]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/basic/socket-util.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sd-bus: drop bloom stuff, it's not needed anymore since kdbus is gone
[thirdparty/systemd.git] / src / basic / socket-util.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
a7334b09
LP		 2/***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 15 Lesser General Public License for more details.
a7334b09 16
5430f7f2 17 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19***/
20
42f4e3c4 21#include <arpa/inet.h>
07630cea 22#include <errno.h>
11c3a366 23#include <limits.h>
542563ba 24#include <net/if.h>
b31f535c 25#include <netdb.h>
2583fbea 26#include <netinet/ip.h>
60d9771c 27#include <poll.h>
07630cea 28#include <stddef.h>
11c3a366 29#include <stdint.h>
07630cea 30#include <stdio.h>
11c3a366 31#include <stdlib.h>
07630cea 32#include <string.h>
07630cea 33#include <unistd.h>
42f4e3c4 34
b5efdb8a 35#include "alloc-util.h"
2583fbea 36#include "fd-util.h"
07630cea 37#include "fileio.h"
f97b34a6 38#include "format-util.h"
93cc7779 39#include "log.h"
42f4e3c4 40#include "macro.h"
07630cea 41#include "missing.h"
6bedfcbb 42#include "parse-util.h"
9eb977db 43#include "path-util.h"
2583fbea 44#include "socket-util.h"
8b43440b 45#include "string-table.h"
07630cea 46#include "string-util.h"
ef76dff2 47#include "strv.h"
ee104e11 48#include "user-util.h"
ef76dff2 49#include "utf8.h"
2eec67ac 50#include "util.h"
42f4e3c4 51
349cc4a5 52#if ENABLE_IDN
6326a143
WB		 53# define IDN_FLAGS (NI_IDN|NI_IDN_USE_STD3_ASCII_RULES)
54#else
55# define IDN_FLAGS 0
56#endif
57
398ce0bc
YW		 58static const char* const socket_address_type_table[] = {
59 [SOCK_STREAM] = "Stream",
60 [SOCK_DGRAM] = "Datagram",
61 [SOCK_RAW] = "Raw",
62 [SOCK_RDM] = "ReliableDatagram",
63 [SOCK_SEQPACKET] = "SequentialPacket",
64 [SOCK_DCCP] = "DatagramCongestionControl",
65};
66
67DEFINE_STRING_TABLE_LOOKUP(socket_address_type, int);
68
542563ba 69int socket_address_parse(SocketAddress *a, const char *s) {
42f4e3c4 70 char *e, *n;
4d49b48c 71 int r;
42f4e3c4
LP		 72
73 assert(a);
74 assert(s);
75
9152c765 76 zero(*a);
542563ba 77 a->type = SOCK_STREAM;
42f4e3c4
LP		 78
79 if (*s == '[') {
89220e2f
LP		 80 uint16_t port;
81
42f4e3c4
LP		 82 /* IPv6 in [x:.....:z]:p notation */
83
4d49b48c
LP		 84 e = strchr(s+1, ']');
85 if (!e)
42f4e3c4
LP		 86 return -EINVAL;
87
4d49b48c 88 n = strndupa(s+1, e-s-1);
42f4e3c4
LP		 89
90 errno = 0;
4d49b48c 91 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
8333c77e 92 return errno > 0 ? -errno : -EINVAL;
42f4e3c4
LP		 93
94 e++;
95 if (*e != ':')
96 return -EINVAL;
97
98 e++;
89220e2f 99 r = parse_ip_port(e, &port);
4d49b48c 100 if (r < 0)
42f4e3c4
LP		 101 return r;
102
42f4e3c4 103 a->sockaddr.in6.sin6_family = AF_INET6;
89220e2f 104 a->sockaddr.in6.sin6_port = htobe16(port);
42f4e3c4 105 a->size = sizeof(struct sockaddr_in6);
42f4e3c4
LP		 106
107 } else if (*s == '/') {
108 /* AF_UNIX socket */
109
110 size_t l;
111
112 l = strlen(s);
113 if (l >= sizeof(a->sockaddr.un.sun_path))
114 return -EINVAL;
115
116 a->sockaddr.un.sun_family = AF_UNIX;
117 memcpy(a->sockaddr.un.sun_path, s, l);
0e098b15 118 a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
42f4e3c4 119
1c24e7bd 120 } else if (*s == '@') {
42f4e3c4
LP		 121 /* Abstract AF_UNIX socket */
122 size_t l;
123
124 l = strlen(s+1);
125 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
126 return -EINVAL;
127
128 a->sockaddr.un.sun_family = AF_UNIX;
129 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
0e098b15 130 a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
42f4e3c4 131
0fc0f14b
SH		 132 } else if (startswith(s, "vsock:")) {
133 /* AF_VSOCK socket in vsock:cid:port notation */
fbd0b64f 134 const char *cid_start = s + STRLEN("vsock:");
89220e2f 135 unsigned port;
0fc0f14b
SH		 136
137 e = strchr(cid_start, ':');
138 if (!e)
139 return -EINVAL;
140
89220e2f 141 r = safe_atou(e+1, &port);
0fc0f14b
SH		 142 if (r < 0)
143 return r;
144
145 n = strndupa(cid_start, e - cid_start);
146 if (!isempty(n)) {
147 r = safe_atou(n, &a->sockaddr.vm.svm_cid);
148 if (r < 0)
149 return r;
150 } else
151 a->sockaddr.vm.svm_cid = VMADDR_CID_ANY;
152
153 a->sockaddr.vm.svm_family = AF_VSOCK;
89220e2f 154 a->sockaddr.vm.svm_port = port;
0fc0f14b
SH		 155 a->size = sizeof(struct sockaddr_vm);
156
42f4e3c4 157 } else {
89220e2f
LP		 158 uint16_t port;
159
4d49b48c
LP		 160 e = strchr(s, ':');
161 if (e) {
89220e2f 162 r = parse_ip_port(e + 1, &port);
4d49b48c 163 if (r < 0)
542563ba
LP		 164 return r;
165
4d49b48c 166 n = strndupa(s, e-s);
42f4e3c4 167
542563ba 168 /* IPv4 in w.x.y.z:p notation? */
4d49b48c
LP		 169 r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
170 if (r < 0)
542563ba 171 return -errno;
42f4e3c4 172
542563ba
LP		 173 if (r > 0) {
174 /* Gotcha, it's a traditional IPv4 address */
4d49b48c 175 a->sockaddr.in.sin_family = AF_INET;
89220e2f 176 a->sockaddr.in.sin_port = htobe16(port);
542563ba
LP		 177 a->size = sizeof(struct sockaddr_in);
178 } else {
179 unsigned idx;
42f4e3c4 180
4d49b48c 181 if (strlen(n) > IF_NAMESIZE-1)
acbb0225 182 return -EINVAL;
acbb0225 183
542563ba
LP		 184 /* Uh, our last resort, an interface name */
185 idx = if_nametoindex(n);
83c60c9f 186 if (idx == 0)
542563ba 187 return -EINVAL;
42f4e3c4 188
542563ba 189 a->sockaddr.in6.sin6_family = AF_INET6;
89220e2f 190 a->sockaddr.in6.sin6_port = htobe16(port);
542563ba 191 a->sockaddr.in6.sin6_scope_id = idx;
83c60c9f 192 a->sockaddr.in6.sin6_addr = in6addr_any;
542563ba
LP		 193 a->size = sizeof(struct sockaddr_in6);
194 }
42f4e3c4
LP		 195 } else {
196
197 /* Just a port */
89220e2f 198 r = parse_ip_port(s, &port);
5198dabc 199 if (r < 0)
42f4e3c4
LP		 200 return r;
201
5bfcc1c6
FF		 202 if (socket_ipv6_is_supported()) {
203 a->sockaddr.in6.sin6_family = AF_INET6;
89220e2f 204 a->sockaddr.in6.sin6_port = htobe16(port);
5bfcc1c6
FF		 205 a->sockaddr.in6.sin6_addr = in6addr_any;
206 a->size = sizeof(struct sockaddr_in6);
207 } else {
4d49b48c 208 a->sockaddr.in.sin_family = AF_INET;
89220e2f 209 a->sockaddr.in.sin_port = htobe16(port);
4d49b48c 210 a->sockaddr.in.sin_addr.s_addr = INADDR_ANY;
5bfcc1c6
FF		 211 a->size = sizeof(struct sockaddr_in);
212 }
42f4e3c4
LP		 213 }
214 }
215
216 return 0;
217}
218
7693146d
LP		 219int socket_address_parse_and_warn(SocketAddress *a, const char *s) {
220 SocketAddress b;
221 int r;
222
223 /* Similar to socket_address_parse() but warns for IPv6 sockets when we don't support them. */
224
225 r = socket_address_parse(&b, s);
226 if (r < 0)
227 return r;
228
229 if (!socket_ipv6_is_supported() && b.sockaddr.sa.sa_family == AF_INET6) {
230 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
231 return -EAFNOSUPPORT;
232 }
233
234 *a = b;
235 return 0;
236}
237
7a22745a
LP		 238int socket_address_parse_netlink(SocketAddress *a, const char *s) {
239 int family;
240 unsigned group = 0;
f8b69d1d 241 _cleanup_free_ char *sfamily = NULL;
7a22745a
LP		 242 assert(a);
243 assert(s);
244
245 zero(*a);
246 a->type = SOCK_RAW;
247
248 errno = 0;
249 if (sscanf(s, "%ms %u", &sfamily, &group) < 1)
bcb161b0 250 return errno > 0 ? -errno : -EINVAL;
7a22745a 251
f8b69d1d
MS		 252 family = netlink_family_from_string(sfamily);
253 if (family < 0)
254 return -EINVAL;
7a22745a
LP		 255
256 a->sockaddr.nl.nl_family = AF_NETLINK;
257 a->sockaddr.nl.nl_groups = group;
258
259 a->type = SOCK_RAW;
260 a->size = sizeof(struct sockaddr_nl);
261 a->protocol = family;
262
263 return 0;
264}
265
542563ba 266int socket_address_verify(const SocketAddress *a) {
42f4e3c4
LP		 267 assert(a);
268
542563ba 269 switch (socket_address_family(a)) {
42f4e3c4 270
7a22745a
LP		 271 case AF_INET:
272 if (a->size != sizeof(struct sockaddr_in))
273 return -EINVAL;
42f4e3c4 274
4d49b48c 275 if (a->sockaddr.in.sin_port == 0)
7a22745a 276 return -EINVAL;
42f4e3c4 277
ec2ce0c5 278 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
7a22745a 279 return -EINVAL;
42f4e3c4 280
7a22745a
LP		 281 return 0;
282
283 case AF_INET6:
284 if (a->size != sizeof(struct sockaddr_in6))
285 return -EINVAL;
42f4e3c4 286
7a22745a
LP		 287 if (a->sockaddr.in6.sin6_port == 0)
288 return -EINVAL;
42f4e3c4 289
ec2ce0c5 290 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
7a22745a 291 return -EINVAL;
42f4e3c4 292
7a22745a 293 return 0;
42f4e3c4 294
7a22745a
LP		 295 case AF_UNIX:
296 if (a->size < offsetof(struct sockaddr_un, sun_path))
297 return -EINVAL;
42f4e3c4 298
7a22745a 299 if (a->size > offsetof(struct sockaddr_un, sun_path)) {
42f4e3c4 300
7a22745a
LP		 301 if (a->sockaddr.un.sun_path[0] != 0) {
302 char *e;
303
304 /* path */
4d49b48c
LP		 305 e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path));
306 if (!e)
7a22745a
LP		 307 return -EINVAL;
308
309 if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
310 return -EINVAL;
42f4e3c4 311 }
7a22745a 312 }
42f4e3c4 313
ec2ce0c5 314 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM, SOCK_SEQPACKET))
7a22745a 315 return -EINVAL;
42f4e3c4 316
7a22745a
LP		 317 return 0;
318
319 case AF_NETLINK:
320
321 if (a->size != sizeof(struct sockaddr_nl))
322 return -EINVAL;
323
ec2ce0c5 324 if (!IN_SET(a->type, SOCK_RAW, SOCK_DGRAM))
7a22745a
LP		 325 return -EINVAL;
326
327 return 0;
328
0fc0f14b
SH		 329 case AF_VSOCK:
330 if (a->size != sizeof(struct sockaddr_vm))
331 return -EINVAL;
332
ec2ce0c5 333 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
0fc0f14b
SH		 334 return -EINVAL;
335
336 return 0;
337
7a22745a
LP		 338 default:
339 return -EAFNOSUPPORT;
42f4e3c4
LP		 340 }
341}
342
4d49b48c 343int socket_address_print(const SocketAddress *a, char **ret) {
42f4e3c4 344 int r;
4d49b48c 345
42f4e3c4 346 assert(a);
4d49b48c 347 assert(ret);
42f4e3c4 348
4d49b48c
LP		 349 r = socket_address_verify(a);
350 if (r < 0)
42f4e3c4
LP		 351 return r;
352
4d49b48c 353 if (socket_address_family(a) == AF_NETLINK) {
7fd1b19b 354 _cleanup_free_ char *sfamily = NULL;
7a22745a 355
f8b69d1d 356 r = netlink_family_to_string_alloc(a->protocol, &sfamily);
7a22745a 357 if (r < 0)
f8b69d1d 358 return r;
4d49b48c
LP		 359
360 r = asprintf(ret, "%s %u", sfamily, a->sockaddr.nl.nl_groups);
8520cfa5
MS		 361 if (r < 0)
362 return -ENOMEM;
7a22745a
LP		 363
364 return 0;
365 }
366
3b1c5241 367 return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
42f4e3c4
LP		 368}
369
4f2d528d
LP		 370bool socket_address_can_accept(const SocketAddress *a) {
371 assert(a);
372
373 return
3742095b 374 IN_SET(a->type, SOCK_STREAM, SOCK_SEQPACKET);
4f2d528d 375}
a16e1123
LP		 376
377bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
378 assert(a);
379 assert(b);
380
381 /* Invalid addresses are unequal to all */
382 if (socket_address_verify(a) < 0 ||
383 socket_address_verify(b) < 0)
384 return false;
385
386 if (a->type != b->type)
387 return false;
388
a16e1123
LP		 389 if (socket_address_family(a) != socket_address_family(b))
390 return false;
391
392 switch (socket_address_family(a)) {
393
394 case AF_INET:
4d49b48c 395 if (a->sockaddr.in.sin_addr.s_addr != b->sockaddr.in.sin_addr.s_addr)
a16e1123
LP		 396 return false;
397
4d49b48c 398 if (a->sockaddr.in.sin_port != b->sockaddr.in.sin_port)
a16e1123
LP		 399 return false;
400
401 break;
402
403 case AF_INET6:
404 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
405 return false;
406
407 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
408 return false;
409
410 break;
411
412 case AF_UNIX:
710708a5
MS		 413 if (a->size <= offsetof(struct sockaddr_un, sun_path) ||
414 b->size <= offsetof(struct sockaddr_un, sun_path))
415 return false;
416
a16e1123
LP		 417 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
418 return false;
419
420 if (a->sockaddr.un.sun_path[0]) {
e3f791a2 421 if (!path_equal_or_files_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, 0))
a16e1123
LP		 422 return false;
423 } else {
c78e47a6
MS		 424 if (a->size != b->size)
425 return false;
426
b12c1e7c 427 if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
a16e1123
LP		 428 return false;
429 }
430
431 break;
432
7a22745a 433 case AF_NETLINK:
7a22745a
LP		 434 if (a->protocol != b->protocol)
435 return false;
436
437 if (a->sockaddr.nl.nl_groups != b->sockaddr.nl.nl_groups)
438 return false;
439
440 break;
441
0fc0f14b
SH		 442 case AF_VSOCK:
443 if (a->sockaddr.vm.svm_cid != b->sockaddr.vm.svm_cid)
444 return false;
445
446 if (a->sockaddr.vm.svm_port != b->sockaddr.vm.svm_port)
447 return false;
448
449 break;
450
a16e1123
LP		 451 default:
452 /* Cannot compare, so we assume the addresses are different */
453 return false;
454 }
455
456 return true;
457}
458
27ca8d7a 459bool socket_address_is(const SocketAddress *a, const char *s, int type) {
a16e1123
LP		 460 struct SocketAddress b;
461
462 assert(a);
463 assert(s);
464
465 if (socket_address_parse(&b, s) < 0)
466 return false;
467
27ca8d7a
LP		 468 b.type = type;
469
a16e1123 470 return socket_address_equal(a, &b);
6e2ef85b
LP		 471}
472
7a22745a
LP		 473bool socket_address_is_netlink(const SocketAddress *a, const char *s) {
474 struct SocketAddress b;
475
476 assert(a);
477 assert(s);
478
479 if (socket_address_parse_netlink(&b, s) < 0)
480 return false;
481
482 return socket_address_equal(a, &b);
483}
484
a57f7e2c 485const char* socket_address_get_path(const SocketAddress *a) {
6e2ef85b
LP		 486 assert(a);
487
488 if (socket_address_family(a) != AF_UNIX)
a57f7e2c 489 return NULL;
6e2ef85b
LP		 490
491 if (a->sockaddr.un.sun_path[0] == 0)
a57f7e2c 492 return NULL;
a16e1123 493
a57f7e2c 494 return a->sockaddr.un.sun_path;
a16e1123 495}
c0120d99 496
5bfcc1c6 497bool socket_ipv6_is_supported(void) {
629abfc2 498 if (access("/proc/net/if_inet6", F_OK) != 0)
90ab5042 499 return false;
f89f1e8f 500
7377964d 501 return true;
5bfcc1c6
FF		 502}
503
01e10de3 504bool socket_address_matches_fd(const SocketAddress *a, int fd) {
dbafedac
MS		 505 SocketAddress b;
506 socklen_t solen;
01e10de3
LP		 507
508 assert(a);
509 assert(fd >= 0);
510
dbafedac
MS		 511 b.size = sizeof(b.sockaddr);
512 if (getsockname(fd, &b.sockaddr.sa, &b.size) < 0)
01e10de3
LP		 513 return false;
514
dbafedac 515 if (b.sockaddr.sa.sa_family != a->sockaddr.sa.sa_family)
01e10de3
LP		 516 return false;
517
dbafedac
MS		 518 solen = sizeof(b.type);
519 if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &b.type, &solen) < 0)
01e10de3
LP		 520 return false;
521
dbafedac 522 if (b.type != a->type)
01e10de3
LP		 523 return false;
524
525 if (a->protocol != 0) {
dbafedac
MS		 526 solen = sizeof(b.protocol);
527 if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &b.protocol, &solen) < 0)
01e10de3
LP		 528 return false;
529
dbafedac 530 if (b.protocol != a->protocol)
01e10de3
LP		 531 return false;
532 }
533
02233928 534 return socket_address_equal(a, &b);
01e10de3
LP		 535}
536
f6aac5bf 537int sockaddr_port(const struct sockaddr *_sa, unsigned *ret_port) {
3b1c5241
SL		 538 union sockaddr_union *sa = (union sockaddr_union*) _sa;
539
f6aac5bf
LP		 540 /* Note, this returns the port as 'unsigned' rather than 'uint16_t', as AF_VSOCK knows larger ports */
541
3b1c5241
SL		 542 assert(sa);
543
0fc0f14b 544 switch (sa->sa.sa_family) {
f6aac5bf 545
0fc0f14b 546 case AF_INET:
f6aac5bf 547 *ret_port = be16toh(sa->in.sin_port);
0fc0f14b 548 return 0;
3b1c5241 549
0fc0f14b 550 case AF_INET6:
f6aac5bf 551 *ret_port = be16toh(sa->in6.sin6_port);
0fc0f14b
SH		 552 return 0;
553
554 case AF_VSOCK:
f6aac5bf 555 *ret_port = sa->vm.svm_port;
0fc0f14b
SH		 556 return 0;
557
558 default:
559 return -EAFNOSUPPORT;
560 }
3b1c5241
SL		 561}
562
563int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
4d49b48c 564 union sockaddr_union *sa = (union sockaddr_union*) _sa;
8569a776 565 char *p;
fc25ad25 566 int r;
8569a776 567
4d49b48c
LP		 568 assert(sa);
569 assert(salen >= sizeof(sa->sa.sa_family));
8569a776 570
4d49b48c 571 switch (sa->sa.sa_family) {
8569a776
LP		 572
573 case AF_INET: {
574 uint32_t a;
575
8e38570e 576 a = be32toh(sa->in.sin_addr.s_addr);
8569a776 577
fc25ad25
ZJS		 578 if (include_port)
579 r = asprintf(&p,
3b1c5241
SL		 580 "%u.%u.%u.%u:%u",
581 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
8e38570e 582 be16toh(sa->in.sin_port));
fc25ad25
ZJS		 583 else
584 r = asprintf(&p,
3b1c5241 585 "%u.%u.%u.%u",
fc25ad25
ZJS		 586 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF);
587 if (r < 0)
588 return -ENOMEM;
8569a776
LP		 589 break;
590 }
591
592 case AF_INET6: {
593 static const unsigned char ipv4_prefix[] = {
594 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
595 };
596
fc25ad25
ZJS		 597 if (translate_ipv6 &&
598 memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
4d49b48c 599 const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
fc25ad25
ZJS		 600 if (include_port)
601 r = asprintf(&p,
3b1c5241
SL		 602 "%u.%u.%u.%u:%u",
603 a[0], a[1], a[2], a[3],
8e38570e 604 be16toh(sa->in6.sin6_port));
fc25ad25
ZJS		 605 else
606 r = asprintf(&p,
3b1c5241 607 "%u.%u.%u.%u",
fc25ad25
ZJS		 608 a[0], a[1], a[2], a[3]);
609 if (r < 0)
610 return -ENOMEM;
8569a776
LP		 611 } else {
612 char a[INET6_ADDRSTRLEN];
613
3b1c5241
SL		 614 inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
615
616 if (include_port) {
fc25ad25 617 r = asprintf(&p,
3b1c5241
SL		 618 "[%s]:%u",
619 a,
8e38570e 620 be16toh(sa->in6.sin6_port));
fc25ad25 621 if (r < 0)
3b1c5241
SL		 622 return -ENOMEM;
623 } else {
624 p = strdup(a);
625 if (!p)
626 return -ENOMEM;
627 }
8569a776
LP		 628 }
629
630 break;
631 }
632
4d49b48c
LP		 633 case AF_UNIX:
634 if (salen <= offsetof(struct sockaddr_un, sun_path)) {
635 p = strdup("<unnamed>");
636 if (!p)
637 return -ENOMEM;
8569a776 638
4d49b48c
LP		 639 } else if (sa->un.sun_path[0] == 0) {
640 /* abstract */
8569a776 641
4d49b48c
LP		 642 /* FIXME: We assume we can print the
643 * socket path here and that it hasn't
644 * more than one NUL byte. That is
645 * actually an invalid assumption */
646
647 p = new(char, sizeof(sa->un.sun_path)+1);
648 if (!p)
649 return -ENOMEM;
650
651 p[0] = '@';
652 memcpy(p+1, sa->un.sun_path+1, sizeof(sa->un.sun_path)-1);
653 p[sizeof(sa->un.sun_path)] = 0;
654
655 } else {
656 p = strndup(sa->un.sun_path, sizeof(sa->un.sun_path));
0810bc56 657 if (!p)
4d49b48c
LP		 658 return -ENOMEM;
659 }
8569a776
LP		 660
661 break;
8569a776 662
0fc0f14b
SH		 663 case AF_VSOCK:
664 if (include_port)
665 r = asprintf(&p,
666 "vsock:%u:%u",
667 sa->vm.svm_cid,
668 sa->vm.svm_port);
669 else
670 r = asprintf(&p, "vsock:%u", sa->vm.svm_cid);
671 if (r < 0)
672 return -ENOMEM;
673 break;
674
8569a776 675 default:
15411c0c 676 return -EOPNOTSUPP;
8569a776
LP		 677 }
678
4d49b48c 679
8569a776
LP		 680 *ret = p;
681 return 0;
682}
683
366b7db4 684int getpeername_pretty(int fd, bool include_port, char **ret) {
4d49b48c 685 union sockaddr_union sa;
b31f535c 686 socklen_t salen = sizeof(sa);
eff05270 687 int r;
4d49b48c
LP		 688
689 assert(fd >= 0);
690 assert(ret);
691
4d49b48c
LP		 692 if (getpeername(fd, &sa.sa, &salen) < 0)
693 return -errno;
694
695 if (sa.sa.sa_family == AF_UNIX) {
39883f62 696 struct ucred ucred = {};
4d49b48c
LP		 697
698 /* UNIX connection sockets are anonymous, so let's use
699 * PID/UID as pretty credentials instead */
700
eff05270
LP		 701 r = getpeercred(fd, &ucred);
702 if (r < 0)
703 return r;
4d49b48c 704
de0671ee 705 if (asprintf(ret, "PID "PID_FMT"/UID "UID_FMT, ucred.pid, ucred.uid) < 0)
4d49b48c
LP		 706 return -ENOMEM;
707
708 return 0;
709 }
710
711 /* For remote sockets we translate IPv6 addresses back to IPv4
712 * if applicable, since that's nicer. */
713
366b7db4 714 return sockaddr_pretty(&sa.sa, salen, true, include_port, ret);
4d49b48c
LP		 715}
716
717int getsockname_pretty(int fd, char **ret) {
718 union sockaddr_union sa;
b31f535c 719 socklen_t salen = sizeof(sa);
4d49b48c
LP		 720
721 assert(fd >= 0);
722 assert(ret);
723
4d49b48c
LP		 724 if (getsockname(fd, &sa.sa, &salen) < 0)
725 return -errno;
726
727 /* For local sockets we do not translate IPv6 addresses back
728 * to IPv6 if applicable, since this is usually used for
729 * listening sockets where the difference between IPv4 and
730 * IPv6 matters. */
731
3b1c5241 732 return sockaddr_pretty(&sa.sa, salen, false, true, ret);
4d49b48c
LP		 733}
734
b31f535c
ZJS		 735int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
736 int r;
737 char host[NI_MAXHOST], *ret;
738
739 assert(_ret);
740
6326a143 741 r = getnameinfo(&sa->sa, salen, host, sizeof(host), NULL, 0, IDN_FLAGS);
b31f535c 742 if (r != 0) {
b31f535c
ZJS		 743 int saved_errno = errno;
744
3b1c5241 745 r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
f647962d 746 if (r < 0)
1938ac51 747 return r;
b31f535c 748
279d3c9c 749 log_debug_errno(saved_errno, "getnameinfo(%s) failed: %m", ret);
cb651834
ZJS		 750 } else {
751 ret = strdup(host);
752 if (!ret)
1938ac51 753 return -ENOMEM;
cb651834 754 }
b31f535c
ZJS		 755
756 *_ret = ret;
757 return 0;
758}
759
760int getnameinfo_pretty(int fd, char **ret) {
761 union sockaddr_union sa;
762 socklen_t salen = sizeof(sa);
763
764 assert(fd >= 0);
765 assert(ret);
766
4a62c710 767 if (getsockname(fd, &sa.sa, &salen) < 0)
1938ac51 768 return -errno;
b31f535c
ZJS		 769
770 return socknameinfo_pretty(&sa, salen, ret);
771}
772
bd1fe7c7
LP		 773int socket_address_unlink(SocketAddress *a) {
774 assert(a);
775
776 if (socket_address_family(a) != AF_UNIX)
777 return 0;
778
779 if (a->sockaddr.un.sun_path[0] == 0)
780 return 0;
781
782 if (unlink(a->sockaddr.un.sun_path) < 0)
783 return -errno;
784
785 return 1;
786}
787
7a22745a
LP		 788static const char* const netlink_family_table[] = {
789 [NETLINK_ROUTE] = "route",
790 [NETLINK_FIREWALL] = "firewall",
791 [NETLINK_INET_DIAG] = "inet-diag",
792 [NETLINK_NFLOG] = "nflog",
793 [NETLINK_XFRM] = "xfrm",
794 [NETLINK_SELINUX] = "selinux",
795 [NETLINK_ISCSI] = "iscsi",
796 [NETLINK_AUDIT] = "audit",
797 [NETLINK_FIB_LOOKUP] = "fib-lookup",
798 [NETLINK_CONNECTOR] = "connector",
799 [NETLINK_NETFILTER] = "netfilter",
800 [NETLINK_IP6_FW] = "ip6-fw",
801 [NETLINK_DNRTMSG] = "dnrtmsg",
802 [NETLINK_KOBJECT_UEVENT] = "kobject-uevent",
803 [NETLINK_GENERIC] = "generic",
804 [NETLINK_SCSITRANSPORT] = "scsitransport",
5570d7f9
JG		 805 [NETLINK_ECRYPTFS] = "ecryptfs",
806 [NETLINK_RDMA] = "rdma",
7a22745a
LP		 807};
808
f8b69d1d 809DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(netlink_family, int, INT_MAX);
7a22745a 810
c0120d99
LP		 811static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
812 [SOCKET_ADDRESS_DEFAULT] = "default",
813 [SOCKET_ADDRESS_BOTH] = "both",
814 [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
815};
816
817DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);
f01e5736 818
6f90844f
YW		 819SocketAddressBindIPv6Only parse_socket_address_bind_ipv6_only_or_bool(const char *n) {
820 int r;
821
822 r = parse_boolean(n);
823 if (r > 0)
824 return SOCKET_ADDRESS_IPV6_ONLY;
825 if (r == 0)
826 return SOCKET_ADDRESS_BOTH;
827
828 return socket_address_bind_ipv6_only_from_string(n);
829}
830
f01e5736
LP		 831bool sockaddr_equal(const union sockaddr_union *a, const union sockaddr_union *b) {
832 assert(a);
833 assert(b);
834
835 if (a->sa.sa_family != b->sa.sa_family)
836 return false;
837
838 if (a->sa.sa_family == AF_INET)
839 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
840
841 if (a->sa.sa_family == AF_INET6)
842 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
843
0fc0f14b
SH		 844 if (a->sa.sa_family == AF_VSOCK)
845 return a->vm.svm_cid == b->vm.svm_cid;
846
f01e5736
LP		 847 return false;
848}
2583fbea
LP		 849
850int fd_inc_sndbuf(int fd, size_t n) {
851 int r, value;
852 socklen_t l = sizeof(value);
853
854 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
855 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
856 return 0;
857
858 /* If we have the privileges we will ignore the kernel limit. */
859
860 value = (int) n;
861 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
862 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
863 return -errno;
864
865 return 1;
866}
867
868int fd_inc_rcvbuf(int fd, size_t n) {
869 int r, value;
870 socklen_t l = sizeof(value);
871
872 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
873 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
874 return 0;
875
876 /* If we have the privileges we will ignore the kernel limit. */
877
878 value = (int) n;
879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
880 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
881 return -errno;
882 return 1;
883}
884
885static const char* const ip_tos_table[] = {
886 [IPTOS_LOWDELAY] = "low-delay",
887 [IPTOS_THROUGHPUT] = "throughput",
888 [IPTOS_RELIABILITY] = "reliability",
889 [IPTOS_LOWCOST] = "low-cost",
890};
891
892DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
893
ef76dff2
LP		 894bool ifname_valid(const char *p) {
895 bool numeric = true;
896
897 /* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
898 * but slightly stricter, as we only allow non-control, non-space ASCII characters in the interface name. We
899 * also don't permit names that only container numbers, to avoid confusion with numeric interface indexes. */
900
901 if (isempty(p))
902 return false;
903
904 if (strlen(p) >= IFNAMSIZ)
905 return false;
906
49bfc877 907 if (dot_or_dot_dot(p))
ef76dff2
LP		 908 return false;
909
910 while (*p) {
911 if ((unsigned char) *p >= 127U)
912 return false;
913
914 if ((unsigned char) *p <= 32U)
915 return false;
916
4c701096 917 if (IN_SET(*p, ':', '/'))
ef76dff2
LP		 918 return false;
919
920 numeric = numeric && (*p >= '0' && *p <= '9');
921 p++;
922 }
923
924 if (numeric)
925 return false;
926
927 return true;
928}
929
26808948
SS		 930bool address_label_valid(const char *p) {
931
932 if (isempty(p))
933 return false;
934
935 if (strlen(p) >= IFNAMSIZ)
936 return false;
937
938 while (*p) {
939 if ((uint8_t) *p >= 127U)
940 return false;
941
942 if ((uint8_t) *p <= 31U)
943 return false;
944 p++;
945 }
946
947 return true;
948}
949
2583fbea
LP		 950int getpeercred(int fd, struct ucred *ucred) {
951 socklen_t n = sizeof(struct ucred);
952 struct ucred u;
953 int r;
954
955 assert(fd >= 0);
956 assert(ucred);
957
958 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
959 if (r < 0)
960 return -errno;
961
962 if (n != sizeof(struct ucred))
963 return -EIO;
964
bbcc701e
LP		 965 /* Check if the data is actually useful and not suppressed due to namespacing issues */
966 if (!pid_is_valid(u.pid))
2583fbea
LP		 967 return -ENODATA;
968
bbcc701e
LP		 969 /* Note that we don't check UID/GID here, as namespace translation works differently there: instead of
970 * receiving in "invalid" user/group we get the overflow UID/GID. */
971
2583fbea
LP		 972 *ucred = u;
973 return 0;
974}
975
976int getpeersec(int fd, char **ret) {
217d8967 977 _cleanup_free_ char *s = NULL;
2583fbea 978 socklen_t n = 64;
2583fbea
LP		 979
980 assert(fd >= 0);
981 assert(ret);
982
217d8967
LP		 983 for (;;) {
984 s = new0(char, n+1);
985 if (!s)
986 return -ENOMEM;
2583fbea 987
217d8967
LP		 988 if (getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n) >= 0)
989 break;
2583fbea
LP		 990
991 if (errno != ERANGE)
992 return -errno;
993
217d8967 994 s = mfree(s);
2583fbea
LP		 995 }
996
217d8967 997 if (isempty(s))
2583fbea 998 return -EOPNOTSUPP;
2583fbea
LP		 999
1000 *ret = s;
217d8967
LP		 1001 s = NULL;
1002
2583fbea
LP		 1003 return 0;
1004}
1005
43f2c88d
LP		 1006int getpeergroups(int fd, gid_t **ret) {
1007 socklen_t n = sizeof(gid_t) * 64;
1008 _cleanup_free_ gid_t *d = NULL;
1009
1010 assert(fd);
1011 assert(ret);
1012
1013 for (;;) {
1014 d = malloc(n);
1015 if (!d)
1016 return -ENOMEM;
1017
1018 if (getsockopt(fd, SOL_SOCKET, SO_PEERGROUPS, d, &n) >= 0)
1019 break;
1020
1021 if (errno != ERANGE)
1022 return -errno;
1023
1024 d = mfree(d);
1025 }
1026
1027 assert_se(n % sizeof(gid_t) == 0);
1028 n /= sizeof(gid_t);
1029
1030 if ((socklen_t) (int) n != n)
1031 return -E2BIG;
1032
1033 *ret = d;
1034 d = NULL;
1035
1036 return (int) n;
1037}
1038
726f4c47
ZJS		 1039int send_one_fd_sa(
1040 int transport_fd,
1041 int fd,
1042 const struct sockaddr *sa, socklen_t len,
1043 int flags) {
1044
2583fbea
LP		 1045 union {
1046 struct cmsghdr cmsghdr;
1047 uint8_t buf[CMSG_SPACE(sizeof(int))];
1048 } control = {};
1049 struct msghdr mh = {
726f4c47
ZJS		 1050 .msg_name = (struct sockaddr*) sa,
1051 .msg_namelen = len,
2583fbea
LP		 1052 .msg_control = &control,
1053 .msg_controllen = sizeof(control),
1054 };
3c171f0b 1055 struct cmsghdr *cmsg;
2583fbea
LP		 1056
1057 assert(transport_fd >= 0);
1058 assert(fd >= 0);
1059
1060 cmsg = CMSG_FIRSTHDR(&mh);
1061 cmsg->cmsg_level = SOL_SOCKET;
1062 cmsg->cmsg_type = SCM_RIGHTS;
1063 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
1064 memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
1065
1066 mh.msg_controllen = CMSG_SPACE(sizeof(int));
1067 if (sendmsg(transport_fd, &mh, MSG_NOSIGNAL | flags) < 0)
1068 return -errno;
1069
1070 return 0;
1071}
1072
1073int receive_one_fd(int transport_fd, int flags) {
1074 union {
1075 struct cmsghdr cmsghdr;
1076 uint8_t buf[CMSG_SPACE(sizeof(int))];
1077 } control = {};
1078 struct msghdr mh = {
1079 .msg_control = &control,
1080 .msg_controllen = sizeof(control),
1081 };
1082 struct cmsghdr *cmsg, *found = NULL;
1083
1084 assert(transport_fd >= 0);
1085
1086 /*
1087 * Receive a single FD via @transport_fd. We don't care for
1088 * the transport-type. We retrieve a single FD at most, so for
1089 * packet-based transports, the caller must ensure to send
1090 * only a single FD per packet. This is best used in
1091 * combination with send_one_fd().
1092 */
1093
1094 if (recvmsg(transport_fd, &mh, MSG_NOSIGNAL | MSG_CMSG_CLOEXEC | flags) < 0)
1095 return -errno;
1096
1097 CMSG_FOREACH(cmsg, &mh) {
1098 if (cmsg->cmsg_level == SOL_SOCKET &&
1099 cmsg->cmsg_type == SCM_RIGHTS &&
1100 cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
1101 assert(!found);
1102 found = cmsg;
1103 break;
1104 }
1105 }
1106
1107 if (!found) {
1108 cmsg_close_all(&mh);
1109 return -EIO;
1110 }
1111
1112 return *(int*) CMSG_DATA(found);
1113}
4edc2c9b
LP		 1114
1115ssize_t next_datagram_size_fd(int fd) {
1116 ssize_t l;
1117 int k;
1118
1119 /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
96d49011 1120 * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD doesn't
4edc2c9b
LP		 1121 * do. This difference is actually of major importance as we need to be sure that the size returned here
1122 * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
1123 * the wrong size. */
1124
1125 l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
1126 if (l < 0) {
3742095b 1127 if (IN_SET(errno, EOPNOTSUPP, EFAULT))
4edc2c9b
LP		 1128 goto fallback;
1129
1130 return -errno;
1131 }
1132 if (l == 0)
1133 goto fallback;
1134
1135 return l;
1136
1137fallback:
1138 k = 0;
1139
1140 /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
1141 * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
1142
1143 if (ioctl(fd, FIONREAD, &k) < 0)
1144 return -errno;
1145
1146 return (ssize_t) k;
1147}
60d9771c
LP		 1148
1149int flush_accept(int fd) {
1150
1151 struct pollfd pollfd = {
1152 .fd = fd,
1153 .events = POLLIN,
1154 };
1155 int r;
1156
1157
1158 /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately closing them. */
1159
1160 for (;;) {
1161 int cfd;
1162
1163 r = poll(&pollfd, 1, 0);
1164 if (r < 0) {
1165 if (errno == EINTR)
1166 continue;
1167
1168 return -errno;
1169
1170 } else if (r == 0)
1171 return 0;
1172
1173 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1174 if (cfd < 0) {
1175 if (errno == EINTR)
1176 continue;
1177
1178 if (errno == EAGAIN)
1179 return 0;
1180
1181 return -errno;
1182 }
1183
1184 close(cfd);
1185 }
1186}
29206d46
LP		 1187
1188struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length) {
1189 struct cmsghdr *cmsg;
1190
1191 assert(mh);
1192
1193 CMSG_FOREACH(cmsg, mh)
1194 if (cmsg->cmsg_level == level &&
1195 cmsg->cmsg_type == type &&
1196 (length == (socklen_t) -1 || length == cmsg->cmsg_len))
1197 return cmsg;
1198
1199 return NULL;
1200}
429b4350
LP		 1201
1202int socket_ioctl_fd(void) {
1203 int fd;
1204
1205 /* Create a socket to invoke the various network interface ioctl()s on. Traditionally only AF_INET was good for
1206 * that. Since kernel 4.6 AF_NETLINK works for this too. We first try to use AF_INET hence, but if that's not
1207 * available (for example, because it is made unavailable via SECCOMP or such), we'll fall back to the more
1208 * generic AF_NETLINK. */
1209
1210 fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0);
1211 if (fd < 0)
1212 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_GENERIC);
1213 if (fd < 0)
1214 return -errno;
1215
1216 return fd;
1217}
Unnamed repository; edit this file 'description' to name the repository.