]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/socket-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core/namespace: rework the return semantics of clone_device_node yet again
[thirdparty/systemd.git] / src / basic / socket-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19 ***/
20
21 #include <arpa/inet.h>
22 #include <errno.h>
23 #include <limits.h>
24 #include <net/if.h>
25 #include <netdb.h>
26 #include <netinet/ip.h>
27 #include <poll.h>
28 #include <stddef.h>
29 #include <stdint.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <unistd.h>
34
35 #include "alloc-util.h"
36 #include "fd-util.h"
37 #include "fileio.h"
38 #include "format-util.h"
39 #include "log.h"
40 #include "macro.h"
41 #include "missing.h"
42 #include "parse-util.h"
43 #include "path-util.h"
44 #include "process-util.h"
45 #include "socket-util.h"
46 #include "string-table.h"
47 #include "string-util.h"
48 #include "strv.h"
49 #include "user-util.h"
50 #include "utf8.h"
51 #include "util.h"
52
53 #if ENABLE_IDN
54 # define IDN_FLAGS NI_IDN
55 #else
56 # define IDN_FLAGS 0
57 #endif
58
59 static const char* const socket_address_type_table[] = {
60 [SOCK_STREAM] = "Stream",
61 [SOCK_DGRAM] = "Datagram",
62 [SOCK_RAW] = "Raw",
63 [SOCK_RDM] = "ReliableDatagram",
64 [SOCK_SEQPACKET] = "SequentialPacket",
65 [SOCK_DCCP] = "DatagramCongestionControl",
66 };
67
68 DEFINE_STRING_TABLE_LOOKUP(socket_address_type, int);
69
70 int socket_address_parse(SocketAddress *a, const char *s) {
71 char *e, *n;
72 int r;
73
74 assert(a);
75 assert(s);
76
77 zero(*a);
78 a->type = SOCK_STREAM;
79
80 if (*s == '[') {
81 uint16_t port;
82
83 /* IPv6 in [x:.....:z]:p notation */
84
85 e = strchr(s+1, ']');
86 if (!e)
87 return -EINVAL;
88
89 n = strndupa(s+1, e-s-1);
90
91 errno = 0;
92 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
93 return errno > 0 ? -errno : -EINVAL;
94
95 e++;
96 if (*e != ':')
97 return -EINVAL;
98
99 e++;
100 r = parse_ip_port(e, &port);
101 if (r < 0)
102 return r;
103
104 a->sockaddr.in6.sin6_family = AF_INET6;
105 a->sockaddr.in6.sin6_port = htobe16(port);
106 a->size = sizeof(struct sockaddr_in6);
107
108 } else if (*s == '/') {
109 /* AF_UNIX socket */
110
111 size_t l;
112
113 l = strlen(s);
114 if (l >= sizeof(a->sockaddr.un.sun_path))
115 return -EINVAL;
116
117 a->sockaddr.un.sun_family = AF_UNIX;
118 memcpy(a->sockaddr.un.sun_path, s, l);
119 a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
120
121 } else if (*s == '@') {
122 /* Abstract AF_UNIX socket */
123 size_t l;
124
125 l = strlen(s+1);
126 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
127 return -EINVAL;
128
129 a->sockaddr.un.sun_family = AF_UNIX;
130 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
131 a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
132
133 } else if (startswith(s, "vsock:")) {
134 /* AF_VSOCK socket in vsock:cid:port notation */
135 const char *cid_start = s + STRLEN("vsock:");
136 unsigned port;
137
138 e = strchr(cid_start, ':');
139 if (!e)
140 return -EINVAL;
141
142 r = safe_atou(e+1, &port);
143 if (r < 0)
144 return r;
145
146 n = strndupa(cid_start, e - cid_start);
147 if (!isempty(n)) {
148 r = safe_atou(n, &a->sockaddr.vm.svm_cid);
149 if (r < 0)
150 return r;
151 } else
152 a->sockaddr.vm.svm_cid = VMADDR_CID_ANY;
153
154 a->sockaddr.vm.svm_family = AF_VSOCK;
155 a->sockaddr.vm.svm_port = port;
156 a->size = sizeof(struct sockaddr_vm);
157
158 } else {
159 uint16_t port;
160
161 e = strchr(s, ':');
162 if (e) {
163 r = parse_ip_port(e + 1, &port);
164 if (r < 0)
165 return r;
166
167 n = strndupa(s, e-s);
168
169 /* IPv4 in w.x.y.z:p notation? */
170 r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
171 if (r < 0)
172 return -errno;
173
174 if (r > 0) {
175 /* Gotcha, it's a traditional IPv4 address */
176 a->sockaddr.in.sin_family = AF_INET;
177 a->sockaddr.in.sin_port = htobe16(port);
178 a->size = sizeof(struct sockaddr_in);
179 } else {
180 unsigned idx;
181
182 if (strlen(n) > IF_NAMESIZE-1)
183 return -EINVAL;
184
185 /* Uh, our last resort, an interface name */
186 idx = if_nametoindex(n);
187 if (idx == 0)
188 return -EINVAL;
189
190 a->sockaddr.in6.sin6_family = AF_INET6;
191 a->sockaddr.in6.sin6_port = htobe16(port);
192 a->sockaddr.in6.sin6_scope_id = idx;
193 a->sockaddr.in6.sin6_addr = in6addr_any;
194 a->size = sizeof(struct sockaddr_in6);
195 }
196 } else {
197
198 /* Just a port */
199 r = parse_ip_port(s, &port);
200 if (r < 0)
201 return r;
202
203 if (socket_ipv6_is_supported()) {
204 a->sockaddr.in6.sin6_family = AF_INET6;
205 a->sockaddr.in6.sin6_port = htobe16(port);
206 a->sockaddr.in6.sin6_addr = in6addr_any;
207 a->size = sizeof(struct sockaddr_in6);
208 } else {
209 a->sockaddr.in.sin_family = AF_INET;
210 a->sockaddr.in.sin_port = htobe16(port);
211 a->sockaddr.in.sin_addr.s_addr = INADDR_ANY;
212 a->size = sizeof(struct sockaddr_in);
213 }
214 }
215 }
216
217 return 0;
218 }
219
220 int socket_address_parse_and_warn(SocketAddress *a, const char *s) {
221 SocketAddress b;
222 int r;
223
224 /* Similar to socket_address_parse() but warns for IPv6 sockets when we don't support them. */
225
226 r = socket_address_parse(&b, s);
227 if (r < 0)
228 return r;
229
230 if (!socket_ipv6_is_supported() && b.sockaddr.sa.sa_family == AF_INET6) {
231 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
232 return -EAFNOSUPPORT;
233 }
234
235 *a = b;
236 return 0;
237 }
238
239 int socket_address_parse_netlink(SocketAddress *a, const char *s) {
240 int family;
241 unsigned group = 0;
242 _cleanup_free_ char *sfamily = NULL;
243 assert(a);
244 assert(s);
245
246 zero(*a);
247 a->type = SOCK_RAW;
248
249 errno = 0;
250 if (sscanf(s, "%ms %u", &sfamily, &group) < 1)
251 return errno > 0 ? -errno : -EINVAL;
252
253 family = netlink_family_from_string(sfamily);
254 if (family < 0)
255 return -EINVAL;
256
257 a->sockaddr.nl.nl_family = AF_NETLINK;
258 a->sockaddr.nl.nl_groups = group;
259
260 a->type = SOCK_RAW;
261 a->size = sizeof(struct sockaddr_nl);
262 a->protocol = family;
263
264 return 0;
265 }
266
267 int socket_address_verify(const SocketAddress *a) {
268 assert(a);
269
270 switch (socket_address_family(a)) {
271
272 case AF_INET:
273 if (a->size != sizeof(struct sockaddr_in))
274 return -EINVAL;
275
276 if (a->sockaddr.in.sin_port == 0)
277 return -EINVAL;
278
279 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
280 return -EINVAL;
281
282 return 0;
283
284 case AF_INET6:
285 if (a->size != sizeof(struct sockaddr_in6))
286 return -EINVAL;
287
288 if (a->sockaddr.in6.sin6_port == 0)
289 return -EINVAL;
290
291 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
292 return -EINVAL;
293
294 return 0;
295
296 case AF_UNIX:
297 if (a->size < offsetof(struct sockaddr_un, sun_path))
298 return -EINVAL;
299
300 if (a->size > offsetof(struct sockaddr_un, sun_path)) {
301
302 if (a->sockaddr.un.sun_path[0] != 0) {
303 char *e;
304
305 /* path */
306 e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path));
307 if (!e)
308 return -EINVAL;
309
310 if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
311 return -EINVAL;
312 }
313 }
314
315 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM, SOCK_SEQPACKET))
316 return -EINVAL;
317
318 return 0;
319
320 case AF_NETLINK:
321
322 if (a->size != sizeof(struct sockaddr_nl))
323 return -EINVAL;
324
325 if (!IN_SET(a->type, SOCK_RAW, SOCK_DGRAM))
326 return -EINVAL;
327
328 return 0;
329
330 case AF_VSOCK:
331 if (a->size != sizeof(struct sockaddr_vm))
332 return -EINVAL;
333
334 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
335 return -EINVAL;
336
337 return 0;
338
339 default:
340 return -EAFNOSUPPORT;
341 }
342 }
343
344 int socket_address_print(const SocketAddress *a, char **ret) {
345 int r;
346
347 assert(a);
348 assert(ret);
349
350 r = socket_address_verify(a);
351 if (r < 0)
352 return r;
353
354 if (socket_address_family(a) == AF_NETLINK) {
355 _cleanup_free_ char *sfamily = NULL;
356
357 r = netlink_family_to_string_alloc(a->protocol, &sfamily);
358 if (r < 0)
359 return r;
360
361 r = asprintf(ret, "%s %u", sfamily, a->sockaddr.nl.nl_groups);
362 if (r < 0)
363 return -ENOMEM;
364
365 return 0;
366 }
367
368 return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
369 }
370
371 bool socket_address_can_accept(const SocketAddress *a) {
372 assert(a);
373
374 return
375 IN_SET(a->type, SOCK_STREAM, SOCK_SEQPACKET);
376 }
377
378 bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
379 assert(a);
380 assert(b);
381
382 /* Invalid addresses are unequal to all */
383 if (socket_address_verify(a) < 0 ||
384 socket_address_verify(b) < 0)
385 return false;
386
387 if (a->type != b->type)
388 return false;
389
390 if (socket_address_family(a) != socket_address_family(b))
391 return false;
392
393 switch (socket_address_family(a)) {
394
395 case AF_INET:
396 if (a->sockaddr.in.sin_addr.s_addr != b->sockaddr.in.sin_addr.s_addr)
397 return false;
398
399 if (a->sockaddr.in.sin_port != b->sockaddr.in.sin_port)
400 return false;
401
402 break;
403
404 case AF_INET6:
405 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
406 return false;
407
408 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
409 return false;
410
411 break;
412
413 case AF_UNIX:
414 if (a->size <= offsetof(struct sockaddr_un, sun_path) ||
415 b->size <= offsetof(struct sockaddr_un, sun_path))
416 return false;
417
418 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
419 return false;
420
421 if (a->sockaddr.un.sun_path[0]) {
422 if (!path_equal_or_files_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, 0))
423 return false;
424 } else {
425 if (a->size != b->size)
426 return false;
427
428 if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
429 return false;
430 }
431
432 break;
433
434 case AF_NETLINK:
435 if (a->protocol != b->protocol)
436 return false;
437
438 if (a->sockaddr.nl.nl_groups != b->sockaddr.nl.nl_groups)
439 return false;
440
441 break;
442
443 case AF_VSOCK:
444 if (a->sockaddr.vm.svm_cid != b->sockaddr.vm.svm_cid)
445 return false;
446
447 if (a->sockaddr.vm.svm_port != b->sockaddr.vm.svm_port)
448 return false;
449
450 break;
451
452 default:
453 /* Cannot compare, so we assume the addresses are different */
454 return false;
455 }
456
457 return true;
458 }
459
460 bool socket_address_is(const SocketAddress *a, const char *s, int type) {
461 struct SocketAddress b;
462
463 assert(a);
464 assert(s);
465
466 if (socket_address_parse(&b, s) < 0)
467 return false;
468
469 b.type = type;
470
471 return socket_address_equal(a, &b);
472 }
473
474 bool socket_address_is_netlink(const SocketAddress *a, const char *s) {
475 struct SocketAddress b;
476
477 assert(a);
478 assert(s);
479
480 if (socket_address_parse_netlink(&b, s) < 0)
481 return false;
482
483 return socket_address_equal(a, &b);
484 }
485
486 const char* socket_address_get_path(const SocketAddress *a) {
487 assert(a);
488
489 if (socket_address_family(a) != AF_UNIX)
490 return NULL;
491
492 if (a->sockaddr.un.sun_path[0] == 0)
493 return NULL;
494
495 return a->sockaddr.un.sun_path;
496 }
497
498 bool socket_ipv6_is_supported(void) {
499 if (access("/proc/net/if_inet6", F_OK) != 0)
500 return false;
501
502 return true;
503 }
504
505 bool socket_address_matches_fd(const SocketAddress *a, int fd) {
506 SocketAddress b;
507 socklen_t solen;
508
509 assert(a);
510 assert(fd >= 0);
511
512 b.size = sizeof(b.sockaddr);
513 if (getsockname(fd, &b.sockaddr.sa, &b.size) < 0)
514 return false;
515
516 if (b.sockaddr.sa.sa_family != a->sockaddr.sa.sa_family)
517 return false;
518
519 solen = sizeof(b.type);
520 if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &b.type, &solen) < 0)
521 return false;
522
523 if (b.type != a->type)
524 return false;
525
526 if (a->protocol != 0) {
527 solen = sizeof(b.protocol);
528 if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &b.protocol, &solen) < 0)
529 return false;
530
531 if (b.protocol != a->protocol)
532 return false;
533 }
534
535 return socket_address_equal(a, &b);
536 }
537
538 int sockaddr_port(const struct sockaddr *_sa, unsigned *ret_port) {
539 union sockaddr_union *sa = (union sockaddr_union*) _sa;
540
541 /* Note, this returns the port as 'unsigned' rather than 'uint16_t', as AF_VSOCK knows larger ports */
542
543 assert(sa);
544
545 switch (sa->sa.sa_family) {
546
547 case AF_INET:
548 *ret_port = be16toh(sa->in.sin_port);
549 return 0;
550
551 case AF_INET6:
552 *ret_port = be16toh(sa->in6.sin6_port);
553 return 0;
554
555 case AF_VSOCK:
556 *ret_port = sa->vm.svm_port;
557 return 0;
558
559 default:
560 return -EAFNOSUPPORT;
561 }
562 }
563
564 int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
565 union sockaddr_union *sa = (union sockaddr_union*) _sa;
566 char *p;
567 int r;
568
569 assert(sa);
570 assert(salen >= sizeof(sa->sa.sa_family));
571
572 switch (sa->sa.sa_family) {
573
574 case AF_INET: {
575 uint32_t a;
576
577 a = be32toh(sa->in.sin_addr.s_addr);
578
579 if (include_port)
580 r = asprintf(&p,
581 "%u.%u.%u.%u:%u",
582 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
583 be16toh(sa->in.sin_port));
584 else
585 r = asprintf(&p,
586 "%u.%u.%u.%u",
587 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF);
588 if (r < 0)
589 return -ENOMEM;
590 break;
591 }
592
593 case AF_INET6: {
594 static const unsigned char ipv4_prefix[] = {
595 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
596 };
597
598 if (translate_ipv6 &&
599 memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
600 const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
601 if (include_port)
602 r = asprintf(&p,
603 "%u.%u.%u.%u:%u",
604 a[0], a[1], a[2], a[3],
605 be16toh(sa->in6.sin6_port));
606 else
607 r = asprintf(&p,
608 "%u.%u.%u.%u",
609 a[0], a[1], a[2], a[3]);
610 if (r < 0)
611 return -ENOMEM;
612 } else {
613 char a[INET6_ADDRSTRLEN];
614
615 inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
616
617 if (include_port) {
618 r = asprintf(&p,
619 "[%s]:%u",
620 a,
621 be16toh(sa->in6.sin6_port));
622 if (r < 0)
623 return -ENOMEM;
624 } else {
625 p = strdup(a);
626 if (!p)
627 return -ENOMEM;
628 }
629 }
630
631 break;
632 }
633
634 case AF_UNIX:
635 if (salen <= offsetof(struct sockaddr_un, sun_path)) {
636 p = strdup("<unnamed>");
637 if (!p)
638 return -ENOMEM;
639
640 } else if (sa->un.sun_path[0] == 0) {
641 /* abstract */
642
643 /* FIXME: We assume we can print the
644 * socket path here and that it hasn't
645 * more than one NUL byte. That is
646 * actually an invalid assumption */
647
648 p = new(char, sizeof(sa->un.sun_path)+1);
649 if (!p)
650 return -ENOMEM;
651
652 p[0] = '@';
653 memcpy(p+1, sa->un.sun_path+1, sizeof(sa->un.sun_path)-1);
654 p[sizeof(sa->un.sun_path)] = 0;
655
656 } else {
657 p = strndup(sa->un.sun_path, sizeof(sa->un.sun_path));
658 if (!p)
659 return -ENOMEM;
660 }
661
662 break;
663
664 case AF_VSOCK:
665 if (include_port)
666 r = asprintf(&p,
667 "vsock:%u:%u",
668 sa->vm.svm_cid,
669 sa->vm.svm_port);
670 else
671 r = asprintf(&p, "vsock:%u", sa->vm.svm_cid);
672 if (r < 0)
673 return -ENOMEM;
674 break;
675
676 default:
677 return -EOPNOTSUPP;
678 }
679
680
681 *ret = p;
682 return 0;
683 }
684
685 int getpeername_pretty(int fd, bool include_port, char **ret) {
686 union sockaddr_union sa;
687 socklen_t salen = sizeof(sa);
688 int r;
689
690 assert(fd >= 0);
691 assert(ret);
692
693 if (getpeername(fd, &sa.sa, &salen) < 0)
694 return -errno;
695
696 if (sa.sa.sa_family == AF_UNIX) {
697 struct ucred ucred = {};
698
699 /* UNIX connection sockets are anonymous, so let's use
700 * PID/UID as pretty credentials instead */
701
702 r = getpeercred(fd, &ucred);
703 if (r < 0)
704 return r;
705
706 if (asprintf(ret, "PID "PID_FMT"/UID "UID_FMT, ucred.pid, ucred.uid) < 0)
707 return -ENOMEM;
708
709 return 0;
710 }
711
712 /* For remote sockets we translate IPv6 addresses back to IPv4
713 * if applicable, since that's nicer. */
714
715 return sockaddr_pretty(&sa.sa, salen, true, include_port, ret);
716 }
717
718 int getsockname_pretty(int fd, char **ret) {
719 union sockaddr_union sa;
720 socklen_t salen = sizeof(sa);
721
722 assert(fd >= 0);
723 assert(ret);
724
725 if (getsockname(fd, &sa.sa, &salen) < 0)
726 return -errno;
727
728 /* For local sockets we do not translate IPv6 addresses back
729 * to IPv6 if applicable, since this is usually used for
730 * listening sockets where the difference between IPv4 and
731 * IPv6 matters. */
732
733 return sockaddr_pretty(&sa.sa, salen, false, true, ret);
734 }
735
736 int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
737 int r;
738 char host[NI_MAXHOST], *ret;
739
740 assert(_ret);
741
742 r = getnameinfo(&sa->sa, salen, host, sizeof(host), NULL, 0, IDN_FLAGS);
743 if (r != 0) {
744 int saved_errno = errno;
745
746 r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
747 if (r < 0)
748 return r;
749
750 log_debug_errno(saved_errno, "getnameinfo(%s) failed: %m", ret);
751 } else {
752 ret = strdup(host);
753 if (!ret)
754 return -ENOMEM;
755 }
756
757 *_ret = ret;
758 return 0;
759 }
760
761 int socket_address_unlink(SocketAddress *a) {
762 assert(a);
763
764 if (socket_address_family(a) != AF_UNIX)
765 return 0;
766
767 if (a->sockaddr.un.sun_path[0] == 0)
768 return 0;
769
770 if (unlink(a->sockaddr.un.sun_path) < 0)
771 return -errno;
772
773 return 1;
774 }
775
776 static const char* const netlink_family_table[] = {
777 [NETLINK_ROUTE] = "route",
778 [NETLINK_FIREWALL] = "firewall",
779 [NETLINK_INET_DIAG] = "inet-diag",
780 [NETLINK_NFLOG] = "nflog",
781 [NETLINK_XFRM] = "xfrm",
782 [NETLINK_SELINUX] = "selinux",
783 [NETLINK_ISCSI] = "iscsi",
784 [NETLINK_AUDIT] = "audit",
785 [NETLINK_FIB_LOOKUP] = "fib-lookup",
786 [NETLINK_CONNECTOR] = "connector",
787 [NETLINK_NETFILTER] = "netfilter",
788 [NETLINK_IP6_FW] = "ip6-fw",
789 [NETLINK_DNRTMSG] = "dnrtmsg",
790 [NETLINK_KOBJECT_UEVENT] = "kobject-uevent",
791 [NETLINK_GENERIC] = "generic",
792 [NETLINK_SCSITRANSPORT] = "scsitransport",
793 [NETLINK_ECRYPTFS] = "ecryptfs",
794 [NETLINK_RDMA] = "rdma",
795 };
796
797 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(netlink_family, int, INT_MAX);
798
799 static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
800 [SOCKET_ADDRESS_DEFAULT] = "default",
801 [SOCKET_ADDRESS_BOTH] = "both",
802 [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
803 };
804
805 DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);
806
807 SocketAddressBindIPv6Only parse_socket_address_bind_ipv6_only_or_bool(const char *n) {
808 int r;
809
810 r = parse_boolean(n);
811 if (r > 0)
812 return SOCKET_ADDRESS_IPV6_ONLY;
813 if (r == 0)
814 return SOCKET_ADDRESS_BOTH;
815
816 return socket_address_bind_ipv6_only_from_string(n);
817 }
818
819 bool sockaddr_equal(const union sockaddr_union *a, const union sockaddr_union *b) {
820 assert(a);
821 assert(b);
822
823 if (a->sa.sa_family != b->sa.sa_family)
824 return false;
825
826 if (a->sa.sa_family == AF_INET)
827 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
828
829 if (a->sa.sa_family == AF_INET6)
830 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
831
832 if (a->sa.sa_family == AF_VSOCK)
833 return a->vm.svm_cid == b->vm.svm_cid;
834
835 return false;
836 }
837
838 int fd_inc_sndbuf(int fd, size_t n) {
839 int r, value;
840 socklen_t l = sizeof(value);
841
842 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
843 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
844 return 0;
845
846 /* If we have the privileges we will ignore the kernel limit. */
847
848 value = (int) n;
849 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
850 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
851 return -errno;
852
853 return 1;
854 }
855
856 int fd_inc_rcvbuf(int fd, size_t n) {
857 int r, value;
858 socklen_t l = sizeof(value);
859
860 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
861 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
862 return 0;
863
864 /* If we have the privileges we will ignore the kernel limit. */
865
866 value = (int) n;
867 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
868 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
869 return -errno;
870 return 1;
871 }
872
873 static const char* const ip_tos_table[] = {
874 [IPTOS_LOWDELAY] = "low-delay",
875 [IPTOS_THROUGHPUT] = "throughput",
876 [IPTOS_RELIABILITY] = "reliability",
877 [IPTOS_LOWCOST] = "low-cost",
878 };
879
880 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
881
882 bool ifname_valid(const char *p) {
883 bool numeric = true;
884
885 /* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
886 * but slightly stricter, as we only allow non-control, non-space ASCII characters in the interface name. We
887 * also don't permit names that only container numbers, to avoid confusion with numeric interface indexes. */
888
889 if (isempty(p))
890 return false;
891
892 if (strlen(p) >= IFNAMSIZ)
893 return false;
894
895 if (dot_or_dot_dot(p))
896 return false;
897
898 while (*p) {
899 if ((unsigned char) *p >= 127U)
900 return false;
901
902 if ((unsigned char) *p <= 32U)
903 return false;
904
905 if (IN_SET(*p, ':', '/'))
906 return false;
907
908 numeric = numeric && (*p >= '0' && *p <= '9');
909 p++;
910 }
911
912 if (numeric)
913 return false;
914
915 return true;
916 }
917
918 bool address_label_valid(const char *p) {
919
920 if (isempty(p))
921 return false;
922
923 if (strlen(p) >= IFNAMSIZ)
924 return false;
925
926 while (*p) {
927 if ((uint8_t) *p >= 127U)
928 return false;
929
930 if ((uint8_t) *p <= 31U)
931 return false;
932 p++;
933 }
934
935 return true;
936 }
937
938 int getpeercred(int fd, struct ucred *ucred) {
939 socklen_t n = sizeof(struct ucred);
940 struct ucred u;
941 int r;
942
943 assert(fd >= 0);
944 assert(ucred);
945
946 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
947 if (r < 0)
948 return -errno;
949
950 if (n != sizeof(struct ucred))
951 return -EIO;
952
953 /* Check if the data is actually useful and not suppressed due to namespacing issues */
954 if (!pid_is_valid(u.pid))
955 return -ENODATA;
956
957 /* Note that we don't check UID/GID here, as namespace translation works differently there: instead of
958 * receiving in "invalid" user/group we get the overflow UID/GID. */
959
960 *ucred = u;
961 return 0;
962 }
963
964 int getpeersec(int fd, char **ret) {
965 _cleanup_free_ char *s = NULL;
966 socklen_t n = 64;
967
968 assert(fd >= 0);
969 assert(ret);
970
971 for (;;) {
972 s = new0(char, n+1);
973 if (!s)
974 return -ENOMEM;
975
976 if (getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n) >= 0)
977 break;
978
979 if (errno != ERANGE)
980 return -errno;
981
982 s = mfree(s);
983 }
984
985 if (isempty(s))
986 return -EOPNOTSUPP;
987
988 *ret = TAKE_PTR(s);
989
990 return 0;
991 }
992
993 int getpeergroups(int fd, gid_t **ret) {
994 socklen_t n = sizeof(gid_t) * 64;
995 _cleanup_free_ gid_t *d = NULL;
996
997 assert(fd >= 0);
998 assert(ret);
999
1000 for (;;) {
1001 d = malloc(n);
1002 if (!d)
1003 return -ENOMEM;
1004
1005 if (getsockopt(fd, SOL_SOCKET, SO_PEERGROUPS, d, &n) >= 0)
1006 break;
1007
1008 if (errno != ERANGE)
1009 return -errno;
1010
1011 d = mfree(d);
1012 }
1013
1014 assert_se(n % sizeof(gid_t) == 0);
1015 n /= sizeof(gid_t);
1016
1017 if ((socklen_t) (int) n != n)
1018 return -E2BIG;
1019
1020 *ret = d;
1021 d = NULL;
1022
1023 return (int) n;
1024 }
1025
1026 int send_one_fd_sa(
1027 int transport_fd,
1028 int fd,
1029 const struct sockaddr *sa, socklen_t len,
1030 int flags) {
1031
1032 union {
1033 struct cmsghdr cmsghdr;
1034 uint8_t buf[CMSG_SPACE(sizeof(int))];
1035 } control = {};
1036 struct msghdr mh = {
1037 .msg_name = (struct sockaddr*) sa,
1038 .msg_namelen = len,
1039 .msg_control = &control,
1040 .msg_controllen = sizeof(control),
1041 };
1042 struct cmsghdr *cmsg;
1043
1044 assert(transport_fd >= 0);
1045 assert(fd >= 0);
1046
1047 cmsg = CMSG_FIRSTHDR(&mh);
1048 cmsg->cmsg_level = SOL_SOCKET;
1049 cmsg->cmsg_type = SCM_RIGHTS;
1050 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
1051 memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
1052
1053 mh.msg_controllen = CMSG_SPACE(sizeof(int));
1054 if (sendmsg(transport_fd, &mh, MSG_NOSIGNAL | flags) < 0)
1055 return -errno;
1056
1057 return 0;
1058 }
1059
1060 int receive_one_fd(int transport_fd, int flags) {
1061 union {
1062 struct cmsghdr cmsghdr;
1063 uint8_t buf[CMSG_SPACE(sizeof(int))];
1064 } control = {};
1065 struct msghdr mh = {
1066 .msg_control = &control,
1067 .msg_controllen = sizeof(control),
1068 };
1069 struct cmsghdr *cmsg, *found = NULL;
1070
1071 assert(transport_fd >= 0);
1072
1073 /*
1074 * Receive a single FD via @transport_fd. We don't care for
1075 * the transport-type. We retrieve a single FD at most, so for
1076 * packet-based transports, the caller must ensure to send
1077 * only a single FD per packet. This is best used in
1078 * combination with send_one_fd().
1079 */
1080
1081 if (recvmsg(transport_fd, &mh, MSG_NOSIGNAL | MSG_CMSG_CLOEXEC | flags) < 0)
1082 return -errno;
1083
1084 CMSG_FOREACH(cmsg, &mh) {
1085 if (cmsg->cmsg_level == SOL_SOCKET &&
1086 cmsg->cmsg_type == SCM_RIGHTS &&
1087 cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
1088 assert(!found);
1089 found = cmsg;
1090 break;
1091 }
1092 }
1093
1094 if (!found) {
1095 cmsg_close_all(&mh);
1096 return -EIO;
1097 }
1098
1099 return *(int*) CMSG_DATA(found);
1100 }
1101
1102 ssize_t next_datagram_size_fd(int fd) {
1103 ssize_t l;
1104 int k;
1105
1106 /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
1107 * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD doesn't
1108 * do. This difference is actually of major importance as we need to be sure that the size returned here
1109 * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
1110 * the wrong size. */
1111
1112 l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
1113 if (l < 0) {
1114 if (IN_SET(errno, EOPNOTSUPP, EFAULT))
1115 goto fallback;
1116
1117 return -errno;
1118 }
1119 if (l == 0)
1120 goto fallback;
1121
1122 return l;
1123
1124 fallback:
1125 k = 0;
1126
1127 /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
1128 * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
1129
1130 if (ioctl(fd, FIONREAD, &k) < 0)
1131 return -errno;
1132
1133 return (ssize_t) k;
1134 }
1135
1136 int flush_accept(int fd) {
1137
1138 struct pollfd pollfd = {
1139 .fd = fd,
1140 .events = POLLIN,
1141 };
1142 int r;
1143
1144
1145 /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately closing them. */
1146
1147 for (;;) {
1148 int cfd;
1149
1150 r = poll(&pollfd, 1, 0);
1151 if (r < 0) {
1152 if (errno == EINTR)
1153 continue;
1154
1155 return -errno;
1156
1157 } else if (r == 0)
1158 return 0;
1159
1160 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1161 if (cfd < 0) {
1162 if (errno == EINTR)
1163 continue;
1164
1165 if (errno == EAGAIN)
1166 return 0;
1167
1168 return -errno;
1169 }
1170
1171 close(cfd);
1172 }
1173 }
1174
1175 struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length) {
1176 struct cmsghdr *cmsg;
1177
1178 assert(mh);
1179
1180 CMSG_FOREACH(cmsg, mh)
1181 if (cmsg->cmsg_level == level &&
1182 cmsg->cmsg_type == type &&
1183 (length == (socklen_t) -1 || length == cmsg->cmsg_len))
1184 return cmsg;
1185
1186 return NULL;
1187 }
1188
1189 int socket_ioctl_fd(void) {
1190 int fd;
1191
1192 /* Create a socket to invoke the various network interface ioctl()s on. Traditionally only AF_INET was good for
1193 * that. Since kernel 4.6 AF_NETLINK works for this too. We first try to use AF_INET hence, but if that's not
1194 * available (for example, because it is made unavailable via SECCOMP or such), we'll fall back to the more
1195 * generic AF_NETLINK. */
1196
1197 fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0);
1198 if (fd < 0)
1199 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_GENERIC);
1200 if (fd < 0)
1201 return -errno;
1202
1203 return fd;
1204 }
Unnamed repository; edit this file 'description' to name the repository.