2 * Copyright (C) 2016 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 #include <netinet/in.h>
21 #include <netinet/tcp.h>
22 #include <sys/socket.h>
25 #include <linux/netlink.h>
26 #include <linux/sock_diag.h>
27 #include <linux/inet_diag.h>
29 #define LOG_TAG "Netd"
31 #include <cutils/log.h>
33 #include "NetdConstants.h"
39 #define SOCK_DESTROY 21
44 struct AddrinfoDeleter {
45 void operator()(addrinfo *a) { if (a) freeaddrinfo(a); }
48 typedef std::unique_ptr<addrinfo, AddrinfoDeleter> ScopedAddrinfo;
50 int checkError(int fd) {
54 } __attribute__((__packed__)) ack;
55 ssize_t bytesread = recv(fd, &ack, sizeof(ack), MSG_DONTWAIT | MSG_PEEK);
56 if (bytesread == -1) {
57 // Read failed (error), or nothing to read (good).
58 return (errno == EAGAIN) ? 0 : -errno;
59 } else if (bytesread == (ssize_t) sizeof(ack) && ack.h.nlmsg_type == NLMSG_ERROR) {
60 // We got an error. Consume it.
61 recv(fd, &ack, sizeof(ack), 0);
64 // The kernel replied with something. Leave it to the caller.
71 bool SockDiag::open() {
76 mSock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG);
77 mWriteSock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG);
83 sockaddr_nl nl = { .nl_family = AF_NETLINK };
84 if ((connect(mSock, reinterpret_cast<sockaddr *>(&nl), sizeof(nl)) == -1) ||
85 (connect(mWriteSock, reinterpret_cast<sockaddr *>(&nl), sizeof(nl)) == -1)) {
93 int SockDiag::sendDumpRequest(uint8_t proto, uint8_t family, const char *addrstr) {
94 addrinfo hints = { .ai_flags = AI_NUMERICHOST };
96 in6_addr mapped = { .s6_addr32 = { 0, 0, htonl(0xffff), 0 } };
99 // TODO: refactor the netlink parsing code out of system/core, bring it into netd, and stop
100 // doing string conversions when they're not necessary.
101 if ((ret = getaddrinfo(addrstr, nullptr, &hints, &res)) != 0) {
105 // So we don't have to call freeaddrinfo on every failure path.
106 ScopedAddrinfo resP(res);
110 if (res->ai_family == AF_INET && family == AF_INET) {
111 in_addr& ina = reinterpret_cast<sockaddr_in*>(res->ai_addr)->sin_addr;
113 addrlen = sizeof(ina);
114 } else if (res->ai_family == AF_INET && family == AF_INET6) {
115 in_addr& ina = reinterpret_cast<sockaddr_in*>(res->ai_addr)->sin_addr;
116 mapped.s6_addr32[3] = ina.s_addr;
118 addrlen = sizeof(mapped);
119 } else if (res->ai_family == AF_INET6 && family == AF_INET6) {
120 in6_addr& in6a = reinterpret_cast<sockaddr_in6*>(res->ai_addr)->sin6_addr;
122 addrlen = sizeof(in6a);
124 return -EAFNOSUPPORT;
127 uint8_t prefixlen = addrlen * 8;
128 uint8_t yesjump = sizeof(inet_diag_bc_op) + sizeof(inet_diag_hostcond) + addrlen;
129 uint8_t nojump = yesjump + 4;
130 uint32_t states = ~(1 << TCP_TIME_WAIT);
134 inet_diag_req_v2 req;
137 inet_diag_hostcond cond;
138 } __attribute__((__packed__)) request = {
140 .nlmsg_type = SOCK_DIAG_BY_FAMILY,
141 .nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP,
144 .sdiag_family = family,
145 .sdiag_protocol = proto,
146 .idiag_states = states,
149 .nla_type = INET_DIAG_REQ_BYTECODE,
164 request.nlh.nlmsg_len = sizeof(request) + addrlen;
165 request.nla.nla_len = sizeof(request.nla) + sizeof(request.op) + sizeof(request.cond) + addrlen;
167 struct iovec iov[] = {
168 { &request, sizeof(request) },
172 if (writev(mSock, iov, ARRAY_SIZE(iov)) != (int) request.nlh.nlmsg_len) {
176 return checkError(mSock);
179 int SockDiag::readDiagMsg(uint8_t proto, SockDiag::DumpCallback callback) {
180 char buf[kBufferSize];
184 bytesread = read(mSock, buf, sizeof(buf));
190 uint32_t len = bytesread;
191 for (nlmsghdr *nlh = reinterpret_cast<nlmsghdr *>(buf);
193 nlh = NLMSG_NEXT(nlh, len)) {
194 switch (nlh->nlmsg_type) {
196 callback(proto, NULL);
199 nlmsgerr *err = reinterpret_cast<nlmsgerr *>(NLMSG_DATA(nlh));
203 inet_diag_msg *msg = reinterpret_cast<inet_diag_msg *>(NLMSG_DATA(nlh));
204 callback(proto, msg);
207 } while (bytesread > 0);
212 int SockDiag::sockDestroy(uint8_t proto, const inet_diag_msg *msg) {
213 if (msg == nullptr) {
217 DestroyRequest request = {
219 .nlmsg_type = SOCK_DESTROY,
220 .nlmsg_flags = NLM_F_REQUEST,
223 .sdiag_family = msg->idiag_family,
224 .sdiag_protocol = proto,
225 .idiag_states = (uint32_t) (1 << msg->idiag_state),
229 request.nlh.nlmsg_len = sizeof(request);
231 if (write(mWriteSock, &request, sizeof(request)) < (ssize_t) sizeof(request)) {
235 int ret = checkError(mWriteSock);
236 if (!ret) mSocketsDestroyed++;
240 int SockDiag::destroySockets(uint8_t proto, int family, const char *addrstr) {
245 if (int ret = sendDumpRequest(proto, family, addrstr)) {
249 auto destroy = [this] (uint8_t proto, const inet_diag_msg *msg) {
250 return this->sockDestroy(proto, msg);
253 return readDiagMsg(proto, destroy);
256 int SockDiag::destroySockets(const char *addrstr) {
257 using ms = std::chrono::duration<float, std::ratio<1, 1000>>;
259 mSocketsDestroyed = 0;
260 const auto start = std::chrono::steady_clock::now();
261 if (!strchr(addrstr, ':')) {
262 if (int ret = destroySockets(IPPROTO_TCP, AF_INET, addrstr)) {
263 ALOGE("Failed to destroy IPv4 sockets on %s: %s", addrstr, strerror(-ret));
267 if (int ret = destroySockets(IPPROTO_TCP, AF_INET6, addrstr)) {
268 ALOGE("Failed to destroy IPv6 sockets on %s: %s", addrstr, strerror(-ret));
271 auto elapsed = std::chrono::duration_cast<ms>(std::chrono::steady_clock::now() - start);
273 if (mSocketsDestroyed > 0) {
274 ALOGI("Destroyed %d sockets on %s in %.1f ms", mSocketsDestroyed, addrstr, elapsed.count());
277 return mSocketsDestroyed;