]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/basic/socket-util.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
log: minimize includes in log.h
[thirdparty/systemd.git] / src / basic / socket-util.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
a7334b09
LP		 2/***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 15 Lesser General Public License for more details.
a7334b09 16
5430f7f2 17 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19***/
20
42f4e3c4 21#include <arpa/inet.h>
07630cea 22#include <errno.h>
11c3a366 23#include <limits.h>
542563ba 24#include <net/if.h>
b31f535c 25#include <netdb.h>
2583fbea 26#include <netinet/ip.h>
60d9771c 27#include <poll.h>
07630cea 28#include <stddef.h>
11c3a366 29#include <stdint.h>
07630cea 30#include <stdio.h>
11c3a366 31#include <stdlib.h>
07630cea 32#include <string.h>
07630cea 33#include <unistd.h>
42f4e3c4 34
b5efdb8a 35#include "alloc-util.h"
2583fbea 36#include "fd-util.h"
07630cea 37#include "fileio.h"
f97b34a6 38#include "format-util.h"
93cc7779 39#include "log.h"
42f4e3c4 40#include "macro.h"
07630cea 41#include "missing.h"
6bedfcbb 42#include "parse-util.h"
9eb977db 43#include "path-util.h"
dccca82b 44#include "process-util.h"
2583fbea 45#include "socket-util.h"
8b43440b 46#include "string-table.h"
07630cea 47#include "string-util.h"
ef76dff2 48#include "strv.h"
ee104e11 49#include "user-util.h"
ef76dff2 50#include "utf8.h"
2eec67ac 51#include "util.h"
42f4e3c4 52
349cc4a5 53#if ENABLE_IDN
6326a143
WB		 54# define IDN_FLAGS (NI_IDN|NI_IDN_USE_STD3_ASCII_RULES)
55#else
56# define IDN_FLAGS 0
57#endif
58
398ce0bc
YW		 59static const char* const socket_address_type_table[] = {
60 [SOCK_STREAM] = "Stream",
61 [SOCK_DGRAM] = "Datagram",
62 [SOCK_RAW] = "Raw",
63 [SOCK_RDM] = "ReliableDatagram",
64 [SOCK_SEQPACKET] = "SequentialPacket",
65 [SOCK_DCCP] = "DatagramCongestionControl",
66};
67
68DEFINE_STRING_TABLE_LOOKUP(socket_address_type, int);
69
542563ba 70int socket_address_parse(SocketAddress *a, const char *s) {
42f4e3c4 71 char *e, *n;
4d49b48c 72 int r;
42f4e3c4
LP		 73
74 assert(a);
75 assert(s);
76
9152c765 77 zero(*a);
542563ba 78 a->type = SOCK_STREAM;
42f4e3c4
LP		 79
80 if (*s == '[') {
89220e2f
LP		 81 uint16_t port;
82
42f4e3c4
LP		 83 /* IPv6 in [x:.....:z]:p notation */
84
4d49b48c
LP		 85 e = strchr(s+1, ']');
86 if (!e)
42f4e3c4
LP		 87 return -EINVAL;
88
4d49b48c 89 n = strndupa(s+1, e-s-1);
42f4e3c4
LP		 90
91 errno = 0;
4d49b48c 92 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
8333c77e 93 return errno > 0 ? -errno : -EINVAL;
42f4e3c4
LP		 94
95 e++;
96 if (*e != ':')
97 return -EINVAL;
98
99 e++;
89220e2f 100 r = parse_ip_port(e, &port);
4d49b48c 101 if (r < 0)
42f4e3c4
LP		 102 return r;
103
42f4e3c4 104 a->sockaddr.in6.sin6_family = AF_INET6;
89220e2f 105 a->sockaddr.in6.sin6_port = htobe16(port);
42f4e3c4 106 a->size = sizeof(struct sockaddr_in6);
42f4e3c4
LP		 107
108 } else if (*s == '/') {
109 /* AF_UNIX socket */
110
111 size_t l;
112
113 l = strlen(s);
114 if (l >= sizeof(a->sockaddr.un.sun_path))
115 return -EINVAL;
116
117 a->sockaddr.un.sun_family = AF_UNIX;
118 memcpy(a->sockaddr.un.sun_path, s, l);
0e098b15 119 a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
42f4e3c4 120
1c24e7bd 121 } else if (*s == '@') {
42f4e3c4
LP		 122 /* Abstract AF_UNIX socket */
123 size_t l;
124
125 l = strlen(s+1);
126 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
127 return -EINVAL;
128
129 a->sockaddr.un.sun_family = AF_UNIX;
130 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
0e098b15 131 a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
42f4e3c4 132
0fc0f14b
SH		 133 } else if (startswith(s, "vsock:")) {
134 /* AF_VSOCK socket in vsock:cid:port notation */
fbd0b64f 135 const char *cid_start = s + STRLEN("vsock:");
89220e2f 136 unsigned port;
0fc0f14b
SH		 137
138 e = strchr(cid_start, ':');
139 if (!e)
140 return -EINVAL;
141
89220e2f 142 r = safe_atou(e+1, &port);
0fc0f14b
SH		 143 if (r < 0)
144 return r;
145
146 n = strndupa(cid_start, e - cid_start);
147 if (!isempty(n)) {
148 r = safe_atou(n, &a->sockaddr.vm.svm_cid);
149 if (r < 0)
150 return r;
151 } else
152 a->sockaddr.vm.svm_cid = VMADDR_CID_ANY;
153
154 a->sockaddr.vm.svm_family = AF_VSOCK;
89220e2f 155 a->sockaddr.vm.svm_port = port;
0fc0f14b
SH		 156 a->size = sizeof(struct sockaddr_vm);
157
42f4e3c4 158 } else {
89220e2f
LP		 159 uint16_t port;
160
4d49b48c
LP		 161 e = strchr(s, ':');
162 if (e) {
89220e2f 163 r = parse_ip_port(e + 1, &port);
4d49b48c 164 if (r < 0)
542563ba
LP		 165 return r;
166
4d49b48c 167 n = strndupa(s, e-s);
42f4e3c4 168
542563ba 169 /* IPv4 in w.x.y.z:p notation? */
4d49b48c
LP		 170 r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
171 if (r < 0)
542563ba 172 return -errno;
42f4e3c4 173
542563ba
LP		 174 if (r > 0) {
175 /* Gotcha, it's a traditional IPv4 address */
4d49b48c 176 a->sockaddr.in.sin_family = AF_INET;
89220e2f 177 a->sockaddr.in.sin_port = htobe16(port);
542563ba
LP		 178 a->size = sizeof(struct sockaddr_in);
179 } else {
180 unsigned idx;
42f4e3c4 181
4d49b48c 182 if (strlen(n) > IF_NAMESIZE-1)
acbb0225 183 return -EINVAL;
acbb0225 184
542563ba
LP		 185 /* Uh, our last resort, an interface name */
186 idx = if_nametoindex(n);
83c60c9f 187 if (idx == 0)
542563ba 188 return -EINVAL;
42f4e3c4 189
542563ba 190 a->sockaddr.in6.sin6_family = AF_INET6;
89220e2f 191 a->sockaddr.in6.sin6_port = htobe16(port);
542563ba 192 a->sockaddr.in6.sin6_scope_id = idx;
83c60c9f 193 a->sockaddr.in6.sin6_addr = in6addr_any;
542563ba
LP		 194 a->size = sizeof(struct sockaddr_in6);
195 }
42f4e3c4
LP		 196 } else {
197
198 /* Just a port */
89220e2f 199 r = parse_ip_port(s, &port);
5198dabc 200 if (r < 0)
42f4e3c4
LP		 201 return r;
202
5bfcc1c6
FF		 203 if (socket_ipv6_is_supported()) {
204 a->sockaddr.in6.sin6_family = AF_INET6;
89220e2f 205 a->sockaddr.in6.sin6_port = htobe16(port);
5bfcc1c6
FF		 206 a->sockaddr.in6.sin6_addr = in6addr_any;
207 a->size = sizeof(struct sockaddr_in6);
208 } else {
4d49b48c 209 a->sockaddr.in.sin_family = AF_INET;
89220e2f 210 a->sockaddr.in.sin_port = htobe16(port);
4d49b48c 211 a->sockaddr.in.sin_addr.s_addr = INADDR_ANY;
5bfcc1c6
FF		 212 a->size = sizeof(struct sockaddr_in);
213 }
42f4e3c4
LP		 214 }
215 }
216
217 return 0;
218}
219
7693146d
LP		 220int socket_address_parse_and_warn(SocketAddress *a, const char *s) {
221 SocketAddress b;
222 int r;
223
224 /* Similar to socket_address_parse() but warns for IPv6 sockets when we don't support them. */
225
226 r = socket_address_parse(&b, s);
227 if (r < 0)
228 return r;
229
230 if (!socket_ipv6_is_supported() && b.sockaddr.sa.sa_family == AF_INET6) {
231 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
232 return -EAFNOSUPPORT;
233 }
234
235 *a = b;
236 return 0;
237}
238
7a22745a
LP		 239int socket_address_parse_netlink(SocketAddress *a, const char *s) {
240 int family;
241 unsigned group = 0;
f8b69d1d 242 _cleanup_free_ char *sfamily = NULL;
7a22745a
LP		 243 assert(a);
244 assert(s);
245
246 zero(*a);
247 a->type = SOCK_RAW;
248
249 errno = 0;
250 if (sscanf(s, "%ms %u", &sfamily, &group) < 1)
bcb161b0 251 return errno > 0 ? -errno : -EINVAL;
7a22745a 252
f8b69d1d
MS		 253 family = netlink_family_from_string(sfamily);
254 if (family < 0)
255 return -EINVAL;
7a22745a
LP		 256
257 a->sockaddr.nl.nl_family = AF_NETLINK;
258 a->sockaddr.nl.nl_groups = group;
259
260 a->type = SOCK_RAW;
261 a->size = sizeof(struct sockaddr_nl);
262 a->protocol = family;
263
264 return 0;
265}
266
542563ba 267int socket_address_verify(const SocketAddress *a) {
42f4e3c4
LP		 268 assert(a);
269
542563ba 270 switch (socket_address_family(a)) {
42f4e3c4 271
7a22745a
LP		 272 case AF_INET:
273 if (a->size != sizeof(struct sockaddr_in))
274 return -EINVAL;
42f4e3c4 275
4d49b48c 276 if (a->sockaddr.in.sin_port == 0)
7a22745a 277 return -EINVAL;
42f4e3c4 278
ec2ce0c5 279 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
7a22745a 280 return -EINVAL;
42f4e3c4 281
7a22745a
LP		 282 return 0;
283
284 case AF_INET6:
285 if (a->size != sizeof(struct sockaddr_in6))
286 return -EINVAL;
42f4e3c4 287
7a22745a
LP		 288 if (a->sockaddr.in6.sin6_port == 0)
289 return -EINVAL;
42f4e3c4 290
ec2ce0c5 291 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
7a22745a 292 return -EINVAL;
42f4e3c4 293
7a22745a 294 return 0;
42f4e3c4 295
7a22745a
LP		 296 case AF_UNIX:
297 if (a->size < offsetof(struct sockaddr_un, sun_path))
298 return -EINVAL;
42f4e3c4 299
7a22745a 300 if (a->size > offsetof(struct sockaddr_un, sun_path)) {
42f4e3c4 301
7a22745a
LP		 302 if (a->sockaddr.un.sun_path[0] != 0) {
303 char *e;
304
305 /* path */
4d49b48c
LP		 306 e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path));
307 if (!e)
7a22745a
LP		 308 return -EINVAL;
309
310 if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
311 return -EINVAL;
42f4e3c4 312 }
7a22745a 313 }
42f4e3c4 314
ec2ce0c5 315 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM, SOCK_SEQPACKET))
7a22745a 316 return -EINVAL;
42f4e3c4 317
7a22745a
LP		 318 return 0;
319
320 case AF_NETLINK:
321
322 if (a->size != sizeof(struct sockaddr_nl))
323 return -EINVAL;
324
ec2ce0c5 325 if (!IN_SET(a->type, SOCK_RAW, SOCK_DGRAM))
7a22745a
LP		 326 return -EINVAL;
327
328 return 0;
329
0fc0f14b
SH		 330 case AF_VSOCK:
331 if (a->size != sizeof(struct sockaddr_vm))
332 return -EINVAL;
333
ec2ce0c5 334 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
0fc0f14b
SH		 335 return -EINVAL;
336
337 return 0;
338
7a22745a
LP		 339 default:
340 return -EAFNOSUPPORT;
42f4e3c4
LP		 341 }
342}
343
4d49b48c 344int socket_address_print(const SocketAddress *a, char **ret) {
42f4e3c4 345 int r;
4d49b48c 346
42f4e3c4 347 assert(a);
4d49b48c 348 assert(ret);
42f4e3c4 349
4d49b48c
LP		 350 r = socket_address_verify(a);
351 if (r < 0)
42f4e3c4
LP		 352 return r;
353
4d49b48c 354 if (socket_address_family(a) == AF_NETLINK) {
7fd1b19b 355 _cleanup_free_ char *sfamily = NULL;
7a22745a 356
f8b69d1d 357 r = netlink_family_to_string_alloc(a->protocol, &sfamily);
7a22745a 358 if (r < 0)
f8b69d1d 359 return r;
4d49b48c
LP		 360
361 r = asprintf(ret, "%s %u", sfamily, a->sockaddr.nl.nl_groups);
8520cfa5
MS		 362 if (r < 0)
363 return -ENOMEM;
7a22745a
LP		 364
365 return 0;
366 }
367
3b1c5241 368 return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
42f4e3c4
LP		 369}
370
4f2d528d
LP		 371bool socket_address_can_accept(const SocketAddress *a) {
372 assert(a);
373
374 return
3742095b 375 IN_SET(a->type, SOCK_STREAM, SOCK_SEQPACKET);
4f2d528d 376}
a16e1123
LP		 377
378bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
379 assert(a);
380 assert(b);
381
382 /* Invalid addresses are unequal to all */
383 if (socket_address_verify(a) < 0 ||
384 socket_address_verify(b) < 0)
385 return false;
386
387 if (a->type != b->type)
388 return false;
389
a16e1123
LP		 390 if (socket_address_family(a) != socket_address_family(b))
391 return false;
392
393 switch (socket_address_family(a)) {
394
395 case AF_INET:
4d49b48c 396 if (a->sockaddr.in.sin_addr.s_addr != b->sockaddr.in.sin_addr.s_addr)
a16e1123
LP		 397 return false;
398
4d49b48c 399 if (a->sockaddr.in.sin_port != b->sockaddr.in.sin_port)
a16e1123
LP		 400 return false;
401
402 break;
403
404 case AF_INET6:
405 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
406 return false;
407
408 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
409 return false;
410
411 break;
412
413 case AF_UNIX:
710708a5
MS		 414 if (a->size <= offsetof(struct sockaddr_un, sun_path) ||
415 b->size <= offsetof(struct sockaddr_un, sun_path))
416 return false;
417
a16e1123
LP		 418 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
419 return false;
420
421 if (a->sockaddr.un.sun_path[0]) {
e3f791a2 422 if (!path_equal_or_files_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, 0))
a16e1123
LP		 423 return false;
424 } else {
c78e47a6
MS		 425 if (a->size != b->size)
426 return false;
427
b12c1e7c 428 if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
a16e1123
LP		 429 return false;
430 }
431
432 break;
433
7a22745a 434 case AF_NETLINK:
7a22745a
LP		 435 if (a->protocol != b->protocol)
436 return false;
437
438 if (a->sockaddr.nl.nl_groups != b->sockaddr.nl.nl_groups)
439 return false;
440
441 break;
442
0fc0f14b
SH		 443 case AF_VSOCK:
444 if (a->sockaddr.vm.svm_cid != b->sockaddr.vm.svm_cid)
445 return false;
446
447 if (a->sockaddr.vm.svm_port != b->sockaddr.vm.svm_port)
448 return false;
449
450 break;
451
a16e1123
LP		 452 default:
453 /* Cannot compare, so we assume the addresses are different */
454 return false;
455 }
456
457 return true;
458}
459
27ca8d7a 460bool socket_address_is(const SocketAddress *a, const char *s, int type) {
a16e1123
LP		 461 struct SocketAddress b;
462
463 assert(a);
464 assert(s);
465
466 if (socket_address_parse(&b, s) < 0)
467 return false;
468
27ca8d7a
LP		 469 b.type = type;
470
a16e1123 471 return socket_address_equal(a, &b);
6e2ef85b
LP		 472}
473
7a22745a
LP		 474bool socket_address_is_netlink(const SocketAddress *a, const char *s) {
475 struct SocketAddress b;
476
477 assert(a);
478 assert(s);
479
480 if (socket_address_parse_netlink(&b, s) < 0)
481 return false;
482
483 return socket_address_equal(a, &b);
484}
485
a57f7e2c 486const char* socket_address_get_path(const SocketAddress *a) {
6e2ef85b
LP		 487 assert(a);
488
489 if (socket_address_family(a) != AF_UNIX)
a57f7e2c 490 return NULL;
6e2ef85b
LP		 491
492 if (a->sockaddr.un.sun_path[0] == 0)
a57f7e2c 493 return NULL;
a16e1123 494
a57f7e2c 495 return a->sockaddr.un.sun_path;
a16e1123 496}
c0120d99 497
5bfcc1c6 498bool socket_ipv6_is_supported(void) {
629abfc2 499 if (access("/proc/net/if_inet6", F_OK) != 0)
90ab5042 500 return false;
f89f1e8f 501
7377964d 502 return true;
5bfcc1c6
FF		 503}
504
01e10de3 505bool socket_address_matches_fd(const SocketAddress *a, int fd) {
dbafedac
MS		 506 SocketAddress b;
507 socklen_t solen;
01e10de3
LP		 508
509 assert(a);
510 assert(fd >= 0);
511
dbafedac
MS		 512 b.size = sizeof(b.sockaddr);
513 if (getsockname(fd, &b.sockaddr.sa, &b.size) < 0)
01e10de3
LP		 514 return false;
515
dbafedac 516 if (b.sockaddr.sa.sa_family != a->sockaddr.sa.sa_family)
01e10de3
LP		 517 return false;
518
dbafedac
MS		 519 solen = sizeof(b.type);
520 if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &b.type, &solen) < 0)
01e10de3
LP		 521 return false;
522
dbafedac 523 if (b.type != a->type)
01e10de3
LP		 524 return false;
525
526 if (a->protocol != 0) {
dbafedac
MS		 527 solen = sizeof(b.protocol);
528 if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &b.protocol, &solen) < 0)
01e10de3
LP		 529 return false;
530
dbafedac 531 if (b.protocol != a->protocol)
01e10de3
LP		 532 return false;
533 }
534
02233928 535 return socket_address_equal(a, &b);
01e10de3
LP		 536}
537
f6aac5bf 538int sockaddr_port(const struct sockaddr *_sa, unsigned *ret_port) {
3b1c5241
SL		 539 union sockaddr_union *sa = (union sockaddr_union*) _sa;
540
f6aac5bf
LP		 541 /* Note, this returns the port as 'unsigned' rather than 'uint16_t', as AF_VSOCK knows larger ports */
542
3b1c5241
SL		 543 assert(sa);
544
0fc0f14b 545 switch (sa->sa.sa_family) {
f6aac5bf 546
0fc0f14b 547 case AF_INET:
f6aac5bf 548 *ret_port = be16toh(sa->in.sin_port);
0fc0f14b 549 return 0;
3b1c5241 550
0fc0f14b 551 case AF_INET6:
f6aac5bf 552 *ret_port = be16toh(sa->in6.sin6_port);
0fc0f14b
SH		 553 return 0;
554
555 case AF_VSOCK:
f6aac5bf 556 *ret_port = sa->vm.svm_port;
0fc0f14b
SH		 557 return 0;
558
559 default:
560 return -EAFNOSUPPORT;
561 }
3b1c5241
SL		 562}
563
564int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
4d49b48c 565 union sockaddr_union *sa = (union sockaddr_union*) _sa;
8569a776 566 char *p;
fc25ad25 567 int r;
8569a776 568
4d49b48c
LP		 569 assert(sa);
570 assert(salen >= sizeof(sa->sa.sa_family));
8569a776 571
4d49b48c 572 switch (sa->sa.sa_family) {
8569a776
LP		 573
574 case AF_INET: {
575 uint32_t a;
576
8e38570e 577 a = be32toh(sa->in.sin_addr.s_addr);
8569a776 578
fc25ad25
ZJS		 579 if (include_port)
580 r = asprintf(&p,
3b1c5241
SL		 581 "%u.%u.%u.%u:%u",
582 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
8e38570e 583 be16toh(sa->in.sin_port));
fc25ad25
ZJS		 584 else
585 r = asprintf(&p,
3b1c5241 586 "%u.%u.%u.%u",
fc25ad25
ZJS		 587 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF);
588 if (r < 0)
589 return -ENOMEM;
8569a776
LP		 590 break;
591 }
592
593 case AF_INET6: {
594 static const unsigned char ipv4_prefix[] = {
595 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
596 };
597
fc25ad25
ZJS		 598 if (translate_ipv6 &&
599 memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
4d49b48c 600 const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
fc25ad25
ZJS		 601 if (include_port)
602 r = asprintf(&p,
3b1c5241
SL		 603 "%u.%u.%u.%u:%u",
604 a[0], a[1], a[2], a[3],
8e38570e 605 be16toh(sa->in6.sin6_port));
fc25ad25
ZJS		 606 else
607 r = asprintf(&p,
3b1c5241 608 "%u.%u.%u.%u",
fc25ad25
ZJS		 609 a[0], a[1], a[2], a[3]);
610 if (r < 0)
611 return -ENOMEM;
8569a776
LP		 612 } else {
613 char a[INET6_ADDRSTRLEN];
614
3b1c5241
SL		 615 inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
616
617 if (include_port) {
fc25ad25 618 r = asprintf(&p,
3b1c5241
SL		 619 "[%s]:%u",
620 a,
8e38570e 621 be16toh(sa->in6.sin6_port));
fc25ad25 622 if (r < 0)
3b1c5241
SL		 623 return -ENOMEM;
624 } else {
625 p = strdup(a);
626 if (!p)
627 return -ENOMEM;
628 }
8569a776
LP		 629 }
630
631 break;
632 }
633
4d49b48c
LP		 634 case AF_UNIX:
635 if (salen <= offsetof(struct sockaddr_un, sun_path)) {
636 p = strdup("<unnamed>");
637 if (!p)
638 return -ENOMEM;
8569a776 639
4d49b48c
LP		 640 } else if (sa->un.sun_path[0] == 0) {
641 /* abstract */
8569a776 642
4d49b48c
LP		 643 /* FIXME: We assume we can print the
644 * socket path here and that it hasn't
645 * more than one NUL byte. That is
646 * actually an invalid assumption */
647
648 p = new(char, sizeof(sa->un.sun_path)+1);
649 if (!p)
650 return -ENOMEM;
651
652 p[0] = '@';
653 memcpy(p+1, sa->un.sun_path+1, sizeof(sa->un.sun_path)-1);
654 p[sizeof(sa->un.sun_path)] = 0;
655
656 } else {
657 p = strndup(sa->un.sun_path, sizeof(sa->un.sun_path));
0810bc56 658 if (!p)
4d49b48c
LP		 659 return -ENOMEM;
660 }
8569a776
LP		 661
662 break;
8569a776 663
0fc0f14b
SH		 664 case AF_VSOCK:
665 if (include_port)
666 r = asprintf(&p,
667 "vsock:%u:%u",
668 sa->vm.svm_cid,
669 sa->vm.svm_port);
670 else
671 r = asprintf(&p, "vsock:%u", sa->vm.svm_cid);
672 if (r < 0)
673 return -ENOMEM;
674 break;
675
8569a776 676 default:
15411c0c 677 return -EOPNOTSUPP;
8569a776
LP		 678 }
679
4d49b48c 680
8569a776
LP		 681 *ret = p;
682 return 0;
683}
684
366b7db4 685int getpeername_pretty(int fd, bool include_port, char **ret) {
4d49b48c 686 union sockaddr_union sa;
b31f535c 687 socklen_t salen = sizeof(sa);
eff05270 688 int r;
4d49b48c
LP		 689
690 assert(fd >= 0);
691 assert(ret);
692
4d49b48c
LP		 693 if (getpeername(fd, &sa.sa, &salen) < 0)
694 return -errno;
695
696 if (sa.sa.sa_family == AF_UNIX) {
39883f62 697 struct ucred ucred = {};
4d49b48c
LP		 698
699 /* UNIX connection sockets are anonymous, so let's use
700 * PID/UID as pretty credentials instead */
701
eff05270
LP		 702 r = getpeercred(fd, &ucred);
703 if (r < 0)
704 return r;
4d49b48c 705
de0671ee 706 if (asprintf(ret, "PID "PID_FMT"/UID "UID_FMT, ucred.pid, ucred.uid) < 0)
4d49b48c
LP		 707 return -ENOMEM;
708
709 return 0;
710 }
711
712 /* For remote sockets we translate IPv6 addresses back to IPv4
713 * if applicable, since that's nicer. */
714
366b7db4 715 return sockaddr_pretty(&sa.sa, salen, true, include_port, ret);
4d49b48c
LP		 716}
717
718int getsockname_pretty(int fd, char **ret) {
719 union sockaddr_union sa;
b31f535c 720 socklen_t salen = sizeof(sa);
4d49b48c
LP		 721
722 assert(fd >= 0);
723 assert(ret);
724
4d49b48c
LP		 725 if (getsockname(fd, &sa.sa, &salen) < 0)
726 return -errno;
727
728 /* For local sockets we do not translate IPv6 addresses back
729 * to IPv6 if applicable, since this is usually used for
730 * listening sockets where the difference between IPv4 and
731 * IPv6 matters. */
732
3b1c5241 733 return sockaddr_pretty(&sa.sa, salen, false, true, ret);
4d49b48c
LP		 734}
735
b31f535c
ZJS		 736int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
737 int r;
738 char host[NI_MAXHOST], *ret;
739
740 assert(_ret);
741
6326a143 742 r = getnameinfo(&sa->sa, salen, host, sizeof(host), NULL, 0, IDN_FLAGS);
b31f535c 743 if (r != 0) {
b31f535c
ZJS		 744 int saved_errno = errno;
745
3b1c5241 746 r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
f647962d 747 if (r < 0)
1938ac51 748 return r;
b31f535c 749
279d3c9c 750 log_debug_errno(saved_errno, "getnameinfo(%s) failed: %m", ret);
cb651834
ZJS		 751 } else {
752 ret = strdup(host);
753 if (!ret)
1938ac51 754 return -ENOMEM;
cb651834 755 }
b31f535c
ZJS		 756
757 *_ret = ret;
758 return 0;
759}
760
761int getnameinfo_pretty(int fd, char **ret) {
762 union sockaddr_union sa;
763 socklen_t salen = sizeof(sa);
764
765 assert(fd >= 0);
766 assert(ret);
767
4a62c710 768 if (getsockname(fd, &sa.sa, &salen) < 0)
1938ac51 769 return -errno;
b31f535c
ZJS		 770
771 return socknameinfo_pretty(&sa, salen, ret);
772}
773
bd1fe7c7
LP		 774int socket_address_unlink(SocketAddress *a) {
775 assert(a);
776
777 if (socket_address_family(a) != AF_UNIX)
778 return 0;
779
780 if (a->sockaddr.un.sun_path[0] == 0)
781 return 0;
782
783 if (unlink(a->sockaddr.un.sun_path) < 0)
784 return -errno;
785
786 return 1;
787}
788
7a22745a
LP		 789static const char* const netlink_family_table[] = {
790 [NETLINK_ROUTE] = "route",
791 [NETLINK_FIREWALL] = "firewall",
792 [NETLINK_INET_DIAG] = "inet-diag",
793 [NETLINK_NFLOG] = "nflog",
794 [NETLINK_XFRM] = "xfrm",
795 [NETLINK_SELINUX] = "selinux",
796 [NETLINK_ISCSI] = "iscsi",
797 [NETLINK_AUDIT] = "audit",
798 [NETLINK_FIB_LOOKUP] = "fib-lookup",
799 [NETLINK_CONNECTOR] = "connector",
800 [NETLINK_NETFILTER] = "netfilter",
801 [NETLINK_IP6_FW] = "ip6-fw",
802 [NETLINK_DNRTMSG] = "dnrtmsg",
803 [NETLINK_KOBJECT_UEVENT] = "kobject-uevent",
804 [NETLINK_GENERIC] = "generic",
805 [NETLINK_SCSITRANSPORT] = "scsitransport",
5570d7f9
JG		 806 [NETLINK_ECRYPTFS] = "ecryptfs",
807 [NETLINK_RDMA] = "rdma",
7a22745a
LP		 808};
809
f8b69d1d 810DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(netlink_family, int, INT_MAX);
7a22745a 811
c0120d99
LP		 812static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
813 [SOCKET_ADDRESS_DEFAULT] = "default",
814 [SOCKET_ADDRESS_BOTH] = "both",
815 [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
816};
817
818DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);
f01e5736 819
6f90844f
YW		 820SocketAddressBindIPv6Only parse_socket_address_bind_ipv6_only_or_bool(const char *n) {
821 int r;
822
823 r = parse_boolean(n);
824 if (r > 0)
825 return SOCKET_ADDRESS_IPV6_ONLY;
826 if (r == 0)
827 return SOCKET_ADDRESS_BOTH;
828
829 return socket_address_bind_ipv6_only_from_string(n);
830}
831
f01e5736
LP		 832bool sockaddr_equal(const union sockaddr_union *a, const union sockaddr_union *b) {
833 assert(a);
834 assert(b);
835
836 if (a->sa.sa_family != b->sa.sa_family)
837 return false;
838
839 if (a->sa.sa_family == AF_INET)
840 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
841
842 if (a->sa.sa_family == AF_INET6)
843 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
844
0fc0f14b
SH		 845 if (a->sa.sa_family == AF_VSOCK)
846 return a->vm.svm_cid == b->vm.svm_cid;
847
f01e5736
LP		 848 return false;
849}
2583fbea
LP		 850
851int fd_inc_sndbuf(int fd, size_t n) {
852 int r, value;
853 socklen_t l = sizeof(value);
854
855 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
856 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
857 return 0;
858
859 /* If we have the privileges we will ignore the kernel limit. */
860
861 value = (int) n;
862 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
863 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
864 return -errno;
865
866 return 1;
867}
868
869int fd_inc_rcvbuf(int fd, size_t n) {
870 int r, value;
871 socklen_t l = sizeof(value);
872
873 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
874 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
875 return 0;
876
877 /* If we have the privileges we will ignore the kernel limit. */
878
879 value = (int) n;
880 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
881 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
882 return -errno;
883 return 1;
884}
885
886static const char* const ip_tos_table[] = {
887 [IPTOS_LOWDELAY] = "low-delay",
888 [IPTOS_THROUGHPUT] = "throughput",
889 [IPTOS_RELIABILITY] = "reliability",
890 [IPTOS_LOWCOST] = "low-cost",
891};
892
893DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
894
ef76dff2
LP		 895bool ifname_valid(const char *p) {
896 bool numeric = true;
897
898 /* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
899 * but slightly stricter, as we only allow non-control, non-space ASCII characters in the interface name. We
900 * also don't permit names that only container numbers, to avoid confusion with numeric interface indexes. */
901
902 if (isempty(p))
903 return false;
904
905 if (strlen(p) >= IFNAMSIZ)
906 return false;
907
49bfc877 908 if (dot_or_dot_dot(p))
ef76dff2
LP		 909 return false;
910
911 while (*p) {
912 if ((unsigned char) *p >= 127U)
913 return false;
914
915 if ((unsigned char) *p <= 32U)
916 return false;
917
4c701096 918 if (IN_SET(*p, ':', '/'))
ef76dff2
LP		 919 return false;
920
921 numeric = numeric && (*p >= '0' && *p <= '9');
922 p++;
923 }
924
925 if (numeric)
926 return false;
927
928 return true;
929}
930
26808948
SS		 931bool address_label_valid(const char *p) {
932
933 if (isempty(p))
934 return false;
935
936 if (strlen(p) >= IFNAMSIZ)
937 return false;
938
939 while (*p) {
940 if ((uint8_t) *p >= 127U)
941 return false;
942
943 if ((uint8_t) *p <= 31U)
944 return false;
945 p++;
946 }
947
948 return true;
949}
950
2583fbea
LP		 951int getpeercred(int fd, struct ucred *ucred) {
952 socklen_t n = sizeof(struct ucred);
953 struct ucred u;
954 int r;
955
956 assert(fd >= 0);
957 assert(ucred);
958
959 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
960 if (r < 0)
961 return -errno;
962
963 if (n != sizeof(struct ucred))
964 return -EIO;
965
bbcc701e
LP		 966 /* Check if the data is actually useful and not suppressed due to namespacing issues */
967 if (!pid_is_valid(u.pid))
2583fbea
LP		 968 return -ENODATA;
969
bbcc701e
LP		 970 /* Note that we don't check UID/GID here, as namespace translation works differently there: instead of
971 * receiving in "invalid" user/group we get the overflow UID/GID. */
972
2583fbea
LP		 973 *ucred = u;
974 return 0;
975}
976
977int getpeersec(int fd, char **ret) {
217d8967 978 _cleanup_free_ char *s = NULL;
2583fbea 979 socklen_t n = 64;
2583fbea
LP		 980
981 assert(fd >= 0);
982 assert(ret);
983
217d8967
LP		 984 for (;;) {
985 s = new0(char, n+1);
986 if (!s)
987 return -ENOMEM;
2583fbea 988
217d8967
LP		 989 if (getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n) >= 0)
990 break;
2583fbea
LP		 991
992 if (errno != ERANGE)
993 return -errno;
994
217d8967 995 s = mfree(s);
2583fbea
LP		 996 }
997
217d8967 998 if (isempty(s))
2583fbea 999 return -EOPNOTSUPP;
2583fbea
LP		 1000
1001 *ret = s;
217d8967
LP		 1002 s = NULL;
1003
2583fbea
LP		 1004 return 0;
1005}
1006
43f2c88d
LP		 1007int getpeergroups(int fd, gid_t **ret) {
1008 socklen_t n = sizeof(gid_t) * 64;
1009 _cleanup_free_ gid_t *d = NULL;
1010
1011 assert(fd);
1012 assert(ret);
1013
1014 for (;;) {
1015 d = malloc(n);
1016 if (!d)
1017 return -ENOMEM;
1018
1019 if (getsockopt(fd, SOL_SOCKET, SO_PEERGROUPS, d, &n) >= 0)
1020 break;
1021
1022 if (errno != ERANGE)
1023 return -errno;
1024
1025 d = mfree(d);
1026 }
1027
1028 assert_se(n % sizeof(gid_t) == 0);
1029 n /= sizeof(gid_t);
1030
1031 if ((socklen_t) (int) n != n)
1032 return -E2BIG;
1033
1034 *ret = d;
1035 d = NULL;
1036
1037 return (int) n;
1038}
1039
726f4c47
ZJS		 1040int send_one_fd_sa(
1041 int transport_fd,
1042 int fd,
1043 const struct sockaddr *sa, socklen_t len,
1044 int flags) {
1045
2583fbea
LP		 1046 union {
1047 struct cmsghdr cmsghdr;
1048 uint8_t buf[CMSG_SPACE(sizeof(int))];
1049 } control = {};
1050 struct msghdr mh = {
726f4c47
ZJS		 1051 .msg_name = (struct sockaddr*) sa,
1052 .msg_namelen = len,
2583fbea
LP		 1053 .msg_control = &control,
1054 .msg_controllen = sizeof(control),
1055 };
3c171f0b 1056 struct cmsghdr *cmsg;
2583fbea
LP		 1057
1058 assert(transport_fd >= 0);
1059 assert(fd >= 0);
1060
1061 cmsg = CMSG_FIRSTHDR(&mh);
1062 cmsg->cmsg_level = SOL_SOCKET;
1063 cmsg->cmsg_type = SCM_RIGHTS;
1064 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
1065 memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
1066
1067 mh.msg_controllen = CMSG_SPACE(sizeof(int));
1068 if (sendmsg(transport_fd, &mh, MSG_NOSIGNAL | flags) < 0)
1069 return -errno;
1070
1071 return 0;
1072}
1073
1074int receive_one_fd(int transport_fd, int flags) {
1075 union {
1076 struct cmsghdr cmsghdr;
1077 uint8_t buf[CMSG_SPACE(sizeof(int))];
1078 } control = {};
1079 struct msghdr mh = {
1080 .msg_control = &control,
1081 .msg_controllen = sizeof(control),
1082 };
1083 struct cmsghdr *cmsg, *found = NULL;
1084
1085 assert(transport_fd >= 0);
1086
1087 /*
1088 * Receive a single FD via @transport_fd. We don't care for
1089 * the transport-type. We retrieve a single FD at most, so for
1090 * packet-based transports, the caller must ensure to send
1091 * only a single FD per packet. This is best used in
1092 * combination with send_one_fd().
1093 */
1094
1095 if (recvmsg(transport_fd, &mh, MSG_NOSIGNAL | MSG_CMSG_CLOEXEC | flags) < 0)
1096 return -errno;
1097
1098 CMSG_FOREACH(cmsg, &mh) {
1099 if (cmsg->cmsg_level == SOL_SOCKET &&
1100 cmsg->cmsg_type == SCM_RIGHTS &&
1101 cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
1102 assert(!found);
1103 found = cmsg;
1104 break;
1105 }
1106 }
1107
1108 if (!found) {
1109 cmsg_close_all(&mh);
1110 return -EIO;
1111 }
1112
1113 return *(int*) CMSG_DATA(found);
1114}
4edc2c9b
LP		 1115
1116ssize_t next_datagram_size_fd(int fd) {
1117 ssize_t l;
1118 int k;
1119
1120 /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
96d49011 1121 * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD doesn't
4edc2c9b
LP		 1122 * do. This difference is actually of major importance as we need to be sure that the size returned here
1123 * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
1124 * the wrong size. */
1125
1126 l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
1127 if (l < 0) {
3742095b 1128 if (IN_SET(errno, EOPNOTSUPP, EFAULT))
4edc2c9b
LP		 1129 goto fallback;
1130
1131 return -errno;
1132 }
1133 if (l == 0)
1134 goto fallback;
1135
1136 return l;
1137
1138fallback:
1139 k = 0;
1140
1141 /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
1142 * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
1143
1144 if (ioctl(fd, FIONREAD, &k) < 0)
1145 return -errno;
1146
1147 return (ssize_t) k;
1148}
60d9771c
LP		 1149
1150int flush_accept(int fd) {
1151
1152 struct pollfd pollfd = {
1153 .fd = fd,
1154 .events = POLLIN,
1155 };
1156 int r;
1157
1158
1159 /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately closing them. */
1160
1161 for (;;) {
1162 int cfd;
1163
1164 r = poll(&pollfd, 1, 0);
1165 if (r < 0) {
1166 if (errno == EINTR)
1167 continue;
1168
1169 return -errno;
1170
1171 } else if (r == 0)
1172 return 0;
1173
1174 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1175 if (cfd < 0) {
1176 if (errno == EINTR)
1177 continue;
1178
1179 if (errno == EAGAIN)
1180 return 0;
1181
1182 return -errno;
1183 }
1184
1185 close(cfd);
1186 }
1187}
29206d46
LP		 1188
1189struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length) {
1190 struct cmsghdr *cmsg;
1191
1192 assert(mh);
1193
1194 CMSG_FOREACH(cmsg, mh)
1195 if (cmsg->cmsg_level == level &&
1196 cmsg->cmsg_type == type &&
1197 (length == (socklen_t) -1 || length == cmsg->cmsg_len))
1198 return cmsg;
1199
1200 return NULL;
1201}
429b4350
LP		 1202
1203int socket_ioctl_fd(void) {
1204 int fd;
1205
1206 /* Create a socket to invoke the various network interface ioctl()s on. Traditionally only AF_INET was good for
1207 * that. Since kernel 4.6 AF_NETLINK works for this too. We first try to use AF_INET hence, but if that's not
1208 * available (for example, because it is made unavailable via SECCOMP or such), we'll fall back to the more
1209 * generic AF_NETLINK. */
1210
1211 fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0);
1212 if (fd < 0)
1213 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_GENERIC);
1214 if (fd < 0)
1215 return -errno;
1216
1217 return fd;
1218}
Unnamed repository; edit this file 'description' to name the repository.