]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/socket-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #7191 from Mic92/systemd
[thirdparty/systemd.git] / src / basic / socket-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19 ***/
20
21 #include <arpa/inet.h>
22 #include <errno.h>
23 #include <limits.h>
24 #include <net/if.h>
25 #include <netdb.h>
26 #include <netinet/ip.h>
27 #include <poll.h>
28 #include <stddef.h>
29 #include <stdint.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <unistd.h>
34
35 #include "alloc-util.h"
36 #include "fd-util.h"
37 #include "fileio.h"
38 #include "format-util.h"
39 #include "log.h"
40 #include "macro.h"
41 #include "missing.h"
42 #include "parse-util.h"
43 #include "path-util.h"
44 #include "socket-util.h"
45 #include "string-table.h"
46 #include "string-util.h"
47 #include "strv.h"
48 #include "user-util.h"
49 #include "utf8.h"
50 #include "util.h"
51
52 #if ENABLE_IDN
53 # define IDN_FLAGS (NI_IDN|NI_IDN_USE_STD3_ASCII_RULES)
54 #else
55 # define IDN_FLAGS 0
56 #endif
57
58 static const char* const socket_address_type_table[] = {
59 [SOCK_STREAM] = "Stream",
60 [SOCK_DGRAM] = "Datagram",
61 [SOCK_RAW] = "Raw",
62 [SOCK_RDM] = "ReliableDatagram",
63 [SOCK_SEQPACKET] = "SequentialPacket",
64 [SOCK_DCCP] = "DatagramCongestionControl",
65 };
66
67 DEFINE_STRING_TABLE_LOOKUP(socket_address_type, int);
68
69 int socket_address_parse(SocketAddress *a, const char *s) {
70 char *e, *n;
71 int r;
72
73 assert(a);
74 assert(s);
75
76 zero(*a);
77 a->type = SOCK_STREAM;
78
79 if (*s == '[') {
80 uint16_t port;
81
82 /* IPv6 in [x:.....:z]:p notation */
83
84 e = strchr(s+1, ']');
85 if (!e)
86 return -EINVAL;
87
88 n = strndupa(s+1, e-s-1);
89
90 errno = 0;
91 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
92 return errno > 0 ? -errno : -EINVAL;
93
94 e++;
95 if (*e != ':')
96 return -EINVAL;
97
98 e++;
99 r = parse_ip_port(e, &port);
100 if (r < 0)
101 return r;
102
103 a->sockaddr.in6.sin6_family = AF_INET6;
104 a->sockaddr.in6.sin6_port = htobe16(port);
105 a->size = sizeof(struct sockaddr_in6);
106
107 } else if (*s == '/') {
108 /* AF_UNIX socket */
109
110 size_t l;
111
112 l = strlen(s);
113 if (l >= sizeof(a->sockaddr.un.sun_path))
114 return -EINVAL;
115
116 a->sockaddr.un.sun_family = AF_UNIX;
117 memcpy(a->sockaddr.un.sun_path, s, l);
118 a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
119
120 } else if (*s == '@') {
121 /* Abstract AF_UNIX socket */
122 size_t l;
123
124 l = strlen(s+1);
125 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
126 return -EINVAL;
127
128 a->sockaddr.un.sun_family = AF_UNIX;
129 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
130 a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
131
132 } else if (startswith(s, "vsock:")) {
133 /* AF_VSOCK socket in vsock:cid:port notation */
134 const char *cid_start = s + STRLEN("vsock:");
135 unsigned port;
136
137 e = strchr(cid_start, ':');
138 if (!e)
139 return -EINVAL;
140
141 r = safe_atou(e+1, &port);
142 if (r < 0)
143 return r;
144
145 n = strndupa(cid_start, e - cid_start);
146 if (!isempty(n)) {
147 r = safe_atou(n, &a->sockaddr.vm.svm_cid);
148 if (r < 0)
149 return r;
150 } else
151 a->sockaddr.vm.svm_cid = VMADDR_CID_ANY;
152
153 a->sockaddr.vm.svm_family = AF_VSOCK;
154 a->sockaddr.vm.svm_port = port;
155 a->size = sizeof(struct sockaddr_vm);
156
157 } else {
158 uint16_t port;
159
160 e = strchr(s, ':');
161 if (e) {
162 r = parse_ip_port(e + 1, &port);
163 if (r < 0)
164 return r;
165
166 n = strndupa(s, e-s);
167
168 /* IPv4 in w.x.y.z:p notation? */
169 r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
170 if (r < 0)
171 return -errno;
172
173 if (r > 0) {
174 /* Gotcha, it's a traditional IPv4 address */
175 a->sockaddr.in.sin_family = AF_INET;
176 a->sockaddr.in.sin_port = htobe16(port);
177 a->size = sizeof(struct sockaddr_in);
178 } else {
179 unsigned idx;
180
181 if (strlen(n) > IF_NAMESIZE-1)
182 return -EINVAL;
183
184 /* Uh, our last resort, an interface name */
185 idx = if_nametoindex(n);
186 if (idx == 0)
187 return -EINVAL;
188
189 a->sockaddr.in6.sin6_family = AF_INET6;
190 a->sockaddr.in6.sin6_port = htobe16(port);
191 a->sockaddr.in6.sin6_scope_id = idx;
192 a->sockaddr.in6.sin6_addr = in6addr_any;
193 a->size = sizeof(struct sockaddr_in6);
194 }
195 } else {
196
197 /* Just a port */
198 r = parse_ip_port(s, &port);
199 if (r < 0)
200 return r;
201
202 if (socket_ipv6_is_supported()) {
203 a->sockaddr.in6.sin6_family = AF_INET6;
204 a->sockaddr.in6.sin6_port = htobe16(port);
205 a->sockaddr.in6.sin6_addr = in6addr_any;
206 a->size = sizeof(struct sockaddr_in6);
207 } else {
208 a->sockaddr.in.sin_family = AF_INET;
209 a->sockaddr.in.sin_port = htobe16(port);
210 a->sockaddr.in.sin_addr.s_addr = INADDR_ANY;
211 a->size = sizeof(struct sockaddr_in);
212 }
213 }
214 }
215
216 return 0;
217 }
218
219 int socket_address_parse_and_warn(SocketAddress *a, const char *s) {
220 SocketAddress b;
221 int r;
222
223 /* Similar to socket_address_parse() but warns for IPv6 sockets when we don't support them. */
224
225 r = socket_address_parse(&b, s);
226 if (r < 0)
227 return r;
228
229 if (!socket_ipv6_is_supported() && b.sockaddr.sa.sa_family == AF_INET6) {
230 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
231 return -EAFNOSUPPORT;
232 }
233
234 *a = b;
235 return 0;
236 }
237
238 int socket_address_parse_netlink(SocketAddress *a, const char *s) {
239 int family;
240 unsigned group = 0;
241 _cleanup_free_ char *sfamily = NULL;
242 assert(a);
243 assert(s);
244
245 zero(*a);
246 a->type = SOCK_RAW;
247
248 errno = 0;
249 if (sscanf(s, "%ms %u", &sfamily, &group) < 1)
250 return errno > 0 ? -errno : -EINVAL;
251
252 family = netlink_family_from_string(sfamily);
253 if (family < 0)
254 return -EINVAL;
255
256 a->sockaddr.nl.nl_family = AF_NETLINK;
257 a->sockaddr.nl.nl_groups = group;
258
259 a->type = SOCK_RAW;
260 a->size = sizeof(struct sockaddr_nl);
261 a->protocol = family;
262
263 return 0;
264 }
265
266 int socket_address_verify(const SocketAddress *a) {
267 assert(a);
268
269 switch (socket_address_family(a)) {
270
271 case AF_INET:
272 if (a->size != sizeof(struct sockaddr_in))
273 return -EINVAL;
274
275 if (a->sockaddr.in.sin_port == 0)
276 return -EINVAL;
277
278 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
279 return -EINVAL;
280
281 return 0;
282
283 case AF_INET6:
284 if (a->size != sizeof(struct sockaddr_in6))
285 return -EINVAL;
286
287 if (a->sockaddr.in6.sin6_port == 0)
288 return -EINVAL;
289
290 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
291 return -EINVAL;
292
293 return 0;
294
295 case AF_UNIX:
296 if (a->size < offsetof(struct sockaddr_un, sun_path))
297 return -EINVAL;
298
299 if (a->size > offsetof(struct sockaddr_un, sun_path)) {
300
301 if (a->sockaddr.un.sun_path[0] != 0) {
302 char *e;
303
304 /* path */
305 e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path));
306 if (!e)
307 return -EINVAL;
308
309 if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
310 return -EINVAL;
311 }
312 }
313
314 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM, SOCK_SEQPACKET))
315 return -EINVAL;
316
317 return 0;
318
319 case AF_NETLINK:
320
321 if (a->size != sizeof(struct sockaddr_nl))
322 return -EINVAL;
323
324 if (!IN_SET(a->type, SOCK_RAW, SOCK_DGRAM))
325 return -EINVAL;
326
327 return 0;
328
329 case AF_VSOCK:
330 if (a->size != sizeof(struct sockaddr_vm))
331 return -EINVAL;
332
333 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
334 return -EINVAL;
335
336 return 0;
337
338 default:
339 return -EAFNOSUPPORT;
340 }
341 }
342
343 int socket_address_print(const SocketAddress *a, char **ret) {
344 int r;
345
346 assert(a);
347 assert(ret);
348
349 r = socket_address_verify(a);
350 if (r < 0)
351 return r;
352
353 if (socket_address_family(a) == AF_NETLINK) {
354 _cleanup_free_ char *sfamily = NULL;
355
356 r = netlink_family_to_string_alloc(a->protocol, &sfamily);
357 if (r < 0)
358 return r;
359
360 r = asprintf(ret, "%s %u", sfamily, a->sockaddr.nl.nl_groups);
361 if (r < 0)
362 return -ENOMEM;
363
364 return 0;
365 }
366
367 return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
368 }
369
370 bool socket_address_can_accept(const SocketAddress *a) {
371 assert(a);
372
373 return
374 IN_SET(a->type, SOCK_STREAM, SOCK_SEQPACKET);
375 }
376
377 bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
378 assert(a);
379 assert(b);
380
381 /* Invalid addresses are unequal to all */
382 if (socket_address_verify(a) < 0 ||
383 socket_address_verify(b) < 0)
384 return false;
385
386 if (a->type != b->type)
387 return false;
388
389 if (socket_address_family(a) != socket_address_family(b))
390 return false;
391
392 switch (socket_address_family(a)) {
393
394 case AF_INET:
395 if (a->sockaddr.in.sin_addr.s_addr != b->sockaddr.in.sin_addr.s_addr)
396 return false;
397
398 if (a->sockaddr.in.sin_port != b->sockaddr.in.sin_port)
399 return false;
400
401 break;
402
403 case AF_INET6:
404 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
405 return false;
406
407 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
408 return false;
409
410 break;
411
412 case AF_UNIX:
413 if (a->size <= offsetof(struct sockaddr_un, sun_path) ||
414 b->size <= offsetof(struct sockaddr_un, sun_path))
415 return false;
416
417 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
418 return false;
419
420 if (a->sockaddr.un.sun_path[0]) {
421 if (!path_equal_or_files_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, 0))
422 return false;
423 } else {
424 if (a->size != b->size)
425 return false;
426
427 if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
428 return false;
429 }
430
431 break;
432
433 case AF_NETLINK:
434 if (a->protocol != b->protocol)
435 return false;
436
437 if (a->sockaddr.nl.nl_groups != b->sockaddr.nl.nl_groups)
438 return false;
439
440 break;
441
442 case AF_VSOCK:
443 if (a->sockaddr.vm.svm_cid != b->sockaddr.vm.svm_cid)
444 return false;
445
446 if (a->sockaddr.vm.svm_port != b->sockaddr.vm.svm_port)
447 return false;
448
449 break;
450
451 default:
452 /* Cannot compare, so we assume the addresses are different */
453 return false;
454 }
455
456 return true;
457 }
458
459 bool socket_address_is(const SocketAddress *a, const char *s, int type) {
460 struct SocketAddress b;
461
462 assert(a);
463 assert(s);
464
465 if (socket_address_parse(&b, s) < 0)
466 return false;
467
468 b.type = type;
469
470 return socket_address_equal(a, &b);
471 }
472
473 bool socket_address_is_netlink(const SocketAddress *a, const char *s) {
474 struct SocketAddress b;
475
476 assert(a);
477 assert(s);
478
479 if (socket_address_parse_netlink(&b, s) < 0)
480 return false;
481
482 return socket_address_equal(a, &b);
483 }
484
485 const char* socket_address_get_path(const SocketAddress *a) {
486 assert(a);
487
488 if (socket_address_family(a) != AF_UNIX)
489 return NULL;
490
491 if (a->sockaddr.un.sun_path[0] == 0)
492 return NULL;
493
494 return a->sockaddr.un.sun_path;
495 }
496
497 bool socket_ipv6_is_supported(void) {
498 if (access("/proc/net/if_inet6", F_OK) != 0)
499 return false;
500
501 return true;
502 }
503
504 bool socket_address_matches_fd(const SocketAddress *a, int fd) {
505 SocketAddress b;
506 socklen_t solen;
507
508 assert(a);
509 assert(fd >= 0);
510
511 b.size = sizeof(b.sockaddr);
512 if (getsockname(fd, &b.sockaddr.sa, &b.size) < 0)
513 return false;
514
515 if (b.sockaddr.sa.sa_family != a->sockaddr.sa.sa_family)
516 return false;
517
518 solen = sizeof(b.type);
519 if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &b.type, &solen) < 0)
520 return false;
521
522 if (b.type != a->type)
523 return false;
524
525 if (a->protocol != 0) {
526 solen = sizeof(b.protocol);
527 if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &b.protocol, &solen) < 0)
528 return false;
529
530 if (b.protocol != a->protocol)
531 return false;
532 }
533
534 return socket_address_equal(a, &b);
535 }
536
537 int sockaddr_port(const struct sockaddr *_sa, unsigned *ret_port) {
538 union sockaddr_union *sa = (union sockaddr_union*) _sa;
539
540 /* Note, this returns the port as 'unsigned' rather than 'uint16_t', as AF_VSOCK knows larger ports */
541
542 assert(sa);
543
544 switch (sa->sa.sa_family) {
545
546 case AF_INET:
547 *ret_port = be16toh(sa->in.sin_port);
548 return 0;
549
550 case AF_INET6:
551 *ret_port = be16toh(sa->in6.sin6_port);
552 return 0;
553
554 case AF_VSOCK:
555 *ret_port = sa->vm.svm_port;
556 return 0;
557
558 default:
559 return -EAFNOSUPPORT;
560 }
561 }
562
563 int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
564 union sockaddr_union *sa = (union sockaddr_union*) _sa;
565 char *p;
566 int r;
567
568 assert(sa);
569 assert(salen >= sizeof(sa->sa.sa_family));
570
571 switch (sa->sa.sa_family) {
572
573 case AF_INET: {
574 uint32_t a;
575
576 a = be32toh(sa->in.sin_addr.s_addr);
577
578 if (include_port)
579 r = asprintf(&p,
580 "%u.%u.%u.%u:%u",
581 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
582 be16toh(sa->in.sin_port));
583 else
584 r = asprintf(&p,
585 "%u.%u.%u.%u",
586 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF);
587 if (r < 0)
588 return -ENOMEM;
589 break;
590 }
591
592 case AF_INET6: {
593 static const unsigned char ipv4_prefix[] = {
594 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
595 };
596
597 if (translate_ipv6 &&
598 memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
599 const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
600 if (include_port)
601 r = asprintf(&p,
602 "%u.%u.%u.%u:%u",
603 a[0], a[1], a[2], a[3],
604 be16toh(sa->in6.sin6_port));
605 else
606 r = asprintf(&p,
607 "%u.%u.%u.%u",
608 a[0], a[1], a[2], a[3]);
609 if (r < 0)
610 return -ENOMEM;
611 } else {
612 char a[INET6_ADDRSTRLEN];
613
614 inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
615
616 if (include_port) {
617 r = asprintf(&p,
618 "[%s]:%u",
619 a,
620 be16toh(sa->in6.sin6_port));
621 if (r < 0)
622 return -ENOMEM;
623 } else {
624 p = strdup(a);
625 if (!p)
626 return -ENOMEM;
627 }
628 }
629
630 break;
631 }
632
633 case AF_UNIX:
634 if (salen <= offsetof(struct sockaddr_un, sun_path)) {
635 p = strdup("<unnamed>");
636 if (!p)
637 return -ENOMEM;
638
639 } else if (sa->un.sun_path[0] == 0) {
640 /* abstract */
641
642 /* FIXME: We assume we can print the
643 * socket path here and that it hasn't
644 * more than one NUL byte. That is
645 * actually an invalid assumption */
646
647 p = new(char, sizeof(sa->un.sun_path)+1);
648 if (!p)
649 return -ENOMEM;
650
651 p[0] = '@';
652 memcpy(p+1, sa->un.sun_path+1, sizeof(sa->un.sun_path)-1);
653 p[sizeof(sa->un.sun_path)] = 0;
654
655 } else {
656 p = strndup(sa->un.sun_path, sizeof(sa->un.sun_path));
657 if (!p)
658 return -ENOMEM;
659 }
660
661 break;
662
663 case AF_VSOCK:
664 if (include_port)
665 r = asprintf(&p,
666 "vsock:%u:%u",
667 sa->vm.svm_cid,
668 sa->vm.svm_port);
669 else
670 r = asprintf(&p, "vsock:%u", sa->vm.svm_cid);
671 if (r < 0)
672 return -ENOMEM;
673 break;
674
675 default:
676 return -EOPNOTSUPP;
677 }
678
679
680 *ret = p;
681 return 0;
682 }
683
684 int getpeername_pretty(int fd, bool include_port, char **ret) {
685 union sockaddr_union sa;
686 socklen_t salen = sizeof(sa);
687 int r;
688
689 assert(fd >= 0);
690 assert(ret);
691
692 if (getpeername(fd, &sa.sa, &salen) < 0)
693 return -errno;
694
695 if (sa.sa.sa_family == AF_UNIX) {
696 struct ucred ucred = {};
697
698 /* UNIX connection sockets are anonymous, so let's use
699 * PID/UID as pretty credentials instead */
700
701 r = getpeercred(fd, &ucred);
702 if (r < 0)
703 return r;
704
705 if (asprintf(ret, "PID "PID_FMT"/UID "UID_FMT, ucred.pid, ucred.uid) < 0)
706 return -ENOMEM;
707
708 return 0;
709 }
710
711 /* For remote sockets we translate IPv6 addresses back to IPv4
712 * if applicable, since that's nicer. */
713
714 return sockaddr_pretty(&sa.sa, salen, true, include_port, ret);
715 }
716
717 int getsockname_pretty(int fd, char **ret) {
718 union sockaddr_union sa;
719 socklen_t salen = sizeof(sa);
720
721 assert(fd >= 0);
722 assert(ret);
723
724 if (getsockname(fd, &sa.sa, &salen) < 0)
725 return -errno;
726
727 /* For local sockets we do not translate IPv6 addresses back
728 * to IPv6 if applicable, since this is usually used for
729 * listening sockets where the difference between IPv4 and
730 * IPv6 matters. */
731
732 return sockaddr_pretty(&sa.sa, salen, false, true, ret);
733 }
734
735 int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
736 int r;
737 char host[NI_MAXHOST], *ret;
738
739 assert(_ret);
740
741 r = getnameinfo(&sa->sa, salen, host, sizeof(host), NULL, 0, IDN_FLAGS);
742 if (r != 0) {
743 int saved_errno = errno;
744
745 r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
746 if (r < 0)
747 return r;
748
749 log_debug_errno(saved_errno, "getnameinfo(%s) failed: %m", ret);
750 } else {
751 ret = strdup(host);
752 if (!ret)
753 return -ENOMEM;
754 }
755
756 *_ret = ret;
757 return 0;
758 }
759
760 int getnameinfo_pretty(int fd, char **ret) {
761 union sockaddr_union sa;
762 socklen_t salen = sizeof(sa);
763
764 assert(fd >= 0);
765 assert(ret);
766
767 if (getsockname(fd, &sa.sa, &salen) < 0)
768 return -errno;
769
770 return socknameinfo_pretty(&sa, salen, ret);
771 }
772
773 int socket_address_unlink(SocketAddress *a) {
774 assert(a);
775
776 if (socket_address_family(a) != AF_UNIX)
777 return 0;
778
779 if (a->sockaddr.un.sun_path[0] == 0)
780 return 0;
781
782 if (unlink(a->sockaddr.un.sun_path) < 0)
783 return -errno;
784
785 return 1;
786 }
787
788 static const char* const netlink_family_table[] = {
789 [NETLINK_ROUTE] = "route",
790 [NETLINK_FIREWALL] = "firewall",
791 [NETLINK_INET_DIAG] = "inet-diag",
792 [NETLINK_NFLOG] = "nflog",
793 [NETLINK_XFRM] = "xfrm",
794 [NETLINK_SELINUX] = "selinux",
795 [NETLINK_ISCSI] = "iscsi",
796 [NETLINK_AUDIT] = "audit",
797 [NETLINK_FIB_LOOKUP] = "fib-lookup",
798 [NETLINK_CONNECTOR] = "connector",
799 [NETLINK_NETFILTER] = "netfilter",
800 [NETLINK_IP6_FW] = "ip6-fw",
801 [NETLINK_DNRTMSG] = "dnrtmsg",
802 [NETLINK_KOBJECT_UEVENT] = "kobject-uevent",
803 [NETLINK_GENERIC] = "generic",
804 [NETLINK_SCSITRANSPORT] = "scsitransport",
805 [NETLINK_ECRYPTFS] = "ecryptfs",
806 [NETLINK_RDMA] = "rdma",
807 };
808
809 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(netlink_family, int, INT_MAX);
810
811 static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
812 [SOCKET_ADDRESS_DEFAULT] = "default",
813 [SOCKET_ADDRESS_BOTH] = "both",
814 [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
815 };
816
817 DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);
818
819 SocketAddressBindIPv6Only parse_socket_address_bind_ipv6_only_or_bool(const char *n) {
820 int r;
821
822 r = parse_boolean(n);
823 if (r > 0)
824 return SOCKET_ADDRESS_IPV6_ONLY;
825 if (r == 0)
826 return SOCKET_ADDRESS_BOTH;
827
828 return socket_address_bind_ipv6_only_from_string(n);
829 }
830
831 bool sockaddr_equal(const union sockaddr_union *a, const union sockaddr_union *b) {
832 assert(a);
833 assert(b);
834
835 if (a->sa.sa_family != b->sa.sa_family)
836 return false;
837
838 if (a->sa.sa_family == AF_INET)
839 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
840
841 if (a->sa.sa_family == AF_INET6)
842 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
843
844 if (a->sa.sa_family == AF_VSOCK)
845 return a->vm.svm_cid == b->vm.svm_cid;
846
847 return false;
848 }
849
850 int fd_inc_sndbuf(int fd, size_t n) {
851 int r, value;
852 socklen_t l = sizeof(value);
853
854 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
855 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
856 return 0;
857
858 /* If we have the privileges we will ignore the kernel limit. */
859
860 value = (int) n;
861 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
862 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
863 return -errno;
864
865 return 1;
866 }
867
868 int fd_inc_rcvbuf(int fd, size_t n) {
869 int r, value;
870 socklen_t l = sizeof(value);
871
872 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
873 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
874 return 0;
875
876 /* If we have the privileges we will ignore the kernel limit. */
877
878 value = (int) n;
879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
880 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
881 return -errno;
882 return 1;
883 }
884
885 static const char* const ip_tos_table[] = {
886 [IPTOS_LOWDELAY] = "low-delay",
887 [IPTOS_THROUGHPUT] = "throughput",
888 [IPTOS_RELIABILITY] = "reliability",
889 [IPTOS_LOWCOST] = "low-cost",
890 };
891
892 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
893
894 bool ifname_valid(const char *p) {
895 bool numeric = true;
896
897 /* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
898 * but slightly stricter, as we only allow non-control, non-space ASCII characters in the interface name. We
899 * also don't permit names that only container numbers, to avoid confusion with numeric interface indexes. */
900
901 if (isempty(p))
902 return false;
903
904 if (strlen(p) >= IFNAMSIZ)
905 return false;
906
907 if (dot_or_dot_dot(p))
908 return false;
909
910 while (*p) {
911 if ((unsigned char) *p >= 127U)
912 return false;
913
914 if ((unsigned char) *p <= 32U)
915 return false;
916
917 if (IN_SET(*p, ':', '/'))
918 return false;
919
920 numeric = numeric && (*p >= '0' && *p <= '9');
921 p++;
922 }
923
924 if (numeric)
925 return false;
926
927 return true;
928 }
929
930 bool address_label_valid(const char *p) {
931
932 if (isempty(p))
933 return false;
934
935 if (strlen(p) >= IFNAMSIZ)
936 return false;
937
938 while (*p) {
939 if ((uint8_t) *p >= 127U)
940 return false;
941
942 if ((uint8_t) *p <= 31U)
943 return false;
944 p++;
945 }
946
947 return true;
948 }
949
950 int getpeercred(int fd, struct ucred *ucred) {
951 socklen_t n = sizeof(struct ucred);
952 struct ucred u;
953 int r;
954
955 assert(fd >= 0);
956 assert(ucred);
957
958 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
959 if (r < 0)
960 return -errno;
961
962 if (n != sizeof(struct ucred))
963 return -EIO;
964
965 /* Check if the data is actually useful and not suppressed due to namespacing issues */
966 if (!pid_is_valid(u.pid))
967 return -ENODATA;
968
969 /* Note that we don't check UID/GID here, as namespace translation works differently there: instead of
970 * receiving in "invalid" user/group we get the overflow UID/GID. */
971
972 *ucred = u;
973 return 0;
974 }
975
976 int getpeersec(int fd, char **ret) {
977 _cleanup_free_ char *s = NULL;
978 socklen_t n = 64;
979
980 assert(fd >= 0);
981 assert(ret);
982
983 for (;;) {
984 s = new0(char, n+1);
985 if (!s)
986 return -ENOMEM;
987
988 if (getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n) >= 0)
989 break;
990
991 if (errno != ERANGE)
992 return -errno;
993
994 s = mfree(s);
995 }
996
997 if (isempty(s))
998 return -EOPNOTSUPP;
999
1000 *ret = s;
1001 s = NULL;
1002
1003 return 0;
1004 }
1005
1006 int getpeergroups(int fd, gid_t **ret) {
1007 socklen_t n = sizeof(gid_t) * 64;
1008 _cleanup_free_ gid_t *d = NULL;
1009
1010 assert(fd);
1011 assert(ret);
1012
1013 for (;;) {
1014 d = malloc(n);
1015 if (!d)
1016 return -ENOMEM;
1017
1018 if (getsockopt(fd, SOL_SOCKET, SO_PEERGROUPS, d, &n) >= 0)
1019 break;
1020
1021 if (errno != ERANGE)
1022 return -errno;
1023
1024 d = mfree(d);
1025 }
1026
1027 assert_se(n % sizeof(gid_t) == 0);
1028 n /= sizeof(gid_t);
1029
1030 if ((socklen_t) (int) n != n)
1031 return -E2BIG;
1032
1033 *ret = d;
1034 d = NULL;
1035
1036 return (int) n;
1037 }
1038
1039 int send_one_fd_sa(
1040 int transport_fd,
1041 int fd,
1042 const struct sockaddr *sa, socklen_t len,
1043 int flags) {
1044
1045 union {
1046 struct cmsghdr cmsghdr;
1047 uint8_t buf[CMSG_SPACE(sizeof(int))];
1048 } control = {};
1049 struct msghdr mh = {
1050 .msg_name = (struct sockaddr*) sa,
1051 .msg_namelen = len,
1052 .msg_control = &control,
1053 .msg_controllen = sizeof(control),
1054 };
1055 struct cmsghdr *cmsg;
1056
1057 assert(transport_fd >= 0);
1058 assert(fd >= 0);
1059
1060 cmsg = CMSG_FIRSTHDR(&mh);
1061 cmsg->cmsg_level = SOL_SOCKET;
1062 cmsg->cmsg_type = SCM_RIGHTS;
1063 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
1064 memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
1065
1066 mh.msg_controllen = CMSG_SPACE(sizeof(int));
1067 if (sendmsg(transport_fd, &mh, MSG_NOSIGNAL | flags) < 0)
1068 return -errno;
1069
1070 return 0;
1071 }
1072
1073 int receive_one_fd(int transport_fd, int flags) {
1074 union {
1075 struct cmsghdr cmsghdr;
1076 uint8_t buf[CMSG_SPACE(sizeof(int))];
1077 } control = {};
1078 struct msghdr mh = {
1079 .msg_control = &control,
1080 .msg_controllen = sizeof(control),
1081 };
1082 struct cmsghdr *cmsg, *found = NULL;
1083
1084 assert(transport_fd >= 0);
1085
1086 /*
1087 * Receive a single FD via @transport_fd. We don't care for
1088 * the transport-type. We retrieve a single FD at most, so for
1089 * packet-based transports, the caller must ensure to send
1090 * only a single FD per packet. This is best used in
1091 * combination with send_one_fd().
1092 */
1093
1094 if (recvmsg(transport_fd, &mh, MSG_NOSIGNAL | MSG_CMSG_CLOEXEC | flags) < 0)
1095 return -errno;
1096
1097 CMSG_FOREACH(cmsg, &mh) {
1098 if (cmsg->cmsg_level == SOL_SOCKET &&
1099 cmsg->cmsg_type == SCM_RIGHTS &&
1100 cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
1101 assert(!found);
1102 found = cmsg;
1103 break;
1104 }
1105 }
1106
1107 if (!found) {
1108 cmsg_close_all(&mh);
1109 return -EIO;
1110 }
1111
1112 return *(int*) CMSG_DATA(found);
1113 }
1114
1115 ssize_t next_datagram_size_fd(int fd) {
1116 ssize_t l;
1117 int k;
1118
1119 /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
1120 * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD doesn't
1121 * do. This difference is actually of major importance as we need to be sure that the size returned here
1122 * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
1123 * the wrong size. */
1124
1125 l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
1126 if (l < 0) {
1127 if (IN_SET(errno, EOPNOTSUPP, EFAULT))
1128 goto fallback;
1129
1130 return -errno;
1131 }
1132 if (l == 0)
1133 goto fallback;
1134
1135 return l;
1136
1137 fallback:
1138 k = 0;
1139
1140 /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
1141 * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
1142
1143 if (ioctl(fd, FIONREAD, &k) < 0)
1144 return -errno;
1145
1146 return (ssize_t) k;
1147 }
1148
1149 int flush_accept(int fd) {
1150
1151 struct pollfd pollfd = {
1152 .fd = fd,
1153 .events = POLLIN,
1154 };
1155 int r;
1156
1157
1158 /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately closing them. */
1159
1160 for (;;) {
1161 int cfd;
1162
1163 r = poll(&pollfd, 1, 0);
1164 if (r < 0) {
1165 if (errno == EINTR)
1166 continue;
1167
1168 return -errno;
1169
1170 } else if (r == 0)
1171 return 0;
1172
1173 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1174 if (cfd < 0) {
1175 if (errno == EINTR)
1176 continue;
1177
1178 if (errno == EAGAIN)
1179 return 0;
1180
1181 return -errno;
1182 }
1183
1184 close(cfd);
1185 }
1186 }
1187
1188 struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length) {
1189 struct cmsghdr *cmsg;
1190
1191 assert(mh);
1192
1193 CMSG_FOREACH(cmsg, mh)
1194 if (cmsg->cmsg_level == level &&
1195 cmsg->cmsg_type == type &&
1196 (length == (socklen_t) -1 || length == cmsg->cmsg_len))
1197 return cmsg;
1198
1199 return NULL;
1200 }
1201
1202 int socket_ioctl_fd(void) {
1203 int fd;
1204
1205 /* Create a socket to invoke the various network interface ioctl()s on. Traditionally only AF_INET was good for
1206 * that. Since kernel 4.6 AF_NETLINK works for this too. We first try to use AF_INET hence, but if that's not
1207 * available (for example, because it is made unavailable via SECCOMP or such), we'll fall back to the more
1208 * generic AF_NETLINK. */
1209
1210 fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0);
1211 if (fd < 0)
1212 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_GENERIC);
1213 if (fd < 0)
1214 return -errno;
1215
1216 return fd;
1217 }
Unnamed repository; edit this file 'description' to name the repository.