1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
5 #include "sd-netlink.h"
7 #include "alloc-util.h"
12 #include "netlink-genl.h"
13 #include "netlink-internal.h"
14 #include "netlink-slot.h"
15 #include "netlink-util.h"
16 #include "process-util.h"
17 #include "socket-util.h"
18 #include "string-util.h"
20 /* Some really high limit, to catch programming errors */
21 #define REPLY_CALLBACKS_MAX UINT16_MAX
23 static int netlink_new(sd_netlink
**ret
) {
24 _cleanup_(sd_netlink_unrefp
) sd_netlink
*nl
= NULL
;
26 assert_return(ret
, -EINVAL
);
28 nl
= new(sd_netlink
, 1);
35 .sockaddr
.nl
.nl_family
= AF_NETLINK
,
36 .original_pid
= getpid_cached(),
39 /* Kernel change notification messages have sequence number 0. We want to avoid that with our
40 * own serials, in order not to get confused when matching up kernel replies to our earlier
43 * Moreover, when using netlink socket activation (i.e. where PID 1 binds an AF_NETLINK
44 * socket for us and passes it to us across execve()) and we get restarted multiple times
45 * while the socket sticks around we might get confused by replies from earlier runs coming
46 * in late — which is pretty likely if we'd start our sequence numbers always from 1. Hence,
47 * let's start with a value based on the system clock. This should make collisions much less
48 * likely (though still theoretically possible). We use a 32 bit µs counter starting at boot
49 * for this (and explicitly exclude the zero, see above). This counter will wrap around after
50 * a bit more than 1h, but that's hopefully OK as the kernel shouldn't take that long to
51 * reply to our requests.
53 * We only pick the initial start value this way. For each message we simply increase the
54 * sequence number by 1. This means we could enqueue 1 netlink message per µs without risking
55 * collisions, which should be OK.
57 * Note this means the serials will be in the range 1…UINT32_MAX here.
59 * (In an ideal world we'd attach the current serial counter to the netlink socket itself
60 * somehow, to avoid all this, but I couldn't come up with a nice way to do this) */
61 .serial
= (uint32_t) (now(CLOCK_MONOTONIC
) % UINT32_MAX
) + 1,
68 int sd_netlink_open_fd(sd_netlink
**ret
, int fd
) {
69 _cleanup_(sd_netlink_unrefp
) sd_netlink
*nl
= NULL
;
72 assert_return(ret
, -EINVAL
);
73 assert_return(fd
>= 0, -EBADF
);
79 r
= getsockopt_int(fd
, SOL_SOCKET
, SO_PROTOCOL
, &protocol
);
84 nl
->protocol
= protocol
;
86 r
= setsockopt_int(fd
, SOL_NETLINK
, NETLINK_EXT_ACK
, true);
88 log_debug_errno(r
, "sd-netlink: Failed to enable NETLINK_EXT_ACK option, ignoring: %m");
90 r
= setsockopt_int(fd
, SOL_NETLINK
, NETLINK_GET_STRICT_CHK
, true);
92 log_debug_errno(r
, "sd-netlink: Failed to enable NETLINK_GET_STRICT_CHK option, ignoring: %m");
96 nl
->fd
= -1; /* on failure, the caller remains owner of the fd, hence don't close it here */
106 int sd_netlink_open(sd_netlink
**ret
) {
107 return netlink_open_family(ret
, NETLINK_ROUTE
);
110 int sd_netlink_increase_rxbuf(sd_netlink
*nl
, size_t size
) {
111 assert_return(nl
, -EINVAL
);
112 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
114 return fd_increase_rxbuf(nl
->fd
, size
);
117 static sd_netlink
*netlink_free(sd_netlink
*nl
) {
123 for (i
= 0; i
< nl
->rqueue_size
; i
++)
124 sd_netlink_message_unref(nl
->rqueue
[i
]);
127 for (i
= 0; i
< nl
->rqueue_partial_size
; i
++)
128 sd_netlink_message_unref(nl
->rqueue_partial
[i
]);
129 free(nl
->rqueue_partial
);
133 while ((s
= nl
->slots
)) {
135 netlink_slot_disconnect(s
, true);
137 hashmap_free(nl
->reply_callbacks
);
138 prioq_free(nl
->reply_callbacks_prioq
);
140 sd_event_source_unref(nl
->io_event_source
);
141 sd_event_source_unref(nl
->time_event_source
);
142 sd_event_unref(nl
->event
);
144 hashmap_free(nl
->broadcast_group_refs
);
146 genl_clear_family(nl
);
152 DEFINE_TRIVIAL_REF_UNREF_FUNC(sd_netlink
, sd_netlink
, netlink_free
);
156 sd_netlink_message
*message
,
161 assert_return(nl
, -EINVAL
);
162 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
163 assert_return(message
, -EINVAL
);
164 assert_return(!message
->sealed
, -EPERM
);
166 netlink_seal_message(nl
, message
);
168 r
= socket_write_message(nl
, message
);
173 *serial
= message_get_serial(message
);
178 int netlink_rqueue_make_room(sd_netlink
*nl
) {
181 if (nl
->rqueue_size
>= NETLINK_RQUEUE_MAX
)
182 return log_debug_errno(SYNTHETIC_ERRNO(ENOBUFS
),
183 "sd-netlink: exhausted the read queue size (%d)",
186 if (!GREEDY_REALLOC(nl
->rqueue
, nl
->rqueue_size
+ 1))
192 int netlink_rqueue_partial_make_room(sd_netlink
*nl
) {
195 if (nl
->rqueue_partial_size
>= NETLINK_RQUEUE_MAX
)
196 return log_debug_errno(SYNTHETIC_ERRNO(ENOBUFS
),
197 "sd-netlink: exhausted the partial read queue size (%d)",
200 if (!GREEDY_REALLOC(nl
->rqueue_partial
, nl
->rqueue_partial_size
+ 1))
206 static int dispatch_rqueue(sd_netlink
*nl
, sd_netlink_message
**message
) {
212 if (nl
->rqueue_size
<= 0) {
213 /* Try to read a new message */
214 r
= socket_read_message(nl
);
215 if (r
== -ENOBUFS
) { /* FIXME: ignore buffer overruns for now */
216 log_debug_errno(r
, "sd-netlink: Got ENOBUFS from netlink socket, ignoring.");
223 /* Dispatch a queued message */
224 *message
= nl
->rqueue
[0];
226 memmove(nl
->rqueue
, nl
->rqueue
+ 1, sizeof(sd_netlink_message
*) * nl
->rqueue_size
);
231 static int process_timeout(sd_netlink
*nl
) {
232 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
233 struct reply_callback
*c
;
234 sd_netlink_slot
*slot
;
240 c
= prioq_peek(nl
->reply_callbacks_prioq
);
244 n
= now(CLOCK_MONOTONIC
);
248 r
= message_new_synthetic_error(nl
, -ETIMEDOUT
, c
->serial
, &m
);
252 assert_se(prioq_pop(nl
->reply_callbacks_prioq
) == c
);
254 hashmap_remove(nl
->reply_callbacks
, UINT32_TO_PTR(c
->serial
));
256 slot
= container_of(c
, sd_netlink_slot
, reply_callback
);
258 r
= c
->callback(nl
, m
, slot
->userdata
);
260 log_debug_errno(r
, "sd-netlink: timedout callback %s%s%sfailed: %m",
261 slot
->description
? "'" : "",
262 strempty(slot
->description
),
263 slot
->description
? "' " : "");
266 netlink_slot_disconnect(slot
, true);
271 static int process_reply(sd_netlink
*nl
, sd_netlink_message
*m
) {
272 struct reply_callback
*c
;
273 sd_netlink_slot
*slot
;
281 serial
= message_get_serial(m
);
282 c
= hashmap_remove(nl
->reply_callbacks
, UINT32_TO_PTR(serial
));
286 if (c
->timeout
!= 0) {
287 prioq_remove(nl
->reply_callbacks_prioq
, c
, &c
->prioq_idx
);
291 r
= sd_netlink_message_get_type(m
, &type
);
295 if (type
== NLMSG_DONE
)
298 slot
= container_of(c
, sd_netlink_slot
, reply_callback
);
300 r
= c
->callback(nl
, m
, slot
->userdata
);
302 log_debug_errno(r
, "sd-netlink: reply callback %s%s%sfailed: %m",
303 slot
->description
? "'" : "",
304 strempty(slot
->description
),
305 slot
->description
? "' " : "");
308 netlink_slot_disconnect(slot
, true);
313 static int process_match(sd_netlink
*nl
, sd_netlink_message
*m
) {
321 r
= sd_netlink_message_get_type(m
, &type
);
325 if (m
->protocol
== NETLINK_GENERIC
) {
326 r
= sd_genl_message_get_command(nl
, m
, &cmd
);
332 LIST_FOREACH(match_callbacks
, c
, nl
->match_callbacks
) {
333 sd_netlink_slot
*slot
;
338 if (c
->cmd
!= 0 && c
->cmd
!= cmd
)
341 for (size_t i
= 0; i
< c
->n_groups
; i
++)
342 if (c
->groups
[i
] == m
->multicast_group
) {
350 slot
= container_of(c
, sd_netlink_slot
, match_callback
);
352 r
= c
->callback(nl
, m
, slot
->userdata
);
354 log_debug_errno(r
, "sd-netlink: match callback %s%s%sfailed: %m",
355 slot
->description
? "'" : "",
356 strempty(slot
->description
),
357 slot
->description
? "' " : "");
365 static int process_running(sd_netlink
*nl
, sd_netlink_message
**ret
) {
366 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
371 r
= process_timeout(nl
);
375 r
= dispatch_rqueue(nl
, &m
);
381 if (sd_netlink_message_is_broadcast(m
))
382 r
= process_match(nl
, m
);
384 r
= process_reply(nl
, m
);
403 int sd_netlink_process(sd_netlink
*nl
, sd_netlink_message
**ret
) {
404 NETLINK_DONT_DESTROY(nl
);
407 assert_return(nl
, -EINVAL
);
408 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
409 assert_return(!nl
->processing
, -EBUSY
);
411 nl
->processing
= true;
412 r
= process_running(nl
, ret
);
413 nl
->processing
= false;
418 static usec_t
calc_elapse(uint64_t usec
) {
419 if (usec
== UINT64_MAX
)
423 usec
= NETLINK_DEFAULT_TIMEOUT_USEC
;
425 return usec_add(now(CLOCK_MONOTONIC
), usec
);
428 static int netlink_poll(sd_netlink
*nl
, bool need_more
, usec_t timeout_usec
) {
429 usec_t m
= USEC_INFINITY
;
434 e
= sd_netlink_get_events(nl
);
439 /* Caller wants more data, and doesn't care about
440 * what's been read or any other timeouts. */
445 /* Caller wants to process if there is something to
446 * process, but doesn't care otherwise */
448 r
= sd_netlink_get_timeout(nl
, &until
);
452 m
= usec_sub_unsigned(until
, now(CLOCK_MONOTONIC
));
455 r
= fd_wait_for_event(nl
->fd
, e
, MIN(m
, timeout_usec
));
462 int sd_netlink_wait(sd_netlink
*nl
, uint64_t timeout_usec
) {
465 assert_return(nl
, -EINVAL
);
466 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
468 if (nl
->rqueue_size
> 0)
471 r
= netlink_poll(nl
, false, timeout_usec
);
472 if (r
< 0 && ERRNO_IS_TRANSIENT(r
)) /* Convert EINTR to "something happened" and give user a chance to run some code before calling back into us */
477 static int timeout_compare(const void *a
, const void *b
) {
478 const struct reply_callback
*x
= a
, *y
= b
;
480 if (x
->timeout
!= 0 && y
->timeout
== 0)
483 if (x
->timeout
== 0 && y
->timeout
!= 0)
486 return CMP(x
->timeout
, y
->timeout
);
489 int sd_netlink_call_async(
491 sd_netlink_slot
**ret_slot
,
492 sd_netlink_message
*m
,
493 sd_netlink_message_handler_t callback
,
494 sd_netlink_destroy_t destroy_callback
,
497 const char *description
) {
499 _cleanup_free_ sd_netlink_slot
*slot
= NULL
;
502 assert_return(nl
, -EINVAL
);
503 assert_return(m
, -EINVAL
);
504 assert_return(callback
, -EINVAL
);
505 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
507 if (hashmap_size(nl
->reply_callbacks
) >= REPLY_CALLBACKS_MAX
)
510 r
= hashmap_ensure_allocated(&nl
->reply_callbacks
, &trivial_hash_ops
);
514 if (usec
!= UINT64_MAX
) {
515 r
= prioq_ensure_allocated(&nl
->reply_callbacks_prioq
, timeout_compare
);
520 r
= netlink_slot_allocate(nl
, !ret_slot
, NETLINK_REPLY_CALLBACK
, sizeof(struct reply_callback
), userdata
, description
, &slot
);
524 slot
->reply_callback
.callback
= callback
;
525 slot
->reply_callback
.timeout
= calc_elapse(usec
);
527 k
= sd_netlink_send(nl
, m
, &slot
->reply_callback
.serial
);
531 r
= hashmap_put(nl
->reply_callbacks
, UINT32_TO_PTR(slot
->reply_callback
.serial
), &slot
->reply_callback
);
535 if (slot
->reply_callback
.timeout
!= 0) {
536 r
= prioq_put(nl
->reply_callbacks_prioq
, &slot
->reply_callback
, &slot
->reply_callback
.prioq_idx
);
538 (void) hashmap_remove(nl
->reply_callbacks
, UINT32_TO_PTR(slot
->reply_callback
.serial
));
543 /* Set this at last. Otherwise, some failures in above would call destroy_callback but some would not. */
544 slot
->destroy_callback
= destroy_callback
;
558 sd_netlink_message
**ret
) {
563 assert_return(nl
, -EINVAL
);
564 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
566 timeout
= calc_elapse(usec
);
571 for (unsigned i
= 0; i
< nl
->rqueue_size
; i
++) {
572 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*incoming
= NULL
;
573 uint32_t received_serial
;
576 received_serial
= message_get_serial(nl
->rqueue
[i
]);
577 if (received_serial
!= serial
)
580 incoming
= nl
->rqueue
[i
];
582 /* found a match, remove from rqueue and return it */
583 memmove(nl
->rqueue
+ i
, nl
->rqueue
+ i
+ 1,
584 sizeof(sd_netlink_message
*) * (nl
->rqueue_size
- i
- 1));
587 r
= sd_netlink_message_get_errno(incoming
);
591 r
= sd_netlink_message_get_type(incoming
, &type
);
595 if (type
== NLMSG_DONE
) {
602 *ret
= TAKE_PTR(incoming
);
606 r
= socket_read_message(nl
);
610 /* received message, so try to process straight away */
616 n
= now(CLOCK_MONOTONIC
);
620 left
= usec_sub_unsigned(timeout
, n
);
622 left
= USEC_INFINITY
;
624 r
= netlink_poll(nl
, true, left
);
634 sd_netlink_message
*message
,
636 sd_netlink_message
**ret
) {
641 assert_return(nl
, -EINVAL
);
642 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
643 assert_return(message
, -EINVAL
);
645 r
= sd_netlink_send(nl
, message
, &serial
);
649 return sd_netlink_read(nl
, serial
, usec
, ret
);
652 int sd_netlink_get_events(sd_netlink
*nl
) {
653 assert_return(nl
, -EINVAL
);
654 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
656 return nl
->rqueue_size
== 0 ? POLLIN
: 0;
659 int sd_netlink_get_timeout(sd_netlink
*nl
, uint64_t *timeout_usec
) {
660 struct reply_callback
*c
;
662 assert_return(nl
, -EINVAL
);
663 assert_return(timeout_usec
, -EINVAL
);
664 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
666 if (nl
->rqueue_size
> 0) {
671 c
= prioq_peek(nl
->reply_callbacks_prioq
);
673 *timeout_usec
= UINT64_MAX
;
677 *timeout_usec
= c
->timeout
;
682 static int io_callback(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
683 sd_netlink
*nl
= ASSERT_PTR(userdata
);
686 r
= sd_netlink_process(nl
, NULL
);
693 static int time_callback(sd_event_source
*s
, uint64_t usec
, void *userdata
) {
694 sd_netlink
*nl
= ASSERT_PTR(userdata
);
697 r
= sd_netlink_process(nl
, NULL
);
704 static int prepare_callback(sd_event_source
*s
, void *userdata
) {
705 sd_netlink
*nl
= ASSERT_PTR(userdata
);
711 r
= sd_netlink_get_events(nl
);
715 r
= sd_event_source_set_io_events(nl
->io_event_source
, r
);
719 enabled
= sd_netlink_get_timeout(nl
, &until
);
723 r
= sd_event_source_set_time(nl
->time_event_source
, until
);
728 r
= sd_event_source_set_enabled(nl
->time_event_source
,
729 enabled
> 0 ? SD_EVENT_ONESHOT
: SD_EVENT_OFF
);
736 int sd_netlink_attach_event(sd_netlink
*nl
, sd_event
*event
, int64_t priority
) {
739 assert_return(nl
, -EINVAL
);
740 assert_return(!nl
->event
, -EBUSY
);
742 assert(!nl
->io_event_source
);
743 assert(!nl
->time_event_source
);
746 nl
->event
= sd_event_ref(event
);
748 r
= sd_event_default(&nl
->event
);
753 r
= sd_event_add_io(nl
->event
, &nl
->io_event_source
, nl
->fd
, 0, io_callback
, nl
);
757 r
= sd_event_source_set_priority(nl
->io_event_source
, priority
);
761 r
= sd_event_source_set_description(nl
->io_event_source
, "netlink-receive-message");
765 r
= sd_event_source_set_prepare(nl
->io_event_source
, prepare_callback
);
769 r
= sd_event_add_time(nl
->event
, &nl
->time_event_source
, CLOCK_MONOTONIC
, 0, 0, time_callback
, nl
);
773 r
= sd_event_source_set_priority(nl
->time_event_source
, priority
);
777 r
= sd_event_source_set_description(nl
->time_event_source
, "netlink-timer");
784 sd_netlink_detach_event(nl
);
788 int sd_netlink_detach_event(sd_netlink
*nl
) {
789 assert_return(nl
, -EINVAL
);
790 assert_return(nl
->event
, -ENXIO
);
792 nl
->io_event_source
= sd_event_source_unref(nl
->io_event_source
);
794 nl
->time_event_source
= sd_event_source_unref(nl
->time_event_source
);
796 nl
->event
= sd_event_unref(nl
->event
);
801 int netlink_add_match_internal(
803 sd_netlink_slot
**ret_slot
,
804 const uint32_t *groups
,
808 sd_netlink_message_handler_t callback
,
809 sd_netlink_destroy_t destroy_callback
,
811 const char *description
) {
813 _cleanup_free_ sd_netlink_slot
*slot
= NULL
;
817 assert(n_groups
> 0);
819 for (size_t i
= 0; i
< n_groups
; i
++) {
820 r
= socket_broadcast_group_ref(nl
, groups
[i
]);
825 r
= netlink_slot_allocate(nl
, !ret_slot
, NETLINK_MATCH_CALLBACK
, sizeof(struct match_callback
),
826 userdata
, description
, &slot
);
830 slot
->match_callback
.groups
= newdup(uint32_t, groups
, n_groups
);
831 if (!slot
->match_callback
.groups
)
834 slot
->match_callback
.n_groups
= n_groups
;
835 slot
->match_callback
.callback
= callback
;
836 slot
->match_callback
.type
= type
;
837 slot
->match_callback
.cmd
= cmd
;
839 LIST_PREPEND(match_callbacks
, nl
->match_callbacks
, &slot
->match_callback
);
841 /* Set this at last. Otherwise, some failures in above call the destroy callback but some do not. */
842 slot
->destroy_callback
= destroy_callback
;
851 int sd_netlink_add_match(
853 sd_netlink_slot
**ret_slot
,
855 sd_netlink_message_handler_t callback
,
856 sd_netlink_destroy_t destroy_callback
,
858 const char *description
) {
860 static const uint32_t
861 address_groups
[] = { RTNLGRP_IPV4_IFADDR
, RTNLGRP_IPV6_IFADDR
, },
862 link_groups
[] = { RTNLGRP_LINK
, },
863 neighbor_groups
[] = { RTNLGRP_NEIGH
, },
864 nexthop_groups
[] = { RTNLGRP_NEXTHOP
, },
865 route_groups
[] = { RTNLGRP_IPV4_ROUTE
, RTNLGRP_IPV6_ROUTE
, },
866 rule_groups
[] = { RTNLGRP_IPV4_RULE
, RTNLGRP_IPV6_RULE
, },
867 tc_groups
[] = { RTNLGRP_TC
};
868 const uint32_t *groups
;
871 assert_return(rtnl
, -EINVAL
);
872 assert_return(callback
, -EINVAL
);
873 assert_return(!netlink_pid_changed(rtnl
), -ECHILD
);
878 groups
= link_groups
;
879 n_groups
= ELEMENTSOF(link_groups
);
883 groups
= address_groups
;
884 n_groups
= ELEMENTSOF(address_groups
);
888 groups
= neighbor_groups
;
889 n_groups
= ELEMENTSOF(neighbor_groups
);
893 groups
= route_groups
;
894 n_groups
= ELEMENTSOF(route_groups
);
898 groups
= rule_groups
;
899 n_groups
= ELEMENTSOF(rule_groups
);
903 groups
= nexthop_groups
;
904 n_groups
= ELEMENTSOF(nexthop_groups
);
911 n_groups
= ELEMENTSOF(tc_groups
);
917 return netlink_add_match_internal(rtnl
, ret_slot
, groups
, n_groups
, type
, 0, callback
,
918 destroy_callback
, userdata
, description
);
921 int sd_netlink_attach_filter(sd_netlink
*nl
, size_t len
, const struct sock_filter
*filter
) {
922 assert_return(nl
, -EINVAL
);
923 assert_return(len
== 0 || filter
, -EINVAL
);
925 if (setsockopt(nl
->fd
, SOL_SOCKET
,
926 len
== 0 ? SO_DETACH_FILTER
: SO_ATTACH_FILTER
,
927 &(struct sock_fprog
) {
929 .filter
= (struct sock_filter
*) filter
,
930 }, sizeof(struct sock_fprog
)) < 0)