1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
5 #include "sd-netlink.h"
7 #include "alloc-util.h"
12 #include "netlink-genl.h"
13 #include "netlink-internal.h"
14 #include "netlink-slot.h"
15 #include "netlink-util.h"
16 #include "process-util.h"
17 #include "socket-util.h"
18 #include "string-util.h"
20 /* Some really high limit, to catch programming errors */
21 #define REPLY_CALLBACKS_MAX UINT16_MAX
23 static int netlink_new(sd_netlink
**ret
) {
24 _cleanup_(sd_netlink_unrefp
) sd_netlink
*nl
= NULL
;
26 assert_return(ret
, -EINVAL
);
28 nl
= new(sd_netlink
, 1);
35 .sockaddr
.nl
.nl_family
= AF_NETLINK
,
36 .original_pid
= getpid_cached(),
39 /* Kernel change notification messages have sequence number 0. We want to avoid that with our
40 * own serials, in order not to get confused when matching up kernel replies to our earlier
43 * Moreover, when using netlink socket activation (i.e. where PID 1 binds an AF_NETLINK
44 * socket for us and passes it to us across execve()) and we get restarted multiple times
45 * while the socket sticks around we might get confused by replies from earlier runs coming
46 * in late — which is pretty likely if we'd start our sequence numbers always from 1. Hence,
47 * let's start with a value based on the system clock. This should make collisions much less
48 * likely (though still theoretically possible). We use a 32 bit μs counter starting at boot
49 * for this (and explicitly exclude the zero, see above). This counter will wrap around after
50 * a bit more than 1h, but that's hopefully OK as the kernel shouldn't take that long to
51 * reply to our requests.
53 * We only pick the initial start value this way. For each message we simply increase the
54 * sequence number by 1. This means we could enqueue 1 netlink message per μs without risking
55 * collisions, which should be OK.
57 * Note this means the serials will be in the range 1…UINT32_MAX here.
59 * (In an ideal world we'd attach the current serial counter to the netlink socket itself
60 * somehow, to avoid all this, but I couldn't come up with a nice way to do this) */
61 .serial
= (uint32_t) (now(CLOCK_MONOTONIC
) % UINT32_MAX
) + 1,
68 int sd_netlink_open_fd(sd_netlink
**ret
, int fd
) {
69 _cleanup_(sd_netlink_unrefp
) sd_netlink
*nl
= NULL
;
72 assert_return(ret
, -EINVAL
);
73 assert_return(fd
>= 0, -EBADF
);
79 r
= getsockopt_int(fd
, SOL_SOCKET
, SO_PROTOCOL
, &protocol
);
84 nl
->protocol
= protocol
;
86 r
= setsockopt_int(fd
, SOL_NETLINK
, NETLINK_EXT_ACK
, true);
88 log_debug_errno(r
, "sd-netlink: Failed to enable NETLINK_EXT_ACK option, ignoring: %m");
90 r
= setsockopt_int(fd
, SOL_NETLINK
, NETLINK_GET_STRICT_CHK
, true);
92 log_debug_errno(r
, "sd-netlink: Failed to enable NETLINK_GET_STRICT_CHK option, ignoring: %m");
96 nl
->fd
= -EBADF
; /* on failure, the caller remains owner of the fd, hence don't close it here */
106 int sd_netlink_open(sd_netlink
**ret
) {
107 return netlink_open_family(ret
, NETLINK_ROUTE
);
110 int sd_netlink_increase_rxbuf(sd_netlink
*nl
, size_t size
) {
111 assert_return(nl
, -EINVAL
);
112 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
114 return fd_increase_rxbuf(nl
->fd
, size
);
117 static sd_netlink
*netlink_free(sd_netlink
*nl
) {
122 ordered_set_free(nl
->rqueue
);
123 hashmap_free(nl
->rqueue_by_serial
);
124 hashmap_free(nl
->rqueue_partial_by_serial
);
127 while ((s
= nl
->slots
)) {
129 netlink_slot_disconnect(s
, true);
131 hashmap_free(nl
->reply_callbacks
);
132 prioq_free(nl
->reply_callbacks_prioq
);
134 sd_event_source_unref(nl
->io_event_source
);
135 sd_event_source_unref(nl
->time_event_source
);
136 sd_event_unref(nl
->event
);
138 hashmap_free(nl
->broadcast_group_refs
);
140 genl_clear_family(nl
);
146 DEFINE_TRIVIAL_REF_UNREF_FUNC(sd_netlink
, sd_netlink
, netlink_free
);
150 sd_netlink_message
*message
,
155 assert_return(nl
, -EINVAL
);
156 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
157 assert_return(message
, -EINVAL
);
158 assert_return(!message
->sealed
, -EPERM
);
160 netlink_seal_message(nl
, message
);
162 r
= socket_write_message(nl
, message
);
167 *serial
= message_get_serial(message
);
172 static int dispatch_rqueue(sd_netlink
*nl
, sd_netlink_message
**ret
) {
173 sd_netlink_message
*m
;
179 if (ordered_set_isempty(nl
->rqueue
)) {
180 /* Try to read a new message */
181 r
= socket_read_message(nl
);
182 if (r
== -ENOBUFS
) /* FIXME: ignore buffer overruns for now */
183 log_debug_errno(r
, "sd-netlink: Got ENOBUFS from netlink socket, ignoring.");
188 /* Dispatch a queued message */
189 m
= ordered_set_steal_first(nl
->rqueue
);
191 sd_netlink_message_unref(hashmap_remove_value(nl
->rqueue_by_serial
, UINT32_TO_PTR(message_get_serial(m
)), m
));
196 static int process_timeout(sd_netlink
*nl
) {
197 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
198 struct reply_callback
*c
;
199 sd_netlink_slot
*slot
;
205 c
= prioq_peek(nl
->reply_callbacks_prioq
);
209 n
= now(CLOCK_MONOTONIC
);
213 r
= message_new_synthetic_error(nl
, -ETIMEDOUT
, c
->serial
, &m
);
217 assert_se(prioq_pop(nl
->reply_callbacks_prioq
) == c
);
218 hashmap_remove(nl
->reply_callbacks
, UINT32_TO_PTR(c
->serial
));
220 slot
= container_of(c
, sd_netlink_slot
, reply_callback
);
222 r
= c
->callback(nl
, m
, slot
->userdata
);
224 log_debug_errno(r
, "sd-netlink: timedout callback %s%s%sfailed: %m",
225 slot
->description
? "'" : "",
226 strempty(slot
->description
),
227 slot
->description
? "' " : "");
230 netlink_slot_disconnect(slot
, true);
235 static int process_reply(sd_netlink
*nl
, sd_netlink_message
*m
) {
236 struct reply_callback
*c
;
237 sd_netlink_slot
*slot
;
245 serial
= message_get_serial(m
);
246 c
= hashmap_remove(nl
->reply_callbacks
, UINT32_TO_PTR(serial
));
250 if (c
->timeout
!= USEC_INFINITY
)
251 prioq_remove(nl
->reply_callbacks_prioq
, c
, &c
->prioq_idx
);
253 r
= sd_netlink_message_get_type(m
, &type
);
257 if (type
== NLMSG_DONE
)
260 slot
= container_of(c
, sd_netlink_slot
, reply_callback
);
262 r
= c
->callback(nl
, m
, slot
->userdata
);
264 log_debug_errno(r
, "sd-netlink: reply callback %s%s%sfailed: %m",
265 slot
->description
? "'" : "",
266 strempty(slot
->description
),
267 slot
->description
? "' " : "");
270 netlink_slot_disconnect(slot
, true);
275 static int process_match(sd_netlink
*nl
, sd_netlink_message
*m
) {
283 r
= sd_netlink_message_get_type(m
, &type
);
287 if (m
->protocol
== NETLINK_GENERIC
) {
288 r
= sd_genl_message_get_command(nl
, m
, &cmd
);
294 LIST_FOREACH(match_callbacks
, c
, nl
->match_callbacks
) {
295 sd_netlink_slot
*slot
;
300 if (c
->cmd
!= 0 && c
->cmd
!= cmd
)
303 for (size_t i
= 0; i
< c
->n_groups
; i
++)
304 if (c
->groups
[i
] == m
->multicast_group
) {
312 slot
= container_of(c
, sd_netlink_slot
, match_callback
);
314 r
= c
->callback(nl
, m
, slot
->userdata
);
316 log_debug_errno(r
, "sd-netlink: match callback %s%s%sfailed: %m",
317 slot
->description
? "'" : "",
318 strempty(slot
->description
),
319 slot
->description
? "' " : "");
327 static int process_running(sd_netlink
*nl
, sd_netlink_message
**ret
) {
328 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
333 r
= process_timeout(nl
);
337 r
= dispatch_rqueue(nl
, &m
);
343 if (sd_netlink_message_is_broadcast(m
))
344 r
= process_match(nl
, m
);
346 r
= process_reply(nl
, m
);
365 int sd_netlink_process(sd_netlink
*nl
, sd_netlink_message
**ret
) {
366 NETLINK_DONT_DESTROY(nl
);
369 assert_return(nl
, -EINVAL
);
370 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
371 assert_return(!nl
->processing
, -EBUSY
);
373 nl
->processing
= true;
374 r
= process_running(nl
, ret
);
375 nl
->processing
= false;
380 static usec_t
timespan_to_timestamp(usec_t usec
) {
381 static bool default_timeout_set
= false;
382 static usec_t default_timeout
;
386 if (!default_timeout_set
) {
389 default_timeout_set
= true;
390 default_timeout
= NETLINK_DEFAULT_TIMEOUT_USEC
;
392 e
= secure_getenv("SYSTEMD_NETLINK_DEFAULT_TIMEOUT");
394 r
= parse_sec(e
, &default_timeout
);
396 log_debug_errno(r
, "sd-netlink: Failed to parse $SYSTEMD_NETLINK_DEFAULT_TIMEOUT environment variable, ignoring: %m");
400 usec
= default_timeout
;
403 return usec_add(now(CLOCK_MONOTONIC
), usec
);
406 static int netlink_poll(sd_netlink
*nl
, bool need_more
, usec_t timeout_usec
) {
407 usec_t m
= USEC_INFINITY
;
412 e
= sd_netlink_get_events(nl
);
417 /* Caller wants more data, and doesn't care about
418 * what's been read or any other timeouts. */
423 /* Caller wants to process if there is something to
424 * process, but doesn't care otherwise */
426 r
= sd_netlink_get_timeout(nl
, &until
);
430 m
= usec_sub_unsigned(until
, now(CLOCK_MONOTONIC
));
433 r
= fd_wait_for_event(nl
->fd
, e
, MIN(m
, timeout_usec
));
440 int sd_netlink_wait(sd_netlink
*nl
, uint64_t timeout_usec
) {
443 assert_return(nl
, -EINVAL
);
444 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
446 if (!ordered_set_isempty(nl
->rqueue
))
449 r
= netlink_poll(nl
, false, timeout_usec
);
450 if (ERRNO_IS_NEG_TRANSIENT(r
)) /* Convert EINTR to "something happened" and give user a chance to run some code before calling back into us */
455 static int timeout_compare(const void *a
, const void *b
) {
456 const struct reply_callback
*x
= a
, *y
= b
;
458 return CMP(x
->timeout
, y
->timeout
);
461 size_t netlink_get_reply_callback_count(sd_netlink
*nl
) {
464 return hashmap_size(nl
->reply_callbacks
);
467 int sd_netlink_call_async(
469 sd_netlink_slot
**ret_slot
,
470 sd_netlink_message
*m
,
471 sd_netlink_message_handler_t callback
,
472 sd_netlink_destroy_t destroy_callback
,
475 const char *description
) {
477 _cleanup_free_ sd_netlink_slot
*slot
= NULL
;
480 assert_return(nl
, -EINVAL
);
481 assert_return(m
, -EINVAL
);
482 assert_return(callback
, -EINVAL
);
483 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
485 if (hashmap_size(nl
->reply_callbacks
) >= REPLY_CALLBACKS_MAX
)
488 r
= hashmap_ensure_allocated(&nl
->reply_callbacks
, &trivial_hash_ops
);
492 if (usec
!= UINT64_MAX
) {
493 r
= prioq_ensure_allocated(&nl
->reply_callbacks_prioq
, timeout_compare
);
498 r
= netlink_slot_allocate(nl
, !ret_slot
, NETLINK_REPLY_CALLBACK
, sizeof(struct reply_callback
), userdata
, description
, &slot
);
502 slot
->reply_callback
.callback
= callback
;
503 slot
->reply_callback
.timeout
= timespan_to_timestamp(usec
);
505 k
= sd_netlink_send(nl
, m
, &slot
->reply_callback
.serial
);
509 r
= hashmap_put(nl
->reply_callbacks
, UINT32_TO_PTR(slot
->reply_callback
.serial
), &slot
->reply_callback
);
513 if (slot
->reply_callback
.timeout
!= USEC_INFINITY
) {
514 r
= prioq_put(nl
->reply_callbacks_prioq
, &slot
->reply_callback
, &slot
->reply_callback
.prioq_idx
);
516 (void) hashmap_remove(nl
->reply_callbacks
, UINT32_TO_PTR(slot
->reply_callback
.serial
));
521 /* Set this at last. Otherwise, some failures in above would call destroy_callback but some would not. */
522 slot
->destroy_callback
= destroy_callback
;
536 sd_netlink_message
**ret
) {
541 assert_return(nl
, -EINVAL
);
542 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
544 timeout
= timespan_to_timestamp(usec
);
547 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
550 m
= hashmap_remove(nl
->rqueue_by_serial
, UINT32_TO_PTR(serial
));
554 /* found a match, remove from rqueue and return it */
555 sd_netlink_message_unref(ordered_set_remove(nl
->rqueue
, m
));
557 r
= sd_netlink_message_get_errno(m
);
561 r
= sd_netlink_message_get_type(m
, &type
);
565 if (type
== NLMSG_DONE
) {
576 r
= socket_read_message(nl
);
580 /* received message, so try to process straight away */
583 if (timeout
!= USEC_INFINITY
) {
586 n
= now(CLOCK_MONOTONIC
);
590 left
= usec_sub_unsigned(timeout
, n
);
592 left
= USEC_INFINITY
;
594 r
= netlink_poll(nl
, true, left
);
604 sd_netlink_message
*message
,
606 sd_netlink_message
**ret
) {
611 assert_return(nl
, -EINVAL
);
612 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
613 assert_return(message
, -EINVAL
);
615 r
= sd_netlink_send(nl
, message
, &serial
);
619 return sd_netlink_read(nl
, serial
, usec
, ret
);
622 int sd_netlink_get_events(sd_netlink
*nl
) {
623 assert_return(nl
, -EINVAL
);
624 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
626 return ordered_set_isempty(nl
->rqueue
) ? POLLIN
: 0;
629 int sd_netlink_get_timeout(sd_netlink
*nl
, uint64_t *timeout_usec
) {
630 struct reply_callback
*c
;
632 assert_return(nl
, -EINVAL
);
633 assert_return(timeout_usec
, -EINVAL
);
634 assert_return(!netlink_pid_changed(nl
), -ECHILD
);
636 if (!ordered_set_isempty(nl
->rqueue
)) {
641 c
= prioq_peek(nl
->reply_callbacks_prioq
);
643 *timeout_usec
= UINT64_MAX
;
647 *timeout_usec
= c
->timeout
;
651 static int io_callback(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
652 sd_netlink
*nl
= ASSERT_PTR(userdata
);
655 r
= sd_netlink_process(nl
, NULL
);
662 static int time_callback(sd_event_source
*s
, uint64_t usec
, void *userdata
) {
663 sd_netlink
*nl
= ASSERT_PTR(userdata
);
666 r
= sd_netlink_process(nl
, NULL
);
673 static int prepare_callback(sd_event_source
*s
, void *userdata
) {
674 sd_netlink
*nl
= ASSERT_PTR(userdata
);
680 r
= sd_netlink_get_events(nl
);
684 r
= sd_event_source_set_io_events(nl
->io_event_source
, r
);
688 enabled
= sd_netlink_get_timeout(nl
, &until
);
692 r
= sd_event_source_set_time(nl
->time_event_source
, until
);
697 r
= sd_event_source_set_enabled(nl
->time_event_source
,
698 enabled
> 0 ? SD_EVENT_ONESHOT
: SD_EVENT_OFF
);
705 int sd_netlink_attach_event(sd_netlink
*nl
, sd_event
*event
, int64_t priority
) {
708 assert_return(nl
, -EINVAL
);
709 assert_return(!nl
->event
, -EBUSY
);
711 assert(!nl
->io_event_source
);
712 assert(!nl
->time_event_source
);
715 nl
->event
= sd_event_ref(event
);
717 r
= sd_event_default(&nl
->event
);
722 r
= sd_event_add_io(nl
->event
, &nl
->io_event_source
, nl
->fd
, 0, io_callback
, nl
);
726 r
= sd_event_source_set_priority(nl
->io_event_source
, priority
);
730 r
= sd_event_source_set_description(nl
->io_event_source
, "netlink-receive-message");
734 r
= sd_event_source_set_prepare(nl
->io_event_source
, prepare_callback
);
738 r
= sd_event_add_time(nl
->event
, &nl
->time_event_source
, CLOCK_MONOTONIC
, 0, 0, time_callback
, nl
);
742 r
= sd_event_source_set_priority(nl
->time_event_source
, priority
);
746 r
= sd_event_source_set_description(nl
->time_event_source
, "netlink-timer");
753 sd_netlink_detach_event(nl
);
757 int sd_netlink_detach_event(sd_netlink
*nl
) {
758 assert_return(nl
, -EINVAL
);
759 assert_return(nl
->event
, -ENXIO
);
761 nl
->io_event_source
= sd_event_source_unref(nl
->io_event_source
);
763 nl
->time_event_source
= sd_event_source_unref(nl
->time_event_source
);
765 nl
->event
= sd_event_unref(nl
->event
);
770 sd_event
* sd_netlink_get_event(sd_netlink
*nl
) {
771 assert_return(nl
, NULL
);
776 int netlink_add_match_internal(
778 sd_netlink_slot
**ret_slot
,
779 const uint32_t *groups
,
783 sd_netlink_message_handler_t callback
,
784 sd_netlink_destroy_t destroy_callback
,
786 const char *description
) {
788 _cleanup_free_ sd_netlink_slot
*slot
= NULL
;
792 assert(n_groups
> 0);
794 for (size_t i
= 0; i
< n_groups
; i
++) {
795 r
= socket_broadcast_group_ref(nl
, groups
[i
]);
800 r
= netlink_slot_allocate(nl
, !ret_slot
, NETLINK_MATCH_CALLBACK
, sizeof(struct match_callback
),
801 userdata
, description
, &slot
);
805 slot
->match_callback
.groups
= newdup(uint32_t, groups
, n_groups
);
806 if (!slot
->match_callback
.groups
)
809 slot
->match_callback
.n_groups
= n_groups
;
810 slot
->match_callback
.callback
= callback
;
811 slot
->match_callback
.type
= type
;
812 slot
->match_callback
.cmd
= cmd
;
814 LIST_PREPEND(match_callbacks
, nl
->match_callbacks
, &slot
->match_callback
);
816 /* Set this at last. Otherwise, some failures in above call the destroy callback but some do not. */
817 slot
->destroy_callback
= destroy_callback
;
826 int sd_netlink_add_match(
828 sd_netlink_slot
**ret_slot
,
830 sd_netlink_message_handler_t callback
,
831 sd_netlink_destroy_t destroy_callback
,
833 const char *description
) {
835 static const uint32_t
836 address_groups
[] = { RTNLGRP_IPV4_IFADDR
, RTNLGRP_IPV6_IFADDR
, },
837 link_groups
[] = { RTNLGRP_LINK
, },
838 neighbor_groups
[] = { RTNLGRP_NEIGH
, },
839 nexthop_groups
[] = { RTNLGRP_NEXTHOP
, },
840 route_groups
[] = { RTNLGRP_IPV4_ROUTE
, RTNLGRP_IPV6_ROUTE
, },
841 rule_groups
[] = { RTNLGRP_IPV4_RULE
, RTNLGRP_IPV6_RULE
, },
842 tc_groups
[] = { RTNLGRP_TC
};
843 const uint32_t *groups
;
846 assert_return(rtnl
, -EINVAL
);
847 assert_return(callback
, -EINVAL
);
848 assert_return(!netlink_pid_changed(rtnl
), -ECHILD
);
853 groups
= link_groups
;
854 n_groups
= ELEMENTSOF(link_groups
);
858 groups
= address_groups
;
859 n_groups
= ELEMENTSOF(address_groups
);
863 groups
= neighbor_groups
;
864 n_groups
= ELEMENTSOF(neighbor_groups
);
868 groups
= route_groups
;
869 n_groups
= ELEMENTSOF(route_groups
);
873 groups
= rule_groups
;
874 n_groups
= ELEMENTSOF(rule_groups
);
878 groups
= nexthop_groups
;
879 n_groups
= ELEMENTSOF(nexthop_groups
);
886 n_groups
= ELEMENTSOF(tc_groups
);
892 return netlink_add_match_internal(rtnl
, ret_slot
, groups
, n_groups
, type
, 0, callback
,
893 destroy_callback
, userdata
, description
);
896 int sd_netlink_attach_filter(sd_netlink
*nl
, size_t len
, const struct sock_filter
*filter
) {
897 assert_return(nl
, -EINVAL
);
898 assert_return(len
== 0 || filter
, -EINVAL
);
900 if (setsockopt(nl
->fd
, SOL_SOCKET
,
901 len
== 0 ? SO_DETACH_FILTER
: SO_ATTACH_FILTER
,
902 &(struct sock_fprog
) {
904 .filter
= (struct sock_filter
*) filter
,
905 }, sizeof(struct sock_fprog
)) < 0)