1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering
13 #include <netinet/ip.h>
22 #include "alloc-util.h"
25 #include "format-util.h"
29 #include "parse-util.h"
30 #include "path-util.h"
31 #include "process-util.h"
32 #include "socket-util.h"
33 #include "string-table.h"
34 #include "string-util.h"
36 #include "user-util.h"
41 # define IDN_FLAGS NI_IDN
46 static const char* const socket_address_type_table
[] = {
47 [SOCK_STREAM
] = "Stream",
48 [SOCK_DGRAM
] = "Datagram",
50 [SOCK_RDM
] = "ReliableDatagram",
51 [SOCK_SEQPACKET
] = "SequentialPacket",
52 [SOCK_DCCP
] = "DatagramCongestionControl",
55 DEFINE_STRING_TABLE_LOOKUP(socket_address_type
, int);
57 int socket_address_parse(SocketAddress
*a
, const char *s
) {
65 a
->type
= SOCK_STREAM
;
70 /* IPv6 in [x:.....:z]:p notation */
76 n
= strndupa(s
+1, e
-s
-1);
79 if (inet_pton(AF_INET6
, n
, &a
->sockaddr
.in6
.sin6_addr
) <= 0)
80 return errno
> 0 ? -errno
: -EINVAL
;
87 r
= parse_ip_port(e
, &port
);
91 a
->sockaddr
.in6
.sin6_family
= AF_INET6
;
92 a
->sockaddr
.in6
.sin6_port
= htobe16(port
);
93 a
->size
= sizeof(struct sockaddr_in6
);
95 } else if (*s
== '/') {
101 if (l
>= sizeof(a
->sockaddr
.un
.sun_path
))
104 a
->sockaddr
.un
.sun_family
= AF_UNIX
;
105 memcpy(a
->sockaddr
.un
.sun_path
, s
, l
);
106 a
->size
= offsetof(struct sockaddr_un
, sun_path
) + l
+ 1;
108 } else if (*s
== '@') {
109 /* Abstract AF_UNIX socket */
113 if (l
>= sizeof(a
->sockaddr
.un
.sun_path
) - 1)
116 a
->sockaddr
.un
.sun_family
= AF_UNIX
;
117 memcpy(a
->sockaddr
.un
.sun_path
+1, s
+1, l
);
118 a
->size
= offsetof(struct sockaddr_un
, sun_path
) + 1 + l
;
120 } else if (startswith(s
, "vsock:")) {
121 /* AF_VSOCK socket in vsock:cid:port notation */
122 const char *cid_start
= s
+ STRLEN("vsock:");
125 e
= strchr(cid_start
, ':');
129 r
= safe_atou(e
+1, &port
);
133 n
= strndupa(cid_start
, e
- cid_start
);
135 r
= safe_atou(n
, &a
->sockaddr
.vm
.svm_cid
);
139 a
->sockaddr
.vm
.svm_cid
= VMADDR_CID_ANY
;
141 a
->sockaddr
.vm
.svm_family
= AF_VSOCK
;
142 a
->sockaddr
.vm
.svm_port
= port
;
143 a
->size
= sizeof(struct sockaddr_vm
);
150 r
= parse_ip_port(e
+ 1, &port
);
154 n
= strndupa(s
, e
-s
);
156 /* IPv4 in w.x.y.z:p notation? */
157 r
= inet_pton(AF_INET
, n
, &a
->sockaddr
.in
.sin_addr
);
162 /* Gotcha, it's a traditional IPv4 address */
163 a
->sockaddr
.in
.sin_family
= AF_INET
;
164 a
->sockaddr
.in
.sin_port
= htobe16(port
);
165 a
->size
= sizeof(struct sockaddr_in
);
169 if (strlen(n
) > IF_NAMESIZE
-1)
172 /* Uh, our last resort, an interface name */
173 idx
= if_nametoindex(n
);
177 a
->sockaddr
.in6
.sin6_family
= AF_INET6
;
178 a
->sockaddr
.in6
.sin6_port
= htobe16(port
);
179 a
->sockaddr
.in6
.sin6_scope_id
= idx
;
180 a
->sockaddr
.in6
.sin6_addr
= in6addr_any
;
181 a
->size
= sizeof(struct sockaddr_in6
);
186 r
= parse_ip_port(s
, &port
);
190 if (socket_ipv6_is_supported()) {
191 a
->sockaddr
.in6
.sin6_family
= AF_INET6
;
192 a
->sockaddr
.in6
.sin6_port
= htobe16(port
);
193 a
->sockaddr
.in6
.sin6_addr
= in6addr_any
;
194 a
->size
= sizeof(struct sockaddr_in6
);
196 a
->sockaddr
.in
.sin_family
= AF_INET
;
197 a
->sockaddr
.in
.sin_port
= htobe16(port
);
198 a
->sockaddr
.in
.sin_addr
.s_addr
= INADDR_ANY
;
199 a
->size
= sizeof(struct sockaddr_in
);
207 int socket_address_parse_and_warn(SocketAddress
*a
, const char *s
) {
211 /* Similar to socket_address_parse() but warns for IPv6 sockets when we don't support them. */
213 r
= socket_address_parse(&b
, s
);
217 if (!socket_ipv6_is_supported() && b
.sockaddr
.sa
.sa_family
== AF_INET6
) {
218 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
219 return -EAFNOSUPPORT
;
226 int socket_address_parse_netlink(SocketAddress
*a
, const char *s
) {
229 _cleanup_free_
char *sfamily
= NULL
;
237 if (sscanf(s
, "%ms %u", &sfamily
, &group
) < 1)
238 return errno
> 0 ? -errno
: -EINVAL
;
240 family
= netlink_family_from_string(sfamily
);
244 a
->sockaddr
.nl
.nl_family
= AF_NETLINK
;
245 a
->sockaddr
.nl
.nl_groups
= group
;
248 a
->size
= sizeof(struct sockaddr_nl
);
249 a
->protocol
= family
;
254 int socket_address_verify(const SocketAddress
*a
) {
257 switch (socket_address_family(a
)) {
260 if (a
->size
!= sizeof(struct sockaddr_in
))
263 if (a
->sockaddr
.in
.sin_port
== 0)
266 if (!IN_SET(a
->type
, SOCK_STREAM
, SOCK_DGRAM
))
272 if (a
->size
!= sizeof(struct sockaddr_in6
))
275 if (a
->sockaddr
.in6
.sin6_port
== 0)
278 if (!IN_SET(a
->type
, SOCK_STREAM
, SOCK_DGRAM
))
284 if (a
->size
< offsetof(struct sockaddr_un
, sun_path
))
287 if (a
->size
> offsetof(struct sockaddr_un
, sun_path
)) {
289 if (a
->sockaddr
.un
.sun_path
[0] != 0) {
293 e
= memchr(a
->sockaddr
.un
.sun_path
, 0, sizeof(a
->sockaddr
.un
.sun_path
));
297 if (a
->size
!= offsetof(struct sockaddr_un
, sun_path
) + (e
- a
->sockaddr
.un
.sun_path
) + 1)
302 if (!IN_SET(a
->type
, SOCK_STREAM
, SOCK_DGRAM
, SOCK_SEQPACKET
))
309 if (a
->size
!= sizeof(struct sockaddr_nl
))
312 if (!IN_SET(a
->type
, SOCK_RAW
, SOCK_DGRAM
))
318 if (a
->size
!= sizeof(struct sockaddr_vm
))
321 if (!IN_SET(a
->type
, SOCK_STREAM
, SOCK_DGRAM
))
327 return -EAFNOSUPPORT
;
331 int socket_address_print(const SocketAddress
*a
, char **ret
) {
337 r
= socket_address_verify(a
);
341 if (socket_address_family(a
) == AF_NETLINK
) {
342 _cleanup_free_
char *sfamily
= NULL
;
344 r
= netlink_family_to_string_alloc(a
->protocol
, &sfamily
);
348 r
= asprintf(ret
, "%s %u", sfamily
, a
->sockaddr
.nl
.nl_groups
);
355 return sockaddr_pretty(&a
->sockaddr
.sa
, a
->size
, false, true, ret
);
358 bool socket_address_can_accept(const SocketAddress
*a
) {
362 IN_SET(a
->type
, SOCK_STREAM
, SOCK_SEQPACKET
);
365 bool socket_address_equal(const SocketAddress
*a
, const SocketAddress
*b
) {
369 /* Invalid addresses are unequal to all */
370 if (socket_address_verify(a
) < 0 ||
371 socket_address_verify(b
) < 0)
374 if (a
->type
!= b
->type
)
377 if (socket_address_family(a
) != socket_address_family(b
))
380 switch (socket_address_family(a
)) {
383 if (a
->sockaddr
.in
.sin_addr
.s_addr
!= b
->sockaddr
.in
.sin_addr
.s_addr
)
386 if (a
->sockaddr
.in
.sin_port
!= b
->sockaddr
.in
.sin_port
)
392 if (memcmp(&a
->sockaddr
.in6
.sin6_addr
, &b
->sockaddr
.in6
.sin6_addr
, sizeof(a
->sockaddr
.in6
.sin6_addr
)) != 0)
395 if (a
->sockaddr
.in6
.sin6_port
!= b
->sockaddr
.in6
.sin6_port
)
401 if (a
->size
<= offsetof(struct sockaddr_un
, sun_path
) ||
402 b
->size
<= offsetof(struct sockaddr_un
, sun_path
))
405 if ((a
->sockaddr
.un
.sun_path
[0] == 0) != (b
->sockaddr
.un
.sun_path
[0] == 0))
408 if (a
->sockaddr
.un
.sun_path
[0]) {
409 if (!path_equal_or_files_same(a
->sockaddr
.un
.sun_path
, b
->sockaddr
.un
.sun_path
, 0))
412 if (a
->size
!= b
->size
)
415 if (memcmp(a
->sockaddr
.un
.sun_path
, b
->sockaddr
.un
.sun_path
, a
->size
) != 0)
422 if (a
->protocol
!= b
->protocol
)
425 if (a
->sockaddr
.nl
.nl_groups
!= b
->sockaddr
.nl
.nl_groups
)
431 if (a
->sockaddr
.vm
.svm_cid
!= b
->sockaddr
.vm
.svm_cid
)
434 if (a
->sockaddr
.vm
.svm_port
!= b
->sockaddr
.vm
.svm_port
)
440 /* Cannot compare, so we assume the addresses are different */
447 bool socket_address_is(const SocketAddress
*a
, const char *s
, int type
) {
448 struct SocketAddress b
;
453 if (socket_address_parse(&b
, s
) < 0)
458 return socket_address_equal(a
, &b
);
461 bool socket_address_is_netlink(const SocketAddress
*a
, const char *s
) {
462 struct SocketAddress b
;
467 if (socket_address_parse_netlink(&b
, s
) < 0)
470 return socket_address_equal(a
, &b
);
473 const char* socket_address_get_path(const SocketAddress
*a
) {
476 if (socket_address_family(a
) != AF_UNIX
)
479 if (a
->sockaddr
.un
.sun_path
[0] == 0)
482 return a
->sockaddr
.un
.sun_path
;
485 bool socket_ipv6_is_supported(void) {
486 if (access("/proc/net/if_inet6", F_OK
) != 0)
492 bool socket_address_matches_fd(const SocketAddress
*a
, int fd
) {
499 b
.size
= sizeof(b
.sockaddr
);
500 if (getsockname(fd
, &b
.sockaddr
.sa
, &b
.size
) < 0)
503 if (b
.sockaddr
.sa
.sa_family
!= a
->sockaddr
.sa
.sa_family
)
506 solen
= sizeof(b
.type
);
507 if (getsockopt(fd
, SOL_SOCKET
, SO_TYPE
, &b
.type
, &solen
) < 0)
510 if (b
.type
!= a
->type
)
513 if (a
->protocol
!= 0) {
514 solen
= sizeof(b
.protocol
);
515 if (getsockopt(fd
, SOL_SOCKET
, SO_PROTOCOL
, &b
.protocol
, &solen
) < 0)
518 if (b
.protocol
!= a
->protocol
)
522 return socket_address_equal(a
, &b
);
525 int sockaddr_port(const struct sockaddr
*_sa
, unsigned *ret_port
) {
526 union sockaddr_union
*sa
= (union sockaddr_union
*) _sa
;
528 /* Note, this returns the port as 'unsigned' rather than 'uint16_t', as AF_VSOCK knows larger ports */
532 switch (sa
->sa
.sa_family
) {
535 *ret_port
= be16toh(sa
->in
.sin_port
);
539 *ret_port
= be16toh(sa
->in6
.sin6_port
);
543 *ret_port
= sa
->vm
.svm_port
;
547 return -EAFNOSUPPORT
;
551 int sockaddr_pretty(const struct sockaddr
*_sa
, socklen_t salen
, bool translate_ipv6
, bool include_port
, char **ret
) {
552 union sockaddr_union
*sa
= (union sockaddr_union
*) _sa
;
557 assert(salen
>= sizeof(sa
->sa
.sa_family
));
559 switch (sa
->sa
.sa_family
) {
564 a
= be32toh(sa
->in
.sin_addr
.s_addr
);
569 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF,
570 be16toh(sa
->in
.sin_port
));
574 a
>> 24, (a
>> 16) & 0xFF, (a
>> 8) & 0xFF, a
& 0xFF);
581 static const unsigned char ipv4_prefix
[] = {
582 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
585 if (translate_ipv6
&&
586 memcmp(&sa
->in6
.sin6_addr
, ipv4_prefix
, sizeof(ipv4_prefix
)) == 0) {
587 const uint8_t *a
= sa
->in6
.sin6_addr
.s6_addr
+12;
591 a
[0], a
[1], a
[2], a
[3],
592 be16toh(sa
->in6
.sin6_port
));
596 a
[0], a
[1], a
[2], a
[3]);
600 char a
[INET6_ADDRSTRLEN
];
602 inet_ntop(AF_INET6
, &sa
->in6
.sin6_addr
, a
, sizeof(a
));
608 be16toh(sa
->in6
.sin6_port
));
622 if (salen
<= offsetof(struct sockaddr_un
, sun_path
)) {
623 p
= strdup("<unnamed>");
627 } else if (sa
->un
.sun_path
[0] == 0) {
630 /* FIXME: We assume we can print the
631 * socket path here and that it hasn't
632 * more than one NUL byte. That is
633 * actually an invalid assumption */
635 p
= new(char, sizeof(sa
->un
.sun_path
)+1);
640 memcpy(p
+1, sa
->un
.sun_path
+1, sizeof(sa
->un
.sun_path
)-1);
641 p
[sizeof(sa
->un
.sun_path
)] = 0;
644 p
= strndup(sa
->un
.sun_path
, sizeof(sa
->un
.sun_path
));
658 r
= asprintf(&p
, "vsock:%u", sa
->vm
.svm_cid
);
672 int getpeername_pretty(int fd
, bool include_port
, char **ret
) {
673 union sockaddr_union sa
;
674 socklen_t salen
= sizeof(sa
);
680 if (getpeername(fd
, &sa
.sa
, &salen
) < 0)
683 if (sa
.sa
.sa_family
== AF_UNIX
) {
684 struct ucred ucred
= {};
686 /* UNIX connection sockets are anonymous, so let's use
687 * PID/UID as pretty credentials instead */
689 r
= getpeercred(fd
, &ucred
);
693 if (asprintf(ret
, "PID "PID_FMT
"/UID "UID_FMT
, ucred
.pid
, ucred
.uid
) < 0)
699 /* For remote sockets we translate IPv6 addresses back to IPv4
700 * if applicable, since that's nicer. */
702 return sockaddr_pretty(&sa
.sa
, salen
, true, include_port
, ret
);
705 int getsockname_pretty(int fd
, char **ret
) {
706 union sockaddr_union sa
;
707 socklen_t salen
= sizeof(sa
);
712 if (getsockname(fd
, &sa
.sa
, &salen
) < 0)
715 /* For local sockets we do not translate IPv6 addresses back
716 * to IPv6 if applicable, since this is usually used for
717 * listening sockets where the difference between IPv4 and
720 return sockaddr_pretty(&sa
.sa
, salen
, false, true, ret
);
723 int socknameinfo_pretty(union sockaddr_union
*sa
, socklen_t salen
, char **_ret
) {
725 char host
[NI_MAXHOST
], *ret
;
729 r
= getnameinfo(&sa
->sa
, salen
, host
, sizeof(host
), NULL
, 0, IDN_FLAGS
);
731 int saved_errno
= errno
;
733 r
= sockaddr_pretty(&sa
->sa
, salen
, true, true, &ret
);
737 log_debug_errno(saved_errno
, "getnameinfo(%s) failed: %m", ret
);
748 int socket_address_unlink(SocketAddress
*a
) {
751 if (socket_address_family(a
) != AF_UNIX
)
754 if (a
->sockaddr
.un
.sun_path
[0] == 0)
757 if (unlink(a
->sockaddr
.un
.sun_path
) < 0)
763 static const char* const netlink_family_table
[] = {
764 [NETLINK_ROUTE
] = "route",
765 [NETLINK_FIREWALL
] = "firewall",
766 [NETLINK_INET_DIAG
] = "inet-diag",
767 [NETLINK_NFLOG
] = "nflog",
768 [NETLINK_XFRM
] = "xfrm",
769 [NETLINK_SELINUX
] = "selinux",
770 [NETLINK_ISCSI
] = "iscsi",
771 [NETLINK_AUDIT
] = "audit",
772 [NETLINK_FIB_LOOKUP
] = "fib-lookup",
773 [NETLINK_CONNECTOR
] = "connector",
774 [NETLINK_NETFILTER
] = "netfilter",
775 [NETLINK_IP6_FW
] = "ip6-fw",
776 [NETLINK_DNRTMSG
] = "dnrtmsg",
777 [NETLINK_KOBJECT_UEVENT
] = "kobject-uevent",
778 [NETLINK_GENERIC
] = "generic",
779 [NETLINK_SCSITRANSPORT
] = "scsitransport",
780 [NETLINK_ECRYPTFS
] = "ecryptfs",
781 [NETLINK_RDMA
] = "rdma",
784 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(netlink_family
, int, INT_MAX
);
786 static const char* const socket_address_bind_ipv6_only_table
[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX
] = {
787 [SOCKET_ADDRESS_DEFAULT
] = "default",
788 [SOCKET_ADDRESS_BOTH
] = "both",
789 [SOCKET_ADDRESS_IPV6_ONLY
] = "ipv6-only"
792 DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only
, SocketAddressBindIPv6Only
);
794 SocketAddressBindIPv6Only
parse_socket_address_bind_ipv6_only_or_bool(const char *n
) {
797 r
= parse_boolean(n
);
799 return SOCKET_ADDRESS_IPV6_ONLY
;
801 return SOCKET_ADDRESS_BOTH
;
803 return socket_address_bind_ipv6_only_from_string(n
);
806 bool sockaddr_equal(const union sockaddr_union
*a
, const union sockaddr_union
*b
) {
810 if (a
->sa
.sa_family
!= b
->sa
.sa_family
)
813 if (a
->sa
.sa_family
== AF_INET
)
814 return a
->in
.sin_addr
.s_addr
== b
->in
.sin_addr
.s_addr
;
816 if (a
->sa
.sa_family
== AF_INET6
)
817 return memcmp(&a
->in6
.sin6_addr
, &b
->in6
.sin6_addr
, sizeof(a
->in6
.sin6_addr
)) == 0;
819 if (a
->sa
.sa_family
== AF_VSOCK
)
820 return a
->vm
.svm_cid
== b
->vm
.svm_cid
;
825 int fd_inc_sndbuf(int fd
, size_t n
) {
827 socklen_t l
= sizeof(value
);
829 r
= getsockopt(fd
, SOL_SOCKET
, SO_SNDBUF
, &value
, &l
);
830 if (r
>= 0 && l
== sizeof(value
) && (size_t) value
>= n
*2)
833 /* If we have the privileges we will ignore the kernel limit. */
836 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUFFORCE
, &value
, sizeof(value
)) < 0)
837 if (setsockopt(fd
, SOL_SOCKET
, SO_SNDBUF
, &value
, sizeof(value
)) < 0)
843 int fd_inc_rcvbuf(int fd
, size_t n
) {
845 socklen_t l
= sizeof(value
);
847 r
= getsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &value
, &l
);
848 if (r
>= 0 && l
== sizeof(value
) && (size_t) value
>= n
*2)
851 /* If we have the privileges we will ignore the kernel limit. */
854 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUFFORCE
, &value
, sizeof(value
)) < 0)
855 if (setsockopt(fd
, SOL_SOCKET
, SO_RCVBUF
, &value
, sizeof(value
)) < 0)
860 static const char* const ip_tos_table
[] = {
861 [IPTOS_LOWDELAY
] = "low-delay",
862 [IPTOS_THROUGHPUT
] = "throughput",
863 [IPTOS_RELIABILITY
] = "reliability",
864 [IPTOS_LOWCOST
] = "low-cost",
867 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos
, int, 0xff);
869 bool ifname_valid(const char *p
) {
872 /* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
873 * but slightly stricter, as we only allow non-control, non-space ASCII characters in the interface name. We
874 * also don't permit names that only container numbers, to avoid confusion with numeric interface indexes. */
879 if (strlen(p
) >= IFNAMSIZ
)
882 if (dot_or_dot_dot(p
))
886 if ((unsigned char) *p
>= 127U)
889 if ((unsigned char) *p
<= 32U)
892 if (IN_SET(*p
, ':', '/'))
895 numeric
= numeric
&& (*p
>= '0' && *p
<= '9');
905 bool address_label_valid(const char *p
) {
910 if (strlen(p
) >= IFNAMSIZ
)
914 if ((uint8_t) *p
>= 127U)
917 if ((uint8_t) *p
<= 31U)
925 int getpeercred(int fd
, struct ucred
*ucred
) {
926 socklen_t n
= sizeof(struct ucred
);
933 r
= getsockopt(fd
, SOL_SOCKET
, SO_PEERCRED
, &u
, &n
);
937 if (n
!= sizeof(struct ucred
))
940 /* Check if the data is actually useful and not suppressed due to namespacing issues */
941 if (!pid_is_valid(u
.pid
))
944 /* Note that we don't check UID/GID here, as namespace translation works differently there: instead of
945 * receiving in "invalid" user/group we get the overflow UID/GID. */
951 int getpeersec(int fd
, char **ret
) {
952 _cleanup_free_
char *s
= NULL
;
963 if (getsockopt(fd
, SOL_SOCKET
, SO_PEERSEC
, s
, &n
) >= 0)
980 int getpeergroups(int fd
, gid_t
**ret
) {
981 socklen_t n
= sizeof(gid_t
) * 64;
982 _cleanup_free_ gid_t
*d
= NULL
;
992 if (getsockopt(fd
, SOL_SOCKET
, SO_PEERGROUPS
, d
, &n
) >= 0)
1001 assert_se(n
% sizeof(gid_t
) == 0);
1004 if ((socklen_t
) (int) n
!= n
)
1015 const struct sockaddr
*sa
, socklen_t len
,
1019 struct cmsghdr cmsghdr
;
1020 uint8_t buf
[CMSG_SPACE(sizeof(int))];
1022 struct msghdr mh
= {
1023 .msg_name
= (struct sockaddr
*) sa
,
1025 .msg_control
= &control
,
1026 .msg_controllen
= sizeof(control
),
1028 struct cmsghdr
*cmsg
;
1030 assert(transport_fd
>= 0);
1033 cmsg
= CMSG_FIRSTHDR(&mh
);
1034 cmsg
->cmsg_level
= SOL_SOCKET
;
1035 cmsg
->cmsg_type
= SCM_RIGHTS
;
1036 cmsg
->cmsg_len
= CMSG_LEN(sizeof(int));
1037 memcpy(CMSG_DATA(cmsg
), &fd
, sizeof(int));
1039 mh
.msg_controllen
= CMSG_SPACE(sizeof(int));
1040 if (sendmsg(transport_fd
, &mh
, MSG_NOSIGNAL
| flags
) < 0)
1046 int receive_one_fd(int transport_fd
, int flags
) {
1048 struct cmsghdr cmsghdr
;
1049 uint8_t buf
[CMSG_SPACE(sizeof(int))];
1051 struct msghdr mh
= {
1052 .msg_control
= &control
,
1053 .msg_controllen
= sizeof(control
),
1055 struct cmsghdr
*cmsg
, *found
= NULL
;
1057 assert(transport_fd
>= 0);
1060 * Receive a single FD via @transport_fd. We don't care for
1061 * the transport-type. We retrieve a single FD at most, so for
1062 * packet-based transports, the caller must ensure to send
1063 * only a single FD per packet. This is best used in
1064 * combination with send_one_fd().
1067 if (recvmsg(transport_fd
, &mh
, MSG_NOSIGNAL
| MSG_CMSG_CLOEXEC
| flags
) < 0)
1070 CMSG_FOREACH(cmsg
, &mh
) {
1071 if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1072 cmsg
->cmsg_type
== SCM_RIGHTS
&&
1073 cmsg
->cmsg_len
== CMSG_LEN(sizeof(int))) {
1081 cmsg_close_all(&mh
);
1085 return *(int*) CMSG_DATA(found
);
1088 ssize_t
next_datagram_size_fd(int fd
) {
1092 /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
1093 * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD doesn't
1094 * do. This difference is actually of major importance as we need to be sure that the size returned here
1095 * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
1096 * the wrong size. */
1098 l
= recv(fd
, NULL
, 0, MSG_PEEK
|MSG_TRUNC
);
1100 if (IN_SET(errno
, EOPNOTSUPP
, EFAULT
))
1113 /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
1114 * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
1116 if (ioctl(fd
, FIONREAD
, &k
) < 0)
1122 int flush_accept(int fd
) {
1124 struct pollfd pollfd
= {
1131 /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately closing them. */
1136 r
= poll(&pollfd
, 1, 0);
1146 cfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
|SOCK_CLOEXEC
);
1151 if (errno
== EAGAIN
)
1161 struct cmsghdr
* cmsg_find(struct msghdr
*mh
, int level
, int type
, socklen_t length
) {
1162 struct cmsghdr
*cmsg
;
1166 CMSG_FOREACH(cmsg
, mh
)
1167 if (cmsg
->cmsg_level
== level
&&
1168 cmsg
->cmsg_type
== type
&&
1169 (length
== (socklen_t
) -1 || length
== cmsg
->cmsg_len
))
1175 int socket_ioctl_fd(void) {
1178 /* Create a socket to invoke the various network interface ioctl()s on. Traditionally only AF_INET was good for
1179 * that. Since kernel 4.6 AF_NETLINK works for this too. We first try to use AF_INET hence, but if that's not
1180 * available (for example, because it is made unavailable via SECCOMP or such), we'll fall back to the more
1181 * generic AF_NETLINK. */
1183 fd
= socket(AF_INET
, SOCK_DGRAM
|SOCK_CLOEXEC
, 0);
1185 fd
= socket(AF_NETLINK
, SOCK_RAW
|SOCK_CLOEXEC
, NETLINK_GENERIC
);