1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <arpa/inet.h>
26 #include <netinet/ip.h>
30 #include <sys/types.h>
33 #include "alloc-util.h"
36 #include "formats-util.h"
39 #include "parse-util.h"
40 #include "path-util.h"
41 #include "socket-util.h"
42 #include "string-table.h"
43 #include "string-util.h"
44 #include "user-util.h"
47 int socket_address_parse(SocketAddress *a, const char *s) {
56 a->type = SOCK_STREAM;
59 /* IPv6 in [x:.....:z]:p notation */
65 n = strndupa(s+1, e-s-1);
68 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
69 return errno > 0 ? -errno : -EINVAL;
80 if (u <= 0 || u > 0xFFFF)
83 a->sockaddr.in6.sin6_family = AF_INET6;
84 a->sockaddr.in6.sin6_port = htons((uint16_t) u);
85 a->size = sizeof(struct sockaddr_in6);
87 } else if (*s == '/') {
93 if (l >= sizeof(a->sockaddr.un.sun_path))
96 a->sockaddr.un.sun_family = AF_UNIX;
97 memcpy(a->sockaddr.un.sun_path, s, l);
98 a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
100 } else if (*s == '@') {
101 /* Abstract AF_UNIX socket */
105 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
108 a->sockaddr.un.sun_family = AF_UNIX;
109 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
110 a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
115 r = safe_atou(e+1, &u);
119 if (u <= 0 || u > 0xFFFF)
122 n = strndupa(s, e-s);
124 /* IPv4 in w.x.y.z:p notation? */
125 r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
130 /* Gotcha, it's a traditional IPv4 address */
131 a->sockaddr.in.sin_family = AF_INET;
132 a->sockaddr.in.sin_port = htons((uint16_t) u);
133 a->size = sizeof(struct sockaddr_in);
137 if (strlen(n) > IF_NAMESIZE-1)
140 /* Uh, our last resort, an interface name */
141 idx = if_nametoindex(n);
145 a->sockaddr.in6.sin6_family = AF_INET6;
146 a->sockaddr.in6.sin6_port = htons((uint16_t) u);
147 a->sockaddr.in6.sin6_scope_id = idx;
148 a->sockaddr.in6.sin6_addr = in6addr_any;
149 a->size = sizeof(struct sockaddr_in6);
154 r = safe_atou(s, &u);
158 if (u <= 0 || u > 0xFFFF)
161 if (socket_ipv6_is_supported()) {
162 a->sockaddr.in6.sin6_family = AF_INET6;
163 a->sockaddr.in6.sin6_port = htons((uint16_t) u);
164 a->sockaddr.in6.sin6_addr = in6addr_any;
165 a->size = sizeof(struct sockaddr_in6);
167 a->sockaddr.in.sin_family = AF_INET;
168 a->sockaddr.in.sin_port = htons((uint16_t) u);
169 a->sockaddr.in.sin_addr.s_addr = INADDR_ANY;
170 a->size = sizeof(struct sockaddr_in);
178 int socket_address_parse_and_warn(SocketAddress *a, const char *s) {
182 /* Similar to socket_address_parse() but warns for IPv6 sockets when we don't support them. */
184 r = socket_address_parse(&b, s);
188 if (!socket_ipv6_is_supported() && b.sockaddr.sa.sa_family == AF_INET6) {
189 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
190 return -EAFNOSUPPORT;
197 int socket_address_parse_netlink(SocketAddress *a, const char *s) {
200 _cleanup_free_ char *sfamily = NULL;
208 if (sscanf(s, "%ms %u", &sfamily, &group) < 1)
209 return errno > 0 ? -errno : -EINVAL;
211 family = netlink_family_from_string(sfamily);
215 a->sockaddr.nl.nl_family = AF_NETLINK;
216 a->sockaddr.nl.nl_groups = group;
219 a->size = sizeof(struct sockaddr_nl);
220 a->protocol = family;
225 int socket_address_verify(const SocketAddress *a) {
228 switch (socket_address_family(a)) {
231 if (a->size != sizeof(struct sockaddr_in))
234 if (a->sockaddr.in.sin_port == 0)
237 if (a->type != SOCK_STREAM && a->type != SOCK_DGRAM)
243 if (a->size != sizeof(struct sockaddr_in6))
246 if (a->sockaddr.in6.sin6_port == 0)
249 if (a->type != SOCK_STREAM && a->type != SOCK_DGRAM)
255 if (a->size < offsetof(struct sockaddr_un, sun_path))
258 if (a->size > offsetof(struct sockaddr_un, sun_path)) {
260 if (a->sockaddr.un.sun_path[0] != 0) {
264 e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path));
268 if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
273 if (a->type != SOCK_STREAM && a->type != SOCK_DGRAM && a->type != SOCK_SEQPACKET)
280 if (a->size != sizeof(struct sockaddr_nl))
283 if (a->type != SOCK_RAW && a->type != SOCK_DGRAM)
289 return -EAFNOSUPPORT;
293 int socket_address_print(const SocketAddress *a, char **ret) {
299 r = socket_address_verify(a);
303 if (socket_address_family(a) == AF_NETLINK) {
304 _cleanup_free_ char *sfamily = NULL;
306 r = netlink_family_to_string_alloc(a->protocol, &sfamily);
310 r = asprintf(ret, "%s %u", sfamily, a->sockaddr.nl.nl_groups);
317 return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
320 bool socket_address_can_accept(const SocketAddress *a) {
324 a->type == SOCK_STREAM ||
325 a->type == SOCK_SEQPACKET;
328 bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
332 /* Invalid addresses are unequal to all */
333 if (socket_address_verify(a) < 0 ||
334 socket_address_verify(b) < 0)
337 if (a->type != b->type)
340 if (socket_address_family(a) != socket_address_family(b))
343 switch (socket_address_family(a)) {
346 if (a->sockaddr.in.sin_addr.s_addr != b->sockaddr.in.sin_addr.s_addr)
349 if (a->sockaddr.in.sin_port != b->sockaddr.in.sin_port)
355 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
358 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
364 if (a->size <= offsetof(struct sockaddr_un, sun_path) ||
365 b->size <= offsetof(struct sockaddr_un, sun_path))
368 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
371 if (a->sockaddr.un.sun_path[0]) {
372 if (!path_equal_or_files_same(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path))
375 if (a->size != b->size)
378 if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
385 if (a->protocol != b->protocol)
388 if (a->sockaddr.nl.nl_groups != b->sockaddr.nl.nl_groups)
394 /* Cannot compare, so we assume the addresses are different */
401 bool socket_address_is(const SocketAddress *a, const char *s, int type) {
402 struct SocketAddress b;
407 if (socket_address_parse(&b, s) < 0)
412 return socket_address_equal(a, &b);
415 bool socket_address_is_netlink(const SocketAddress *a, const char *s) {
416 struct SocketAddress b;
421 if (socket_address_parse_netlink(&b, s) < 0)
424 return socket_address_equal(a, &b);
427 const char* socket_address_get_path(const SocketAddress *a) {
430 if (socket_address_family(a) != AF_UNIX)
433 if (a->sockaddr.un.sun_path[0] == 0)
436 return a->sockaddr.un.sun_path;
439 bool socket_ipv6_is_supported(void) {
440 _cleanup_free_ char *l = NULL;
442 if (access("/sys/module/ipv6", F_OK) != 0)
445 /* If we can't check "disable" parameter, assume enabled */
446 if (read_one_line_file("/sys/module/ipv6/parameters/disable", &l) < 0)
449 /* If module was loaded with disable=1 no IPv6 available */
453 bool socket_address_matches_fd(const SocketAddress *a, int fd) {
460 b.size = sizeof(b.sockaddr);
461 if (getsockname(fd, &b.sockaddr.sa, &b.size) < 0)
464 if (b.sockaddr.sa.sa_family != a->sockaddr.sa.sa_family)
467 solen = sizeof(b.type);
468 if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &b.type, &solen) < 0)
471 if (b.type != a->type)
474 if (a->protocol != 0) {
475 solen = sizeof(b.protocol);
476 if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &b.protocol, &solen) < 0)
479 if (b.protocol != a->protocol)
483 return socket_address_equal(a, &b);
486 int sockaddr_port(const struct sockaddr *_sa) {
487 union sockaddr_union *sa = (union sockaddr_union*) _sa;
491 if (!IN_SET(sa->sa.sa_family, AF_INET, AF_INET6))
492 return -EAFNOSUPPORT;
494 return ntohs(sa->sa.sa_family == AF_INET6 ?
499 int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
500 union sockaddr_union *sa = (union sockaddr_union*) _sa;
505 assert(salen >= sizeof(sa->sa.sa_family));
507 switch (sa->sa.sa_family) {
512 a = ntohl(sa->in.sin_addr.s_addr);
517 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
518 ntohs(sa->in.sin_port));
522 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF);
529 static const unsigned char ipv4_prefix[] = {
530 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
533 if (translate_ipv6 &&
534 memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
535 const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
539 a[0], a[1], a[2], a[3],
540 ntohs(sa->in6.sin6_port));
544 a[0], a[1], a[2], a[3]);
548 char a[INET6_ADDRSTRLEN];
550 inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
556 ntohs(sa->in6.sin6_port));
570 if (salen <= offsetof(struct sockaddr_un, sun_path)) {
571 p = strdup("<unnamed>");
575 } else if (sa->un.sun_path[0] == 0) {
578 /* FIXME: We assume we can print the
579 * socket path here and that it hasn't
580 * more than one NUL byte. That is
581 * actually an invalid assumption */
583 p = new(char, sizeof(sa->un.sun_path)+1);
588 memcpy(p+1, sa->un.sun_path+1, sizeof(sa->un.sun_path)-1);
589 p[sizeof(sa->un.sun_path)] = 0;
592 p = strndup(sa->un.sun_path, sizeof(sa->un.sun_path));
608 int getpeername_pretty(int fd, char **ret) {
609 union sockaddr_union sa;
610 socklen_t salen = sizeof(sa);
616 if (getpeername(fd, &sa.sa, &salen) < 0)
619 if (sa.sa.sa_family == AF_UNIX) {
620 struct ucred ucred = {};
622 /* UNIX connection sockets are anonymous, so let's use
623 * PID/UID as pretty credentials instead */
625 r = getpeercred(fd, &ucred);
629 if (asprintf(ret, "PID "PID_FMT"/UID "UID_FMT, ucred.pid, ucred.uid) < 0)
635 /* For remote sockets we translate IPv6 addresses back to IPv4
636 * if applicable, since that's nicer. */
638 return sockaddr_pretty(&sa.sa, salen, true, true, ret);
641 int getsockname_pretty(int fd, char **ret) {
642 union sockaddr_union sa;
643 socklen_t salen = sizeof(sa);
648 if (getsockname(fd, &sa.sa, &salen) < 0)
651 /* For local sockets we do not translate IPv6 addresses back
652 * to IPv6 if applicable, since this is usually used for
653 * listening sockets where the difference between IPv4 and
656 return sockaddr_pretty(&sa.sa, salen, false, true, ret);
659 int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
661 char host[NI_MAXHOST], *ret;
665 r = getnameinfo(&sa->sa, salen, host, sizeof(host), NULL, 0,
666 NI_IDN|NI_IDN_USE_STD3_ASCII_RULES);
668 int saved_errno = errno;
670 r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
674 log_debug_errno(saved_errno, "getnameinfo(%s) failed: %m", ret);
685 int getnameinfo_pretty(int fd, char **ret) {
686 union sockaddr_union sa;
687 socklen_t salen = sizeof(sa);
692 if (getsockname(fd, &sa.sa, &salen) < 0)
695 return socknameinfo_pretty(&sa, salen, ret);
698 int socket_address_unlink(SocketAddress *a) {
701 if (socket_address_family(a) != AF_UNIX)
704 if (a->sockaddr.un.sun_path[0] == 0)
707 if (unlink(a->sockaddr.un.sun_path) < 0)
713 static const char* const netlink_family_table[] = {
714 [NETLINK_ROUTE] = "route",
715 [NETLINK_FIREWALL] = "firewall",
716 [NETLINK_INET_DIAG] = "inet-diag",
717 [NETLINK_NFLOG] = "nflog",
718 [NETLINK_XFRM] = "xfrm",
719 [NETLINK_SELINUX] = "selinux",
720 [NETLINK_ISCSI] = "iscsi",
721 [NETLINK_AUDIT] = "audit",
722 [NETLINK_FIB_LOOKUP] = "fib-lookup",
723 [NETLINK_CONNECTOR] = "connector",
724 [NETLINK_NETFILTER] = "netfilter",
725 [NETLINK_IP6_FW] = "ip6-fw",
726 [NETLINK_DNRTMSG] = "dnrtmsg",
727 [NETLINK_KOBJECT_UEVENT] = "kobject-uevent",
728 [NETLINK_GENERIC] = "generic",
729 [NETLINK_SCSITRANSPORT] = "scsitransport",
730 [NETLINK_ECRYPTFS] = "ecryptfs"
733 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(netlink_family, int, INT_MAX);
735 static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
736 [SOCKET_ADDRESS_DEFAULT] = "default",
737 [SOCKET_ADDRESS_BOTH] = "both",
738 [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
741 DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);
743 bool sockaddr_equal(const union sockaddr_union *a, const union sockaddr_union *b) {
747 if (a->sa.sa_family != b->sa.sa_family)
750 if (a->sa.sa_family == AF_INET)
751 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
753 if (a->sa.sa_family == AF_INET6)
754 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
759 int fd_inc_sndbuf(int fd, size_t n) {
761 socklen_t l = sizeof(value);
763 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
764 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
767 /* If we have the privileges we will ignore the kernel limit. */
770 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
771 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
777 int fd_inc_rcvbuf(int fd, size_t n) {
779 socklen_t l = sizeof(value);
781 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
782 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
785 /* If we have the privileges we will ignore the kernel limit. */
788 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
789 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
794 static const char* const ip_tos_table[] = {
795 [IPTOS_LOWDELAY] = "low-delay",
796 [IPTOS_THROUGHPUT] = "throughput",
797 [IPTOS_RELIABILITY] = "reliability",
798 [IPTOS_LOWCOST] = "low-cost",
801 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
803 int getpeercred(int fd, struct ucred *ucred) {
804 socklen_t n = sizeof(struct ucred);
811 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
815 if (n != sizeof(struct ucred))
818 /* Check if the data is actually useful and not suppressed due
819 * to namespacing issues */
822 if (u.uid == UID_INVALID)
824 if (u.gid == GID_INVALID)
831 int getpeersec(int fd, char **ret) {
843 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
854 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
870 int send_one_fd(int transport_fd, int fd, int flags) {
872 struct cmsghdr cmsghdr;
873 uint8_t buf[CMSG_SPACE(sizeof(int))];
876 .msg_control = &control,
877 .msg_controllen = sizeof(control),
879 struct cmsghdr *cmsg;
881 assert(transport_fd >= 0);
884 cmsg = CMSG_FIRSTHDR(&mh);
885 cmsg->cmsg_level = SOL_SOCKET;
886 cmsg->cmsg_type = SCM_RIGHTS;
887 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
888 memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
890 mh.msg_controllen = CMSG_SPACE(sizeof(int));
891 if (sendmsg(transport_fd, &mh, MSG_NOSIGNAL | flags) < 0)
897 int receive_one_fd(int transport_fd, int flags) {
899 struct cmsghdr cmsghdr;
900 uint8_t buf[CMSG_SPACE(sizeof(int))];
903 .msg_control = &control,
904 .msg_controllen = sizeof(control),
906 struct cmsghdr *cmsg, *found = NULL;
908 assert(transport_fd >= 0);
911 * Receive a single FD via @transport_fd. We don't care for
912 * the transport-type. We retrieve a single FD at most, so for
913 * packet-based transports, the caller must ensure to send
914 * only a single FD per packet. This is best used in
915 * combination with send_one_fd().
918 if (recvmsg(transport_fd, &mh, MSG_NOSIGNAL | MSG_CMSG_CLOEXEC | flags) < 0)
921 CMSG_FOREACH(cmsg, &mh) {
922 if (cmsg->cmsg_level == SOL_SOCKET &&
923 cmsg->cmsg_type == SCM_RIGHTS &&
924 cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
936 return *(int*) CMSG_DATA(found);