]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/socket-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #8143 from yuwata/drop-unused-func
[thirdparty/systemd.git] / src / basic / socket-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19 ***/
20
21 #include <arpa/inet.h>
22 #include <errno.h>
23 #include <limits.h>
24 #include <net/if.h>
25 #include <netdb.h>
26 #include <netinet/ip.h>
27 #include <poll.h>
28 #include <stddef.h>
29 #include <stdint.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <unistd.h>
34
35 #include "alloc-util.h"
36 #include "fd-util.h"
37 #include "fileio.h"
38 #include "format-util.h"
39 #include "log.h"
40 #include "macro.h"
41 #include "missing.h"
42 #include "parse-util.h"
43 #include "path-util.h"
44 #include "process-util.h"
45 #include "socket-util.h"
46 #include "string-table.h"
47 #include "string-util.h"
48 #include "strv.h"
49 #include "user-util.h"
50 #include "utf8.h"
51 #include "util.h"
52
53 #if ENABLE_IDN
54 # define IDN_FLAGS NI_IDN
55 #else
56 # define IDN_FLAGS 0
57 #endif
58
59 static const char* const socket_address_type_table[] = {
60 [SOCK_STREAM] = "Stream",
61 [SOCK_DGRAM] = "Datagram",
62 [SOCK_RAW] = "Raw",
63 [SOCK_RDM] = "ReliableDatagram",
64 [SOCK_SEQPACKET] = "SequentialPacket",
65 [SOCK_DCCP] = "DatagramCongestionControl",
66 };
67
68 DEFINE_STRING_TABLE_LOOKUP(socket_address_type, int);
69
70 int socket_address_parse(SocketAddress *a, const char *s) {
71 char *e, *n;
72 int r;
73
74 assert(a);
75 assert(s);
76
77 zero(*a);
78 a->type = SOCK_STREAM;
79
80 if (*s == '[') {
81 uint16_t port;
82
83 /* IPv6 in [x:.....:z]:p notation */
84
85 e = strchr(s+1, ']');
86 if (!e)
87 return -EINVAL;
88
89 n = strndupa(s+1, e-s-1);
90
91 errno = 0;
92 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
93 return errno > 0 ? -errno : -EINVAL;
94
95 e++;
96 if (*e != ':')
97 return -EINVAL;
98
99 e++;
100 r = parse_ip_port(e, &port);
101 if (r < 0)
102 return r;
103
104 a->sockaddr.in6.sin6_family = AF_INET6;
105 a->sockaddr.in6.sin6_port = htobe16(port);
106 a->size = sizeof(struct sockaddr_in6);
107
108 } else if (*s == '/') {
109 /* AF_UNIX socket */
110
111 size_t l;
112
113 l = strlen(s);
114 if (l >= sizeof(a->sockaddr.un.sun_path))
115 return -EINVAL;
116
117 a->sockaddr.un.sun_family = AF_UNIX;
118 memcpy(a->sockaddr.un.sun_path, s, l);
119 a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
120
121 } else if (*s == '@') {
122 /* Abstract AF_UNIX socket */
123 size_t l;
124
125 l = strlen(s+1);
126 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
127 return -EINVAL;
128
129 a->sockaddr.un.sun_family = AF_UNIX;
130 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
131 a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
132
133 } else if (startswith(s, "vsock:")) {
134 /* AF_VSOCK socket in vsock:cid:port notation */
135 const char *cid_start = s + STRLEN("vsock:");
136 unsigned port;
137
138 e = strchr(cid_start, ':');
139 if (!e)
140 return -EINVAL;
141
142 r = safe_atou(e+1, &port);
143 if (r < 0)
144 return r;
145
146 n = strndupa(cid_start, e - cid_start);
147 if (!isempty(n)) {
148 r = safe_atou(n, &a->sockaddr.vm.svm_cid);
149 if (r < 0)
150 return r;
151 } else
152 a->sockaddr.vm.svm_cid = VMADDR_CID_ANY;
153
154 a->sockaddr.vm.svm_family = AF_VSOCK;
155 a->sockaddr.vm.svm_port = port;
156 a->size = sizeof(struct sockaddr_vm);
157
158 } else {
159 uint16_t port;
160
161 e = strchr(s, ':');
162 if (e) {
163 r = parse_ip_port(e + 1, &port);
164 if (r < 0)
165 return r;
166
167 n = strndupa(s, e-s);
168
169 /* IPv4 in w.x.y.z:p notation? */
170 r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
171 if (r < 0)
172 return -errno;
173
174 if (r > 0) {
175 /* Gotcha, it's a traditional IPv4 address */
176 a->sockaddr.in.sin_family = AF_INET;
177 a->sockaddr.in.sin_port = htobe16(port);
178 a->size = sizeof(struct sockaddr_in);
179 } else {
180 unsigned idx;
181
182 if (strlen(n) > IF_NAMESIZE-1)
183 return -EINVAL;
184
185 /* Uh, our last resort, an interface name */
186 idx = if_nametoindex(n);
187 if (idx == 0)
188 return -EINVAL;
189
190 a->sockaddr.in6.sin6_family = AF_INET6;
191 a->sockaddr.in6.sin6_port = htobe16(port);
192 a->sockaddr.in6.sin6_scope_id = idx;
193 a->sockaddr.in6.sin6_addr = in6addr_any;
194 a->size = sizeof(struct sockaddr_in6);
195 }
196 } else {
197
198 /* Just a port */
199 r = parse_ip_port(s, &port);
200 if (r < 0)
201 return r;
202
203 if (socket_ipv6_is_supported()) {
204 a->sockaddr.in6.sin6_family = AF_INET6;
205 a->sockaddr.in6.sin6_port = htobe16(port);
206 a->sockaddr.in6.sin6_addr = in6addr_any;
207 a->size = sizeof(struct sockaddr_in6);
208 } else {
209 a->sockaddr.in.sin_family = AF_INET;
210 a->sockaddr.in.sin_port = htobe16(port);
211 a->sockaddr.in.sin_addr.s_addr = INADDR_ANY;
212 a->size = sizeof(struct sockaddr_in);
213 }
214 }
215 }
216
217 return 0;
218 }
219
220 int socket_address_parse_and_warn(SocketAddress *a, const char *s) {
221 SocketAddress b;
222 int r;
223
224 /* Similar to socket_address_parse() but warns for IPv6 sockets when we don't support them. */
225
226 r = socket_address_parse(&b, s);
227 if (r < 0)
228 return r;
229
230 if (!socket_ipv6_is_supported() && b.sockaddr.sa.sa_family == AF_INET6) {
231 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
232 return -EAFNOSUPPORT;
233 }
234
235 *a = b;
236 return 0;
237 }
238
239 int socket_address_parse_netlink(SocketAddress *a, const char *s) {
240 int family;
241 unsigned group = 0;
242 _cleanup_free_ char *sfamily = NULL;
243 assert(a);
244 assert(s);
245
246 zero(*a);
247 a->type = SOCK_RAW;
248
249 errno = 0;
250 if (sscanf(s, "%ms %u", &sfamily, &group) < 1)
251 return errno > 0 ? -errno : -EINVAL;
252
253 family = netlink_family_from_string(sfamily);
254 if (family < 0)
255 return -EINVAL;
256
257 a->sockaddr.nl.nl_family = AF_NETLINK;
258 a->sockaddr.nl.nl_groups = group;
259
260 a->type = SOCK_RAW;
261 a->size = sizeof(struct sockaddr_nl);
262 a->protocol = family;
263
264 return 0;
265 }
266
267 int socket_address_verify(const SocketAddress *a) {
268 assert(a);
269
270 switch (socket_address_family(a)) {
271
272 case AF_INET:
273 if (a->size != sizeof(struct sockaddr_in))
274 return -EINVAL;
275
276 if (a->sockaddr.in.sin_port == 0)
277 return -EINVAL;
278
279 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
280 return -EINVAL;
281
282 return 0;
283
284 case AF_INET6:
285 if (a->size != sizeof(struct sockaddr_in6))
286 return -EINVAL;
287
288 if (a->sockaddr.in6.sin6_port == 0)
289 return -EINVAL;
290
291 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
292 return -EINVAL;
293
294 return 0;
295
296 case AF_UNIX:
297 if (a->size < offsetof(struct sockaddr_un, sun_path))
298 return -EINVAL;
299
300 if (a->size > offsetof(struct sockaddr_un, sun_path)) {
301
302 if (a->sockaddr.un.sun_path[0] != 0) {
303 char *e;
304
305 /* path */
306 e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path));
307 if (!e)
308 return -EINVAL;
309
310 if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
311 return -EINVAL;
312 }
313 }
314
315 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM, SOCK_SEQPACKET))
316 return -EINVAL;
317
318 return 0;
319
320 case AF_NETLINK:
321
322 if (a->size != sizeof(struct sockaddr_nl))
323 return -EINVAL;
324
325 if (!IN_SET(a->type, SOCK_RAW, SOCK_DGRAM))
326 return -EINVAL;
327
328 return 0;
329
330 case AF_VSOCK:
331 if (a->size != sizeof(struct sockaddr_vm))
332 return -EINVAL;
333
334 if (!IN_SET(a->type, SOCK_STREAM, SOCK_DGRAM))
335 return -EINVAL;
336
337 return 0;
338
339 default:
340 return -EAFNOSUPPORT;
341 }
342 }
343
344 int socket_address_print(const SocketAddress *a, char **ret) {
345 int r;
346
347 assert(a);
348 assert(ret);
349
350 r = socket_address_verify(a);
351 if (r < 0)
352 return r;
353
354 if (socket_address_family(a) == AF_NETLINK) {
355 _cleanup_free_ char *sfamily = NULL;
356
357 r = netlink_family_to_string_alloc(a->protocol, &sfamily);
358 if (r < 0)
359 return r;
360
361 r = asprintf(ret, "%s %u", sfamily, a->sockaddr.nl.nl_groups);
362 if (r < 0)
363 return -ENOMEM;
364
365 return 0;
366 }
367
368 return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
369 }
370
371 bool socket_address_can_accept(const SocketAddress *a) {
372 assert(a);
373
374 return
375 IN_SET(a->type, SOCK_STREAM, SOCK_SEQPACKET);
376 }
377
378 bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
379 assert(a);
380 assert(b);
381
382 /* Invalid addresses are unequal to all */
383 if (socket_address_verify(a) < 0 ||
384 socket_address_verify(b) < 0)
385 return false;
386
387 if (a->type != b->type)
388 return false;
389
390 if (socket_address_family(a) != socket_address_family(b))
391 return false;
392
393 switch (socket_address_family(a)) {
394
395 case AF_INET:
396 if (a->sockaddr.in.sin_addr.s_addr != b->sockaddr.in.sin_addr.s_addr)
397 return false;
398
399 if (a->sockaddr.in.sin_port != b->sockaddr.in.sin_port)
400 return false;
401
402 break;
403
404 case AF_INET6:
405 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
406 return false;
407
408 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
409 return false;
410
411 break;
412
413 case AF_UNIX:
414 if (a->size <= offsetof(struct sockaddr_un, sun_path) ||
415 b->size <= offsetof(struct sockaddr_un, sun_path))
416 return false;
417
418 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
419 return false;
420
421 if (a->sockaddr.un.sun_path[0]) {
422 if (!path_equal_or_files_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, 0))
423 return false;
424 } else {
425 if (a->size != b->size)
426 return false;
427
428 if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
429 return false;
430 }
431
432 break;
433
434 case AF_NETLINK:
435 if (a->protocol != b->protocol)
436 return false;
437
438 if (a->sockaddr.nl.nl_groups != b->sockaddr.nl.nl_groups)
439 return false;
440
441 break;
442
443 case AF_VSOCK:
444 if (a->sockaddr.vm.svm_cid != b->sockaddr.vm.svm_cid)
445 return false;
446
447 if (a->sockaddr.vm.svm_port != b->sockaddr.vm.svm_port)
448 return false;
449
450 break;
451
452 default:
453 /* Cannot compare, so we assume the addresses are different */
454 return false;
455 }
456
457 return true;
458 }
459
460 bool socket_address_is(const SocketAddress *a, const char *s, int type) {
461 struct SocketAddress b;
462
463 assert(a);
464 assert(s);
465
466 if (socket_address_parse(&b, s) < 0)
467 return false;
468
469 b.type = type;
470
471 return socket_address_equal(a, &b);
472 }
473
474 bool socket_address_is_netlink(const SocketAddress *a, const char *s) {
475 struct SocketAddress b;
476
477 assert(a);
478 assert(s);
479
480 if (socket_address_parse_netlink(&b, s) < 0)
481 return false;
482
483 return socket_address_equal(a, &b);
484 }
485
486 const char* socket_address_get_path(const SocketAddress *a) {
487 assert(a);
488
489 if (socket_address_family(a) != AF_UNIX)
490 return NULL;
491
492 if (a->sockaddr.un.sun_path[0] == 0)
493 return NULL;
494
495 return a->sockaddr.un.sun_path;
496 }
497
498 bool socket_ipv6_is_supported(void) {
499 if (access("/proc/net/if_inet6", F_OK) != 0)
500 return false;
501
502 return true;
503 }
504
505 bool socket_address_matches_fd(const SocketAddress *a, int fd) {
506 SocketAddress b;
507 socklen_t solen;
508
509 assert(a);
510 assert(fd >= 0);
511
512 b.size = sizeof(b.sockaddr);
513 if (getsockname(fd, &b.sockaddr.sa, &b.size) < 0)
514 return false;
515
516 if (b.sockaddr.sa.sa_family != a->sockaddr.sa.sa_family)
517 return false;
518
519 solen = sizeof(b.type);
520 if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &b.type, &solen) < 0)
521 return false;
522
523 if (b.type != a->type)
524 return false;
525
526 if (a->protocol != 0) {
527 solen = sizeof(b.protocol);
528 if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &b.protocol, &solen) < 0)
529 return false;
530
531 if (b.protocol != a->protocol)
532 return false;
533 }
534
535 return socket_address_equal(a, &b);
536 }
537
538 int sockaddr_port(const struct sockaddr *_sa, unsigned *ret_port) {
539 union sockaddr_union *sa = (union sockaddr_union*) _sa;
540
541 /* Note, this returns the port as 'unsigned' rather than 'uint16_t', as AF_VSOCK knows larger ports */
542
543 assert(sa);
544
545 switch (sa->sa.sa_family) {
546
547 case AF_INET:
548 *ret_port = be16toh(sa->in.sin_port);
549 return 0;
550
551 case AF_INET6:
552 *ret_port = be16toh(sa->in6.sin6_port);
553 return 0;
554
555 case AF_VSOCK:
556 *ret_port = sa->vm.svm_port;
557 return 0;
558
559 default:
560 return -EAFNOSUPPORT;
561 }
562 }
563
564 int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
565 union sockaddr_union *sa = (union sockaddr_union*) _sa;
566 char *p;
567 int r;
568
569 assert(sa);
570 assert(salen >= sizeof(sa->sa.sa_family));
571
572 switch (sa->sa.sa_family) {
573
574 case AF_INET: {
575 uint32_t a;
576
577 a = be32toh(sa->in.sin_addr.s_addr);
578
579 if (include_port)
580 r = asprintf(&p,
581 "%u.%u.%u.%u:%u",
582 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
583 be16toh(sa->in.sin_port));
584 else
585 r = asprintf(&p,
586 "%u.%u.%u.%u",
587 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF);
588 if (r < 0)
589 return -ENOMEM;
590 break;
591 }
592
593 case AF_INET6: {
594 static const unsigned char ipv4_prefix[] = {
595 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
596 };
597
598 if (translate_ipv6 &&
599 memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
600 const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
601 if (include_port)
602 r = asprintf(&p,
603 "%u.%u.%u.%u:%u",
604 a[0], a[1], a[2], a[3],
605 be16toh(sa->in6.sin6_port));
606 else
607 r = asprintf(&p,
608 "%u.%u.%u.%u",
609 a[0], a[1], a[2], a[3]);
610 if (r < 0)
611 return -ENOMEM;
612 } else {
613 char a[INET6_ADDRSTRLEN];
614
615 inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
616
617 if (include_port) {
618 r = asprintf(&p,
619 "[%s]:%u",
620 a,
621 be16toh(sa->in6.sin6_port));
622 if (r < 0)
623 return -ENOMEM;
624 } else {
625 p = strdup(a);
626 if (!p)
627 return -ENOMEM;
628 }
629 }
630
631 break;
632 }
633
634 case AF_UNIX:
635 if (salen <= offsetof(struct sockaddr_un, sun_path)) {
636 p = strdup("<unnamed>");
637 if (!p)
638 return -ENOMEM;
639
640 } else if (sa->un.sun_path[0] == 0) {
641 /* abstract */
642
643 /* FIXME: We assume we can print the
644 * socket path here and that it hasn't
645 * more than one NUL byte. That is
646 * actually an invalid assumption */
647
648 p = new(char, sizeof(sa->un.sun_path)+1);
649 if (!p)
650 return -ENOMEM;
651
652 p[0] = '@';
653 memcpy(p+1, sa->un.sun_path+1, sizeof(sa->un.sun_path)-1);
654 p[sizeof(sa->un.sun_path)] = 0;
655
656 } else {
657 p = strndup(sa->un.sun_path, sizeof(sa->un.sun_path));
658 if (!p)
659 return -ENOMEM;
660 }
661
662 break;
663
664 case AF_VSOCK:
665 if (include_port)
666 r = asprintf(&p,
667 "vsock:%u:%u",
668 sa->vm.svm_cid,
669 sa->vm.svm_port);
670 else
671 r = asprintf(&p, "vsock:%u", sa->vm.svm_cid);
672 if (r < 0)
673 return -ENOMEM;
674 break;
675
676 default:
677 return -EOPNOTSUPP;
678 }
679
680
681 *ret = p;
682 return 0;
683 }
684
685 int getpeername_pretty(int fd, bool include_port, char **ret) {
686 union sockaddr_union sa;
687 socklen_t salen = sizeof(sa);
688 int r;
689
690 assert(fd >= 0);
691 assert(ret);
692
693 if (getpeername(fd, &sa.sa, &salen) < 0)
694 return -errno;
695
696 if (sa.sa.sa_family == AF_UNIX) {
697 struct ucred ucred = {};
698
699 /* UNIX connection sockets are anonymous, so let's use
700 * PID/UID as pretty credentials instead */
701
702 r = getpeercred(fd, &ucred);
703 if (r < 0)
704 return r;
705
706 if (asprintf(ret, "PID "PID_FMT"/UID "UID_FMT, ucred.pid, ucred.uid) < 0)
707 return -ENOMEM;
708
709 return 0;
710 }
711
712 /* For remote sockets we translate IPv6 addresses back to IPv4
713 * if applicable, since that's nicer. */
714
715 return sockaddr_pretty(&sa.sa, salen, true, include_port, ret);
716 }
717
718 int getsockname_pretty(int fd, char **ret) {
719 union sockaddr_union sa;
720 socklen_t salen = sizeof(sa);
721
722 assert(fd >= 0);
723 assert(ret);
724
725 if (getsockname(fd, &sa.sa, &salen) < 0)
726 return -errno;
727
728 /* For local sockets we do not translate IPv6 addresses back
729 * to IPv6 if applicable, since this is usually used for
730 * listening sockets where the difference between IPv4 and
731 * IPv6 matters. */
732
733 return sockaddr_pretty(&sa.sa, salen, false, true, ret);
734 }
735
736 int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
737 int r;
738 char host[NI_MAXHOST], *ret;
739
740 assert(_ret);
741
742 r = getnameinfo(&sa->sa, salen, host, sizeof(host), NULL, 0, IDN_FLAGS);
743 if (r != 0) {
744 int saved_errno = errno;
745
746 r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
747 if (r < 0)
748 return r;
749
750 log_debug_errno(saved_errno, "getnameinfo(%s) failed: %m", ret);
751 } else {
752 ret = strdup(host);
753 if (!ret)
754 return -ENOMEM;
755 }
756
757 *_ret = ret;
758 return 0;
759 }
760
761 int socket_address_unlink(SocketAddress *a) {
762 assert(a);
763
764 if (socket_address_family(a) != AF_UNIX)
765 return 0;
766
767 if (a->sockaddr.un.sun_path[0] == 0)
768 return 0;
769
770 if (unlink(a->sockaddr.un.sun_path) < 0)
771 return -errno;
772
773 return 1;
774 }
775
776 static const char* const netlink_family_table[] = {
777 [NETLINK_ROUTE] = "route",
778 [NETLINK_FIREWALL] = "firewall",
779 [NETLINK_INET_DIAG] = "inet-diag",
780 [NETLINK_NFLOG] = "nflog",
781 [NETLINK_XFRM] = "xfrm",
782 [NETLINK_SELINUX] = "selinux",
783 [NETLINK_ISCSI] = "iscsi",
784 [NETLINK_AUDIT] = "audit",
785 [NETLINK_FIB_LOOKUP] = "fib-lookup",
786 [NETLINK_CONNECTOR] = "connector",
787 [NETLINK_NETFILTER] = "netfilter",
788 [NETLINK_IP6_FW] = "ip6-fw",
789 [NETLINK_DNRTMSG] = "dnrtmsg",
790 [NETLINK_KOBJECT_UEVENT] = "kobject-uevent",
791 [NETLINK_GENERIC] = "generic",
792 [NETLINK_SCSITRANSPORT] = "scsitransport",
793 [NETLINK_ECRYPTFS] = "ecryptfs",
794 [NETLINK_RDMA] = "rdma",
795 };
796
797 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(netlink_family, int, INT_MAX);
798
799 static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
800 [SOCKET_ADDRESS_DEFAULT] = "default",
801 [SOCKET_ADDRESS_BOTH] = "both",
802 [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
803 };
804
805 DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);
806
807 SocketAddressBindIPv6Only parse_socket_address_bind_ipv6_only_or_bool(const char *n) {
808 int r;
809
810 r = parse_boolean(n);
811 if (r > 0)
812 return SOCKET_ADDRESS_IPV6_ONLY;
813 if (r == 0)
814 return SOCKET_ADDRESS_BOTH;
815
816 return socket_address_bind_ipv6_only_from_string(n);
817 }
818
819 bool sockaddr_equal(const union sockaddr_union *a, const union sockaddr_union *b) {
820 assert(a);
821 assert(b);
822
823 if (a->sa.sa_family != b->sa.sa_family)
824 return false;
825
826 if (a->sa.sa_family == AF_INET)
827 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
828
829 if (a->sa.sa_family == AF_INET6)
830 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
831
832 if (a->sa.sa_family == AF_VSOCK)
833 return a->vm.svm_cid == b->vm.svm_cid;
834
835 return false;
836 }
837
838 int fd_inc_sndbuf(int fd, size_t n) {
839 int r, value;
840 socklen_t l = sizeof(value);
841
842 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
843 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
844 return 0;
845
846 /* If we have the privileges we will ignore the kernel limit. */
847
848 value = (int) n;
849 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
850 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
851 return -errno;
852
853 return 1;
854 }
855
856 int fd_inc_rcvbuf(int fd, size_t n) {
857 int r, value;
858 socklen_t l = sizeof(value);
859
860 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
861 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
862 return 0;
863
864 /* If we have the privileges we will ignore the kernel limit. */
865
866 value = (int) n;
867 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
868 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
869 return -errno;
870 return 1;
871 }
872
873 static const char* const ip_tos_table[] = {
874 [IPTOS_LOWDELAY] = "low-delay",
875 [IPTOS_THROUGHPUT] = "throughput",
876 [IPTOS_RELIABILITY] = "reliability",
877 [IPTOS_LOWCOST] = "low-cost",
878 };
879
880 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
881
882 bool ifname_valid(const char *p) {
883 bool numeric = true;
884
885 /* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
886 * but slightly stricter, as we only allow non-control, non-space ASCII characters in the interface name. We
887 * also don't permit names that only container numbers, to avoid confusion with numeric interface indexes. */
888
889 if (isempty(p))
890 return false;
891
892 if (strlen(p) >= IFNAMSIZ)
893 return false;
894
895 if (dot_or_dot_dot(p))
896 return false;
897
898 while (*p) {
899 if ((unsigned char) *p >= 127U)
900 return false;
901
902 if ((unsigned char) *p <= 32U)
903 return false;
904
905 if (IN_SET(*p, ':', '/'))
906 return false;
907
908 numeric = numeric && (*p >= '0' && *p <= '9');
909 p++;
910 }
911
912 if (numeric)
913 return false;
914
915 return true;
916 }
917
918 bool address_label_valid(const char *p) {
919
920 if (isempty(p))
921 return false;
922
923 if (strlen(p) >= IFNAMSIZ)
924 return false;
925
926 while (*p) {
927 if ((uint8_t) *p >= 127U)
928 return false;
929
930 if ((uint8_t) *p <= 31U)
931 return false;
932 p++;
933 }
934
935 return true;
936 }
937
938 int getpeercred(int fd, struct ucred *ucred) {
939 socklen_t n = sizeof(struct ucred);
940 struct ucred u;
941 int r;
942
943 assert(fd >= 0);
944 assert(ucred);
945
946 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
947 if (r < 0)
948 return -errno;
949
950 if (n != sizeof(struct ucred))
951 return -EIO;
952
953 /* Check if the data is actually useful and not suppressed due to namespacing issues */
954 if (!pid_is_valid(u.pid))
955 return -ENODATA;
956
957 /* Note that we don't check UID/GID here, as namespace translation works differently there: instead of
958 * receiving in "invalid" user/group we get the overflow UID/GID. */
959
960 *ucred = u;
961 return 0;
962 }
963
964 int getpeersec(int fd, char **ret) {
965 _cleanup_free_ char *s = NULL;
966 socklen_t n = 64;
967
968 assert(fd >= 0);
969 assert(ret);
970
971 for (;;) {
972 s = new0(char, n+1);
973 if (!s)
974 return -ENOMEM;
975
976 if (getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n) >= 0)
977 break;
978
979 if (errno != ERANGE)
980 return -errno;
981
982 s = mfree(s);
983 }
984
985 if (isempty(s))
986 return -EOPNOTSUPP;
987
988 *ret = s;
989 s = NULL;
990
991 return 0;
992 }
993
994 int getpeergroups(int fd, gid_t **ret) {
995 socklen_t n = sizeof(gid_t) * 64;
996 _cleanup_free_ gid_t *d = NULL;
997
998 assert(fd >= 0);
999 assert(ret);
1000
1001 for (;;) {
1002 d = malloc(n);
1003 if (!d)
1004 return -ENOMEM;
1005
1006 if (getsockopt(fd, SOL_SOCKET, SO_PEERGROUPS, d, &n) >= 0)
1007 break;
1008
1009 if (errno != ERANGE)
1010 return -errno;
1011
1012 d = mfree(d);
1013 }
1014
1015 assert_se(n % sizeof(gid_t) == 0);
1016 n /= sizeof(gid_t);
1017
1018 if ((socklen_t) (int) n != n)
1019 return -E2BIG;
1020
1021 *ret = d;
1022 d = NULL;
1023
1024 return (int) n;
1025 }
1026
1027 int send_one_fd_sa(
1028 int transport_fd,
1029 int fd,
1030 const struct sockaddr *sa, socklen_t len,
1031 int flags) {
1032
1033 union {
1034 struct cmsghdr cmsghdr;
1035 uint8_t buf[CMSG_SPACE(sizeof(int))];
1036 } control = {};
1037 struct msghdr mh = {
1038 .msg_name = (struct sockaddr*) sa,
1039 .msg_namelen = len,
1040 .msg_control = &control,
1041 .msg_controllen = sizeof(control),
1042 };
1043 struct cmsghdr *cmsg;
1044
1045 assert(transport_fd >= 0);
1046 assert(fd >= 0);
1047
1048 cmsg = CMSG_FIRSTHDR(&mh);
1049 cmsg->cmsg_level = SOL_SOCKET;
1050 cmsg->cmsg_type = SCM_RIGHTS;
1051 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
1052 memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
1053
1054 mh.msg_controllen = CMSG_SPACE(sizeof(int));
1055 if (sendmsg(transport_fd, &mh, MSG_NOSIGNAL | flags) < 0)
1056 return -errno;
1057
1058 return 0;
1059 }
1060
1061 int receive_one_fd(int transport_fd, int flags) {
1062 union {
1063 struct cmsghdr cmsghdr;
1064 uint8_t buf[CMSG_SPACE(sizeof(int))];
1065 } control = {};
1066 struct msghdr mh = {
1067 .msg_control = &control,
1068 .msg_controllen = sizeof(control),
1069 };
1070 struct cmsghdr *cmsg, *found = NULL;
1071
1072 assert(transport_fd >= 0);
1073
1074 /*
1075 * Receive a single FD via @transport_fd. We don't care for
1076 * the transport-type. We retrieve a single FD at most, so for
1077 * packet-based transports, the caller must ensure to send
1078 * only a single FD per packet. This is best used in
1079 * combination with send_one_fd().
1080 */
1081
1082 if (recvmsg(transport_fd, &mh, MSG_NOSIGNAL | MSG_CMSG_CLOEXEC | flags) < 0)
1083 return -errno;
1084
1085 CMSG_FOREACH(cmsg, &mh) {
1086 if (cmsg->cmsg_level == SOL_SOCKET &&
1087 cmsg->cmsg_type == SCM_RIGHTS &&
1088 cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
1089 assert(!found);
1090 found = cmsg;
1091 break;
1092 }
1093 }
1094
1095 if (!found) {
1096 cmsg_close_all(&mh);
1097 return -EIO;
1098 }
1099
1100 return *(int*) CMSG_DATA(found);
1101 }
1102
1103 ssize_t next_datagram_size_fd(int fd) {
1104 ssize_t l;
1105 int k;
1106
1107 /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
1108 * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD doesn't
1109 * do. This difference is actually of major importance as we need to be sure that the size returned here
1110 * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
1111 * the wrong size. */
1112
1113 l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
1114 if (l < 0) {
1115 if (IN_SET(errno, EOPNOTSUPP, EFAULT))
1116 goto fallback;
1117
1118 return -errno;
1119 }
1120 if (l == 0)
1121 goto fallback;
1122
1123 return l;
1124
1125 fallback:
1126 k = 0;
1127
1128 /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
1129 * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
1130
1131 if (ioctl(fd, FIONREAD, &k) < 0)
1132 return -errno;
1133
1134 return (ssize_t) k;
1135 }
1136
1137 int flush_accept(int fd) {
1138
1139 struct pollfd pollfd = {
1140 .fd = fd,
1141 .events = POLLIN,
1142 };
1143 int r;
1144
1145
1146 /* Similar to flush_fd() but flushes all incoming connection by accepting them and immediately closing them. */
1147
1148 for (;;) {
1149 int cfd;
1150
1151 r = poll(&pollfd, 1, 0);
1152 if (r < 0) {
1153 if (errno == EINTR)
1154 continue;
1155
1156 return -errno;
1157
1158 } else if (r == 0)
1159 return 0;
1160
1161 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1162 if (cfd < 0) {
1163 if (errno == EINTR)
1164 continue;
1165
1166 if (errno == EAGAIN)
1167 return 0;
1168
1169 return -errno;
1170 }
1171
1172 close(cfd);
1173 }
1174 }
1175
1176 struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length) {
1177 struct cmsghdr *cmsg;
1178
1179 assert(mh);
1180
1181 CMSG_FOREACH(cmsg, mh)
1182 if (cmsg->cmsg_level == level &&
1183 cmsg->cmsg_type == type &&
1184 (length == (socklen_t) -1 || length == cmsg->cmsg_len))
1185 return cmsg;
1186
1187 return NULL;
1188 }
1189
1190 int socket_ioctl_fd(void) {
1191 int fd;
1192
1193 /* Create a socket to invoke the various network interface ioctl()s on. Traditionally only AF_INET was good for
1194 * that. Since kernel 4.6 AF_NETLINK works for this too. We first try to use AF_INET hence, but if that's not
1195 * available (for example, because it is made unavailable via SECCOMP or such), we'll fall back to the more
1196 * generic AF_NETLINK. */
1197
1198 fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0);
1199 if (fd < 0)
1200 fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_GENERIC);
1201 if (fd < 0)
1202 return -errno;
1203
1204 return fd;
1205 }
Unnamed repository; edit this file 'description' to name the repository.