]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/socket-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
log: minimize includes in log.h
[thirdparty/systemd.git] / src / basic / socket-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19 ***/
20
21 #include <arpa/inet.h>
22 #include <errno.h>
23 #include <limits.h>
24 #include <net/if.h>
25 #include <netdb.h>
26 #include <netinet/ip.h>
27 #include <poll.h>
28 #include <stddef.h>
29 #include <stdint.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <unistd.h>
34
35 #include "alloc-util.h"
36 #include "fd-util.h"
37 #include "fileio.h"
38 #include "format-util.h"
39 #include "log.h"
40 #include "macro.h"
41 #include "missing.h"
42 #include "parse-util.h"
43 #include "path-util.h"
44 #include "process-util.h"
45 #include "socket-util.h"
46 #include "string-table.h"
47 #include "string-util.h"
48 #include "strv.h"
49 #include "user-util.h"
50 #include "utf8.h"
51 #include "util.h"
52
53 #if ENABLE_IDN
54 # define IDN_FLAGS (NI_IDN|NI_IDN_USE_STD3_ASCII_RULES)
55 #else
56 # define IDN_FLAGS 0
57 #endif
58
59 static const char* const socket_address_type_table[] = {
60 [SOCK_STREAM] = "Stream",
61 [SOCK_DGRAM] = "Datagram",
62 [SOCK_RAW] = "Raw",
63 [SOCK_RDM] = "ReliableDatagram",
64 [SOCK_SEQPACKET] = "SequentialPacket",
65 [SOCK_DCCP] = "DatagramCongestionControl",
66 };
67
68 DEFINE_STRING_TABLE_LOOKUP(socket_address_type, int);
69
70 int socket_address_parse(SocketAddress *a, const char *s) {
71 char *e, *n;
72 int r;
73
74 assert(a);
75 assert(s);
76
77 zero(*a);
78 a->type = SOCK_STREAM;
79
80 if (*s == '[') {
81 uint16_t port;
82
83 /* IPv6 in [x:.....:z]:p notation */
84
85 e = strchr(s+1, ']');
86 if (!e)
87 return -EINVAL;
88
89 n = strndupa(s+1, e-s-1);
90
91 errno = 0;
92 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
93 return errno > 0 ? -errno : -EINVAL;
94
95 e++;
96 if (*e != ':')
97 return -EINVAL;
98
99 e++;
100 r = parse_ip_port(e, &port);
101 if (r < 0)
102 return r;
103
104 a->sockaddr.in6.sin6_family = AF_INET6;
105 a->sockaddr.in6.sin6_port = htobe16(port);
106 a->size = sizeof(struct sockaddr_in6);
107
108 } else if (*s == '/') {
109 /* AF_UNIX socket */
110
111 size_t l;
112
113 l = strlen(s);
114 if (l >= sizeof(a->sockaddr.un.sun_path))
115 return -EINVAL;
116
117 a->sockaddr.un.sun_family = AF_UNIX;
118 memcpy(a->sockaddr.un.sun_path, s, l);
119 a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
120
121 } else if (*s == '@') {
122 /* Abstract AF_UNIX socket */
123 size_t l;
124
125 l = strlen(s+1);
126 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
127 return -EINVAL;
128
129 a->sockaddr.un.sun_family = AF_UNIX;
130 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
131 a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
132
133 } else if (startswith(s, "vsock:")) {
134 /* AF_VSOCK socket in vsock:cid:port notation */
135 const char *cid_start = s + STRLEN("vsock:");
136 unsigned port;
137
138 e = strchr(cid_start, ':');
139 if (!e)
140 return -EINVAL;
141
142 r = safe_atou(e+1, &port);
143 if (r < 0)
144 return r;
145
146 n = strndupa(cid_start, e - cid_start);
147 if (!isempty(n)) {
148 r = safe_atou(n, &a->sockaddr.vm.svm_cid);
149 if (r < 0)
150 return r;
151 } else
152 a->sockaddr.vm.svm_cid = VMADDR_CID_ANY;
153
154 a->sockaddr.vm.svm_family = AF_VSOCK;
155 a->sockaddr.vm.svm_port = port;
156 a->size = sizeof(struct sockaddr_vm);
157
158 } else {
159 uint16_t port;
160
161 e = strchr(s, ':');
162 if (e) {
163 r = parse_ip_port(e + 1, &port);
164 if (r < 0)
165 return r;
166
167 n = strndupa(s, e-s);
168
169 /* IPv4 in w.x.y.z:p notation? */
170 r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
171 if (r < 0)
172 return -errno;
173
174 if (r > 0) {
175 /* Gotcha, it's a traditional IPv4 address */
176 a->sockaddr.in.sin_family = AF_INET;
177 a->sockaddr.in.sin_port = htobe16(port);
178 a->size = sizeof(struct sockaddr_in);
179 } else {
180 unsigned idx;
181
182 if (strlen(n) > IF_NAMESIZE-1)
183 return -EINVAL;
184
185 /* Uh, our last resort, an interface name */
186 idx = if_nametoindex(n);
187 if (idx == 0)
188 return -EINVAL;
189
190 a->sockaddr.in6.sin6_family = AF_INET6;
191 a->sockaddr.in6.sin6_port = htobe16(port);
192 a->sockaddr.in6.sin6_scope_id = idx;
193 a->sockaddr.in6.sin6_addr = in6addr_any;
194 a->size = sizeof(struct sockaddr_in6);
195 }
196 } else {
197
198 /* Just a port */
199 r = parse_ip_port(s, &port);
200 if (r < 0)
201 return r;
202
203 if (socket_ipv6_is_supported()) {
204 a->sockaddr.in6.sin6_family = AF_INET6;
205 a->sockaddr.in6.sin6_port = htobe16(port);
206 a->sockaddr.in6.sin6_addr = in6addr_any;
207 a->size = sizeof(struct sockaddr_in6);
208 } else {
209 a->sockaddr.in.sin_family = AF_INET;
210 a->sockaddr.in.sin_port = htobe16(port);
211 a->sockaddr.in.sin_addr.s_addr = INADDR_ANY;
212 a->size = sizeof(struct sockaddr_in);
213 }
214 }
215 }
216
217 return 0;
218 }
219
220 int socket_address_parse_and_warn(SocketAddress *a, const char *s) {
221 SocketAddress b;
222 int r;
223
224 /* Similar to socket_address_parse() but warns for IPv6 sockets when we don't support them. */
225
226 r = socket_address_parse(&b, s);
227 if (r < 0)
228 return r;
229
230 if (!socket_ipv6_is_supported() && b.sockaddr.sa.sa_family == AF_INET6) {
231 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
232 return -EAFNOSUPPORT;
233 }
234
235 *a = b;
236 return 0;
237 }
238
239 int socket_address_parse_netlink(SocketAddress *a, const char *s) {
240 int family;
241 unsigned group = 0;
242 _cleanup_free_ char *sfamily = NULL;
243 assert(a);
244 assert(s);
245
246 zero(*a);
247 a->type = SOCK_RAW;
248
249 errno = 0;
250 if (sscanf(s, "%ms %u", &sfamily, &group) < 1)
251 return errno > 0 ? -errno : -EINVAL;
252
253 family = netlink_family_from_string(sfamily);
254 if (family < 0)
255 return -EINVAL;
256
257 a->sockaddr.nl.nl_family = AF_NETLINK;
258 a->sockaddr.nl.nl_groups = group;
259
260 a->type = SOCK_RAW;
261 a->size = sizeof(struct sockaddr_nl);
262 a->protocol = family;
263
264 return 0;
265 }
266
267 int socket_address_verify(const SocketAddress *a) {
268 assert(a);
269
270 switch (socket_address_family(a)) {
271
272 case AF_INET:
273 if (a->size != sizeof(struct sockaddr_in))
274 return -EINVAL;
275
276 if (a->sockaddr.in.sin_port == 0)
277 return -EINVAL;
278
279 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
280 return -EINVAL;
281
282 return 0;
283
284 case AF_INET6:
285 if (a->size != sizeof(struct sockaddr_in6))
286 return -EINVAL;
287
288 if (a->sockaddr.in6.sin6_port == 0)
289 return -EINVAL;
290
291 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
292 return -EINVAL;
293
294 return 0;
295
296 case AF_UNIX:
297 if (a->size < offsetof(struct sockaddr_un, sun_path))
298 return -EINVAL;
299
300 if (a->size > offsetof(struct sockaddr_un, sun_path)) {
301
302 if (a->sockaddr.un.sun_path[0] != 0) {
303 char *e;
304
305 /* path */
306 e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path));
307 if (!e)
308 return -EINVAL;
309
310 if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
311 return -EINVAL;
312 }
313 }
314
315 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM, SOCK_SEQPACKET))
316 return -EINVAL;
317
318 return 0;
319
320 case AF_NETLINK:
321
322 if (a->size != sizeof(struct sockaddr_nl))
323 return -EINVAL;
324
325 if (!IN_SET(a->type, SOCK_RAW, SOCK_DGRAM))
326 return -EINVAL;
327
328 return 0;
329
330 case AF_VSOCK:
331 if (a->size != sizeof(struct sockaddr_vm))
332 return -EINVAL;
333
334 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
335 return -EINVAL;
336
337 return 0;
338
339 default:
340 return -EAFNOSUPPORT;
341 }
342 }
343
344 int socket_address_print(const SocketAddress *a, char **ret) {
345 int r;
346
347 assert(a);
348 assert(ret);
349
350 r = socket_address_verify(a);
351 if (r < 0)
352 return r;
353
354 if (socket_address_family(a) == AF_NETLINK) {
355 _cleanup_free_ char *sfamily = NULL;
356
357 r = netlink_family_to_string_alloc(a->protocol, &sfamily);
358 if (r < 0)
359 return r;
360
361 r = asprintf(ret, "%s %u", sfamily, a->sockaddr.nl.nl_groups);
362 if (r < 0)
363 return -ENOMEM;
364
365 return 0;
366 }
367
368 return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
369 }
370
371 bool socket_address_can_accept(const SocketAddress *a) {
372 assert(a);
373
374 return
375 IN_SET(a->type, SOCK_STREAM, SOCK_SEQPACKET);
376 }
377
378 bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
379 assert(a);
380 assert(b);
381
382 /* Invalid addresses are unequal to all */
383 if (socket_address_verify(a) < 0 ||
384 socket_address_verify(b) < 0)
385 return false;
386
387 if (a->type != b->type)
388 return false;
389
390 if (socket_address_family(a) != socket_address_family(b))
391 return false;
392
393 switch (socket_address_family(a)) {
394
395 case AF_INET:
396 if (a->sockaddr.in.sin_addr.s_addr != b->sockaddr.in.sin_addr.s_addr)
397 return false;
398
399 if (a->sockaddr.in.sin_port != b->sockaddr.in.sin_port)
400 return false;
401
402 break;
403
404 case AF_INET6:
405 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
406 return false;
407
408 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
409 return false;
410
411 break;
412
413 case AF_UNIX:
414 if (a->size <= offsetof(struct sockaddr_un, sun_path) ||
415 b->size <= offsetof(struct sockaddr_un, sun_path))
416 return false;
417
418 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
419 return false;
420
421 if (a->sockaddr.un.sun_path[0]) {
422 if (!path_equal_or_files_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, 0))
423 return false;
424 } else {
425 if (a->size != b->size)
426 return false;
427
428 if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
429 return false;
430 }
431
432 break;
433
434 case AF_NETLINK:
435 if (a->protocol != b->protocol)
436 return false;
437
438 if (a->sockaddr.nl.nl_groups != b->sockaddr.nl.nl_groups)
439 return false;
440
441 break;
442
443 case AF_VSOCK:
444 if (a->sockaddr.vm.svm_cid != b->sockaddr.vm.svm_cid)
445 return false;
446
447 if (a->sockaddr.vm.svm_port != b->sockaddr.vm.svm_port)
448 return false;
449
450 break;
451
452 default:
453 /* Cannot compare, so we assume the addresses are different */
454 return false;
455 }
456
457 return true;
458 }
459
460 bool socket_address_is(const SocketAddress *a, const char *s, int type) {
461 struct SocketAddress b;
462
463 assert(a);
464 assert(s);
465
466 if (socket_address_parse(&b, s) < 0)
467 return false;
468
469 b.type = type;
470
471 return socket_address_equal(a, &b);
472 }
473
474 bool socket_address_is_netlink(const SocketAddress *a, const char *s) {
475 struct SocketAddress b;
476
477 assert(a);
478 assert(s);
479
480 if (socket_address_parse_netlink(&b, s) < 0)
481 return false;
482
483 return socket_address_equal(a, &b);
484 }
485
486 const char* socket_address_get_path(const SocketAddress *a) {
487 assert(a);
488
489 if (socket_address_family(a) != AF_UNIX)
490 return NULL;
491
492 if (a->sockaddr.un.sun_path[0] == 0)
493 return NULL;
494
495 return a->sockaddr.un.sun_path;
496 }
497
498 bool socket_ipv6_is_supported(void) {
499 if (access("/proc/net/if_inet6", F_OK) != 0)
500 return false;
501
502 return true;
503 }
504
505 bool socket_address_matches_fd(const SocketAddress *a, int fd) {
506 SocketAddress b;
507 socklen_t solen;
508
509 assert(a);
510 assert(fd >= 0);
511
512 b.size = sizeof(b.sockaddr);
513 if (getsockname(fd, &b.sockaddr.sa, &b.size) < 0)
514 return false;
515
516 if (b.sockaddr.sa.sa_family != a->sockaddr.sa.sa_family)
517 return false;
518
519 solen = sizeof(b.type);
520 if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &b.type, &solen) < 0)
521 return false;
522
523 if (b.type != a->type)
524 return false;
525
526 if (a->protocol != 0) {
527 solen = sizeof(b.protocol);
528 if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &b.protocol, &solen) < 0)
529 return false;
530
531 if (b.protocol != a->protocol)
532 return false;
533 }
534
535 return socket_address_equal(a, &b);
536 }
537
538 int sockaddr_port(const struct sockaddr *_sa, unsigned *ret_port) {
539 union sockaddr_union *sa = (union sockaddr_union*) _sa;
540
541 /* Note, this returns the port as 'unsigned' rather than 'uint16_t', as AF_VSOCK knows larger ports */
542
543 assert(sa);
544
545 switch (sa->sa.sa_family) {
546
547 case AF_INET:
548 *ret_port = be16toh(sa->in.sin_port);
549 return 0;
550
551 case AF_INET6:
552 *ret_port = be16toh(sa->in6.sin6_port);
553 return 0;
554
555 case AF_VSOCK:
556 *ret_port = sa->vm.svm_port;
557 return 0;
558
559 default:
560 return -EAFNOSUPPORT;
561 }
562 }
563
564 int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
565 union sockaddr_union *sa = (union sockaddr_union*) _sa;
566 char *p;
567 int r;
568
569 assert(sa);
570 assert(salen >= sizeof(sa->sa.sa_family));
571
572 switch (sa->sa.sa_family) {
573
574 case AF_INET: {
575 uint32_t a;
576
577 a = be32toh(sa->in.sin_addr.s_addr);
578
579 if (include_port)
580 r = asprintf(&p,
581 "%u.%u.%u.%u:%u",
582 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
583 be16toh(sa->in.sin_port));
584 else
585 r = asprintf(&p,
586 "%u.%u.%u.%u",
587 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF);
588 if (r < 0)
589 return -ENOMEM;
590 break;
591 }
592
593 case AF_INET6: {
594 static const unsigned char ipv4_prefix[] = {
595 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
596 };
597
598 if (translate_ipv6 &&
599 memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
600 const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
601 if (include_port)
602 r = asprintf(&p,
603 "%u.%u.%u.%u:%u",
604 a[0], a[1], a[2], a[3],
605 be16toh(sa->in6.sin6_port));
606 else
607 r = asprintf(&p,
608 "%u.%u.%u.%u",
609 a[0], a[1], a[2], a[3]);
610 if (r < 0)
611 return -ENOMEM;
612 } else {
613 char a[INET6_ADDRSTRLEN];
614
615 inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
616
617 if (include_port) {
618 r = asprintf(&p,
619 "[%s]:%u",
620 a,
621 be16toh(sa->in6.sin6_port));
622 if (r < 0)
623 return -ENOMEM;
624 } else {
625 p = strdup(a);
626 if (!p)
627 return -ENOMEM;
628 }
629 }
630
631 break;
632 }
633
634 case AF_UNIX:
635 if (salen <= offsetof(struct sockaddr_un, sun_path)) {
636 p = strdup("<unnamed>");
637 if (!p)
638 return -ENOMEM;
639
640 } else if (sa->un.sun_path[0] == 0) {
641 /* abstract */
642
643 /* FIXME: We assume we can print the
644 * socket path here and that it hasn't
645 * more than one NUL byte. That is
646 * actually an invalid assumption */
647
648 p = new(char, sizeof(sa->un.sun_path)+1);
649 if (!p)
650 return -ENOMEM;
651
652 p[0] = '@';
653 memcpy(p+1, sa->un.sun_path+1, sizeof(sa->un.sun_path)-1);
654 p[sizeof(sa->un.sun_path)] = 0;
655
656 } else {
657 p = strndup(sa->un.sun_path, sizeof(sa->un.sun_path));
658 if (!p)
659 return -ENOMEM;
660 }
661
662 break;
663
664 case AF_VSOCK:
665 if (include_port)
666 r = asprintf(&p,
667 "vsock:%u:%u",
668 sa->vm.svm_cid,
669 sa->vm.svm_port);
670 else
671 r = asprintf(&p, "vsock:%u", sa->vm.svm_cid);
672 if (r < 0)
673 return -ENOMEM;
674 break;
675
676 default:
677 return -EOPNOTSUPP;
678 }
679
680
681 *ret = p;
682 return 0;
683 }
684
685 int getpeername_pretty(int fd, bool include_port, char **ret) {
686 union sockaddr_union sa;
687 socklen_t salen = sizeof(sa);
688 int r;
689
690 assert(fd >= 0);
691 assert(ret);
692
693 if (getpeername(fd, &sa.sa, &salen) < 0)
694 return -errno;
695
696 if (sa.sa.sa_family == AF_UNIX) {
697 struct ucred ucred = {};
698
699 /* UNIX connection sockets are anonymous, so let's use
700 * PID/UID as pretty credentials instead */
701
702 r = getpeercred(fd, &ucred);
703 if (r < 0)
704 return r;
705
706 if (asprintf(ret, "PID "PID_FMT"/UID "UID_FMT, ucred.pid, ucred.uid) < 0)
707 return -ENOMEM;
708
709 return 0;
710 }
711
712 /* For remote sockets we translate IPv6 addresses back to IPv4
713 * if applicable, since that's nicer. */
714
715 return sockaddr_pretty(&sa.sa, salen, true, include_port, ret);
716 }
717
718 int getsockname_pretty(int fd, char **ret) {
719 union sockaddr_union sa;
720 socklen_t salen = sizeof(sa);
721
722 assert(fd >= 0);
723 assert(ret);
724
725 if (getsockname(fd, &sa.sa, &salen) < 0)
726 return -errno;
727
728 /* For local sockets we do not translate IPv6 addresses back
729 * to IPv6 if applicable, since this is usually used for
730 * listening sockets where the difference between IPv4 and
731 * IPv6 matters. */
732
733 return sockaddr_pretty(&sa.sa, salen, false, true, ret);
734 }
735
736 int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
737 int r;
738 char host[NI_MAXHOST], *ret;
739
740 assert(_ret);
741
742 r = getnameinfo(&sa->sa, salen, host, sizeof(host), NULL, 0, IDN_FLAGS);
743 if (r != 0) {
744 int saved_errno = errno;
745
746 r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
747 if (r < 0)
748 return r;
749
750 log_debug_errno(saved_errno, "getnameinfo(%s) failed: %m", ret);
751 } else {
752 ret = strdup(host);
753 if (!ret)
754 return -ENOMEM;
755 }
756
757 *_ret = ret;
758 return 0;
759 }
760
761 int getnameinfo_pretty(int fd, char **ret) {
762 union sockaddr_union sa;
763 socklen_t salen = sizeof(sa);
764
765 assert(fd >= 0);
766 assert(ret);
767
768 if (getsockname(fd, &sa.sa, &salen) < 0)
769 return -errno;
770
771 return socknameinfo_pretty(&sa, salen, ret);
772 }
773
774 int socket_address_unlink(SocketAddress *a) {
775 assert(a);
776
777 if (socket_address_family(a) != AF_UNIX)
778 return 0;
779
780 if (a->sockaddr.un.sun_path[0] == 0)
781 return 0;
782
783 if (unlink(a->sockaddr.un.sun_path) < 0)
784 return -errno;
785
786 return 1;
787 }
788
789 static const char* const netlink_family_table[] = {
790 [NETLINK_ROUTE] = "route",
791 [NETLINK_FIREWALL] = "firewall",
792 [NETLINK_INET_DIAG] = "inet-diag",
793 [NETLINK_NFLOG] = "nflog",
794 [NETLINK_XFRM] = "xfrm",
795 [NETLINK_SELINUX] = "selinux",
796 [NETLINK_ISCSI] = "iscsi",
797 [NETLINK_AUDIT] = "audit",
798 [NETLINK_FIB_LOOKUP] = "fib-lookup",
799 [NETLINK_CONNECTOR] = "connector",
800 [NETLINK_NETFILTER] = "netfilter",
801 [NETLINK_IP6_FW] = "ip6-fw",
802 [NETLINK_DNRTMSG] = "dnrtmsg",
803 [NETLINK_KOBJECT_UEVENT] = "kobject-uevent",
804 [NETLINK_GENERIC] = "generic",
805 [NETLINK_SCSITRANSPORT] = "scsitransport",
806 [NETLINK_ECRYPTFS] = "ecryptfs",
807 [NETLINK_RDMA] = "rdma",
808 };
809
810 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(netlink_family, int, INT_MAX);
811
812 static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
813 [SOCKET_ADDRESS_DEFAULT] = "default",
814 [SOCKET_ADDRESS_BOTH] = "both",
815 [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
816 };
817
818 DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);
819
820 SocketAddressBindIPv6Only parse_socket_address_bind_ipv6_only_or_bool(const char *n) {
821 int r;
822
823 r = parse_boolean(n);
824 if (r > 0)
825 return SOCKET_ADDRESS_IPV6_ONLY;
826 if (r == 0)
827 return SOCKET_ADDRESS_BOTH;
828
829 return socket_address_bind_ipv6_only_from_string(n);
830 }
831
832 bool sockaddr_equal(const union sockaddr_union *a, const union sockaddr_union *b) {
833 assert(a);
834 assert(b);
835
836 if (a->sa.sa_family != b->sa.sa_family)
837 return false;
838
839 if (a->sa.sa_family == AF_INET)
840 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
841
842 if (a->sa.sa_family == AF_INET6)
843 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
844
845 if (a->sa.sa_family == AF_VSOCK)
846 return a->vm.svm_cid == b->vm.svm_cid;
847
848 return false;
849 }
850
851 int fd_inc_sndbuf(int fd, size_t n) {
852 int r, value;
853 socklen_t l = sizeof(value);
854
855 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
856 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
857 return 0;
858
859 /* If we have the privileges we will ignore the kernel limit. */
860
861 value = (int) n;
862 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
863 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
864 return -errno;
865
866 return 1;
867 }
868
869 int fd_inc_rcvbuf(int fd, size_t n) {
870 int r, value;
871 socklen_t l = sizeof(value);
872
873 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
874 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
875 return 0;
876
877 /* If we have the privileges we will ignore the kernel limit. */
878
879 value = (int) n;
880 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
881 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
882 return -errno;
883 return 1;
884 }
885
886 static const char* const ip_tos_table[] = {
887 [IPTOS_LOWDELAY] = "low-delay",
888 [IPTOS_THROUGHPUT] = "throughput",
889 [IPTOS_RELIABILITY] = "reliability",
890 [IPTOS_LOWCOST] = "low-cost",
891 };
892
893 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
894
895 bool ifname_valid(const char *p) {
896 bool numeric = true;
897
898 /* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
899 * but slightly stricter, as we only allow non-control, non-space ASCII characters in the interface name. We
900 * also don't permit names that only container numbers, to avoid confusion with numeric interface indexes. */
901
902 if (isempty(p))
903 return false;
904
905 if (strlen(p) >= IFNAMSIZ)
906 return false;
907
908 if (dot_or_dot_dot(p))
909 return false;
910
911 while (*p) {
912 if ((unsigned char) *p >= 127U)
913 return false;
914
915 if ((unsigned char) *p <= 32U)
916 return false;
917
918 if (IN_SET(*p, ':', '/'))
919 return false;
920
921 numeric = numeric && (*p >= '0' && *p <= '9');
922 p++;
923 }
924
925 if (numeric)
926 return false;
927
928 return true;
929 }
930
931 bool address_label_valid(const char *p) {
932
933 if (isempty(p))
934 return false;
935
936 if (strlen(p) >= IFNAMSIZ)
937 return false;
938
939 while (*p) {
940 if ((uint8_t) *p >= 127U)
941 return false;
942
943 if ((uint8_t) *p <= 31U)
944 return false;
945 p++;
946 }
947
948 return true;
949 }
950
951 int getpeercred(int fd, struct ucred *ucred) {
952 socklen_t n = sizeof(struct ucred);
953 struct ucred u;
954 int r;
955
956 assert(fd >= 0);
957 assert(ucred);
958
959 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
960 if (r < 0)
961 return -errno;
962
963 if (n != sizeof(struct ucred))
964 return -EIO;
965
966 /* Check if the data is actually useful and not suppressed due to namespacing issues */
967 if (!pid_is_valid(u.pid))
968 return -ENODATA;
969
970 /* Note that we don't check UID/GID here, as namespace translation works differently there: instead of
971 * receiving in "invalid" user/group we get the overflow UID/GID. */
972
973 *ucred = u;
974 return 0;
975 }
976
977 int getpeersec(int fd, char **ret) {
978 _cleanup_free_ char *s = NULL;
979 socklen_t n = 64;
980
981 assert(fd >= 0);
982 assert(ret);
983
984 for (;;) {
985 s = new0(char, n+1);
986 if (!s)
987 return -ENOMEM;
988
989 if (getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n) >= 0)
990 break;
991
992 if (errno != ERANGE)
993 return -errno;
994
995 s = mfree(s);
996 }
997
998 if (isempty(s))
999 return -EOPNOTSUPP;
1000
1001 *ret = s;
1002 s = NULL;
1003
1004 return 0;
1005 }
1006
1007 int getpeergroups(int fd, gid_t **ret) {
1008 socklen_t n = sizeof(gid_t) * 64;
1009 _cleanup_free_ gid_t *d = NULL;
1010
1011 assert(fd);
1012 assert(ret);
1013
1014 for (;;) {
1015 d = malloc(n);
1016 if (!d)
1017 return -ENOMEM;
1018
1019 if (getsockopt(fd, SOL_SOCKET, SO_PEERGROUPS, d, &n) >= 0)
1020 break;
1021
1022 if (errno != ERANGE)
1023 return -errno;
1024
1025 d = mfree(d);
1026 }
1027
1028 assert_se(n % sizeof(gid_t) == 0);
1029 n /= sizeof(gid_t);
1030
1031 if ((socklen_t) (int) n != n)
1032 return -E2BIG;
1033
1034 *ret = d;
1035 d = NULL;
1036
1037 return (int) n;
1038 }
1039
1040 int send_one_fd_sa(
1041 int transport_fd,
1042 int fd,
1043 const struct sockaddr *sa, socklen_t len,
1044 int flags) {
1045
1046 union {
1047 struct cmsghdr cmsghdr;
1048 uint8_t buf[CMSG_SPACE(sizeof(int))];
1049 } control = {};
1050 struct msghdr mh = {
1051 .msg_name = (struct sockaddr*) sa,
1052 .msg_namelen = len,
1053 .msg_control = &control,
1054 .msg_controllen = sizeof(control),
1055 };
1056 struct cmsghdr *cmsg;
1057
1058 assert(transport_fd >= 0);
1059 assert(fd >= 0);
1060
1061 cmsg = CMSG_FIRSTHDR(&mh);
1062 cmsg->cmsg_level = SOL_SOCKET;
1063 cmsg->cmsg_type = SCM_RIGHTS;
1064 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
1065 memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
1066
1067 mh.msg_controllen = CMSG_SPACE(sizeof(int));
1068 if (sendmsg(transport_fd, &mh, MSG_NOSIGNAL | flags) < 0)
1069 return -errno;
1070
1071 return 0;
1072 }
1073
1074 int receive_one_fd(int transport_fd, int flags) {
1075 union {
1076 struct cmsghdr cmsghdr;
1077 uint8_t buf[CMSG_SPACE(sizeof(int))];
1078 } control = {};
1079 struct msghdr mh = {
1080 .msg_control = &control,
1081 .msg_controllen = sizeof(control),
1082 };
1083 struct cmsghdr *cmsg, *found = NULL;
1084
1085 assert(transport_fd >= 0);
1086
1087 /*
1088 * Receive a single FD via @transport_fd. We don't care for
1089 * the transport-type. We retrieve a single FD at most, so for
1090 * packet-based transports, the caller must ensure to send
1091 * only a single FD per packet. This is best used in
1092 * combination with send_one_fd().
1093 */
1094
1095 if (recvmsg(transport_fd, &mh, MSG_NOSIGNAL | MSG_CMSG_CLOEXEC | flags) < 0)
1096 return -errno;
1097
1098 CMSG_FOREACH(cmsg, &mh) {
1099 if (cmsg->cmsg_level == SOL_SOCKET &&
1100 cmsg->cmsg_type == SCM_RIGHTS &&
1101 cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
1102 assert(!found);
1103 found = cmsg;
1104 break;
1105 }
1106 }
1107
1108 if (!found) {
1109 cmsg_close_all(&mh);
1110 return -EIO;
1111 }
1112
1113 return *(int*) CMSG_DATA(found);
1114 }
1115
1116 ssize_t next_datagram_size_fd(int fd) {
1117 ssize_t l;
1118 int k;
1119
1120 /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
1121 * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD doesn't
1122 * do. This difference is actually of major importance as we need to be sure that the size returned here
1123 * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
1124 * the wrong size. */
1125
1126 l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
1127 if (l < 0) {
1128 if (IN_SET(errno, EOPNOTSUPP, EFAULT))
1129 goto fallback;
1130
1131 return -errno;
1132 }
1133 if (l == 0)
1134 goto fallback;
1135
1136 return l;
1137
1138 fallback:
1139 k = 0;
1140
1141 /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
1142 * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
1143
1144 if (ioctl(fd, FIONREAD, &k) < 0)
1145 return -errno;
1146
1147 return (ssize_t) k;
1148 }
1149
1150 int flush_accept(int fd) {
1151
1152 struct pollfd pollfd = {
1153 .fd = fd,
1154 .events = POLLIN,
1155 };
1156 int r;
1157
1158
1159 /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately closing them. */
1160
1161 for (;;) {
1162 int cfd;
1163
1164 r = poll(&pollfd, 1, 0);
1165 if (r < 0) {
1166 if (errno == EINTR)
1167 continue;
1168
1169 return -errno;
1170
1171 } else if (r == 0)
1172 return 0;
1173
1174 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1175 if (cfd < 0) {
1176 if (errno == EINTR)
1177 continue;
1178
1179 if (errno == EAGAIN)
1180 return 0;
1181
1182 return -errno;
1183 }
1184
1185 close(cfd);
1186 }
1187 }
1188
1189 struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length) {
1190 struct cmsghdr *cmsg;
1191
1192 assert(mh);
1193
1194 CMSG_FOREACH(cmsg, mh)
1195 if (cmsg->cmsg_level == level &&
1196 cmsg->cmsg_type == type &&
1197 (length == (socklen_t) -1 || length == cmsg->cmsg_len))
1198 return cmsg;
1199
1200 return NULL;
1201 }
1202
1203 int socket_ioctl_fd(void) {
1204 int fd;
1205
1206 /* Create a socket to invoke the various network interface ioctl()s on. Traditionally only AF_INET was good for
1207 * that. Since kernel 4.6 AF_NETLINK works for this too. We first try to use AF_INET hence, but if that's not
1208 * available (for example, because it is made unavailable via SECCOMP or such), we'll fall back to the more
1209 * generic AF_NETLINK. */
1210
1211 fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0);
1212 if (fd < 0)
1213 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_GENERIC);
1214 if (fd < 0)
1215 return -errno;
1216
1217 return fd;
1218 }
Unnamed repository; edit this file 'description' to name the repository.