BPF helpers as well.

This makes the file license same as libbpf.

Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

misc/ifstat: fix incorrect output data in json mode

Due to this bug, in json mode (with the -j flag), the output was
always in absolute mode (as if passing in the -a flag) and not in
relative mode.

Signed-off-by: Chander Govindarajan <mail@chandergovind.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

f_flower: Treat port 0 as valid

It is not currently possible to add a filter matching on port 0 despite
it being a valid port number. This is caused by cited commit which
treats a value of 0 as an indication that the port was not specified.

Instead of inferring that a port range was specified by checking that both
the minimum and the maximum ports are non-zero, simply add a boolean
argument to parse_range() and set it after parsing a port range.

Before:

 # tc filter add dev swp1 ingress pref 1 proto ip flower ip_proto udp src_port 0 action pass
 Illegal "src_port"

 # tc filter add dev swp1 ingress pref 2 proto ip flower ip_proto udp dst_port 0 action pass
 Illegal "dst_port"

 # tc filter add dev swp1 ingress pref 3 proto ip flower ip_proto udp src_port 0-100 action pass
 Illegal "src_port"

 # tc filter add dev swp1 ingress pref 4 proto ip flower ip_proto udp dst_port 0-100 action pass
 Illegal "dst_port"

After:

 # tc filter add dev swp1 ingress pref 1 proto ip flower ip_proto udp src_port 0 action pass

 # tc filter add dev swp1 ingress pref 2 proto ip flower ip_proto udp dst_port 0 action pass

 # tc filter add dev swp1 ingress pref 3 proto ip flower ip_proto udp src_port 0-100 action pass

 # tc filter add dev swp1 ingress pref 4 proto ip flower ip_proto udp dst_port 0-100 action pass

 # tc filter show dev swp1 ingress | grep _port
   src_port 0
   dst_port 0
   src_port 0-100
   dst_port 0-100

Fixes: 767b6fd620dd ("tc: flower: fix port value truncation")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

uapi: update headers to 6.5-rc1

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

tc/taprio: fix parsing of "fp" option when it doesn't appear last

When installing a Qdisc this way:

tc qdisc replace dev $ifname handle 8001: parent root stab overhead 24 taprio \
num_tc 8 \
map 0 1 2 3 4 5 6 7 \
queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 \
base-time 0 \
sched-entry S 01 1216 \
sched-entry S fe 12368 \
fp P E E E E E E E \
flags 0x2

the parser will error out when it tries to parse the "fp" array and it
finds "flags" as one of the elements, expecting it to be one of "P" or
"E".

The way this is handled in the parsing of other array arguments of
variable size (max-sdu, map, queues etc) is to not fail, call PREV_ARG()
and attempt re-parsing the argument as something else. Do that for "fp"
as well.

Apparently mqprio handles this case correctly, so I must have forgotten
to apply the same treatment for taprio as well, during development.

Fixes: 5fbca3b469ec ("tc/taprio: add support for preemptible traffic classes")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

f_flower: simplify cfm dump function

The standard print function can be used to print the cfm attributes in
both standard and json use cases. In this way no string buffer is needed
which simplifies the code.

Signed-off-by: Zahari Doychev <zdoychev@maxlinear.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ifstat: fix warning about conditional

Gcc with warnings enabled complains because the conditional.
  if ((long)(a - b) < 0)
could be construed as never true.  Change to simple comparison.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ct: check for invalid proto

Previously since proto was __u8 an invalid proto would
be allowed.  Gcc warns about never true conditional
since __u8 can never be negative.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ss: fix warning about empty if()

With all warnings enabled gcc wants brackets around the
empty if() clause. "Yes I really want an empty clause"

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

fix fallthrough warnings

In lib/utils.c comment for fallthrough was in wrong place
and one was missing in xfrm_state.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

dcb: fully initialize flag table

And make the flag table const since only used for lookup.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

Merge git://git.kernel.org/pub/scm/network/iproute2/iproute2-next

v6.4.0

man: fix typos found by Lintian

Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

f_flower: add cfm support

Add support for matching on CFM Maintenance Domain level and opcode.

  # tc filter add dev ens6 ingress pref 1 proto cfm \
       flower cfm op 1 mdl 5 action ok

  # tc filter show dev ens6 ingress
    filter protocol cfm pref 1 flower chain 0
    filter protocol cfm pref 1 flower chain 0 handle 0x1
      eth_type 8902
      cfm mdl 5 op 1
      not_in_hw
            action order 1: gact action pass
             random type none pass val 0
             index 1 ref 1 bind 1

  # tc -j -p filter show dev ens6 ingress
    [ {
            "protocol": "cfm",
            "pref": 1,
            "kind": "flower",
            "chain": 0
        },{
            "protocol": "cfm",
            "pref": 1,
            "kind": "flower",
            "chain": 0,
            "options": {
                "handle": 1,
                "keys": {
                    "eth_type": "8902",
                    "cfm": {
                        "mdl": 5,
                        "op": 1
                    }
                },
                "not_in_hw": true,
                "actions": [ {
                        "order": 1,
                        "kind": "gact",
                        "control_action": {
                            "type": "pass"
                        },
                        "prob": {
                            "random_type": "none",
                            "control_action": {
                                "type": "pass"
                            },
                            "val": 0
                        },
                        "index": 1,
                        "ref": 1,
                        "bind": 1
                    } ]
            }
        } ]

Signed-off-by: Zahari Doychev <zdoychev@maxlinear.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

iplink: filter stats using RTEXT_FILTER_SKIP_STATS

Don't request statistics we do not intend to render. This avoids the
possibility of a truncated IFLA_VFINFO_LIST when statistics are not
requested as well as the fetching of unnecessary data.

Signed-off-by: Edwin Peer <edwin.peer@broadcom.com>
Cc: Edwin Peer <espeer@gmail.com>
Signed-off-by: Gal Pressman <gal@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

Update kernel headers

Update kernel headers to commit:
    cc7554954848 ("net: micrel: Change to receive timestamp in the frame for lan8841")

Signed-off-by: David Ahern <dsahern@kernel.org>

tc/taprio: print the offload xstats

When the kernel reports offload counters through TCA_STATS2 ->
TCA_STATS_APP for the taprio qdisc, decode and print them.

Usage:

 # Global stats
 $ tc -s qdisc show dev eth0 root
 # Per-tc stats
 $ tc -s class show dev eth0

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

f_flower: Add l2_miss support

Add the ability to match on packets that encountered a layer 2 miss in
bridge driver's FDB / MDB. Example:

 # tc filter add dev swp2 egress pref 1 proto all flower indev swp1 l2_miss 1 action drop
 # tc filter add dev swp2 egress pref 1 proto all flower indev swp1 l2_miss 0 action drop

 # tc filter show dev swp2 egress
 filter protocol all pref 1 flower chain 0
 filter protocol all pref 1 flower chain 0 handle 0x1
   indev swp1
   l2_miss 1
   not_in_hw
         action order 1: gact action drop
          random type none pass val 0
          index 1 ref 1 bind 1

 filter protocol all pref 1 flower chain 0 handle 0x2
   indev swp1
   l2_miss 0
   not_in_hw
         action order 1: gact action drop
          random type none pass val 0
          index 2 ref 1 bind 1

 # tc -j -p filter show dev swp2 egress
 [ {
         "protocol": "all",
         "pref": 1,
         "kind": "flower",
         "chain": 0
     },{
         "protocol": "all",
         "pref": 1,
         "kind": "flower",
         "chain": 0,
         "options": {
             "handle": 1,
             "indev": "swp1",
             "keys": {
                 "l2_miss": 1
             },
             "not_in_hw": true,
             "actions": [ {
 [...]
                 } ]
         }
     },{
         "protocol": "all",
         "pref": 1,
         "kind": "flower",
         "chain": 0,
         "options": {
             "handle": 2,
             "indev": "swp1",
             "keys": {
                 "l2_miss": 0
             },
             "not_in_hw": true,
             "actions": [ {
 [...]
                 } ]
         }
     } ]

Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

Merge branch 'dcb-rewr-subcmd' into next

Daniel Machon  says:

====================

========================================================================
Introduction:
========================================================================

This series introduces a new DCB subcommand: rewr, which is used to
configure the in-kernel DCB rewrite table [1].

Rewrite support is added as a separate DCB subcommand, rather than an
APP opt-in flag or similar. This goes in line with what we did to dcbnl,
where rewrite is a separate object.  Obviously this requires a bit more
code to implement the new command, but much of the existing dcb-app code
(especially the bookkeeping code) can be reused. In some cases a little
adaptation is needed.

========================================================================
dcb-rewr parameters:
========================================================================

Initially, I have only made support for the prio-pcp and prio-dscp
parameters, as DSCP and PCP  are the only selectors that currently have
a user [2] and to be honest, I am not even sure it makes sense to add
dgram, stream, ethtype rewrite support - At least the rewriter of Sparx5
does not support this. Any input here is much appreciated!

Examples:

Rewrite DSCP to 63 for packets with priority 1
$ dcb rewr add dev eth0 prio-dscp 1:63

Rewrite PCP 7 and DEI to 1 for packets with priority 1
$ dcb rewr add dev eth0 prio-pcp 1:7de

A new manpage has been added, to cover the new dcb-rewr subcommand, and
its parameters. Also I took the liberty to clean up a few things in the
dcb-app manpage.

========================================================================
Patch overview:
========================================================================

Patch  #1 Adds a new field 'attr' to the dcb_app_table struct, which is
          used to distinguish app and rewrite tables.

Patch  #2 Replaces uses of %d with %u for unsigned int.

Patch  #3 Moves colon out of callback functions.

Patch  #4 Renames protocl print functions from _key to _pid

Patch  #5 Modifies the _print_filtered() function for dcb-rewr reuse, by
          introducing new callbacks.

Patch  #6 Modifies existing dcb-app function dcb_app_table_remove_replaced
          for reuse by dcb-rewr

Patch  #7 Expose dcb-app functions required by dcb-rewr.

Patch  #8 Adds the new dcb-rewr subcommand with initial support for
          prio-pcp and prio-dscp rewrite.

Patch  #9 Introduces symbol for max DSCP value and updates accordingly.

Patch #10 Adds the dcb-rewr.8 manpage
Patch #11 Adds references to dcb-apptrust and dcb-rewr in the dcb.8
          manpage.

Patch #12 Cleans up the dcb-app.8 manpage.

[1] https://elixir.bootlin.com/linux/v6.4-rc1/source/net/dcb/dcbnl.c#L181
[2] https://elixir.bootlin.com/linux/v6.4-rc1/source/drivers/net/ethernet/microchip/sparx5/sparx5_dcb.c#L380

====================

Signed-off-by: David Ahern <dsahern@kernel.org>

man: dcb-app: clean up a few mistakes

While referencing the dcb-app manpage, I spotted a few mistakes. Lets
fix them.

Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

man: dcb: add additional references under 'SEE ALSO'

Add dcb-apptrust and dcb-rewr to the 'SEE ALSO' section of the dcb
manpage.

Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

man: dcb-rewr: add new manpage for dcb-rewr

Add a new manpage for dcb-rewr. Most of the content is copied over from
dcb-app, as the same set of commands and parameters (in reverse) applies
to dcb-rewr.

Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

dcb: rewr: add symbol for max DSCP value

A symbol, DCB_APP_PCP_MAX, for maximum PCP value, already exists. Lets
add a symbol DCB_APP_DSCP_MAX and update accordingly.

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>

dcb: rewr: add new dcb-rewr subcommand

Add a new subcommand 'rewr' for configuring the in-kernel DCB rewrite
table. The rewrite table of the kernel is similar to the APP table,
therefore, much of the existing bookkeeping code from dcb-app, can be
reused in the dcb-rewr implementation.

Initially, only support for configuring PCP and DSCP-based rewrite has
been added.

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>

dcb: app: expose functions required by dcb-rewr

In preparation for the dcb-rewr implementation, expose required
functions, and structs.

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>

dcb: app: modify dcb_app_table_remove_replaced() for dcb-rewr reuse

When doing a replace command, entries are checked against selector and
protocol. Rewrite requires the check to be against selector and
priority.

Adapt the existing dcb_app_table_remove_replace function for this, by
using callback functions for selector, pid and prio checks.

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>

dcb: app: modify dcb_app_print_filtered() for dcb-rewr reuse

Where dcb-app requires protocol to be the printed key, dcb-rewr requires
it to be the priority. Adapt existing dcb-app print functions for this.

dcb_app_print_filtered() has been modified, to take two callbacks; one
for printing the entire string (pid and prio), and one for the pid type
(dec, hex, dscp, pcp). This saves us for making one dedicated function
for each pid type for both app and rewr.

Also, printing the colon is now expected to be handled by the
print_pid_prio() callback.

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>

dcb: app: rename dcb_app_print_key_*() functions

In preparation for changing the prototype of dcb_app_print_filtered(),
rename the _print_key_*() functions to _print_pid_*(), as the protocol
can both be key and value with the introduction of dcb-rewr.

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>

dcb: app: move colon printing out of callbacks

In preparation for changing the prototype of dcb_app_print_filtered(),
move the colon printing out of the callbacks, and into
dcb_app_print_filtered().

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>

dcb: app: replace occurrences of %d with %u for printing unsigned int

In preparation for changing the prototype of dcb_app_print_filtered(),
replace occurrences of %d for printing unsigned integer, with %u as it
ought to be.

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>

dcb: app: add new dcbnl attribute field

Add a new field 'attr' to the dcb_app_table struct, in order to inject
different dcbnl get/set attributes for APP and rewrite.

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>

uapi: update to bpf.h

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

rt_names: check for malloc() failure

Fixes issue reported by Gcc 13 analayzer.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ip-link: add support for nolocalbypass in vxlan

Add userspace support for the [no]localbypass vxlan netlink
attribute. With localbypass on (default), the vxlan driver processes
the packets destined to the local machine by itself, bypassing the
userspace nework stack. With nolocalbypass the packets are always
forwarded to the userspace network stack, so userspace programs,
such as tcpdump have a chance to process them.

Signed-off-by: Vladimir Nikishkin <vladimir@nikishkin.pw>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Andrea Claudi <aclaudi@redhat.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>

Update kernel headers

Update kernel headers to commit:
    ae91f7e436f8 ("net/pppoe: fix a typo for the PPPOE_HASH_BITS_1 definition")

Signed-off-by: David Ahern <dsahern@kernel.org>

whitespace cleanups

Remove trailing whitespace.
Make sure there is space after keywords.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

treewide: fix indentation

Replace multiple whitespaces with tab where appropriate.
While at it, fix tc flower help message and remove some double
whitespaces.

Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

Merge branch 'main' into next

Signed-off-by: David Ahern <dsahern@kernel.org>

rdma: make rd_attr_check static

Function defined and used in only one file.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

xfrm: make xfrm_stat_print_nokeys static

This function is only used in one file.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ip: make print_rta_gateway static

Function only used in one file.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

bridge: make print_vlan_info static

Function defined and used in only one file.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

libnetlink: drop unused rtnl_talk_iov

Function was defined but not used in current iproute2 code.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

utils: make local cmdline functions static

No need to expose these parts of command line parsing.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ipaddress: accept symbolic names

The function rtnl_addproto_a2n() was defined but never used.
Use it to allow for symbolic names, and fix the function signatures
so protocol value is consistently __u8.

Fixes: bdb8d8549ed9 ("ip: Support IP address protocol")
Cc: petrm@nvidia.com
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

uapi: update headers to 6.4-rc4

Minor addition to in.h

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

vxlan: make option printing more consistent

Add new helper function print_bool_opt() which prints
with no prefix and use it for vxlan options.

If the option matches the expected default value,
it is not printed if in non JSON mode unless the details
setting is repeated.

Use a table for the vxlan options. This will change
the order of the printing of options.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

vxlan: use print_nll for gbp and gpe

The Gbp and Gpe are presence, not booleans so use print_null()
for them

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

iproute_lwtunnel: fix array boundary check

seg6_mode_types is made up of 5 elements, so ARRAY_SIZE(seg6_mode_types)
evaluates to 5. Thus, when mode = 5, this function returns
seg6_mode_types[5], resulting in an out-of-bound access.

Fix this bailing out when mode is equal to or greater than 5.

Fixes: cf87da417bb4 ("iproute: add support for seg6 l2encap mode")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

vdpa: propagate error from cmd_dev_vstats_show()

Error potentially returned from mnlu_gen_socket_sndrcv() are propagated
for each and every invocation in vdpa. Let's do the same here.

Fixes: 6f97e9c9337b ("vdpa: Add support for reading vdpa device statistics")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Reviewed-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ipstats: fix message reporting error

strerror() accepts any integer as arguments, but returns meaningful
error descriptions only for positive integers.

ipstats code uses strerror on a code path where either err is 0 or
-ENOMEM, thus resulting in a useless error message.

Fix this using errno and moving the error printing closer to the only
function populating it in this code path.

Fixes: df0b2c6d0098 ("ipstats: Add a shell of "show" command")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

bridge: vni: remove useless checks on vni

After the (d == NULL || vni == NULL) check, vni cannot be NULL anymore.

This remove two useless conditional checks on vni value:
- the first check cannot be true, so remove the whole conditional block
- the second check is always true, so remove the check

Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ip: remove double space before 'allmulti' flag

Current output:
$ ip -d link show vxlan0
79: vxlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether b6:f6:12:c3:2d:52 brd ff:ff:ff:ff:ff:ff promiscuity 0  allmulti 0 minmtu 68 maxmtu 65535

Resulting output:
$ ip -d link show vxlan0
79: vxlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether b6:f6:12:c3:2d:52 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535

Fixes: e98683accc28 ("link: display 'allmulti' counter")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ll_type_n2a: use ARRAY_SIZE

Replace open coded version of array size computation.
And fix whitespace.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

mptcp: add support for implicit flag

Kernel supports implicit flag since commit d045b9eb95a9 ("mptcp:
introduce implicit endpoints"), included in v5.18.

Let's add support for displaying it to iproute2.

Before this change:
$ ip mptcp endpoint show
10.0.2.2 id 1 rawflags 10

After this change:
$ ip mptcp endpoint show
10.0.2.2 id 1 implicit

Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

CREDITS: add file

Record some of the historical contributors to iproute2.
Take Alexey out of README.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

tc/prio: handle possible truncated kernel response

Reported by -fanalyzer. If kernel did not send full qdisc
info, then uninitialized or null data could be referenced.

q_prio.c: In function ‘prio_print_opt’:
q_prio.c:105:57: warning: dereference of NULL ‘0’ [CWE-476] [-Wanalyzer-null-dereference]
  105 |         print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
      |                                                     ~~~~^~~~~~~
  ‘prio_print_opt’: event 1
    |
    |   98 |         if (opt == NULL)
    |      |            ^
    |      |            |
    |      |            (1) following ‘false’ branch (when ‘opt’ is non-NULL)...
    |
  ‘prio_print_opt’: event 2
    |
    |../include/uapi/linux/rtnetlink.h:228:38:
    |  228 | #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
    |      |                                ~~~~~~^~~~~~~~~~
    |      |                                      |
    |      |                                      (2) ...to here
../include/libnetlink.h:236:19: note: in expansion of macro ‘RTA_PAYLOAD’
    |  236 |         ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL;       \
    |      |                   ^~~~~~~~~~~
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
    |  101 |         if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
    |      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~
    |
  ‘prio_print_opt’: event 3
    |
    |../include/libnetlink.h:236:59:
    |  236 |         ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL;       \
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
    |  101 |         if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
    |      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~
    |
  ‘prio_print_opt’: events 4-5
    |
    |  105 |         print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
    |      |                                                     ~~~~^~~~~~~
    |      |                                                         |
    |      |                                                         (4) ...to here
    |      |                                                         (5) dereference of NULL ‘<unknown>’
    |

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

rdma/utils: fix some analyzer warnings

Add error checks for cases where analyzer thinks it is possible
to us a possibly NULL value.

utils.c: In function ‘get_port_from_argv’:
utils.c:76:17: warning: use of NULL where non-null expected [CWE-476] [-Wanalyzer-null-argument]
   76 |         slash = strchr(rd_argv(rd), '/');
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~
  ‘get_port_from_argv’: events 1-2
    |
    |   68 | static int get_port_from_argv(struct rd *rd, uint32_t *port,
    |      |            ^~~~~~~~~~~~~~~~~~
    |      |            |
    |      |            (1) entry to ‘get_port_from_argv’
    |......
    |   76 |         slash = strchr(rd_argv(rd), '/');
    |      |                        ~
    |      |                        |
    |      |                        (2) inlined call to ‘rd_argv’ from ‘get_port_from_argv’
    |
    +--> ‘rd_argv’: event 3
           |
           |   18 |         if (!rd_argc(rd))
           |      |            ^
           |      |            |
           |      |            (3) following ‘true’ branch...
           |
    <------+
    |
  ‘get_port_from_argv’: events 4-5
    |
    |   76 |         slash = strchr(rd_argv(rd), '/');
    |      |                 ^~~~~~~~~~~~~~~~~~~~~~~~
    |      |                 |
    |      |                 (4) ...to here
    |      |                 (5) argument 1 (‘<unknown>’) NULL where non-null expected
    |
In file included from rdma.h:10,
                 from utils.c:7:
/usr/include/string.h:246:14: note: argument 1 of ‘strchr’ must be non-null
  246 | extern char *strchr (const char *__s, int __c)
      |              ^~~~~~

Fixes: 40df8263a0f0 ("rdma: Add dev object")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

nstat: fix potential NULL deref

Reported as:
    CC       nstat
nstat.c: In function ‘load_ugly_table’:
nstat.c:205:24: warning: dereference of NULL ‘p’ [CWE-476] [-Wanalyzer-null-dereference]
  205 |                 while (*p) {
      |                        ^~
  ‘main’: events 1-14
    |
    |  575 | int main(int argc, char *argv[])
    |      |     ^~~~
    |      |     |
    |      |     (1) entry to ‘main’
    |......
    |  635 |         if (scan_interval > 0) {
    |      |            ~
    |      |            |
    |      |            (2) following ‘true’ branch...
    |  636 |                 if (time_constant == 0)
    |      |                     ~~~~~~~~~~~~~~~~~~
    |      |                                   |
    |      |                                   (3) ...to here
    |......
    |  640 |                 if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
    |      |                    ~      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                    |      |
    |      |                    |      (4) when ‘socket’ succeeds
    |      |                    (5) following ‘false’ branch (when ‘fd >= 0’)...
    |......
    |  644 |                 if (bind(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
    |      |                    ~                                      ~~~~~~~~~~~~~~~~~~~~~~
    |      |                    |                                      |
    |      |                    (7) following ‘false’ branch...        (6) ...to here
    |......
    |  648 |                 if (listen(fd, 5) < 0) {
    |      |                    ~~~~~~~~~~~~~~
    |      |                    ||
    |      |                    |(8) ...to here
    |      |                    |(9) when ‘listen’ succeeds
    |      |                    (10) following ‘false’ branch...
    |......
    |  652 |                 if (daemon(0, 0)) {
    |      |                    ~~~~~~~~~~~~~
    |      |                    ||
    |      |                    |(11) ...to here
    |      |                    (12) following ‘false’ branch...
    |......
    |  656 |                 signal(SIGPIPE, SIG_IGN);
    |      |                 ~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                 |
    |      |                 (13) ...to here
    |  657 |                 signal(SIGCHLD, sigchild);
    |  658 |                 server_loop(fd);
    |      |                 ~~~~~~~~~~~~~~~
    |      |                 |
    |      |                 (14) calling ‘server_loop’ from ‘main’
    |
    +--> ‘server_loop’: events 15-16
           |
           |  472 | static void server_loop(int fd)
           |      |             ^~~~~~~~~~~
           |      |             |
           |      |             (15) entry to ‘server_loop’
           |......
           |  483 |         load_netstat();
           |      |         ~~~~~~~~~~~~~~
           |      |         |
           |      |         (16) calling ‘load_netstat’ from ‘server_loop’
           |
           +--> ‘load_netstat’: events 17-20
                  |
                  |  302 | static void load_netstat(void)
                  |      |             ^~~~~~~~~~~~
                  |      |             |
                  |      |             (17) entry to ‘load_netstat’
                  |......
                  |  306 |         if (fp) {
                  |      |            ~
                  |      |            |
                  |      |            (18) following ‘true’ branch (when ‘fp’ is non-NULL)...
                  |  307 |                 load_ugly_table(fp);
                  |      |                 ~~~~~~~~~~~~~~~~~~~
                  |      |                 |
                  |      |                 (19) ...to here
                  |      |                 (20) calling ‘load_ugly_table’ from ‘load_netstat’
                  |
                  +--> ‘load_ugly_table’: events 21-26
                         |
                         |  178 | static void load_ugly_table(FILE *fp)
                         |      |             ^~~~~~~~~~~~~~~
                         |      |             |
                         |      |             (21) entry to ‘load_ugly_table’
                         |  179 | {
                         |  180 |         char *buf = NULL;
                         |      |               ~~~
                         |      |               |
                         |      |               (22) ‘buf’ is NULL
                         |......
                         |  186 |         while ((nread = getline(&buf, &buflen, fp)) != -1) {
                         |      |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         |      |                                                     |
                         |      |                                                     (23) following ‘true’ branch...
                         |......
                         |  192 |                 p = strchr(buf, ':');
                         |      |                     ~~~~~~~~~~~~~~~~
                         |      |                     |
                         |      |                     (24) ...to here
                         |      |                     (25) when ‘strchr’ returns non-NULL
                         |  193 |                 if (!p) {
                         |      |                    ~
                         |      |                    |
                         |      |                    (26) following ‘false’ branch (when ‘p’ is non-NULL)...
                         |
                       ‘load_ugly_table’: event 27
                         |
                         |cc1:
                         | (27): ...to here
                         |
                       ‘load_ugly_table’: events 28-40
                         |
                         |  205 |                 while (*p) {
                         |      |                        ^~
                         |      |                        |
                         |      |                        (28) following ‘true’ branch...
                         |      |                        (40) dereference of NULL ‘p’
                         |......
                         |  208 |                         if ((next = strchr(p, ' ')) != NULL)
                         |      |                            ~        ~~~~~~~~~~~~~~
                         |      |                            |        |
                         |      |                            |        (29) ...to here
                         |      |                            |        (30) when ‘strchr’ returns NULL
                         |      |                            (31) following ‘false’ branch (when ‘next’ is NULL)...
                         |  209 |                                 *next++ = 0;
                         |  210 |                         else if ((next = strchr(p, '\n')) != NULL)
                         |      |                                 ~        ~~~~~~~~~~~~~~~
                         |      |                                 |        |
                         |      |                                 |        (32) ...to here
                         |      |                                 |        (33) when ‘strchr’ returns NULL
                         |      |                                 (34) following ‘false’ branch (when ‘next’ is NULL)...
                         |  211 |                                 *next++ = 0;
                         |  212 |                         if (off < sizeof(idbuf)) {
                         |      |                            ~~~~~~~~~~~~~~~~~~~~
                         |      |                            |    |
                         |      |                            |    (35) ...to here
                         |      |                            (36) following ‘false’ branch...
                         |......
                         |  216 |                         n = malloc(sizeof(*n));
                         |      |                             ~~~~~~~~~~~~~~~~~~
                         |      |                             |
                         |      |                             (37) ...to here
                         |  217 |                         if (!n) {
                         |      |                            ~
                         |      |                            |
                         |      |                            (38) following ‘false’ branch (when ‘n’ is non-NULL)...
                         |......
                         |  221 |                         n->id = strdup(idbuf);
                         |      |                                 ~~~~~~~~~~~~~
                         |      |                                 |
                         |      |                                 (39) ...to here
                         |
nstat.c:254:35: warning: dereference of NULL ‘n’ [CWE-476] [-Wanalyzer-null-dereference]
  254 |                                 n = n->next;
      |                                 ~~^~~~~~~~~
  ‘main’: events 1-14
    |
    |  575 | int main(int argc, char *argv[])
    |      |     ^~~~
    |      |     |
    |      |     (1) entry to ‘main’
    |......
    |  635 |         if (scan_interval > 0) {
    |      |            ~
    |      |            |
    |      |            (2) following ‘true’ branch...
    |  636 |                 if (time_constant == 0)
    |      |                     ~~~~~~~~~~~~~~~~~~
    |      |                                   |
    |      |                                   (3) ...to here
    |......
    |  640 |                 if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
    |      |                    ~      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                    |      |
    |      |                    |      (4) when ‘socket’ succeeds
    |      |                    (5) following ‘false’ branch (when ‘fd >= 0’)...
    |......
    |  644 |                 if (bind(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
    |      |                    ~                                      ~~~~~~~~~~~~~~~~~~~~~~
    |      |                    |                                      |
    |      |                    (7) following ‘false’ branch...        (6) ...to here
    |......
    |  648 |                 if (listen(fd, 5) < 0) {
    |      |                    ~~~~~~~~~~~~~~
    |      |                    ||
    |      |                    |(8) ...to here
    |      |                    |(9) when ‘listen’ succeeds
    |      |                    (10) following ‘false’ branch...
    |......
    |  652 |                 if (daemon(0, 0)) {
    |      |                    ~~~~~~~~~~~~~
    |      |                    ||
    |      |                    |(11) ...to here
    |      |                    (12) following ‘false’ branch...
    |......
    |  656 |                 signal(SIGPIPE, SIG_IGN);
    |      |                 ~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                 |
    |      |                 (13) ...to here
    |  657 |                 signal(SIGCHLD, sigchild);
    |  658 |                 server_loop(fd);
    |      |                 ~~~~~~~~~~~~~~~
    |      |                 |
    |      |                 (14) calling ‘server_loop’ from ‘main’
    |
    +--> ‘server_loop’: events 15-16
           |
           |  472 | static void server_loop(int fd)
           |      |             ^~~~~~~~~~~
           |      |             |
           |      |             (15) entry to ‘server_loop’
           |......
           |  483 |         load_netstat();
           |      |         ~~~~~~~~~~~~~~
           |      |         |
           |      |         (16) calling ‘load_netstat’ from ‘server_loop’
           |
           +--> ‘load_netstat’: events 17-20
                  |
                  |  302 | static void load_netstat(void)
                  |      |             ^~~~~~~~~~~~
                  |      |             |
                  |      |             (17) entry to ‘load_netstat’
                  |......
                  |  306 |         if (fp) {
                  |      |            ~
                  |      |            |
                  |      |            (18) following ‘true’ branch (when ‘fp’ is non-NULL)...
                  |  307 |                 load_ugly_table(fp);
                  |      |                 ~~~~~~~~~~~~~~~~~~~
                  |      |                 |
                  |      |                 (19) ...to here
                  |      |                 (20) calling ‘load_ugly_table’ from ‘load_netstat’
                  |
                  +--> ‘load_ugly_table’: events 21-25
                         |
                         |  178 | static void load_ugly_table(FILE *fp)
                         |      |             ^~~~~~~~~~~~~~~
                         |      |             |
                         |      |             (21) entry to ‘load_ugly_table’
                         |......
                         |  186 |         while ((nread = getline(&buf, &buflen, fp)) != -1) {
                         |      |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         |      |                                                     |
                         |      |                                                     (22) following ‘true’ branch...
                         |......
                         |  192 |                 p = strchr(buf, ':');
                         |      |                     ~~~~~~~~~~~~~~~~
                         |      |                     |
                         |      |                     (23) ...to here
                         |      |                     (24) when ‘strchr’ returns non-NULL
                         |  193 |                 if (!p) {
                         |      |                    ~
                         |      |                    |
                         |      |                    (25) following ‘false’ branch (when ‘p’ is non-NULL)...
                         |
                       ‘load_ugly_table’: event 26
                         |
                         |cc1:
                         | (26): ...to here
                         |
                       ‘load_ugly_table’: events 27-28
                         |
                         |  205 |                 while (*p) {
                         |      |                        ^
                         |      |                        |
                         |      |                        (27) following ‘false’ branch...
                         |......
                         |  228 |                 nread = getline(&buf, &buflen, fp);
                         |      |                         ~
                         |      |                         |
                         |      |                         (28) inlined call to ‘getline’ from ‘load_ugly_table’
                         |
                         +--> ‘getline’: event 29
                                |
                                |/usr/include/bits/stdio.h:120:10:
                                |  120 |   return __getdelim (__lineptr, __n, '\n', __stream);
                                |      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                                |      |          |
                                |      |          (29) ...to here
                                |
                         <------+
                         |
                       ‘load_ugly_table’: events 30-36
                         |
                         |nstat.c:229:20:
                         |  229 |                 if (nread == -1) {
                         |      |                    ^
                         |      |                    |
                         |      |                    (30) following ‘false’ branch...
                         |......
                         |  234 |                 count2 = count_spaces(buf);
                         |      |                          ~~~~~~~~~~~~~~~~~
                         |      |                          |
                         |      |                          (31) ...to here
                         |......
                         |  239 |                         if (!p) {
                         |      |                            ~
                         |      |                            |
                         |      |                            (32) following ‘false’ branch (when ‘p’ is non-NULL)...
                         |......
                         |  244 |                         *p = 0;
                         |      |                         ~~~~~~
                         |      |                            |
                         |      |                            (33) ...to here
                         |  245 |                         if (sscanf(p+1, "%llu", &n->val) != 1) {
                         |      |                            ~
                         |      |                            |
                         |      |                            (34) following ‘false’ branch...
                         |......
                         |  251 |                         if (skip)
                         |      |                            ~
                         |      |                            |
                         |      |                            (35) ...to here
                         |......
                         |  254 |                                 n = n->next;
                         |      |                                 ~~~~~~~~~~~
                         |      |                                   |
                         |      |                                   (36) dereference of NULL ‘n’
                         |

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

netem: fix NULL deref on allocation failure

q_netem.c: In function ‘get_distribution’:
q_netem.c:159:35: warning: dereference of possibly-NULL ‘data’ [CWE-690] [-Wanalyzer-possible-null-dereference]
  159 |                         data[n++] = x;
      |                         ~~~~~~~~~~^~~
  ‘netem_parse_opt’: events 1-24
    |
    |  192 | static int netem_parse_opt(struct qdisc_util *qu, int argc, char **argv,
    |      |            ^~~~~~~~~~~~~~~
    |      |            |
    |      |            (1) entry to ‘netem_parse_opt’
    |......
    |  212 |         for ( ; argc > 0; --argc, ++argv) {
    |      |                 ~~~~~~~~
    |      |                      |
    |      |                      (2) following ‘true’ branch (when ‘argc > 0’)...
    |  213 |                 if (matches(*argv, "limit") == 0) {
    |      |                    ~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                    ||
    |      |                    |(3) ...to here
    |      |                    (4) following ‘true’ branch...
    |......
    |  219 |                 } else if (matches(*argv, "latency") == 0 ||
    |      |                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                           ||                              |
    |      |                           |(5) ...to here                 (8) following ‘true’ branch...
    |      |                           (6) following ‘true’ branch...
    |  220 |                            matches(*argv, "delay") == 0) {
    |      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                            |
    |      |                            (7) ...to here
    |......
    |  243 |                 } else if (matches(*argv, "loss") == 0 ||
    |      |                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                           ||                           |
    |      |                           |(9) ...to here              (12) following ‘true’ branch...
    |      |                           (10) following ‘true’ branch...
    |  244 |                            matches(*argv, "drop") == 0) {
    |      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                            |
    |      |                            (11) ...to here
    |......
    |  366 |                 } else if (matches(*argv, "ecn") == 0) {
    |      |                           ~~~~~~~~~~~~~~~~~~~~~~
    |      |                           ||
    |      |                           |(13) ...to here
    |      |                           (14) following ‘true’ branch...
    |  367 |                         present[TCA_NETEM_ECN] = 1;
    |  368 |                 } else if (matches(*argv, "reorder") == 0) {
    |      |                           ~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                           ||
    |      |                           |(15) ...to here
    |      |                           (16) following ‘true’ branch...
    |......
    |  383 |                 } else if (matches(*argv, "corrupt") == 0) {
    |      |                           ~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                           ||
    |      |                           |(17) ...to here
    |      |                           (18) following ‘true’ branch...
    |......
    |  398 |                 } else if (matches(*argv, "gap") == 0) {
    |      |                           ~~~~~~~~~~~~~~~~~~~~~~
    |      |                           ||
    |      |                           |(19) ...to here
    |      |                           (20) following ‘true’ branch...
    |......
    |  404 |                 } else if (matches(*argv, "duplicate") == 0) {
    |      |                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                           ||
    |      |                           |(21) ...to here
    |      |                           (22) following ‘true’ branch...
    |......
    |  417 |                 } else if (matches(*argv, "distribution") == 0) {
    |      |                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                           ||
    |      |                           |(23) ...to here
    |      |                           (24) following ‘false’ branch...
    |
  ‘netem_parse_opt’: event 25
    |
    |../include/utils.h:50:29:
    |   50 | #define NEXT_ARG() do { argv++; if (--argc <= 0) incomplete_command(); } while(0)
    |      |                         ~~~~^~
    |      |                             |
    |      |                             (25) ...to here
q_netem.c:418:25: note: in expansion of macro ‘NEXT_ARG’
    |  418 |                         NEXT_ARG();
    |      |                         ^~~~~~~~
    |
  ‘netem_parse_opt’: event 26
    |
    |../include/utils.h:50:36:
    |   50 | #define NEXT_ARG() do { argv++; if (--argc <= 0) incomplete_command(); } while(0)
    |      |                                    ^
    |      |                                    |
    |      |                                    (26) following ‘false’ branch (when ‘argc != 0’)...
q_netem.c:418:25: note: in expansion of macro ‘NEXT_ARG’
    |  418 |                         NEXT_ARG();
    |      |                         ^~~~~~~~
    |
  ‘netem_parse_opt’: events 27-29
    |
    |  419 |                         dist_data = calloc(sizeof(dist_data[0]), MAX_DIST);
    |      |                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                                     |
    |      |                                     (27) ...to here
    |      |                                     (28) this call could return NULL
    |  420 |                         dist_size = get_distribution(*argv, dist_data, MAX_DIST);
    |      |                                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                                     |
    |      |                                     (29) calling ‘get_distribution’ from ‘netem_parse_opt’
    |
    +--> ‘get_distribution’: events 30-31
           |
           |  124 | static int get_distribution(const char *type, __s16 *data, int maxdata)
           |      |            ^~~~~~~~~~~~~~~~
           |      |            |
           |      |            (30) entry to ‘get_distribution’
           |......
           |  135 |         if (f == NULL) {
           |      |            ~
           |      |            |
           |      |            (31) following ‘false’ branch (when ‘f’ is non-NULL)...
           |
         ‘get_distribution’: event 32
           |
           |cc1:
           | (32): ...to here
           |
         ‘get_distribution’: events 33-35
           |
           |  142 |         while (getline(&line, &len, f) != -1) {
           |      |                ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~
           |      |                                        |
           |      |                                        (33) following ‘true’ branch...
           |......
           |  145 |                 if (*line == '\n' || *line == '#')
           |      |                    ~~~~~~
           |      |                    ||
           |      |                    |(34) ...to here
           |      |                    (35) following ‘false’ branch...
           |
         ‘get_distribution’: event 36
           |
           |cc1:
           | (36): ...to here
           |
         ‘get_distribution’: events 37-41
           |
           |  150 |                         if (endp == p)
           |      |                            ^
           |      |                            |
           |      |                            (37) following ‘false’ branch...
           |......
           |  153 |                         if (n >= maxdata) {
           |      |                            ~
           |      |                            |
           |      |                            (38) ...to here
           |      |                            (39) following ‘false’ branch (when ‘n < maxdata’)...
           |......
           |  159 |                         data[n++] = x;
           |      |                         ~~~~~~~~~~~~~
           |      |                               |   |
           |      |                               |   (41) ‘data + (long unsigned int)n * 2’ could be NULL: unchecked value from (28)
           |      |                               (40) ...to here
           |

Fixes: c1b81cb5fe92 ("netem potential dist table overflow")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

m_action: fix warning of overwrite of const string

The function get_action_kind() searches first for the given
action, then rescans on failure for "gact". In the process,
it would overwrite the argument.  Avoid the warning
by using a const argument and not copying.

The problem dates back to pre-git history.

m_action.c: In function ‘get_action_kind’:
m_action.c:126:17: warning: write to string literal [-Wanalyzer-write-to-string-literal]
  126 |                 strcpy(str, "gact");
      |                 ^~~~~~~~~~~~~~~~~~~
  ‘do_action’: events 1-6
    |
    |  853 | int do_action(int argc, char **argv)
    |      |     ^~~~~~~~~
    |      |     |
    |      |     (1) entry to ‘do_action’
    |......
    |  858 |         while (argc > 0) {
    |      |                ~~~~~~~~
    |      |                     |
    |      |                     (2) following ‘true’ branch...
    |  859 |
    |  860 |                 if (matches(*argv, "add") == 0) {
    |      |                    ~~~~~~~~~~~~~~~~~~~~~~
    |      |                    ||
    |      |                    |(3) ...to here
    |      |                    (4) following ‘false’ branch...
    |  861 |                         ret =  tc_action_modify(RTM_NEWACTION,
    |      |                                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                                |
    |      |                                (5) ...to here
    |      |                                (6) calling ‘tc_action_modify’ from ‘do_action’
    |  862 |                                                 NLM_F_EXCL | NLM_F_CREATE,
    |      |                                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~
    |  863 |                                                 &argc, &argv);
    |      |                                                 ~~~~~~~~~~~~~
    |
    +--> ‘tc_action_modify’: events 7-8
           |
           |  715 | static int tc_action_modify(int cmd, unsigned int flags,
           |      |            ^~~~~~~~~~~~~~~~
           |      |            |
           |      |            (7) entry to ‘tc_action_modify’
           |......
           |  735 |         if (parse_action(&argc, &argv, TCA_ACT_TAB, &req.n)) {
           |      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |             |
           |      |             (8) calling ‘parse_action’ from ‘tc_action_modify’
           |
           +--> ‘parse_action’: events 9-18
                  |
                  |  203 | int parse_action(int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
                  |      |     ^~~~~~~~~~~~
                  |      |     |
                  |      |     (9) entry to ‘parse_action’
                  |......
                  |  217 |         if (argc <= 0)
                  |      |            ~
                  |      |            |
                  |      |            (10) following ‘false’ branch...
                  |......
                  |  220 |         tail2 = addattr_nest(n, MAX_MSG, tca_id);
                  |      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  |      |                 |
                  |      |                 (11) ...to here
                  |  221 |
                  |  222 |         while (argc > 0) {
                  |      |                ~~~~~~~~
                  |      |                     |
                  |      |                     (12) following ‘true’ branch...
                  |  223 |
                  |  224 |                 memset(k, 0, sizeof(k));
                  |      |                 ~~~~~~~~~~~~~~~~~~~~~~~
                  |      |                 |
                  |      |                 (13) ...to here
                  |  225 |
                  |  226 |                 if (strcmp(*argv, "action") == 0) {
                  |      |                    ~
                  |      |                    |
                  |      |                    (14) following ‘true’ branch (when the strings are equal)...
                  |  227 |                         argc--;
                  |      |                         ~~~~~~
                  |      |                             |
                  |      |                             (15) ...to here
                  |......
                  |  231 |                         if (!gact_ld)
                  |      |                            ~
                  |      |                            |
                  |      |                            (16) following ‘true’ branch...
                  |  232 |                                 get_action_kind("gact");
                  |      |                                 ~~~~~~~~~~~~~~~~~~~~~~~
                  |      |                                 |
                  |      |                                 (17) ...to here
                  |      |                                 (18) calling ‘get_action_kind’ from ‘parse_action’
                  |
                  +--> ‘get_action_kind’: events 19-24
                         |
                         |   86 | static struct action_util *get_action_kind(char *str)
                         |      |                            ^~~~~~~~~~~~~~~
                         |      |                            |
                         |      |                            (19) entry to ‘get_action_kind’
                         |......
                         |  114 |         if (a == NULL)
                         |      |            ~
                         |      |            |
                         |      |            (20) following ‘true’ branch (when ‘a’ is NULL)...
                         |  115 |                 goto noexist;
                         |      |                 ~~~~
                         |      |                 |
                         |      |                 (21) ...to here
                         |......
                         |  124 |         if (!looked4gact) {
                         |      |            ~
                         |      |            |
                         |      |            (22) following ‘true’ branch (when ‘looked4gact == 0’)...
                         |  125 |                 looked4gact = 1;
                         |  126 |                 strcpy(str, "gact");
                         |      |                 ~~~~~~~~~~~~~~~~~~~
                         |      |                 |
                         |      |                 (23) ...to here
                         |      |                 (24) write to string literal here
                         |

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

tc_exec: don't dereference NULL on calloc failure

Reported as:
tc_exec.c: In function ‘do_exec’:
tc_exec.c:103:18: warning: dereference of NULL ‘eu’ [CWE-476] [-Wanalyzer-null-dereference]
  103 |         return eu->parse_eopt(eu, argc, argv);
      |                ~~^~~~~~~~~~~~
  ‘do_exec’: events 1-6
    |
    |   81 | int do_exec(int argc, char **argv)
    |      |     ^~~~~~~
    |      |     |
    |      |     (1) entry to ‘do_exec’
    |......
    |   86 |         if (argc < 1) {
    |      |            ~
    |      |            |
    |      |            (2) following ‘false’ branch (when ‘argc > 0’)...
    |......
    |   91 |         if (matches(*argv, "help") == 0) {
    |      |            ~~~~~~~~~~~~~~~~~~~~~~~
    |      |            ||
    |      |            |(3) ...to here
    |      |            (4) following ‘true’ branch...
    |......
    |   96 |         strncpy(kind, *argv, sizeof(kind) - 1);
    |      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |         |
    |      |         (5) ...to here
    |   97 |
    |   98 |         eu = get_exec_kind(kind);
    |      |              ~~~~~~~~~~~~~~~~~~~
    |      |              |
    |      |              (6) calling ‘get_exec_kind’ from ‘do_exec’
    |
    +--> ‘get_exec_kind’: events 7-10
           |
           |   40 | static struct exec_util *get_exec_kind(const char *name)
           |      |                          ^~~~~~~~~~~~~
           |      |                          |
           |      |                          (7) entry to ‘get_exec_kind’
           |......
           |   63 |         if (eu == NULL)
           |      |            ~
           |      |            |
           |      |            (8) following ‘true’ branch (when ‘eu’ is NULL)...
           |   64 |                 goto noexist;
           |      |                 ~~~~
           |      |                 |
           |      |                 (9) ...to here
           |......
           |   72 |         if (eu) {
           |      |            ~
           |      |            |
           |      |            (10) following ‘false’ branch (when ‘eu’ is NULL)...
           |
         ‘get_exec_kind’: event 11
           |
           |cc1:
           | (11): ...to here
           |
    <------+
    |
  ‘do_exec’: events 12-13
    |
    |   98 |         eu = get_exec_kind(kind);
    |      |              ^~~~~~~~~~~~~~~~~~~
    |      |              |
    |      |              (12) return of NULL to ‘do_exec’ from ‘get_exec_kind’
    |......
    |  103 |         return eu->parse_eopt(eu, argc, argv);
    |      |                ~~~~~~~~~~~~~~
    |      |                  |
    |      |                  (13) dereference of NULL ‘eu’
    |

Fixes: 4bd624467bc6 ("tc: built-in eBPF exec proxy")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

tc_util fix unitialized warning

tc_util.c: In function ‘parse_action_control_slash_spaces’:
tc_util.c:488:28: warning: use of uninitialized value ‘result2’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
  488 |                 *result2_p = result2;
      |                 ~~~~~~~~~~~^~~~~~~~~
  ‘parse_action_control_slash_spaces’: events 1-5
    |
    |  455 | static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p,
    |      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |            |
    |      |            (1) entry to ‘parse_action_control_slash_spaces’
    |......
    |  461 |         int result1 = -1, result2;
    |      |                           ~~~~~~~
    |      |                           |
    |      |                           (2) region created on stack here
    |      |                           (3) capacity: 4 bytes
    |......
    |  467 |                 switch (ok) {
    |      |                 ~~~~~~
    |      |                 |
    |      |                 (4) following ‘case 0:’ branch...
    |......
    |  475 |                         ret = parse_action_control(&argc, &argv,
    |      |                               ~
    |      |                               |
    |      |                               (5) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’
    |
    +--> ‘parse_action_control’: events 6-7
           |
           |  432 |         return __parse_action_control(argc_p, argv_p, result_p,
           |      |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |                |
           |      |                (6) ...to here
           |      |                (7) calling ‘__parse_action_control’ from ‘parse_action_control_slash_spaces’
           |  433 |                                       allow_num, false);
           |      |                                       ~~~~~~~~~~~~~~~~~
           |
         ‘__parse_action_control’: events 8-11
           |
           |  371 | static int __parse_action_control(int *argc_p, char ***argv_p, int *result_p,
           |      |            ^~~~~~~~~~~~~~~~~~~~~~
           |      |            |
           |      |            (8) entry to ‘__parse_action_control’
           |......
           |  378 |         if (!argc)
           |      |            ~
           |      |            |
           |      |            (9) following ‘false’ branch (when ‘argc != 0’)...
           |  379 |                 return -1;
           |  380 |         if (action_a2n(*argv, &result, allow_num) == -1) {
           |      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |             |
           |      |             (10) ...to here
           |      |             (11) calling ‘action_a2n’ from ‘__parse_action_control’
           |
           +--> ‘action_a2n’: events 12-16
                  |
                  |  335 | int action_a2n(char *arg, int *result, bool allow_num)
                  |      |     ^~~~~~~~~~
                  |      |     |
                  |      |     (12) entry to ‘action_a2n’
                  |......
                  |  356 |         for (iter = a2n; iter->a; iter++) {
                  |      |                          ~~~~
                  |      |                          |
                  |      |                          (13) following ‘true’ branch...
                  |  357 |                 if (matches(arg, iter->a) != 0)
                  |      |                     ~~~~~~~~~~~~~~~~~~~~~
                  |      |                     |
                  |      |                     (14) ...to here
                  |......
                  |  366 |         if (result)
                  |      |            ~
                  |      |            |
                  |      |            (15) following ‘true’ branch (when ‘result’ is non-NULL)...
                  |  367 |                 *result = n;
                  |      |                 ~~~~~~~~~~~
                  |      |                         |
                  |      |                         (16) ...to here
                  |
           <------+
           |
         ‘__parse_action_control’: event 17
           |
           |  380 |         if (action_a2n(*argv, &result, allow_num) == -1) {
           |      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |             |
           |      |             (17) returning to ‘__parse_action_control’ from ‘action_a2n’
           |
    <------+
    |
  ‘parse_action_control_slash_spaces’: event 18
    |
    |  475 |                         ret = parse_action_control(&argc, &argv,
    |      |                               ^
    |      |                               |
    |      |                               (18) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’
    |
    +--> ‘parse_action_control’: event 19
           |
           |  432 |         return __parse_action_control(argc_p, argv_p, result_p,
           |      |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |                |
           |      |                (19) returning to ‘parse_action_control_slash_spaces’ from ‘__parse_action_control’
           |  433 |                                       allow_num, false);
           |      |                                       ~~~~~~~~~~~~~~~~~
           |
    <------+
    |
  ‘parse_action_control_slash_spaces’: events 20-24
    |
    |  477 |                         if (ret)
    |      |                            ^
    |      |                            |
    |      |                            (20) following ‘false’ branch...
    |  478 |                                 return ret;
    |  479 |                         ok++;
    |      |                         ~~~~
    |      |                           |
    |      |                           (21) ...to here
    |......
    |  487 |         if (ok == 2)
    |      |            ~
    |      |            |
    |      |            (22) following ‘true’ branch (when ‘ok == 2’)...
    |  488 |                 *result2_p = result2;
    |      |                 ~~~~~~~~~~~~~~~~~~~~
    |      |                            |
    |      |                            (23) ...to here
    |      |                            (24) use of uninitialized value ‘result2’ here
    |
tc_util.c:488:28: warning: use of uninitialized value ‘result2’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
  488 |                 *result2_p = result2;
      |                 ~~~~~~~~~~~^~~~~~~~~
  ‘parse_action_control_slash’: events 1-5
    |
    |  505 | int parse_action_control_slash(int *argc_p, char ***argv_p,
    |      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |     |
    |      |     (1) entry to ‘parse_action_control_slash’
    |......
    |  510 |         char *p = strchr(*argv, '/');
    |      |                   ~~~~~~~~~~~~~~~~~~
    |      |                   |
    |      |                   (2) when ‘strchr’ returns NULL
    |  511 |
    |  512 |         if (!p)
    |      |            ~
    |      |            |
    |      |            (3) following ‘true’ branch (when ‘p’ is NULL)...
    |  513 |                 return parse_action_control_slash_spaces(argc_p, argv_p,
    |      |                        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                        |
    |      |                        (4) ...to here
    |      |                        (5) calling ‘parse_action_control_slash_spaces’ from ‘parse_action_control_slash’
    |  514 |                                                          result1_p, result2_p,
    |      |                                                          ~~~~~~~~~~~~~~~~~~~~~
    |  515 |                                                          allow_num);
    |      |                                                          ~~~~~~~~~~
    |
    +--> ‘parse_action_control_slash_spaces’: events 6-10
           |
           |  455 | static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p,
           |      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |            |
           |      |            (6) entry to ‘parse_action_control_slash_spaces’
           |......
           |  461 |         int result1 = -1, result2;
           |      |                           ~~~~~~~
           |      |                           |
           |      |                           (7) region created on stack here
           |      |                           (8) capacity: 4 bytes
           |......
           |  467 |                 switch (ok) {
           |      |                 ~~~~~~
           |      |                 |
           |      |                 (9) following ‘case 0:’ branch...
           |......
           |  475 |                         ret = parse_action_control(&argc, &argv,
           |      |                               ~
           |      |                               |
           |      |                               (10) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’
           |
           +--> ‘parse_action_control’: events 11-12
                  |
                  |  432 |         return __parse_action_control(argc_p, argv_p, result_p,
                  |      |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  |      |                |
                  |      |                (11) ...to here
                  |      |                (12) calling ‘__parse_action_control’ from ‘parse_action_control_slash_spaces’
                  |  433 |                                       allow_num, false);
                  |      |                                       ~~~~~~~~~~~~~~~~~
                  |
                ‘__parse_action_control’: events 13-16
                  |
                  |  371 | static int __parse_action_control(int *argc_p, char ***argv_p, int *result_p,
                  |      |            ^~~~~~~~~~~~~~~~~~~~~~
                  |      |            |
                  |      |            (13) entry to ‘__parse_action_control’
                  |......
                  |  378 |         if (!argc)
                  |      |            ~
                  |      |            |
                  |      |            (14) following ‘false’ branch (when ‘argc != 0’)...
                  |  379 |                 return -1;
                  |  380 |         if (action_a2n(*argv, &result, allow_num) == -1) {
                  |      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  |      |             |
                  |      |             (15) ...to here
                  |      |             (16) calling ‘action_a2n’ from ‘__parse_action_control’
                  |
                  +--> ‘action_a2n’: events 17-21
                         |
                         |  335 | int action_a2n(char *arg, int *result, bool allow_num)
                         |      |     ^~~~~~~~~~
                         |      |     |
                         |      |     (17) entry to ‘action_a2n’
                         |......
                         |  356 |         for (iter = a2n; iter->a; iter++) {
                         |      |                          ~~~~
                         |      |                          |
                         |      |                          (18) following ‘true’ branch...
                         |  357 |                 if (matches(arg, iter->a) != 0)
                         |      |                     ~~~~~~~~~~~~~~~~~~~~~
                         |      |                     |
                         |      |                     (19) ...to here
                         |......
                         |  366 |         if (result)
                         |      |            ~
                         |      |            |
                         |      |            (20) following ‘true’ branch (when ‘result’ is non-NULL)...
                         |  367 |                 *result = n;
                         |      |                 ~~~~~~~~~~~
                         |      |                         |
                         |      |                         (21) ...to here
                         |
                  <------+
                  |
                ‘__parse_action_control’: event 22
                  |
                  |  380 |         if (action_a2n(*argv, &result, allow_num) == -1) {
                  |      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  |      |             |
                  |      |             (22) returning to ‘__parse_action_control’ from ‘action_a2n’
                  |
           <------+
           |
         ‘parse_action_control_slash_spaces’: event 23
           |
           |  475 |                         ret = parse_action_control(&argc, &argv,
           |      |                               ^
           |      |                               |
           |      |                               (23) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’
           |
           +--> ‘parse_action_control’: event 24
                  |
                  |  432 |         return __parse_action_control(argc_p, argv_p, result_p,
                  |      |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  |      |                |
                  |      |                (24) returning to ‘parse_action_control_slash_spaces’ from ‘__parse_action_control’
                  |  433 |                                       allow_num, false);
                  |      |                                       ~~~~~~~~~~~~~~~~~
                  |
           <------+
           |
         ‘parse_action_control_slash_spaces’: events 25-29
           |
           |  477 |                         if (ret)
           |      |                            ^
           |      |                            |
           |      |                            (25) following ‘false’ branch...
           |  478 |                                 return ret;
           |  479 |                         ok++;
           |      |                         ~~~~
           |      |                           |
           |      |                           (26) ...to here
           |......
           |  487 |         if (ok == 2)
           |      |            ~
           |      |            |
           |      |            (27) following ‘true’ branch (when ‘ok == 2’)...
           |  488 |                 *result2_p = result2;
           |      |                 ~~~~~~~~~~~~~~~~~~~~
           |      |                            |
           |      |                            (28) ...to here
           |      |                            (29) use of uninitialized value ‘result2’ here
           |

Fixes: e67aba559581 ("tc: actions: add helpers to parse and print control actions")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

tc_filter: fix unitialized warning

When run with -fanalyzer.

tc_filter.c: In function ‘tc_filter_list’:
tc_filter.c:718:17: warning: use of uninitialized value ‘chain_index’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
  718 |                 addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ‘do_chain’: events 1-4
    |
    |  772 | int do_chain(int argc, char **argv)
    |      |     ^~~~~~~~
    |      |     |
    |      |     (1) entry to ‘do_chain’
    |  773 | {
    |  774 |         if (argc < 1)
    |      |            ~
    |      |            |
    |      |            (2) following ‘true’ branch (when ‘argc <= 0’)...
    |  775 |                 return tc_filter_list(RTM_GETCHAIN, 0, NULL);
    |      |                        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                        |
    |      |                        (3) ...to here
    |      |                        (4) calling ‘tc_filter_list’ from ‘do_chain’
    |
    +--> ‘tc_filter_list’: events 5-8
           |
           |  582 | static int tc_filter_list(int cmd, int argc, char **argv)
           |      |            ^~~~~~~~~~~~~~
           |      |            |
           |      |            (5) entry to ‘tc_filter_list’
           |......
           |  597 |         __u32 chain_index;
           |      |               ~~~~~~~~~~~
           |      |               |
           |      |               (6) region created on stack here
           |      |               (7) capacity: 4 bytes
           |......
           |  601 |         while (argc > 0) {
           |      |                ~~~~~~~~
           |      |                     |
           |      |                     (8) following ‘false’ branch (when ‘argc <= 0’)...
           |
         ‘tc_filter_list’: event 9
           |
           |../include/uapi/linux/pkt_sched.h:72:35:
           |   72 | #define TC_H_MAKE(maj,min) (((maj)&TC_H_MAJ_MASK)|((min)&TC_H_MIN_MASK))
           |      |                             ~~~~~~^~~~~~~~~~~~~~~
           |      |                                   |
           |      |                                   (9) ...to here
tc_filter.c:698:26: note: in expansion of macro ‘TC_H_MAKE’
           |  698 |         req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
           |      |                          ^~~~~~~~~
           |
         ‘tc_filter_list’: events 10-16
           |
           |  702 |         if (d[0]) {
           |      |            ^
           |      |            |
           |      |            (10) following ‘false’ branch...
           |......
           |  707 |         } else if (block_index) {
           |      |                   ~~~~~~~~~~~~
           |      |                   ||
           |      |                   |(11) ...to here
           |      |                   (12) following ‘false’ branch...
           |......
           |  717 |         if (filter_chain_index_set)
           |      |            ~~~~~~~~~~~~~~~~~~~~~~~
           |      |            ||
           |      |            |(13) ...to here
           |      |            (14) following ‘true’ branch...
           |  718 |                 addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
           |      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |                 |
           |      |                 (15) ...to here
           |      |                 (16) use of uninitialized value ‘chain_index’ here
           |
tc_filter.c:718:17: warning: use of uninitialized value ‘chain_index’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
  718 |                 addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ‘do_filter’: events 1-4
    |
    |  744 | int do_filter(int argc, char **argv)
    |      |     ^~~~~~~~~
    |      |     |
    |      |     (1) entry to ‘do_filter’
    |  745 | {
    |  746 |         if (argc < 1)
    |      |            ~
    |      |            |
    |      |            (2) following ‘true’ branch (when ‘argc <= 0’)...
    |  747 |                 return tc_filter_list(RTM_GETTFILTER, 0, NULL);
    |      |                        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                        |
    |      |                        (3) ...to here
    |      |                        (4) calling ‘tc_filter_list’ from ‘do_filter’
    |
    +--> ‘tc_filter_list’: events 5-8
           |
           |  582 | static int tc_filter_list(int cmd, int argc, char **argv)
           |      |            ^~~~~~~~~~~~~~
           |      |            |
           |      |            (5) entry to ‘tc_filter_list’
           |......
           |  597 |         __u32 chain_index;
           |      |               ~~~~~~~~~~~
           |      |               |
           |      |               (6) region created on stack here
           |      |               (7) capacity: 4 bytes
           |......
           |  601 |         while (argc > 0) {
           |      |                ~~~~~~~~
           |      |                     |
           |      |                     (8) following ‘false’ branch (when ‘argc <= 0’)...
           |
         ‘tc_filter_list’: event 9
           |
           |../include/uapi/linux/pkt_sched.h:72:35:
           |   72 | #define TC_H_MAKE(maj,min) (((maj)&TC_H_MAJ_MASK)|((min)&TC_H_MIN_MASK))
           |      |                             ~~~~~~^~~~~~~~~~~~~~~
           |      |                                   |
           |      |                                   (9) ...to here
tc_filter.c:698:26: note: in expansion of macro ‘TC_H_MAKE’
           |  698 |         req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
           |      |                          ^~~~~~~~~
           |
         ‘tc_filter_list’: events 10-16
           |
           |  702 |         if (d[0]) {
           |      |            ^
           |      |            |
           |      |            (10) following ‘false’ branch...
           |......
           |  707 |         } else if (block_index) {
           |      |                   ~~~~~~~~~~~~
           |      |                   ||
           |      |                   |(11) ...to here
           |      |                   (12) following ‘false’ branch...
           |......
           |  717 |         if (filter_chain_index_set)
           |      |            ~~~~~~~~~~~~~~~~~~~~~~~
           |      |            ||
           |      |            |(13) ...to here
           |      |            (14) following ‘true’ branch...
           |  718 |                 addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
           |      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |                 |
           |      |                 (15) ...to here
           |      |                 (16) use of uninitialized value ‘chain_index’ here
           |

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

iproute_lwtunnel: fix possible use of NULL when malloc() fails

iproute_lwtunnel.c: In function ‘parse_srh’:
iproute_lwtunnel.c:903:9: warning: use of possibly-NULL ‘srh’ where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
  903 |         memset(srh, 0, srhlen);
      |         ^~~~~~~~~~~~~~~~~~~~~~
  ‘parse_srh’: events 1-2
    |
    |  902 |         srh = malloc(srhlen);
    |      |               ^~~~~~~~~~~~~~
    |      |               |
    |      |               (1) this call could return NULL
    |  903 |         memset(srh, 0, srhlen);
    |      |         ~~~~~~~~~~~~~~~~~~~~~~
    |      |         |
    |      |         (2) argument 1 (‘srh’) from (1) could be NULL where non-null expected
    |
In file included from iproute_lwtunnel.c:13:
/usr/include/string.h:61:14: note: argument 1 of ‘memset’ must be non-null
   61 | extern void *memset (void *__s, int __c, size_t __n) __THROW __nonnull ((1));
      |              ^~~~~~
iproute_lwtunnel.c: In function ‘parse_encap_seg6’:
iproute_lwtunnel.c:980:9: warning: use of possibly-NULL ‘tuninfo’ where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
  980 |         memset(tuninfo, 0, sizeof(*tuninfo) + srhlen);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ‘parse_encap_seg6’: events 1-2
    |
    |  934 | static int parse_encap_seg6(struct rtattr *rta, size_t len, int *argcp,
    |      |            ^~~~~~~~~~~~~~~~
    |      |            |
    |      |            (1) entry to ‘parse_encap_seg6’
    |......
    |  976 |         srh = parse_srh(segbuf, hmac, encap);
    |      |               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |               |
    |      |               (2) calling ‘parse_srh’ from ‘parse_encap_seg6’
    |
    +--> ‘parse_srh’: events 3-5
           |
           |  882 | static struct ipv6_sr_hdr *parse_srh(char *segbuf, int hmac, bool encap)
           |      |                            ^~~~~~~~~
           |      |                            |
           |      |                            (3) entry to ‘parse_srh’
           |......
           |  922 |         if (hmac) {
           |      |            ~
           |      |            |
           |      |            (4) following ‘false’ branch (when ‘hmac == 0’)...
           |......
           |  931 |         return srh;
           |      |                ~~~
           |      |                |
           |      |                (5) ...to here
           |
    <------+
    |
  ‘parse_encap_seg6’: events 6-8
    |
    |  976 |         srh = parse_srh(segbuf, hmac, encap);
    |      |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |               |
    |      |               (6) returning to ‘parse_encap_seg6’ from ‘parse_srh’
    |......
    |  979 |         tuninfo = malloc(sizeof(*tuninfo) + srhlen);
    |      |                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                   |
    |      |                   (7) this call could return NULL
    |  980 |         memset(tuninfo, 0, sizeof(*tuninfo) + srhlen);
    |      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |         |
    |      |         (8) argument 1 (‘tuninfo’) from (7) could be NULL where non-null expected
    |
/usr/include/string.h:61:14: note: argument 1 of ‘memset’ must be non-null
   61 | extern void *memset (void *__s, int __c, size_t __n) __THROW __nonnull ((1));
      |              ^~~~~~
iproute_lwtunnel.c: In function ‘parse_rpl_srh’:
iproute_lwtunnel.c:1018:21: warning: dereference of possibly-NULL ‘srh’ [CWE-690] [-Wanalyzer-possible-null-dereference]
 1018 |         srh->hdrlen = (srhlen >> 3) - 1;
      |         ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
  ‘parse_rpl_srh’: events 1-2
    |
    | 1016 |         srh = calloc(1, srhlen);
    |      |               ^~~~~~~~~~~~~~~~~
    |      |               |
    |      |               (1) this call could return NULL
    | 1017 |
    | 1018 |         srh->hdrlen = (srhlen >> 3) - 1;
    |      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |                     |
    |      |                     (2) ‘srh’ could be NULL: unchecked value from (1)
    |

Fixes: 00e76d4da37f ("iproute: add helper functions for SRH processing")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ipmaddr: fix dereference of NULL on malloc() failure

Found by -fanalyzer. This is a bug since beginning of initial
versions of ip multicast support (pre git).

ipmaddr.c: In function ‘read_dev_mcast’:
ipmaddr.c:105:25: warning: dereference of possibly-NULL ‘ma’ [CWE-690] [-Wanalyzer-possible-null-dereference]
  105 |                         memcpy(ma, &m, sizeof(m));
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~
  ‘do_multiaddr’: events 1-4
    |
    |  354 | int do_multiaddr(int argc, char **argv)
    |      |     ^~~~~~~~~~~~
    |      |     |
    |      |     (1) entry to ‘do_multiaddr’
    |  355 | {
    |  356 |         if (argc < 1)
    |      |            ~
    |      |            |
    |      |            (2) following ‘true’ branch (when ‘argc <= 0’)...
    |  357 |                 return multiaddr_list(0, NULL);
    |      |                        ~~~~~~~~~~~~~~~~~~~~~~~
    |      |                        |
    |      |                        (3) ...to here
    |      |                        (4) calling ‘multiaddr_list’ from ‘do_multiaddr’
    |
    +--> ‘multiaddr_list’: events 5-10
           |
           |  255 | static int multiaddr_list(int argc, char **argv)
           |      |            ^~~~~~~~~~~~~~
           |      |            |
           |      |            (5) entry to ‘multiaddr_list’
           |......
           |  262 |         while (argc > 0) {
           |      |                ~~~~~~~~
           |      |                     |
           |      |                     (6) following ‘false’ branch (when ‘argc <= 0’)...
           |......
           |  275 |         if (!filter.family || filter.family == AF_PACKET)
           |      |            ~ ~~~~~~~~~~~~~
           |      |            |       |
           |      |            |       (7) ...to here
           |      |            (8) following ‘true’ branch...
           |  276 |                 read_dev_mcast(&list);
           |      |                 ~~~~~~~~~~~~~~~~~~~~~
           |      |                 |
           |      |                 (9) ...to here
           |      |                 (10) calling ‘read_dev_mcast’ from ‘multiaddr_list’
           |
           +--> ‘read_dev_mcast’: events 11-12
                  |
                  |   82 | static void read_dev_mcast(struct ma_info **result_p)
                  |      |             ^~~~~~~~~~~~~~
                  |      |             |
                  |      |             (11) entry to ‘read_dev_mcast’
                  |......
                  |   87 |         if (!fp)
                  |      |            ~
                  |      |            |
                  |      |            (12) following ‘false’ branch (when ‘fp’ is non-NULL)...
                  |
                ‘read_dev_mcast’: event 13
                  |
                  |cc1:
                  | (13): ...to here
                  |
                ‘read_dev_mcast’: events 14-17
                  |
                  |   90 |         while (fgets(buf, sizeof(buf), fp)) {
                  |      |                ^~~~~
                  |      |                |
                  |      |                (14) following ‘true’ branch...
                  |   91 |                 char hexa[256];
                  |   92 |                 struct ma_info m = { .addr.family = AF_PACKET };
                  |      |                                ~
                  |      |                                |
                  |      |                                (15) ...to here
                  |......
                  |  103 |                         struct ma_info *ma = malloc(sizeof(m));
                  |      |                                              ~~~~~~~~~~~~~~~~~
                  |      |                                              |
                  |      |                                              (16) this call could return NULL
                  |  104 |
                  |  105 |                         memcpy(ma, &m, sizeof(m));
                  |      |                         ~~~~~~~~~~~~~~~~~~~~~~~~~
                  |      |                         |
                  |      |                         (17) ‘ma’ could be NULL: unchecked value from (16)
                  |
ipmaddr.c: In function ‘read_igmp’:
ipmaddr.c:152:17: warning: dereference of possibly-NULL ‘ma’ [CWE-690] [-Wanalyzer-possible-null-dereference]
  152 |                 memcpy(ma, &m, sizeof(m));
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~
  ‘do_multiaddr’: events 1-4
    |
    |  354 | int do_multiaddr(int argc, char **argv)
    |      |     ^~~~~~~~~~~~
    |      |     |
    |      |     (1) entry to ‘do_multiaddr’
    |  355 | {
    |  356 |         if (argc < 1)
    |      |            ~
    |      |            |
    |      |            (2) following ‘true’ branch (when ‘argc <= 0’)...
    |  357 |                 return multiaddr_list(0, NULL);
    |      |                        ~~~~~~~~~~~~~~~~~~~~~~~
    |      |                        |
    |      |                        (3) ...to here
    |      |                        (4) calling ‘multiaddr_list’ from ‘do_multiaddr’
    |
    +--> ‘multiaddr_list’: events 5-10
           |
           |  255 | static int multiaddr_list(int argc, char **argv)
           |      |            ^~~~~~~~~~~~~~
           |      |            |
           |      |            (5) entry to ‘multiaddr_list’
           |......
           |  262 |         while (argc > 0) {
           |      |                ~~~~~~~~
           |      |                     |
           |      |                     (6) following ‘false’ branch (when ‘argc <= 0’)...
           |......
           |  275 |         if (!filter.family || filter.family == AF_PACKET)
           |      |              ~~~~~~~~~~~~~
           |      |                    |
           |      |                    (7) ...to here
           |  276 |                 read_dev_mcast(&list);
           |  277 |         if (!filter.family || filter.family == AF_INET)
           |      |            ~
           |      |            |
           |      |            (8) following ‘true’ branch...
           |  278 |                 read_igmp(&list);
           |      |                 ~~~~~~~~~~~~~~~~
           |      |                 |
           |      |                 (9) ...to here
           |      |                 (10) calling ‘read_igmp’ from ‘multiaddr_list’
           |
           +--> ‘read_igmp’: events 11-14
                  |
                  |  116 | static void read_igmp(struct ma_info **result_p)
                  |      |             ^~~~~~~~~
                  |      |             |
                  |      |             (11) entry to ‘read_igmp’
                  |......
                  |  126 |         if (!fp)
                  |      |            ~
                  |      |            |
                  |      |            (12) following ‘false’ branch (when ‘fp’ is non-NULL)...
                  |  127 |                 return;
                  |  128 |         if (!fgets(buf, sizeof(buf), fp)) {
                  |      |            ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  |      |            | |
                  |      |            | (13) ...to here
                  |      |            (14) following ‘false’ branch...
                  |
                ‘read_igmp’: event 15
                  |
                  |cc1:
                  | (15): ...to here
                  |
                ‘read_igmp’: events 16-19
                  |
                  |  133 |         while (fgets(buf, sizeof(buf), fp)) {
                  |      |                ^~~~~
                  |      |                |
                  |      |                (16) following ‘true’ branch...
                  |......
                  |  136 |                 if (buf[0] != '\t') {
                  |      |                     ~~~~~~
                  |      |                        |
                  |      |                        (17) ...to here
                  |......
                  |  151 |                 ma = malloc(sizeof(m));
                  |      |                      ~~~~~~~~~~~~~~~~~
                  |      |                      |
                  |      |                      (18) this call could return NULL
                  |  152 |                 memcpy(ma, &m, sizeof(m));
                  |      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~
                  |      |                 |
                  |      |                 (19) ‘ma’ could be NULL: unchecked value from (18)
                  |
ipmaddr.c: In function ‘read_igmp6’:
ipmaddr.c:181:25: warning: dereference of possibly-NULL ‘ma’ [CWE-690] [-Wanalyzer-possible-null-dereference]
  181 |                         memcpy(ma, &m, sizeof(m));
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~
  ‘do_multiaddr’: events 1-4
    |
    |  354 | int do_multiaddr(int argc, char **argv)
    |      |     ^~~~~~~~~~~~
    |      |     |
    |      |     (1) entry to ‘do_multiaddr’
    |  355 | {
    |  356 |         if (argc < 1)
    |      |            ~
    |      |            |
    |      |            (2) following ‘true’ branch (when ‘argc <= 0’)...
    |  357 |                 return multiaddr_list(0, NULL);
    |      |                        ~~~~~~~~~~~~~~~~~~~~~~~
    |      |                        |
    |      |                        (3) ...to here
    |      |                        (4) calling ‘multiaddr_list’ from ‘do_multiaddr’
    |
    +--> ‘multiaddr_list’: events 5-10
           |
           |  255 | static int multiaddr_list(int argc, char **argv)
           |      |            ^~~~~~~~~~~~~~
           |      |            |
           |      |            (5) entry to ‘multiaddr_list’
           |......
           |  262 |         while (argc > 0) {
           |      |                ~~~~~~~~
           |      |                     |
           |      |                     (6) following ‘false’ branch (when ‘argc <= 0’)...
           |......
           |  275 |         if (!filter.family || filter.family == AF_PACKET)
           |      |              ~~~~~~~~~~~~~
           |      |                    |
           |      |                    (7) ...to here
           |......
           |  279 |         if (!filter.family || filter.family == AF_INET6)
           |      |            ~
           |      |            |
           |      |            (8) following ‘true’ branch...
           |  280 |                 read_igmp6(&list);
           |      |                 ~~~~~~~~~~~~~~~~~
           |      |                 |
           |      |                 (9) ...to here
           |      |                 (10) calling ‘read_igmp6’ from ‘multiaddr_list’
           |
           +--> ‘read_igmp6’: events 11-12
                  |
                  |  159 | static void read_igmp6(struct ma_info **result_p)
                  |      |             ^~~~~~~~~~
                  |      |             |
                  |      |             (11) entry to ‘read_igmp6’
                  |......
                  |  164 |         if (!fp)
                  |      |            ~
                  |      |            |
                  |      |            (12) following ‘false’ branch (when ‘fp’ is non-NULL)...
                  |
                ‘read_igmp6’: event 13
                  |
                  |cc1:
                  | (13): ...to here
                  |
                ‘read_igmp6’: events 14-17
                  |
                  |  167 |         while (fgets(buf, sizeof(buf), fp)) {
                  |      |                ^~~~~
                  |      |                |
                  |      |                (14) following ‘true’ branch...
                  |  168 |                 char hexa[256];
                  |  169 |                 struct ma_info m = { .addr.family = AF_INET6 };
                  |      |                                ~
                  |      |                                |
                  |      |                                (15) ...to here
                  |......
                  |  179 |                         struct ma_info *ma = malloc(sizeof(m));
                  |      |                                              ~~~~~~~~~~~~~~~~~
                  |      |                                              |
                  |      |                                              (16) this call could return NULL
                  |  180 |
                  |  181 |                         memcpy(ma, &m, sizeof(m));
                  |      |                         ~~~~~~~~~~~~~~~~~~~~~~~~~
                  |      |                         |
                  |      |                         (17) ‘ma’ could be NULL: unchecked value from (16)
                  |

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

lib/fs: fix file leak in task_get_name

Fixes the problem identified -fanalyzer.
Why did rdma choose to reimplement the same function as
exiting glibc pthread_getname().

fs.c: In function ‘get_task_name’:
fs.c:355:12: warning: leak of FILE ‘f’ [CWE-775] [-Wanalyzer-file-leak]
  355 |         if (!fgets(name, len, f))
      |            ^
  ‘get_task_name’: events 1-9
    |
    |  345 |         if (!pid)
    |      |            ^
    |      |            |
    |      |            (1) following ‘false’ branch (when ‘pid != 0’)...
    |......
    |  348 |         if (snprintf(path, sizeof(path), "/proc/%d/comm", pid) >= sizeof(path))
    |      |            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |            ||
    |      |            |(2) ...to here
    |      |            (3) following ‘false’ branch...
    |......
    |  351 |         f = fopen(path, "r");
    |      |             ~~~~~~~~~~~~~~~~
    |      |             |
    |      |             (4) ...to here
    |      |             (5) opened here
    |  352 |         if (!f)
    |      |            ~
    |      |            |
    |      |            (6) assuming ‘f’ is non-NULL
    |      |            (7) following ‘false’ branch (when ‘f’ is non-NULL)...
    |......
    |  355 |         if (!fgets(name, len, f))
    |      |            ~ ~~~~~~~~~~~~~~~~~~~
    |      |            | |
    |      |            | (8) ...to here
    |      |            (9) following ‘true’ branch...
    |
  ‘get_task_name’: event 10
    |
    |cc1:
    | (10): ...to here
    |
  ‘get_task_name’: event 11
    |
    |  355 |         if (!fgets(name, len, f))
    |      |            ^
    |      |            |
    |      |            (11) ‘f’ leaks here; was opened at (5)
    |
fs.c:355:12: warning: leak of ‘f’ [CWE-401] [-Wanalyzer-malloc-leak]
  ‘get_task_name’: events 1-9
    |
    |  345 |         if (!pid)
    |      |            ^
    |      |            |
    |      |            (1) following ‘false’ branch (when ‘pid != 0’)...
    |......
    |  348 |         if (snprintf(path, sizeof(path), "/proc/%d/comm", pid) >= sizeof(path))
    |      |            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |            ||
    |      |            |(2) ...to here
    |      |            (3) following ‘false’ branch...
    |......
    |  351 |         f = fopen(path, "r");
    |      |             ~~~~~~~~~~~~~~~~
    |      |             |
    |      |             (4) ...to here
    |      |             (5) allocated here
    |  352 |         if (!f)
    |      |            ~
    |      |            |
    |      |            (6) assuming ‘f’ is non-NULL
    |      |            (7) following ‘false’ branch (when ‘f’ is non-NULL)...
    |......
    |  355 |         if (!fgets(name, len, f))
    |      |            ~ ~~~~~~~~~~~~~~~~~~~
    |      |            | |
    |      |            | (8) ...to here
    |      |            (9) following ‘true’ branch...
    |
  ‘get_task_name’: event 10
    |
    |cc1:
    | (10): ...to here
    |
  ‘get_task_name’: event 11
    |
    |  355 |         if (!fgets(name, len, f))
    |      |            ^
    |      |            |
    |      |            (11) ‘f’ leaks here; was allocated at (5)

Fixes: 81bfd01a4c9e ("lib: move get_task_name() from rdma")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

Add MAINTAINERS file

Record the maintainers of subsections of iproute2.
The subtree maintainers are based off of most recent current
patches and maintainer of kernel portion of that subsystem.

Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Acked-by: Petr Machata <me@pmachata.org> # For DCB
Acked-by: Parav Pandit <parav@nvidia.com>
Acked-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

iproute2: optimize code and fix some mem-leak risk

Signed-off-by: zhaoshuang <izhaoshuang@163.com>
Reviewed-by: Pawel Chmielewski <pawel.chmielewski@intel.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ipnetns: fix fd leak with 'ip netns set'

There is no reason to open this netns file. set_netnsid_from_name() uses
netns_get_fd() for this purpose and uses the returned fd.

Reported-by: Stephen Hemminger <stephen@networkplumber.org>
Fixes: d182ee1307c7 ("ipnetns: allow to get and set netns ids")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ip-rule: more manual page grammer fixes

Add missing articles and replace use of passive voice.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

rdma: Report device protocol

Add support for reporting the device protocol.

11: mlx5_0: node_type ca protocol roce fw 12.28.2006
    node_guid 248a:0703:004b:f094 sys_image_guid 248a:0703:004b:f094
12: mlx5_1: node_type ca protocol ib fw 12.28.2006
    node_guid 248a:0703:0049:d4f0 sys_image_guid 248a:0703:0049:d4f0
13: mlx5_2: node_type ca protocol ib fw 12.28.2006
    node_guid 248a:0703:0049:d4f1 sys_image_guid 248a:0703:0049:d4f0
19: siw0: node_type rnic protocol iw node_guid 0200:00ff:fe00:0000
    sys_image_guid 0200:00ff:fe00:0000

Signed-off-by: Kamal Heib <kheib@redhat.com>
Acked-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

Merge branch 'main' into next

Signed-off-by: David Ahern <dsahern@kernel.org>

remove unnecessary checks for NULL before calling free()

The function free() handles the case wher argument is NULL
by doing nothing. So the extra checks are not needed.

Found by modified version of kernel coccinelle script.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

uapi: add capability.h

All kernel header files should come from local copy of sanitized
headers, rather than relying on what Linux distribution ships.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

uapi: update kernel headers 6.4-rc1

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

fixed the grammar in ip-rule(8) man page

a small grammatical error has been idenfied in the ip-rule(8) man page

Signed-off-by: Bilal Khan <bilalkhanrecovered@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

Merge git://git.kernel.org/pub/scm/network/iproute2/iproute2-next

v6.3.0