+/* Netlink attribute iteration. */
+static inline struct nlattr *
+nl_attr_next(const struct nlattr *nla)
+{
+ return (void *) ((uint8_t *) nla + NLA_ALIGN(nla->nla_len));
+}
+
+static inline bool
+nl_attr_is_valid(const struct nlattr *nla, size_t maxlen)
+{
+ return (maxlen >= sizeof *nla
+ && nla->nla_len >= sizeof *nla
+ && nla->nla_len <= maxlen);
+}
+
+static inline size_t
+nl_attr_len_pad(const struct nlattr *nla, size_t maxlen)
+{
+ size_t len = NLA_ALIGN(nla->nla_len);
+
+ return len <= maxlen ? len : nla->nla_len;
+}
+
+/* This macro is careful to check for attributes with bad lengths. */
+#define NL_ATTR_FOR_EACH(ITER, LEFT, ATTRS, ATTRS_LEN) \
+ for ((ITER) = (ATTRS), (LEFT) = (ATTRS_LEN); \
+ nl_attr_is_valid(ITER, LEFT); \
+ (LEFT) -= nl_attr_len_pad(ITER, LEFT), (ITER) = nl_attr_next(ITER))
+
+
+/* This macro does not check for attributes with bad lengths. It should only
+ * be used with messages from trusted sources or with messages that have
+ * already been validated (e.g. with NL_ATTR_FOR_EACH). */
+#define NL_ATTR_FOR_EACH_UNSAFE(ITER, LEFT, ATTRS, ATTRS_LEN) \
+ for ((ITER) = (ATTRS), (LEFT) = (ATTRS_LEN); \
+ (LEFT) > 0; \
+ (LEFT) -= nl_attr_len_pad(ITER, LEFT), (ITER) = nl_attr_next(ITER))
+
+/* These variants are convenient for iterating nested attributes. */
+#define NL_NESTED_FOR_EACH(ITER, LEFT, A) \
+ NL_ATTR_FOR_EACH(ITER, LEFT, nl_attr_get(A), nl_attr_get_size(A))
+#define NL_NESTED_FOR_EACH_UNSAFE(ITER, LEFT, A) \
+ NL_ATTR_FOR_EACH_UNSAFE(ITER, LEFT, nl_attr_get(A), nl_attr_get_size(A))
+