]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/socket-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add SPDX license identifiers to source files under the LGPL
[thirdparty/systemd.git] / src / basic / socket-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19 ***/
20
21 #include <arpa/inet.h>
22 #include <errno.h>
23 #include <limits.h>
24 #include <net/if.h>
25 #include <netdb.h>
26 #include <netinet/ip.h>
27 #include <poll.h>
28 #include <stddef.h>
29 #include <stdint.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <unistd.h>
34
35 #include "alloc-util.h"
36 #include "fd-util.h"
37 #include "fileio.h"
38 #include "format-util.h"
39 #include "log.h"
40 #include "macro.h"
41 #include "missing.h"
42 #include "parse-util.h"
43 #include "path-util.h"
44 #include "socket-util.h"
45 #include "string-table.h"
46 #include "string-util.h"
47 #include "strv.h"
48 #include "user-util.h"
49 #include "utf8.h"
50 #include "util.h"
51
52 #if ENABLE_IDN
53 # define IDN_FLAGS (NI_IDN|NI_IDN_USE_STD3_ASCII_RULES)
54 #else
55 # define IDN_FLAGS 0
56 #endif
57
58 int socket_address_parse(SocketAddress *a, const char *s) {
59 char *e, *n;
60 unsigned u;
61 int r;
62
63 assert(a);
64 assert(s);
65
66 zero(*a);
67 a->type = SOCK_STREAM;
68
69 if (*s == '[') {
70 /* IPv6 in [x:.....:z]:p notation */
71
72 e = strchr(s+1, ']');
73 if (!e)
74 return -EINVAL;
75
76 n = strndupa(s+1, e-s-1);
77
78 errno = 0;
79 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
80 return errno > 0 ? -errno : -EINVAL;
81
82 e++;
83 if (*e != ':')
84 return -EINVAL;
85
86 e++;
87 r = safe_atou(e, &u);
88 if (r < 0)
89 return r;
90
91 if (u <= 0 || u > 0xFFFF)
92 return -EINVAL;
93
94 a->sockaddr.in6.sin6_family = AF_INET6;
95 a->sockaddr.in6.sin6_port = htobe16((uint16_t)u);
96 a->size = sizeof(struct sockaddr_in6);
97
98 } else if (*s == '/') {
99 /* AF_UNIX socket */
100
101 size_t l;
102
103 l = strlen(s);
104 if (l >= sizeof(a->sockaddr.un.sun_path))
105 return -EINVAL;
106
107 a->sockaddr.un.sun_family = AF_UNIX;
108 memcpy(a->sockaddr.un.sun_path, s, l);
109 a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
110
111 } else if (*s == '@') {
112 /* Abstract AF_UNIX socket */
113 size_t l;
114
115 l = strlen(s+1);
116 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
117 return -EINVAL;
118
119 a->sockaddr.un.sun_family = AF_UNIX;
120 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
121 a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
122
123 } else if (startswith(s, "vsock:")) {
124 /* AF_VSOCK socket in vsock:cid:port notation */
125 const char *cid_start = s + strlen("vsock:");
126
127 e = strchr(cid_start, ':');
128 if (!e)
129 return -EINVAL;
130
131 r = safe_atou(e+1, &u);
132 if (r < 0)
133 return r;
134
135 n = strndupa(cid_start, e - cid_start);
136 if (!isempty(n)) {
137 r = safe_atou(n, &a->sockaddr.vm.svm_cid);
138 if (r < 0)
139 return r;
140 } else
141 a->sockaddr.vm.svm_cid = VMADDR_CID_ANY;
142
143 a->sockaddr.vm.svm_family = AF_VSOCK;
144 a->sockaddr.vm.svm_port = u;
145 a->size = sizeof(struct sockaddr_vm);
146
147 } else {
148 e = strchr(s, ':');
149 if (e) {
150 r = safe_atou(e+1, &u);
151 if (r < 0)
152 return r;
153
154 if (u <= 0 || u > 0xFFFF)
155 return -EINVAL;
156
157 n = strndupa(s, e-s);
158
159 /* IPv4 in w.x.y.z:p notation? */
160 r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
161 if (r < 0)
162 return -errno;
163
164 if (r > 0) {
165 /* Gotcha, it's a traditional IPv4 address */
166 a->sockaddr.in.sin_family = AF_INET;
167 a->sockaddr.in.sin_port = htobe16((uint16_t)u);
168 a->size = sizeof(struct sockaddr_in);
169 } else {
170 unsigned idx;
171
172 if (strlen(n) > IF_NAMESIZE-1)
173 return -EINVAL;
174
175 /* Uh, our last resort, an interface name */
176 idx = if_nametoindex(n);
177 if (idx == 0)
178 return -EINVAL;
179
180 a->sockaddr.in6.sin6_family = AF_INET6;
181 a->sockaddr.in6.sin6_port = htobe16((uint16_t)u);
182 a->sockaddr.in6.sin6_scope_id = idx;
183 a->sockaddr.in6.sin6_addr = in6addr_any;
184 a->size = sizeof(struct sockaddr_in6);
185 }
186 } else {
187
188 /* Just a port */
189 r = safe_atou(s, &u);
190 if (r < 0)
191 return r;
192
193 if (u <= 0 || u > 0xFFFF)
194 return -EINVAL;
195
196 if (socket_ipv6_is_supported()) {
197 a->sockaddr.in6.sin6_family = AF_INET6;
198 a->sockaddr.in6.sin6_port = htobe16((uint16_t)u);
199 a->sockaddr.in6.sin6_addr = in6addr_any;
200 a->size = sizeof(struct sockaddr_in6);
201 } else {
202 a->sockaddr.in.sin_family = AF_INET;
203 a->sockaddr.in.sin_port = htobe16((uint16_t)u);
204 a->sockaddr.in.sin_addr.s_addr = INADDR_ANY;
205 a->size = sizeof(struct sockaddr_in);
206 }
207 }
208 }
209
210 return 0;
211 }
212
213 int socket_address_parse_and_warn(SocketAddress *a, const char *s) {
214 SocketAddress b;
215 int r;
216
217 /* Similar to socket_address_parse() but warns for IPv6 sockets when we don't support them. */
218
219 r = socket_address_parse(&b, s);
220 if (r < 0)
221 return r;
222
223 if (!socket_ipv6_is_supported() && b.sockaddr.sa.sa_family == AF_INET6) {
224 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
225 return -EAFNOSUPPORT;
226 }
227
228 *a = b;
229 return 0;
230 }
231
232 int socket_address_parse_netlink(SocketAddress *a, const char *s) {
233 int family;
234 unsigned group = 0;
235 _cleanup_free_ char *sfamily = NULL;
236 assert(a);
237 assert(s);
238
239 zero(*a);
240 a->type = SOCK_RAW;
241
242 errno = 0;
243 if (sscanf(s, "%ms %u", &sfamily, &group) < 1)
244 return errno > 0 ? -errno : -EINVAL;
245
246 family = netlink_family_from_string(sfamily);
247 if (family < 0)
248 return -EINVAL;
249
250 a->sockaddr.nl.nl_family = AF_NETLINK;
251 a->sockaddr.nl.nl_groups = group;
252
253 a->type = SOCK_RAW;
254 a->size = sizeof(struct sockaddr_nl);
255 a->protocol = family;
256
257 return 0;
258 }
259
260 int socket_address_verify(const SocketAddress *a) {
261 assert(a);
262
263 switch (socket_address_family(a)) {
264
265 case AF_INET:
266 if (a->size != sizeof(struct sockaddr_in))
267 return -EINVAL;
268
269 if (a->sockaddr.in.sin_port == 0)
270 return -EINVAL;
271
272 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
273 return -EINVAL;
274
275 return 0;
276
277 case AF_INET6:
278 if (a->size != sizeof(struct sockaddr_in6))
279 return -EINVAL;
280
281 if (a->sockaddr.in6.sin6_port == 0)
282 return -EINVAL;
283
284 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
285 return -EINVAL;
286
287 return 0;
288
289 case AF_UNIX:
290 if (a->size < offsetof(struct sockaddr_un, sun_path))
291 return -EINVAL;
292
293 if (a->size > offsetof(struct sockaddr_un, sun_path)) {
294
295 if (a->sockaddr.un.sun_path[0] != 0) {
296 char *e;
297
298 /* path */
299 e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path));
300 if (!e)
301 return -EINVAL;
302
303 if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
304 return -EINVAL;
305 }
306 }
307
308 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM, SOCK_SEQPACKET))
309 return -EINVAL;
310
311 return 0;
312
313 case AF_NETLINK:
314
315 if (a->size != sizeof(struct sockaddr_nl))
316 return -EINVAL;
317
318 if (!IN_SET(a->type, SOCK_RAW, SOCK_DGRAM))
319 return -EINVAL;
320
321 return 0;
322
323 case AF_VSOCK:
324 if (a->size != sizeof(struct sockaddr_vm))
325 return -EINVAL;
326
327 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
328 return -EINVAL;
329
330 return 0;
331
332 default:
333 return -EAFNOSUPPORT;
334 }
335 }
336
337 int socket_address_print(const SocketAddress *a, char **ret) {
338 int r;
339
340 assert(a);
341 assert(ret);
342
343 r = socket_address_verify(a);
344 if (r < 0)
345 return r;
346
347 if (socket_address_family(a) == AF_NETLINK) {
348 _cleanup_free_ char *sfamily = NULL;
349
350 r = netlink_family_to_string_alloc(a->protocol, &sfamily);
351 if (r < 0)
352 return r;
353
354 r = asprintf(ret, "%s %u", sfamily, a->sockaddr.nl.nl_groups);
355 if (r < 0)
356 return -ENOMEM;
357
358 return 0;
359 }
360
361 return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
362 }
363
364 bool socket_address_can_accept(const SocketAddress *a) {
365 assert(a);
366
367 return
368 IN_SET(a->type, SOCK_STREAM, SOCK_SEQPACKET);
369 }
370
371 bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
372 assert(a);
373 assert(b);
374
375 /* Invalid addresses are unequal to all */
376 if (socket_address_verify(a) < 0 ||
377 socket_address_verify(b) < 0)
378 return false;
379
380 if (a->type != b->type)
381 return false;
382
383 if (socket_address_family(a) != socket_address_family(b))
384 return false;
385
386 switch (socket_address_family(a)) {
387
388 case AF_INET:
389 if (a->sockaddr.in.sin_addr.s_addr != b->sockaddr.in.sin_addr.s_addr)
390 return false;
391
392 if (a->sockaddr.in.sin_port != b->sockaddr.in.sin_port)
393 return false;
394
395 break;
396
397 case AF_INET6:
398 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
399 return false;
400
401 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
402 return false;
403
404 break;
405
406 case AF_UNIX:
407 if (a->size <= offsetof(struct sockaddr_un, sun_path) ||
408 b->size <= offsetof(struct sockaddr_un, sun_path))
409 return false;
410
411 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
412 return false;
413
414 if (a->sockaddr.un.sun_path[0]) {
415 if (!path_equal_or_files_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, 0))
416 return false;
417 } else {
418 if (a->size != b->size)
419 return false;
420
421 if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
422 return false;
423 }
424
425 break;
426
427 case AF_NETLINK:
428 if (a->protocol != b->protocol)
429 return false;
430
431 if (a->sockaddr.nl.nl_groups != b->sockaddr.nl.nl_groups)
432 return false;
433
434 break;
435
436 case AF_VSOCK:
437 if (a->sockaddr.vm.svm_cid != b->sockaddr.vm.svm_cid)
438 return false;
439
440 if (a->sockaddr.vm.svm_port != b->sockaddr.vm.svm_port)
441 return false;
442
443 break;
444
445 default:
446 /* Cannot compare, so we assume the addresses are different */
447 return false;
448 }
449
450 return true;
451 }
452
453 bool socket_address_is(const SocketAddress *a, const char *s, int type) {
454 struct SocketAddress b;
455
456 assert(a);
457 assert(s);
458
459 if (socket_address_parse(&b, s) < 0)
460 return false;
461
462 b.type = type;
463
464 return socket_address_equal(a, &b);
465 }
466
467 bool socket_address_is_netlink(const SocketAddress *a, const char *s) {
468 struct SocketAddress b;
469
470 assert(a);
471 assert(s);
472
473 if (socket_address_parse_netlink(&b, s) < 0)
474 return false;
475
476 return socket_address_equal(a, &b);
477 }
478
479 const char* socket_address_get_path(const SocketAddress *a) {
480 assert(a);
481
482 if (socket_address_family(a) != AF_UNIX)
483 return NULL;
484
485 if (a->sockaddr.un.sun_path[0] == 0)
486 return NULL;
487
488 return a->sockaddr.un.sun_path;
489 }
490
491 bool socket_ipv6_is_supported(void) {
492 if (access("/proc/net/if_inet6", F_OK) != 0)
493 return false;
494
495 return true;
496 }
497
498 bool socket_address_matches_fd(const SocketAddress *a, int fd) {
499 SocketAddress b;
500 socklen_t solen;
501
502 assert(a);
503 assert(fd >= 0);
504
505 b.size = sizeof(b.sockaddr);
506 if (getsockname(fd, &b.sockaddr.sa, &b.size) < 0)
507 return false;
508
509 if (b.sockaddr.sa.sa_family != a->sockaddr.sa.sa_family)
510 return false;
511
512 solen = sizeof(b.type);
513 if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &b.type, &solen) < 0)
514 return false;
515
516 if (b.type != a->type)
517 return false;
518
519 if (a->protocol != 0) {
520 solen = sizeof(b.protocol);
521 if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &b.protocol, &solen) < 0)
522 return false;
523
524 if (b.protocol != a->protocol)
525 return false;
526 }
527
528 return socket_address_equal(a, &b);
529 }
530
531 int sockaddr_port(const struct sockaddr *_sa, unsigned *port) {
532 union sockaddr_union *sa = (union sockaddr_union*) _sa;
533
534 assert(sa);
535
536 switch (sa->sa.sa_family) {
537 case AF_INET:
538 *port = be16toh(sa->in.sin_port);
539 return 0;
540
541 case AF_INET6:
542 *port = be16toh(sa->in6.sin6_port);
543 return 0;
544
545 case AF_VSOCK:
546 *port = sa->vm.svm_port;
547 return 0;
548
549 default:
550 return -EAFNOSUPPORT;
551 }
552 }
553
554 int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
555 union sockaddr_union *sa = (union sockaddr_union*) _sa;
556 char *p;
557 int r;
558
559 assert(sa);
560 assert(salen >= sizeof(sa->sa.sa_family));
561
562 switch (sa->sa.sa_family) {
563
564 case AF_INET: {
565 uint32_t a;
566
567 a = be32toh(sa->in.sin_addr.s_addr);
568
569 if (include_port)
570 r = asprintf(&p,
571 "%u.%u.%u.%u:%u",
572 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
573 be16toh(sa->in.sin_port));
574 else
575 r = asprintf(&p,
576 "%u.%u.%u.%u",
577 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF);
578 if (r < 0)
579 return -ENOMEM;
580 break;
581 }
582
583 case AF_INET6: {
584 static const unsigned char ipv4_prefix[] = {
585 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
586 };
587
588 if (translate_ipv6 &&
589 memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
590 const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
591 if (include_port)
592 r = asprintf(&p,
593 "%u.%u.%u.%u:%u",
594 a[0], a[1], a[2], a[3],
595 be16toh(sa->in6.sin6_port));
596 else
597 r = asprintf(&p,
598 "%u.%u.%u.%u",
599 a[0], a[1], a[2], a[3]);
600 if (r < 0)
601 return -ENOMEM;
602 } else {
603 char a[INET6_ADDRSTRLEN];
604
605 inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
606
607 if (include_port) {
608 r = asprintf(&p,
609 "[%s]:%u",
610 a,
611 be16toh(sa->in6.sin6_port));
612 if (r < 0)
613 return -ENOMEM;
614 } else {
615 p = strdup(a);
616 if (!p)
617 return -ENOMEM;
618 }
619 }
620
621 break;
622 }
623
624 case AF_UNIX:
625 if (salen <= offsetof(struct sockaddr_un, sun_path)) {
626 p = strdup("<unnamed>");
627 if (!p)
628 return -ENOMEM;
629
630 } else if (sa->un.sun_path[0] == 0) {
631 /* abstract */
632
633 /* FIXME: We assume we can print the
634 * socket path here and that it hasn't
635 * more than one NUL byte. That is
636 * actually an invalid assumption */
637
638 p = new(char, sizeof(sa->un.sun_path)+1);
639 if (!p)
640 return -ENOMEM;
641
642 p[0] = '@';
643 memcpy(p+1, sa->un.sun_path+1, sizeof(sa->un.sun_path)-1);
644 p[sizeof(sa->un.sun_path)] = 0;
645
646 } else {
647 p = strndup(sa->un.sun_path, sizeof(sa->un.sun_path));
648 if (!p)
649 return -ENOMEM;
650 }
651
652 break;
653
654 case AF_VSOCK:
655 if (include_port)
656 r = asprintf(&p,
657 "vsock:%u:%u",
658 sa->vm.svm_cid,
659 sa->vm.svm_port);
660 else
661 r = asprintf(&p, "vsock:%u", sa->vm.svm_cid);
662 if (r < 0)
663 return -ENOMEM;
664 break;
665
666 default:
667 return -EOPNOTSUPP;
668 }
669
670
671 *ret = p;
672 return 0;
673 }
674
675 int getpeername_pretty(int fd, bool include_port, char **ret) {
676 union sockaddr_union sa;
677 socklen_t salen = sizeof(sa);
678 int r;
679
680 assert(fd >= 0);
681 assert(ret);
682
683 if (getpeername(fd, &sa.sa, &salen) < 0)
684 return -errno;
685
686 if (sa.sa.sa_family == AF_UNIX) {
687 struct ucred ucred = {};
688
689 /* UNIX connection sockets are anonymous, so let's use
690 * PID/UID as pretty credentials instead */
691
692 r = getpeercred(fd, &ucred);
693 if (r < 0)
694 return r;
695
696 if (asprintf(ret, "PID "PID_FMT"/UID "UID_FMT, ucred.pid, ucred.uid) < 0)
697 return -ENOMEM;
698
699 return 0;
700 }
701
702 /* For remote sockets we translate IPv6 addresses back to IPv4
703 * if applicable, since that's nicer. */
704
705 return sockaddr_pretty(&sa.sa, salen, true, include_port, ret);
706 }
707
708 int getsockname_pretty(int fd, char **ret) {
709 union sockaddr_union sa;
710 socklen_t salen = sizeof(sa);
711
712 assert(fd >= 0);
713 assert(ret);
714
715 if (getsockname(fd, &sa.sa, &salen) < 0)
716 return -errno;
717
718 /* For local sockets we do not translate IPv6 addresses back
719 * to IPv6 if applicable, since this is usually used for
720 * listening sockets where the difference between IPv4 and
721 * IPv6 matters. */
722
723 return sockaddr_pretty(&sa.sa, salen, false, true, ret);
724 }
725
726 int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
727 int r;
728 char host[NI_MAXHOST], *ret;
729
730 assert(_ret);
731
732 r = getnameinfo(&sa->sa, salen, host, sizeof(host), NULL, 0, IDN_FLAGS);
733 if (r != 0) {
734 int saved_errno = errno;
735
736 r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
737 if (r < 0)
738 return r;
739
740 log_debug_errno(saved_errno, "getnameinfo(%s) failed: %m", ret);
741 } else {
742 ret = strdup(host);
743 if (!ret)
744 return -ENOMEM;
745 }
746
747 *_ret = ret;
748 return 0;
749 }
750
751 int getnameinfo_pretty(int fd, char **ret) {
752 union sockaddr_union sa;
753 socklen_t salen = sizeof(sa);
754
755 assert(fd >= 0);
756 assert(ret);
757
758 if (getsockname(fd, &sa.sa, &salen) < 0)
759 return -errno;
760
761 return socknameinfo_pretty(&sa, salen, ret);
762 }
763
764 int socket_address_unlink(SocketAddress *a) {
765 assert(a);
766
767 if (socket_address_family(a) != AF_UNIX)
768 return 0;
769
770 if (a->sockaddr.un.sun_path[0] == 0)
771 return 0;
772
773 if (unlink(a->sockaddr.un.sun_path) < 0)
774 return -errno;
775
776 return 1;
777 }
778
779 static const char* const netlink_family_table[] = {
780 [NETLINK_ROUTE] = "route",
781 [NETLINK_FIREWALL] = "firewall",
782 [NETLINK_INET_DIAG] = "inet-diag",
783 [NETLINK_NFLOG] = "nflog",
784 [NETLINK_XFRM] = "xfrm",
785 [NETLINK_SELINUX] = "selinux",
786 [NETLINK_ISCSI] = "iscsi",
787 [NETLINK_AUDIT] = "audit",
788 [NETLINK_FIB_LOOKUP] = "fib-lookup",
789 [NETLINK_CONNECTOR] = "connector",
790 [NETLINK_NETFILTER] = "netfilter",
791 [NETLINK_IP6_FW] = "ip6-fw",
792 [NETLINK_DNRTMSG] = "dnrtmsg",
793 [NETLINK_KOBJECT_UEVENT] = "kobject-uevent",
794 [NETLINK_GENERIC] = "generic",
795 [NETLINK_SCSITRANSPORT] = "scsitransport",
796 [NETLINK_ECRYPTFS] = "ecryptfs",
797 [NETLINK_RDMA] = "rdma",
798 };
799
800 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(netlink_family, int, INT_MAX);
801
802 static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
803 [SOCKET_ADDRESS_DEFAULT] = "default",
804 [SOCKET_ADDRESS_BOTH] = "both",
805 [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
806 };
807
808 DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);
809
810 bool sockaddr_equal(const union sockaddr_union *a, const union sockaddr_union *b) {
811 assert(a);
812 assert(b);
813
814 if (a->sa.sa_family != b->sa.sa_family)
815 return false;
816
817 if (a->sa.sa_family == AF_INET)
818 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
819
820 if (a->sa.sa_family == AF_INET6)
821 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
822
823 if (a->sa.sa_family == AF_VSOCK)
824 return a->vm.svm_cid == b->vm.svm_cid;
825
826 return false;
827 }
828
829 int fd_inc_sndbuf(int fd, size_t n) {
830 int r, value;
831 socklen_t l = sizeof(value);
832
833 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
834 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
835 return 0;
836
837 /* If we have the privileges we will ignore the kernel limit. */
838
839 value = (int) n;
840 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
841 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
842 return -errno;
843
844 return 1;
845 }
846
847 int fd_inc_rcvbuf(int fd, size_t n) {
848 int r, value;
849 socklen_t l = sizeof(value);
850
851 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
852 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
853 return 0;
854
855 /* If we have the privileges we will ignore the kernel limit. */
856
857 value = (int) n;
858 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
859 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
860 return -errno;
861 return 1;
862 }
863
864 static const char* const ip_tos_table[] = {
865 [IPTOS_LOWDELAY] = "low-delay",
866 [IPTOS_THROUGHPUT] = "throughput",
867 [IPTOS_RELIABILITY] = "reliability",
868 [IPTOS_LOWCOST] = "low-cost",
869 };
870
871 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
872
873 bool ifname_valid(const char *p) {
874 bool numeric = true;
875
876 /* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
877 * but slightly stricter, as we only allow non-control, non-space ASCII characters in the interface name. We
878 * also don't permit names that only container numbers, to avoid confusion with numeric interface indexes. */
879
880 if (isempty(p))
881 return false;
882
883 if (strlen(p) >= IFNAMSIZ)
884 return false;
885
886 if (dot_or_dot_dot(p))
887 return false;
888
889 while (*p) {
890 if ((unsigned char) *p >= 127U)
891 return false;
892
893 if ((unsigned char) *p <= 32U)
894 return false;
895
896 if (IN_SET(*p, ':', '/'))
897 return false;
898
899 numeric = numeric && (*p >= '0' && *p <= '9');
900 p++;
901 }
902
903 if (numeric)
904 return false;
905
906 return true;
907 }
908
909 bool address_label_valid(const char *p) {
910
911 if (isempty(p))
912 return false;
913
914 if (strlen(p) >= IFNAMSIZ)
915 return false;
916
917 while (*p) {
918 if ((uint8_t) *p >= 127U)
919 return false;
920
921 if ((uint8_t) *p <= 31U)
922 return false;
923 p++;
924 }
925
926 return true;
927 }
928
929 int getpeercred(int fd, struct ucred *ucred) {
930 socklen_t n = sizeof(struct ucred);
931 struct ucred u;
932 int r;
933
934 assert(fd >= 0);
935 assert(ucred);
936
937 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
938 if (r < 0)
939 return -errno;
940
941 if (n != sizeof(struct ucred))
942 return -EIO;
943
944 /* Check if the data is actually useful and not suppressed due
945 * to namespacing issues */
946 if (u.pid <= 0)
947 return -ENODATA;
948 if (u.uid == UID_INVALID)
949 return -ENODATA;
950 if (u.gid == GID_INVALID)
951 return -ENODATA;
952
953 *ucred = u;
954 return 0;
955 }
956
957 int getpeersec(int fd, char **ret) {
958 socklen_t n = 64;
959 char *s;
960 int r;
961
962 assert(fd >= 0);
963 assert(ret);
964
965 s = new0(char, n);
966 if (!s)
967 return -ENOMEM;
968
969 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
970 if (r < 0) {
971 free(s);
972
973 if (errno != ERANGE)
974 return -errno;
975
976 s = new0(char, n);
977 if (!s)
978 return -ENOMEM;
979
980 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
981 if (r < 0) {
982 free(s);
983 return -errno;
984 }
985 }
986
987 if (isempty(s)) {
988 free(s);
989 return -EOPNOTSUPP;
990 }
991
992 *ret = s;
993 return 0;
994 }
995
996 int send_one_fd_sa(
997 int transport_fd,
998 int fd,
999 const struct sockaddr *sa, socklen_t len,
1000 int flags) {
1001
1002 union {
1003 struct cmsghdr cmsghdr;
1004 uint8_t buf[CMSG_SPACE(sizeof(int))];
1005 } control = {};
1006 struct msghdr mh = {
1007 .msg_name = (struct sockaddr*) sa,
1008 .msg_namelen = len,
1009 .msg_control = &control,
1010 .msg_controllen = sizeof(control),
1011 };
1012 struct cmsghdr *cmsg;
1013
1014 assert(transport_fd >= 0);
1015 assert(fd >= 0);
1016
1017 cmsg = CMSG_FIRSTHDR(&mh);
1018 cmsg->cmsg_level = SOL_SOCKET;
1019 cmsg->cmsg_type = SCM_RIGHTS;
1020 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
1021 memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
1022
1023 mh.msg_controllen = CMSG_SPACE(sizeof(int));
1024 if (sendmsg(transport_fd, &mh, MSG_NOSIGNAL | flags) < 0)
1025 return -errno;
1026
1027 return 0;
1028 }
1029
1030 int receive_one_fd(int transport_fd, int flags) {
1031 union {
1032 struct cmsghdr cmsghdr;
1033 uint8_t buf[CMSG_SPACE(sizeof(int))];
1034 } control = {};
1035 struct msghdr mh = {
1036 .msg_control = &control,
1037 .msg_controllen = sizeof(control),
1038 };
1039 struct cmsghdr *cmsg, *found = NULL;
1040
1041 assert(transport_fd >= 0);
1042
1043 /*
1044 * Receive a single FD via @transport_fd. We don't care for
1045 * the transport-type. We retrieve a single FD at most, so for
1046 * packet-based transports, the caller must ensure to send
1047 * only a single FD per packet. This is best used in
1048 * combination with send_one_fd().
1049 */
1050
1051 if (recvmsg(transport_fd, &mh, MSG_NOSIGNAL | MSG_CMSG_CLOEXEC | flags) < 0)
1052 return -errno;
1053
1054 CMSG_FOREACH(cmsg, &mh) {
1055 if (cmsg->cmsg_level == SOL_SOCKET &&
1056 cmsg->cmsg_type == SCM_RIGHTS &&
1057 cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
1058 assert(!found);
1059 found = cmsg;
1060 break;
1061 }
1062 }
1063
1064 if (!found) {
1065 cmsg_close_all(&mh);
1066 return -EIO;
1067 }
1068
1069 return *(int*) CMSG_DATA(found);
1070 }
1071
1072 ssize_t next_datagram_size_fd(int fd) {
1073 ssize_t l;
1074 int k;
1075
1076 /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
1077 * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD doesn't
1078 * do. This difference is actually of major importance as we need to be sure that the size returned here
1079 * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
1080 * the wrong size. */
1081
1082 l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
1083 if (l < 0) {
1084 if (IN_SET(errno, EOPNOTSUPP, EFAULT))
1085 goto fallback;
1086
1087 return -errno;
1088 }
1089 if (l == 0)
1090 goto fallback;
1091
1092 return l;
1093
1094 fallback:
1095 k = 0;
1096
1097 /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
1098 * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
1099
1100 if (ioctl(fd, FIONREAD, &k) < 0)
1101 return -errno;
1102
1103 return (ssize_t) k;
1104 }
1105
1106 int flush_accept(int fd) {
1107
1108 struct pollfd pollfd = {
1109 .fd = fd,
1110 .events = POLLIN,
1111 };
1112 int r;
1113
1114
1115 /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately closing them. */
1116
1117 for (;;) {
1118 int cfd;
1119
1120 r = poll(&pollfd, 1, 0);
1121 if (r < 0) {
1122 if (errno == EINTR)
1123 continue;
1124
1125 return -errno;
1126
1127 } else if (r == 0)
1128 return 0;
1129
1130 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1131 if (cfd < 0) {
1132 if (errno == EINTR)
1133 continue;
1134
1135 if (errno == EAGAIN)
1136 return 0;
1137
1138 return -errno;
1139 }
1140
1141 close(cfd);
1142 }
1143 }
1144
1145 struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length) {
1146 struct cmsghdr *cmsg;
1147
1148 assert(mh);
1149
1150 CMSG_FOREACH(cmsg, mh)
1151 if (cmsg->cmsg_level == level &&
1152 cmsg->cmsg_type == type &&
1153 (length == (socklen_t) -1 || length == cmsg->cmsg_len))
1154 return cmsg;
1155
1156 return NULL;
1157 }
1158
1159 int socket_ioctl_fd(void) {
1160 int fd;
1161
1162 /* Create a socket to invoke the various network interface ioctl()s on. Traditionally only AF_INET was good for
1163 * that. Since kernel 4.6 AF_NETLINK works for this too. We first try to use AF_INET hence, but if that's not
1164 * available (for example, because it is made unavailable via SECCOMP or such), we'll fall back to the more
1165 * generic AF_NETLINK. */
1166
1167 fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0);
1168 if (fd < 0)
1169 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_GENERIC);
1170 if (fd < 0)
1171 return -errno;
1172
1173 return fd;
1174 }
Unnamed repository; edit this file 'description' to name the repository.