]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/basic/socket-util.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Rename formats-util.h to format-util.h
[thirdparty/systemd.git] / src / basic / socket-util.c
CommitLineData
a7334b09
LP		 1/***
2 This file is part of systemd.
3
4 Copyright 2010 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 14 Lesser General Public License for more details.
a7334b09 15
5430f7f2 16 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18***/
19
42f4e3c4 20#include <arpa/inet.h>
07630cea 21#include <errno.h>
11c3a366 22#include <limits.h>
542563ba 23#include <net/if.h>
b31f535c 24#include <netdb.h>
2583fbea 25#include <netinet/ip.h>
60d9771c 26#include <poll.h>
07630cea 27#include <stddef.h>
11c3a366 28#include <stdint.h>
07630cea 29#include <stdio.h>
11c3a366 30#include <stdlib.h>
07630cea 31#include <string.h>
07630cea 32#include <unistd.h>
42f4e3c4 33
b5efdb8a 34#include "alloc-util.h"
2583fbea 35#include "fd-util.h"
07630cea 36#include "fileio.h"
f97b34a6 37#include "format-util.h"
93cc7779 38#include "log.h"
42f4e3c4 39#include "macro.h"
07630cea 40#include "missing.h"
6bedfcbb 41#include "parse-util.h"
9eb977db 42#include "path-util.h"
2583fbea 43#include "socket-util.h"
8b43440b 44#include "string-table.h"
07630cea 45#include "string-util.h"
ef76dff2 46#include "strv.h"
ee104e11 47#include "user-util.h"
ef76dff2 48#include "utf8.h"
2eec67ac 49#include "util.h"
42f4e3c4 50
542563ba 51int socket_address_parse(SocketAddress *a, const char *s) {
42f4e3c4
LP		 52 char *e, *n;
53 unsigned u;
4d49b48c 54 int r;
42f4e3c4
LP		 55
56 assert(a);
57 assert(s);
58
9152c765 59 zero(*a);
542563ba 60 a->type = SOCK_STREAM;
42f4e3c4
LP		 61
62 if (*s == '[') {
63 /* IPv6 in [x:.....:z]:p notation */
64
4d49b48c
LP		 65 e = strchr(s+1, ']');
66 if (!e)
42f4e3c4
LP		 67 return -EINVAL;
68
4d49b48c 69 n = strndupa(s+1, e-s-1);
42f4e3c4
LP		 70
71 errno = 0;
4d49b48c 72 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
8333c77e 73 return errno > 0 ? -errno : -EINVAL;
42f4e3c4
LP		 74
75 e++;
76 if (*e != ':')
77 return -EINVAL;
78
79 e++;
4d49b48c
LP		 80 r = safe_atou(e, &u);
81 if (r < 0)
42f4e3c4
LP		 82 return r;
83
84 if (u <= 0 || u > 0xFFFF)
85 return -EINVAL;
86
87 a->sockaddr.in6.sin6_family = AF_INET6;
8e38570e 88 a->sockaddr.in6.sin6_port = htobe16((uint16_t)u);
42f4e3c4 89 a->size = sizeof(struct sockaddr_in6);
42f4e3c4
LP		 90
91 } else if (*s == '/') {
92 /* AF_UNIX socket */
93
94 size_t l;
95
96 l = strlen(s);
97 if (l >= sizeof(a->sockaddr.un.sun_path))
98 return -EINVAL;
99
100 a->sockaddr.un.sun_family = AF_UNIX;
101 memcpy(a->sockaddr.un.sun_path, s, l);
0e098b15 102 a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
42f4e3c4 103
1c24e7bd 104 } else if (*s == '@') {
42f4e3c4
LP		 105 /* Abstract AF_UNIX socket */
106 size_t l;
107
108 l = strlen(s+1);
109 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
110 return -EINVAL;
111
112 a->sockaddr.un.sun_family = AF_UNIX;
113 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
0e098b15 114 a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
42f4e3c4
LP		 115
116 } else {
4d49b48c
LP		 117 e = strchr(s, ':');
118 if (e) {
119 r = safe_atou(e+1, &u);
120 if (r < 0)
542563ba
LP		 121 return r;
122
123 if (u <= 0 || u > 0xFFFF)
124 return -EINVAL;
42f4e3c4 125
4d49b48c 126 n = strndupa(s, e-s);
42f4e3c4 127
542563ba 128 /* IPv4 in w.x.y.z:p notation? */
4d49b48c
LP		 129 r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
130 if (r < 0)
542563ba 131 return -errno;
42f4e3c4 132
542563ba
LP		 133 if (r > 0) {
134 /* Gotcha, it's a traditional IPv4 address */
4d49b48c 135 a->sockaddr.in.sin_family = AF_INET;
8e38570e 136 a->sockaddr.in.sin_port = htobe16((uint16_t)u);
542563ba
LP		 137 a->size = sizeof(struct sockaddr_in);
138 } else {
139 unsigned idx;
42f4e3c4 140
4d49b48c 141 if (strlen(n) > IF_NAMESIZE-1)
acbb0225 142 return -EINVAL;
acbb0225 143
542563ba
LP		 144 /* Uh, our last resort, an interface name */
145 idx = if_nametoindex(n);
83c60c9f 146 if (idx == 0)
542563ba 147 return -EINVAL;
42f4e3c4 148
542563ba 149 a->sockaddr.in6.sin6_family = AF_INET6;
8e38570e 150 a->sockaddr.in6.sin6_port = htobe16((uint16_t)u);
542563ba 151 a->sockaddr.in6.sin6_scope_id = idx;
83c60c9f 152 a->sockaddr.in6.sin6_addr = in6addr_any;
542563ba
LP		 153 a->size = sizeof(struct sockaddr_in6);
154 }
42f4e3c4
LP		 155 } else {
156
157 /* Just a port */
5198dabc
LP		 158 r = safe_atou(s, &u);
159 if (r < 0)
42f4e3c4
LP		 160 return r;
161
162 if (u <= 0 || u > 0xFFFF)
163 return -EINVAL;
164
5bfcc1c6
FF		 165 if (socket_ipv6_is_supported()) {
166 a->sockaddr.in6.sin6_family = AF_INET6;
8e38570e 167 a->sockaddr.in6.sin6_port = htobe16((uint16_t)u);
5bfcc1c6
FF		 168 a->sockaddr.in6.sin6_addr = in6addr_any;
169 a->size = sizeof(struct sockaddr_in6);
170 } else {
4d49b48c 171 a->sockaddr.in.sin_family = AF_INET;
8e38570e 172 a->sockaddr.in.sin_port = htobe16((uint16_t)u);
4d49b48c 173 a->sockaddr.in.sin_addr.s_addr = INADDR_ANY;
5bfcc1c6
FF		 174 a->size = sizeof(struct sockaddr_in);
175 }
42f4e3c4
LP		 176 }
177 }
178
179 return 0;
180}
181
7693146d
LP		 182int socket_address_parse_and_warn(SocketAddress *a, const char *s) {
183 SocketAddress b;
184 int r;
185
186 /* Similar to socket_address_parse() but warns for IPv6 sockets when we don't support them. */
187
188 r = socket_address_parse(&b, s);
189 if (r < 0)
190 return r;
191
192 if (!socket_ipv6_is_supported() && b.sockaddr.sa.sa_family == AF_INET6) {
193 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
194 return -EAFNOSUPPORT;
195 }
196
197 *a = b;
198 return 0;
199}
200
7a22745a
LP		 201int socket_address_parse_netlink(SocketAddress *a, const char *s) {
202 int family;
203 unsigned group = 0;
f8b69d1d 204 _cleanup_free_ char *sfamily = NULL;
7a22745a
LP		 205 assert(a);
206 assert(s);
207
208 zero(*a);
209 a->type = SOCK_RAW;
210
211 errno = 0;
212 if (sscanf(s, "%ms %u", &sfamily, &group) < 1)
bcb161b0 213 return errno > 0 ? -errno : -EINVAL;
7a22745a 214
f8b69d1d
MS		 215 family = netlink_family_from_string(sfamily);
216 if (family < 0)
217 return -EINVAL;
7a22745a
LP		 218
219 a->sockaddr.nl.nl_family = AF_NETLINK;
220 a->sockaddr.nl.nl_groups = group;
221
222 a->type = SOCK_RAW;
223 a->size = sizeof(struct sockaddr_nl);
224 a->protocol = family;
225
226 return 0;
227}
228
542563ba 229int socket_address_verify(const SocketAddress *a) {
42f4e3c4
LP		 230 assert(a);
231
542563ba 232 switch (socket_address_family(a)) {
42f4e3c4 233
7a22745a
LP		 234 case AF_INET:
235 if (a->size != sizeof(struct sockaddr_in))
236 return -EINVAL;
42f4e3c4 237
4d49b48c 238 if (a->sockaddr.in.sin_port == 0)
7a22745a 239 return -EINVAL;
42f4e3c4 240
7a22745a
LP		 241 if (a->type != SOCK_STREAM && a->type != SOCK_DGRAM)
242 return -EINVAL;
42f4e3c4 243
7a22745a
LP		 244 return 0;
245
246 case AF_INET6:
247 if (a->size != sizeof(struct sockaddr_in6))
248 return -EINVAL;
42f4e3c4 249
7a22745a
LP		 250 if (a->sockaddr.in6.sin6_port == 0)
251 return -EINVAL;
42f4e3c4 252
7a22745a
LP		 253 if (a->type != SOCK_STREAM && a->type != SOCK_DGRAM)
254 return -EINVAL;
42f4e3c4 255
7a22745a 256 return 0;
42f4e3c4 257
7a22745a
LP		 258 case AF_UNIX:
259 if (a->size < offsetof(struct sockaddr_un, sun_path))
260 return -EINVAL;
42f4e3c4 261
7a22745a 262 if (a->size > offsetof(struct sockaddr_un, sun_path)) {
42f4e3c4 263
7a22745a
LP		 264 if (a->sockaddr.un.sun_path[0] != 0) {
265 char *e;
266
267 /* path */
4d49b48c
LP		 268 e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path));
269 if (!e)
7a22745a
LP		 270 return -EINVAL;
271
272 if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
273 return -EINVAL;
42f4e3c4 274 }
7a22745a 275 }
42f4e3c4 276
5a2b80ce 277 if (a->type != SOCK_STREAM && a->type != SOCK_DGRAM && a->type != SOCK_SEQPACKET)
7a22745a 278 return -EINVAL;
42f4e3c4 279
7a22745a
LP		 280 return 0;
281
282 case AF_NETLINK:
283
284 if (a->size != sizeof(struct sockaddr_nl))
285 return -EINVAL;
286
287 if (a->type != SOCK_RAW && a->type != SOCK_DGRAM)
288 return -EINVAL;
289
290 return 0;
291
292 default:
293 return -EAFNOSUPPORT;
42f4e3c4
LP		 294 }
295}
296
4d49b48c 297int socket_address_print(const SocketAddress *a, char **ret) {
42f4e3c4 298 int r;
4d49b48c 299
42f4e3c4 300 assert(a);
4d49b48c 301 assert(ret);
42f4e3c4 302
4d49b48c
LP		 303 r = socket_address_verify(a);
304 if (r < 0)
42f4e3c4
LP		 305 return r;
306
4d49b48c 307 if (socket_address_family(a) == AF_NETLINK) {
7fd1b19b 308 _cleanup_free_ char *sfamily = NULL;
7a22745a 309
f8b69d1d 310 r = netlink_family_to_string_alloc(a->protocol, &sfamily);
7a22745a 311 if (r < 0)
f8b69d1d 312 return r;
4d49b48c
LP		 313
314 r = asprintf(ret, "%s %u", sfamily, a->sockaddr.nl.nl_groups);
8520cfa5
MS		 315 if (r < 0)
316 return -ENOMEM;
7a22745a
LP		 317
318 return 0;
319 }
320
3b1c5241 321 return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
42f4e3c4
LP		 322}
323
4f2d528d
LP		 324bool socket_address_can_accept(const SocketAddress *a) {
325 assert(a);
326
327 return
328 a->type == SOCK_STREAM ||
329 a->type == SOCK_SEQPACKET;
330}
a16e1123
LP		 331
332bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
333 assert(a);
334 assert(b);
335
336 /* Invalid addresses are unequal to all */
337 if (socket_address_verify(a) < 0 ||
338 socket_address_verify(b) < 0)
339 return false;
340
341 if (a->type != b->type)
342 return false;
343
a16e1123
LP		 344 if (socket_address_family(a) != socket_address_family(b))
345 return false;
346
347 switch (socket_address_family(a)) {
348
349 case AF_INET:
4d49b48c 350 if (a->sockaddr.in.sin_addr.s_addr != b->sockaddr.in.sin_addr.s_addr)
a16e1123
LP		 351 return false;
352
4d49b48c 353 if (a->sockaddr.in.sin_port != b->sockaddr.in.sin_port)
a16e1123
LP		 354 return false;
355
356 break;
357
358 case AF_INET6:
359 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
360 return false;
361
362 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
363 return false;
364
365 break;
366
367 case AF_UNIX:
710708a5
MS		 368 if (a->size <= offsetof(struct sockaddr_un, sun_path) ||
369 b->size <= offsetof(struct sockaddr_un, sun_path))
370 return false;
371
a16e1123
LP		 372 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
373 return false;
374
375 if (a->sockaddr.un.sun_path[0]) {
c78e47a6 376 if (!path_equal_or_files_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path))
a16e1123
LP		 377 return false;
378 } else {
c78e47a6
MS		 379 if (a->size != b->size)
380 return false;
381
b12c1e7c 382 if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
a16e1123
LP		 383 return false;
384 }
385
386 break;
387
7a22745a 388 case AF_NETLINK:
7a22745a
LP		 389 if (a->protocol != b->protocol)
390 return false;
391
392 if (a->sockaddr.nl.nl_groups != b->sockaddr.nl.nl_groups)
393 return false;
394
395 break;
396
a16e1123
LP		 397 default:
398 /* Cannot compare, so we assume the addresses are different */
399 return false;
400 }
401
402 return true;
403}
404
27ca8d7a 405bool socket_address_is(const SocketAddress *a, const char *s, int type) {
a16e1123
LP		 406 struct SocketAddress b;
407
408 assert(a);
409 assert(s);
410
411 if (socket_address_parse(&b, s) < 0)
412 return false;
413
27ca8d7a
LP		 414 b.type = type;
415
a16e1123 416 return socket_address_equal(a, &b);
6e2ef85b
LP		 417}
418
7a22745a
LP		 419bool socket_address_is_netlink(const SocketAddress *a, const char *s) {
420 struct SocketAddress b;
421
422 assert(a);
423 assert(s);
424
425 if (socket_address_parse_netlink(&b, s) < 0)
426 return false;
427
428 return socket_address_equal(a, &b);
429}
430
a57f7e2c 431const char* socket_address_get_path(const SocketAddress *a) {
6e2ef85b
LP		 432 assert(a);
433
434 if (socket_address_family(a) != AF_UNIX)
a57f7e2c 435 return NULL;
6e2ef85b
LP		 436
437 if (a->sockaddr.un.sun_path[0] == 0)
a57f7e2c 438 return NULL;
a16e1123 439
a57f7e2c 440 return a->sockaddr.un.sun_path;
a16e1123 441}
c0120d99 442
5bfcc1c6 443bool socket_ipv6_is_supported(void) {
629abfc2 444 if (access("/proc/net/if_inet6", F_OK) != 0)
90ab5042 445 return false;
f89f1e8f 446
7377964d 447 return true;
5bfcc1c6
FF		 448}
449
01e10de3 450bool socket_address_matches_fd(const SocketAddress *a, int fd) {
dbafedac
MS		 451 SocketAddress b;
452 socklen_t solen;
01e10de3
LP		 453
454 assert(a);
455 assert(fd >= 0);
456
dbafedac
MS		 457 b.size = sizeof(b.sockaddr);
458 if (getsockname(fd, &b.sockaddr.sa, &b.size) < 0)
01e10de3
LP		 459 return false;
460
dbafedac 461 if (b.sockaddr.sa.sa_family != a->sockaddr.sa.sa_family)
01e10de3
LP		 462 return false;
463
dbafedac
MS		 464 solen = sizeof(b.type);
465 if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &b.type, &solen) < 0)
01e10de3
LP		 466 return false;
467
dbafedac 468 if (b.type != a->type)
01e10de3
LP		 469 return false;
470
471 if (a->protocol != 0) {
dbafedac
MS		 472 solen = sizeof(b.protocol);
473 if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &b.protocol, &solen) < 0)
01e10de3
LP		 474 return false;
475
dbafedac 476 if (b.protocol != a->protocol)
01e10de3
LP		 477 return false;
478 }
479
02233928 480 return socket_address_equal(a, &b);
01e10de3
LP		 481}
482
3b1c5241
SL		 483int sockaddr_port(const struct sockaddr *_sa) {
484 union sockaddr_union *sa = (union sockaddr_union*) _sa;
485
486 assert(sa);
487
488 if (!IN_SET(sa->sa.sa_family, AF_INET, AF_INET6))
489 return -EAFNOSUPPORT;
490
8e38570e 491 return be16toh(sa->sa.sa_family == AF_INET6 ? sa->in6.sin6_port : sa->in.sin_port);
3b1c5241
SL		 492}
493
494int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
4d49b48c 495 union sockaddr_union *sa = (union sockaddr_union*) _sa;
8569a776 496 char *p;
fc25ad25 497 int r;
8569a776 498
4d49b48c
LP		 499 assert(sa);
500 assert(salen >= sizeof(sa->sa.sa_family));
8569a776 501
4d49b48c 502 switch (sa->sa.sa_family) {
8569a776
LP		 503
504 case AF_INET: {
505 uint32_t a;
506
8e38570e 507 a = be32toh(sa->in.sin_addr.s_addr);
8569a776 508
fc25ad25
ZJS		 509 if (include_port)
510 r = asprintf(&p,
3b1c5241
SL		 511 "%u.%u.%u.%u:%u",
512 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
8e38570e 513 be16toh(sa->in.sin_port));
fc25ad25
ZJS		 514 else
515 r = asprintf(&p,
3b1c5241 516 "%u.%u.%u.%u",
fc25ad25
ZJS		 517 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF);
518 if (r < 0)
519 return -ENOMEM;
8569a776
LP		 520 break;
521 }
522
523 case AF_INET6: {
524 static const unsigned char ipv4_prefix[] = {
525 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
526 };
527
fc25ad25
ZJS		 528 if (translate_ipv6 &&
529 memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
4d49b48c 530 const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
fc25ad25
ZJS		 531 if (include_port)
532 r = asprintf(&p,
3b1c5241
SL		 533 "%u.%u.%u.%u:%u",
534 a[0], a[1], a[2], a[3],
8e38570e 535 be16toh(sa->in6.sin6_port));
fc25ad25
ZJS		 536 else
537 r = asprintf(&p,
3b1c5241 538 "%u.%u.%u.%u",
fc25ad25
ZJS		 539 a[0], a[1], a[2], a[3]);
540 if (r < 0)
541 return -ENOMEM;
8569a776
LP		 542 } else {
543 char a[INET6_ADDRSTRLEN];
544
3b1c5241
SL		 545 inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
546
547 if (include_port) {
fc25ad25 548 r = asprintf(&p,
3b1c5241
SL		 549 "[%s]:%u",
550 a,
8e38570e 551 be16toh(sa->in6.sin6_port));
fc25ad25 552 if (r < 0)
3b1c5241
SL		 553 return -ENOMEM;
554 } else {
555 p = strdup(a);
556 if (!p)
557 return -ENOMEM;
558 }
8569a776
LP		 559 }
560
561 break;
562 }
563
4d49b48c
LP		 564 case AF_UNIX:
565 if (salen <= offsetof(struct sockaddr_un, sun_path)) {
566 p = strdup("<unnamed>");
567 if (!p)
568 return -ENOMEM;
8569a776 569
4d49b48c
LP		 570 } else if (sa->un.sun_path[0] == 0) {
571 /* abstract */
8569a776 572
4d49b48c
LP		 573 /* FIXME: We assume we can print the
574 * socket path here and that it hasn't
575 * more than one NUL byte. That is
576 * actually an invalid assumption */
577
578 p = new(char, sizeof(sa->un.sun_path)+1);
579 if (!p)
580 return -ENOMEM;
581
582 p[0] = '@';
583 memcpy(p+1, sa->un.sun_path+1, sizeof(sa->un.sun_path)-1);
584 p[sizeof(sa->un.sun_path)] = 0;
585
586 } else {
587 p = strndup(sa->un.sun_path, sizeof(sa->un.sun_path));
0810bc56 588 if (!p)
4d49b48c
LP		 589 return -ENOMEM;
590 }
8569a776
LP		 591
592 break;
8569a776
LP		 593
594 default:
15411c0c 595 return -EOPNOTSUPP;
8569a776
LP		 596 }
597
4d49b48c 598
8569a776
LP		 599 *ret = p;
600 return 0;
601}
602
366b7db4 603int getpeername_pretty(int fd, bool include_port, char **ret) {
4d49b48c 604 union sockaddr_union sa;
b31f535c 605 socklen_t salen = sizeof(sa);
eff05270 606 int r;
4d49b48c
LP		 607
608 assert(fd >= 0);
609 assert(ret);
610
4d49b48c
LP		 611 if (getpeername(fd, &sa.sa, &salen) < 0)
612 return -errno;
613
614 if (sa.sa.sa_family == AF_UNIX) {
39883f62 615 struct ucred ucred = {};
4d49b48c
LP		 616
617 /* UNIX connection sockets are anonymous, so let's use
618 * PID/UID as pretty credentials instead */
619
eff05270
LP		 620 r = getpeercred(fd, &ucred);
621 if (r < 0)
622 return r;
4d49b48c 623
de0671ee 624 if (asprintf(ret, "PID "PID_FMT"/UID "UID_FMT, ucred.pid, ucred.uid) < 0)
4d49b48c
LP		 625 return -ENOMEM;
626
627 return 0;
628 }
629
630 /* For remote sockets we translate IPv6 addresses back to IPv4
631 * if applicable, since that's nicer. */
632
366b7db4 633 return sockaddr_pretty(&sa.sa, salen, true, include_port, ret);
4d49b48c
LP		 634}
635
636int getsockname_pretty(int fd, char **ret) {
637 union sockaddr_union sa;
b31f535c 638 socklen_t salen = sizeof(sa);
4d49b48c
LP		 639
640 assert(fd >= 0);
641 assert(ret);
642
4d49b48c
LP		 643 if (getsockname(fd, &sa.sa, &salen) < 0)
644 return -errno;
645
646 /* For local sockets we do not translate IPv6 addresses back
647 * to IPv6 if applicable, since this is usually used for
648 * listening sockets where the difference between IPv4 and
649 * IPv6 matters. */
650
3b1c5241 651 return sockaddr_pretty(&sa.sa, salen, false, true, ret);
4d49b48c
LP		 652}
653
b31f535c
ZJS		 654int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
655 int r;
656 char host[NI_MAXHOST], *ret;
657
658 assert(_ret);
659
660 r = getnameinfo(&sa->sa, salen, host, sizeof(host), NULL, 0,
661 NI_IDN|NI_IDN_USE_STD3_ASCII_RULES);
662 if (r != 0) {
b31f535c
ZJS		 663 int saved_errno = errno;
664
3b1c5241 665 r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
f647962d 666 if (r < 0)
1938ac51 667 return r;
b31f535c 668
279d3c9c 669 log_debug_errno(saved_errno, "getnameinfo(%s) failed: %m", ret);
cb651834
ZJS		 670 } else {
671 ret = strdup(host);
672 if (!ret)
1938ac51 673 return -ENOMEM;
cb651834 674 }
b31f535c
ZJS		 675
676 *_ret = ret;
677 return 0;
678}
679
680int getnameinfo_pretty(int fd, char **ret) {
681 union sockaddr_union sa;
682 socklen_t salen = sizeof(sa);
683
684 assert(fd >= 0);
685 assert(ret);
686
4a62c710 687 if (getsockname(fd, &sa.sa, &salen) < 0)
1938ac51 688 return -errno;
b31f535c
ZJS		 689
690 return socknameinfo_pretty(&sa, salen, ret);
691}
692
bd1fe7c7
LP		 693int socket_address_unlink(SocketAddress *a) {
694 assert(a);
695
696 if (socket_address_family(a) != AF_UNIX)
697 return 0;
698
699 if (a->sockaddr.un.sun_path[0] == 0)
700 return 0;
701
702 if (unlink(a->sockaddr.un.sun_path) < 0)
703 return -errno;
704
705 return 1;
706}
707
7a22745a
LP		 708static const char* const netlink_family_table[] = {
709 [NETLINK_ROUTE] = "route",
710 [NETLINK_FIREWALL] = "firewall",
711 [NETLINK_INET_DIAG] = "inet-diag",
712 [NETLINK_NFLOG] = "nflog",
713 [NETLINK_XFRM] = "xfrm",
714 [NETLINK_SELINUX] = "selinux",
715 [NETLINK_ISCSI] = "iscsi",
716 [NETLINK_AUDIT] = "audit",
717 [NETLINK_FIB_LOOKUP] = "fib-lookup",
718 [NETLINK_CONNECTOR] = "connector",
719 [NETLINK_NETFILTER] = "netfilter",
720 [NETLINK_IP6_FW] = "ip6-fw",
721 [NETLINK_DNRTMSG] = "dnrtmsg",
722 [NETLINK_KOBJECT_UEVENT] = "kobject-uevent",
723 [NETLINK_GENERIC] = "generic",
724 [NETLINK_SCSITRANSPORT] = "scsitransport",
725 [NETLINK_ECRYPTFS] = "ecryptfs"
726};
727
f8b69d1d 728DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(netlink_family, int, INT_MAX);
7a22745a 729
c0120d99
LP		 730static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
731 [SOCKET_ADDRESS_DEFAULT] = "default",
732 [SOCKET_ADDRESS_BOTH] = "both",
733 [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
734};
735
736DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);
f01e5736
LP		 737
738bool sockaddr_equal(const union sockaddr_union *a, const union sockaddr_union *b) {
739 assert(a);
740 assert(b);
741
742 if (a->sa.sa_family != b->sa.sa_family)
743 return false;
744
745 if (a->sa.sa_family == AF_INET)
746 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
747
748 if (a->sa.sa_family == AF_INET6)
749 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
750
751 return false;
752}
2583fbea
LP		 753
754int fd_inc_sndbuf(int fd, size_t n) {
755 int r, value;
756 socklen_t l = sizeof(value);
757
758 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
759 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
760 return 0;
761
762 /* If we have the privileges we will ignore the kernel limit. */
763
764 value = (int) n;
765 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
766 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
767 return -errno;
768
769 return 1;
770}
771
772int fd_inc_rcvbuf(int fd, size_t n) {
773 int r, value;
774 socklen_t l = sizeof(value);
775
776 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
777 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
778 return 0;
779
780 /* If we have the privileges we will ignore the kernel limit. */
781
782 value = (int) n;
783 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
784 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
785 return -errno;
786 return 1;
787}
788
789static const char* const ip_tos_table[] = {
790 [IPTOS_LOWDELAY] = "low-delay",
791 [IPTOS_THROUGHPUT] = "throughput",
792 [IPTOS_RELIABILITY] = "reliability",
793 [IPTOS_LOWCOST] = "low-cost",
794};
795
796DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
797
ef76dff2
LP		 798bool ifname_valid(const char *p) {
799 bool numeric = true;
800
801 /* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
802 * but slightly stricter, as we only allow non-control, non-space ASCII characters in the interface name. We
803 * also don't permit names that only container numbers, to avoid confusion with numeric interface indexes. */
804
805 if (isempty(p))
806 return false;
807
808 if (strlen(p) >= IFNAMSIZ)
809 return false;
810
811 if (STR_IN_SET(p, ".", ".."))
812 return false;
813
814 while (*p) {
815 if ((unsigned char) *p >= 127U)
816 return false;
817
818 if ((unsigned char) *p <= 32U)
819 return false;
820
821 if (*p == ':' || *p == '/')
822 return false;
823
824 numeric = numeric && (*p >= '0' && *p <= '9');
825 p++;
826 }
827
828 if (numeric)
829 return false;
830
831 return true;
832}
833
2583fbea
LP		 834int getpeercred(int fd, struct ucred *ucred) {
835 socklen_t n = sizeof(struct ucred);
836 struct ucred u;
837 int r;
838
839 assert(fd >= 0);
840 assert(ucred);
841
842 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
843 if (r < 0)
844 return -errno;
845
846 if (n != sizeof(struct ucred))
847 return -EIO;
848
849 /* Check if the data is actually useful and not suppressed due
850 * to namespacing issues */
851 if (u.pid <= 0)
852 return -ENODATA;
853 if (u.uid == UID_INVALID)
854 return -ENODATA;
855 if (u.gid == GID_INVALID)
856 return -ENODATA;
857
858 *ucred = u;
859 return 0;
860}
861
862int getpeersec(int fd, char **ret) {
863 socklen_t n = 64;
864 char *s;
865 int r;
866
867 assert(fd >= 0);
868 assert(ret);
869
870 s = new0(char, n);
871 if (!s)
872 return -ENOMEM;
873
874 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
875 if (r < 0) {
876 free(s);
877
878 if (errno != ERANGE)
879 return -errno;
880
881 s = new0(char, n);
882 if (!s)
883 return -ENOMEM;
884
885 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
886 if (r < 0) {
887 free(s);
888 return -errno;
889 }
890 }
891
892 if (isempty(s)) {
893 free(s);
894 return -EOPNOTSUPP;
895 }
896
897 *ret = s;
898 return 0;
899}
900
726f4c47
ZJS		 901int send_one_fd_sa(
902 int transport_fd,
903 int fd,
904 const struct sockaddr *sa, socklen_t len,
905 int flags) {
906
2583fbea
LP		 907 union {
908 struct cmsghdr cmsghdr;
909 uint8_t buf[CMSG_SPACE(sizeof(int))];
910 } control = {};
911 struct msghdr mh = {
726f4c47
ZJS		 912 .msg_name = (struct sockaddr*) sa,
913 .msg_namelen = len,
2583fbea
LP		 914 .msg_control = &control,
915 .msg_controllen = sizeof(control),
916 };
3c171f0b 917 struct cmsghdr *cmsg;
2583fbea
LP		 918
919 assert(transport_fd >= 0);
920 assert(fd >= 0);
921
922 cmsg = CMSG_FIRSTHDR(&mh);
923 cmsg->cmsg_level = SOL_SOCKET;
924 cmsg->cmsg_type = SCM_RIGHTS;
925 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
926 memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
927
928 mh.msg_controllen = CMSG_SPACE(sizeof(int));
929 if (sendmsg(transport_fd, &mh, MSG_NOSIGNAL | flags) < 0)
930 return -errno;
931
932 return 0;
933}
934
935int receive_one_fd(int transport_fd, int flags) {
936 union {
937 struct cmsghdr cmsghdr;
938 uint8_t buf[CMSG_SPACE(sizeof(int))];
939 } control = {};
940 struct msghdr mh = {
941 .msg_control = &control,
942 .msg_controllen = sizeof(control),
943 };
944 struct cmsghdr *cmsg, *found = NULL;
945
946 assert(transport_fd >= 0);
947
948 /*
949 * Receive a single FD via @transport_fd. We don't care for
950 * the transport-type. We retrieve a single FD at most, so for
951 * packet-based transports, the caller must ensure to send
952 * only a single FD per packet. This is best used in
953 * combination with send_one_fd().
954 */
955
956 if (recvmsg(transport_fd, &mh, MSG_NOSIGNAL | MSG_CMSG_CLOEXEC | flags) < 0)
957 return -errno;
958
959 CMSG_FOREACH(cmsg, &mh) {
960 if (cmsg->cmsg_level == SOL_SOCKET &&
961 cmsg->cmsg_type == SCM_RIGHTS &&
962 cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
963 assert(!found);
964 found = cmsg;
965 break;
966 }
967 }
968
969 if (!found) {
970 cmsg_close_all(&mh);
971 return -EIO;
972 }
973
974 return *(int*) CMSG_DATA(found);
975}
4edc2c9b
LP		 976
977ssize_t next_datagram_size_fd(int fd) {
978 ssize_t l;
979 int k;
980
981 /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
96d49011 982 * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD doesn't
4edc2c9b
LP		 983 * do. This difference is actually of major importance as we need to be sure that the size returned here
984 * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
985 * the wrong size. */
986
987 l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
988 if (l < 0) {
77d4acf3 989 if (errno == EOPNOTSUPP || errno == EFAULT)
4edc2c9b
LP		 990 goto fallback;
991
992 return -errno;
993 }
994 if (l == 0)
995 goto fallback;
996
997 return l;
998
999fallback:
1000 k = 0;
1001
1002 /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
1003 * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
1004
1005 if (ioctl(fd, FIONREAD, &k) < 0)
1006 return -errno;
1007
1008 return (ssize_t) k;
1009}
60d9771c
LP		 1010
1011int flush_accept(int fd) {
1012
1013 struct pollfd pollfd = {
1014 .fd = fd,
1015 .events = POLLIN,
1016 };
1017 int r;
1018
1019
1020 /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately closing them. */
1021
1022 for (;;) {
1023 int cfd;
1024
1025 r = poll(&pollfd, 1, 0);
1026 if (r < 0) {
1027 if (errno == EINTR)
1028 continue;
1029
1030 return -errno;
1031
1032 } else if (r == 0)
1033 return 0;
1034
1035 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1036 if (cfd < 0) {
1037 if (errno == EINTR)
1038 continue;
1039
1040 if (errno == EAGAIN)
1041 return 0;
1042
1043 return -errno;
1044 }
1045
1046 close(cfd);
1047 }
1048}
29206d46
LP		 1049
1050struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length) {
1051 struct cmsghdr *cmsg;
1052
1053 assert(mh);
1054
1055 CMSG_FOREACH(cmsg, mh)
1056 if (cmsg->cmsg_level == level &&
1057 cmsg->cmsg_type == type &&
1058 (length == (socklen_t) -1 || length == cmsg->cmsg_len))
1059 return cmsg;
1060
1061 return NULL;
1062}
429b4350
LP		 1063
1064int socket_ioctl_fd(void) {
1065 int fd;
1066
1067 /* Create a socket to invoke the various network interface ioctl()s on. Traditionally only AF_INET was good for
1068 * that. Since kernel 4.6 AF_NETLINK works for this too. We first try to use AF_INET hence, but if that's not
1069 * available (for example, because it is made unavailable via SECCOMP or such), we'll fall back to the more
1070 * generic AF_NETLINK. */
1071
1072 fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0);
1073 if (fd < 0)
1074 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_GENERIC);
1075 if (fd < 0)
1076 return -errno;
1077
1078 return fd;
1079}
Unnamed repository; edit this file 'description' to name the repository.