Lib.rs

neli › Reviews

This review is from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.

The current version of neli is 0.7.0-rc2.

cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.

unknown

May have been packaged automatically without a review

This review is from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.

The current version of neli is 0.7.0-rc2.

0.6.1 (older version) Rating: Positive Thoroughness: Low Understanding: Medium

by gitlab.com/phgsng on 2022-06-30

Safety

unsafe limited to interaction with the Netlink socket.

Uses of unsafe

  • All uses of unsafe are warranted and blocks span the minimum necessary amount of code.

  • unsafe blocks wrap syscalls on the socket descriptor (fcntl, socket, setsockopt, getsockopt, send, recv, close). Arguments in general don’t depend on dynamically sized objects, and where they do, it is safe buffer types whose lengths are handled correctly.

    • line 65: socket(), args: only integer values, return ok.

    • line 82: fcntl() (two calls), args: integer values, return ok.

    • line 96: fcntl() (two calls), args: integer values, return ok.

    • line 110: fcntl(), args: integer values, return ok.

    • line 121: mem::zeroed(), ok because a sockaddr_nl can be safely zero initialized.

    • line 125: bind(), args: integer and pointer values, correct size supplied for struct sockaddr pointer arg, return ok.

    • line 144: setsockopt(), args: integer values, arg size ok, return ok.

    • line 163: setsockopt(), args: integer values, arg size ok, return ok.

    • line 183, 197: getsockopt(), args: integer and pointer values, out-pointer arg is zero initialized Vec, arg size ok, return ok.

    • line 220: send(), args: integer and pointer values, arg size ok, return ok.

    • line 238: recv(), args: integer and pointer values, arg size ok, return ok.

    • line 282: close(), arg: integer value, return discarded but is harmless in Drop impl.

    • line 851: NlSocket::from_raw_fd(), arg: dummy value, ok for unit test.

  • unsafe fn in trait impls for FromRawFd. → Nothing actually unsafe going on in there; wrapped assigment is plain Copy data only except for heap allocation via safe interface.

Pros

  • Comprehensive wrapper for talking Netlink and various dialects thereof (rtnetlink, generic netlink, …) to the Kernel.

  • Active development.

  • Typed APIs allow for intuitive use of Netlink APIs that is superior to the everything-is-an-int C analogues (libnl*, libmnl),

  • Provides macros for defining idiomatic wrappers of other Netlink based interfaces.

Cons

  • v0.x versioned, frequent API breakage.

  • Depends itself on various zerover crates.

Lib.rs has been able to verify that all files in the crate's tarball, except Cargo.lock, are in the crate's repository with a git tag matching the version. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.

Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.

To review the actual code of the crate, it's best to use cargo crev open neli. Alternatively, you can download the tarball of neli v0.7.0-rc2 or view the source online.