sd-device/networkd: unify code to get a socket for issuing netdev ioctls on

As suggested here:

https://github.com/systemd/systemd/pull/4296#issuecomment-251911349

Let's try AF_INET first as socket, but let's fall back to AF_NETLINK, so that
we can use a protocol-independent socket here if possible. This has the benefit
that our code will still work even if AF_INET/AF_INET6 is made unavailable (for
exmple via seccomp), at least on current kernels.

diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 5c829e0e7e1a34b0340ceec08b400e1ec3b01b20..1662c047050aae55c49dc3d059a001194dd6795e 100644 (file)
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -1060,3 +1060,20 @@ struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t leng
 
         return NULL;
 }
+
+int socket_ioctl_fd(void) {
+        int fd;
+
+        /* Create a socket to invoke the various network interface ioctl()s on. Traditionally only AF_INET was good for
+         * that. Since kernel 4.6 AF_NETLINK works for this too. We first try to use AF_INET hence, but if that's not
+         * available (for example, because it is made unavailable via SECCOMP or such), we'll fall back to the more
+         * generic AF_NETLINK. */
+
+        fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0);
+        if (fd < 0)
+                fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_GENERIC);
+        if (fd < 0)
+                return -errno;
+
+        return fd;
+}

diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
index 2536b085f9551e1facb20015440124edaf5bb994..2ef572badb51ee644b68082447f4480c3161769b 100644 (file)
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@@ -154,3 +154,5 @@ struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t leng
                          1 + strnlen(_sa->sun_path+1, sizeof(_sa->sun_path)-1) : \
                          strnlen(_sa->sun_path, sizeof(_sa->sun_path))); \
         })
+
+int socket_ioctl_fd(void);

diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
index 0c4ad966bd4fb6c435d7e39b78caffecc76da5ec..411453e08d887d62e9af005a9d6ee7e515344ba8 100644 (file)
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -36,6 +36,7 @@
 #include "parse-util.h"
 #include "path-util.h"
 #include "set.h"
+#include "socket-util.h"
 #include "stat-util.h"
 #include "string-util.h"
 #include "strv.h"
@@ -629,9 +630,9 @@ _public_ int sd_device_new_from_device_id(sd_device **ret, const char *id) {
                 if (r < 0)
                         return r;
 
-                sk = socket(PF_INET, SOCK_DGRAM, 0);
+                sk = socket_ioctl_fd();
                 if (sk < 0)
-                        return -errno;
+                        return sk;
 
                 r = ioctl(sk, SIOCGIFNAME, &ifr);
                 if (r < 0)

diff --git a/src/udev/net/ethtool-util.c b/src/udev/net/ethtool-util.c
index b1aa0223fd659b227cb4a8e5a3d0091b957807ee..708a66557605dc7fb6ef2c994b3fa7f9874b9598 100644 (file)
--- a/src/udev/net/ethtool-util.c
+++ b/src/udev/net/ethtool-util.c
@@ -25,6 +25,7 @@
 #include "conf-parser.h"
 #include "ethtool-util.h"
 #include "log.h"
+#include "socket-util.h"
 #include "string-table.h"
 #include "strxcpyx.h"
 #include "util.h"
@@ -59,10 +60,9 @@ int ethtool_connect(int *ret) {
 
         assert_return(ret, -EINVAL);
 
-        fd = socket(PF_INET, SOCK_DGRAM, 0);
+        fd = socket_ioctl_fd();
         if (fd < 0)
-                return -errno;
-
+                return fd;
         *ret = fd;
 
         return 0;