/** * Delete a neighbour * @arg handle netlink handle * @arg neigh neighbour to delete * * Builds a netlink message by calling rtnl_neigh_build_delete_request(), * sends the request to the kernel and waits for the next ACK to be * received and thus blocks until the request has been fullfilled. * * @return 0 on sucess or a negative error if an error occured. */ int rtnl_neigh_delete(struct nl_handle *handle, struct rtnl_neigh *neigh) { int err; struct nl_msg *m = rtnl_neigh_build_delete_request(neigh); if ((err = nl_send_auto_complete(handle, nl_msg_get(m))) < 0) return err; nl_msg_free(m); return nl_wait_for_ack(handle); }
/** * Add a new rule * @arg handle netlink handle * @arg tmpl template with requested changes * * Builds a netlink message by calling rtnl_rule_build_add_request(), * sends the request to the kernel and waits for the next ACK to be * received and thus blocks until the request has been fullfilled. * * @return 0 on sucess or a negative error if an error occured. */ int rtnl_rule_add(struct nl_handle *handle, struct rtnl_rule *tmpl) { int err; struct nl_msg *m = rtnl_rule_build_add_request(tmpl); if ((err = nl_send_auto_complete(handle, nl_msg_get(m))) < 0) return err; nl_msg_free(m); return nl_wait_for_ack(handle); }
static struct nl_msg * build_neigh_msg(struct rtnl_neigh *tmpl, int cmd, int flags) { struct nl_msg *m; struct nlmsghdr n = { .nlmsg_type = cmd, .nlmsg_flags = flags, }; struct ndmsg nm = { .ndm_ifindex = tmpl->n_ifindex, .ndm_family = tmpl->n_dst.a_family, .ndm_state = tmpl->n_state, }; m = nl_msg_build(&n); nl_msg_append_raw(m, &nm, sizeof(nm)); nl_msg_append_tlv(m, NDA_DST, &tmpl->n_dst.a_addr, tmpl->n_dst.a_len); if (tmpl->n_mask & NEIGH_HAS_LLADDR) nl_msg_append_tlv(m, NDA_LLADDR, &tmpl->n_lladdr.a_addr, tmpl->n_lladdr.a_len); return m; } /** * Build netlink request message to add a new neighbour * @arg tmpl template with data of new neighbour * * Builds a new netlink message requesting a addition of a new * neighbour. The netlink message header isn't fully equipped with * all relevant fields and must thus be sent out via nl_send_auto_complete() * or supplemented as needed. \a tmpl must contain the attributes of the new * neighbour set via \c rtnl_neigh_set_* functions. * * The following attributes must be set in the template: * - Interface index (rtnl_neigh_set_ifindex()) * - State (rtnl_neigh_set_state()) * - Destination address (rtnl_neigh_set_dst()) * - Link layer address (rtnl_neigh_set_lladdr()) * * @return The netlink message */ struct nl_msg * rtnl_neigh_build_add_request(struct rtnl_neigh *tmpl) { return build_neigh_msg(tmpl, RTM_NEWNEIGH, NLM_F_CREATE); } /** * Add a new neighbour * @arg handle netlink handle * @arg tmpl template with requested changes * * Builds a netlink message by calling rtnl_neigh_build_add_request(), * sends the request to the kernel and waits for the next ACK to be * received and thus blocks until the request has been fullfilled. * * The following attributes must be set in the template: * - Interface index (rtnl_neigh_set_ifindex()) * - State (rtnl_neigh_set_state()) * - Destination address (rtnl_neigh_set_dst()) * - Link layer address (rtnl_neigh_set_lladdr()) * * @return 0 on sucess or a negative error if an error occured. */ int rtnl_neigh_add(struct nl_handle *handle, struct rtnl_neigh *tmpl) { int err; struct nl_msg *m = rtnl_neigh_build_add_request(tmpl); if ((err = nl_send_auto_complete(handle, nl_msg_get(m))) < 0) return err; nl_msg_free(m); return nl_wait_for_ack(handle); }
/** * Send a netlink message. * @arg handle netlink handle * @arg nmsg netlink message * @return see sendmsg(2) */ int nl_send(struct nl_handle *handle, struct nlmsghdr *nmsg) { struct nl_cb *cb; struct iovec iov = { .iov_base = (void *) nmsg, .iov_len = nmsg->nlmsg_len, }; struct msghdr msg = { .msg_name = (void *) &handle->h_peer, .msg_namelen = sizeof(struct sockaddr_nl), .msg_iov = &iov, .msg_iovlen = 1, }; cb = &handle->h_cb; if (cb->cb_msg_out) if (cb->cb_msg_out(nmsg, cb->cb_msg_out_arg) != NL_PROCEED) return 0; return sendmsg(handle->h_fd, &msg, 0); } /** * Send a netlink message and check & extend needed header values * @arg handle netlink handle * @arg nmsg netlink message * * Checks the netlink message \c nmsg for completness and extends it * as required before sending it out. Checked fields include pid, * sequence nr, and flags. * * @return see sendmsg(2) */ int nl_send_auto_complete(struct nl_handle *handle, struct nlmsghdr *nmsg) { if (nmsg->nlmsg_pid == 0) nmsg->nlmsg_pid = handle->h_local.nl_pid; if (nmsg->nlmsg_seq == 0) nmsg->nlmsg_seq = handle->h_seq_next++; nmsg->nlmsg_flags |= (NLM_F_REQUEST | NLM_F_ACK); if (handle->h_cb.cb_send_ow) return handle->h_cb.cb_send_ow(handle, nmsg); else return nl_send(handle, nmsg); } /** * Send a netlink request message * @arg handle netlink handle * @arg type message type * @arg flags message flags * * Fills out a netlink request message and sends it out using * nl_send_auto_complete() * * @return See sendmsg(2) */ int nl_request(struct nl_handle *handle, int type, int flags) { struct nlmsghdr n = { .nlmsg_len = NLMSG_LENGTH(0), .nlmsg_type = type, .nlmsg_flags = flags, }; return nl_send_auto_complete(handle, &n); } /** * Send a netlink request message with data. * @arg handle netlink handle * @arg type message type * @arg flags message flags * @arg buf data buffer * @arg len length of data * * Fills out a netlink request message, appends the data to the tail * and sends it out using nl_send_auto_complete(). * * @return See sendmsg(2) */ int nl_request_with_data(struct nl_handle *handle, int type, int flags, unsigned char *buf, size_t len) { int err = 0; struct nl_msg *m; struct nlmsghdr n = { .nlmsg_len = NLMSG_LENGTH(0), .nlmsg_type = type, .nlmsg_flags = flags, }; m = nl_msg_build(&n); nl_msg_append_raw(m, buf, len); err = nl_send_auto_complete(handle, m->nmsg); nl_msg_free(m); return err; } /** @} */ /** * @name Receive * @{ */ /** * Receive a netlink message from netlink socket. * @arg handle netlink handle * @arg nla target pointer for peer's netlink address * @arg buf target pointer for message content. * * Receives a netlink message, allocates a buffer in \c *buf and * stores the message content. The peer's netlink address is stored * in \c *nla. The caller is responsible for freeing the buffer allocated * in \c *buf if a positive value is returned. Interruped system calls * are handled by repeating the read. The input buffer size is determined * by peeking before the actual read is done. * * A non-blocking sockets causes the function to return immediately if * no data is available. * * @return Number of octets read, 0 on EOF or a negative error code. */ int nl_recv(struct nl_handle *handle, struct sockaddr_nl *nla, unsigned char **buf) { int n; int flags = MSG_PEEK; struct iovec iov = { .iov_len = 4096, }; struct msghdr msg = { .msg_name = (void *) nla, .msg_namelen = sizeof(sizeof(struct sockaddr_nl)), .msg_iov = &iov, .msg_iovlen = 1, .msg_control = NULL, .msg_controllen = 0, .msg_flags = 0, }; iov.iov_base = *buf = calloc(1, iov.iov_len); retry: if ((n = recvmsg(handle->h_fd, &msg, flags)) <= 0) { if (!n) goto abort; else if (n < 0) { if (errno == EINTR) goto retry; else if (errno == EAGAIN) goto abort; else { free(*buf); return nl_error(errno, "recvmsg failed"); } } } if (iov.iov_len < n) { /* Provided buffer is not long enough, enlarge it * and try again. */ iov.iov_len *= 2; iov.iov_base = *buf = realloc(*buf, iov.iov_len); goto retry; } else if (flags != 0) { /* Buffer is big enough, do the actual reading */ flags = 0; goto retry; } if (msg.msg_namelen != sizeof(struct sockaddr_nl)) { free(*buf); return nl_error(EADDRNOTAVAIL, "socket address size mismatch"); } return n; abort: free(*buf); return 0; } /** * Receive a set of messages from a netlink socket. * @arg handle netlink handle * @arg cb set of callbacks to control the behaviour. * * Repeatedly calls nl_recv() and parses the messages as netlink * messages. Stops reading if one of the callbacks returns * NL_EXIT or nl_recv returns either 0 or a negative error code. * * A non-blocking sockets causes the function to return immediately if * no data is available. * * @return 0 on success or a negative error code from nl_recv(). * @see \ref Handlers */ int nl_recvmsgs(struct nl_handle *handle, struct nl_cb *cb) { int n, err = 0; unsigned char *buf = NULL; struct nlmsghdr *hdr; struct sockaddr_nl nla = {0}; continue_reading: if (cb->cb_recv_ow) n = cb->cb_recv_ow(handle, &nla, &buf); else n = nl_recv(handle, &nla, &buf); if (n <= 0) return n; hdr = (struct nlmsghdr *) buf; while (NLMSG_OK(hdr, n)) { /* Raw callback is the first, it gives the most control * to the user and he can do his very own parsing. */ if (cb->cb_msg_in) { err = cb->cb_msg_in(&nla, hdr, cb->cb_msg_in_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } /* Sequence number checking. The check may be done by * the user, otherwise a very simple check is applied * enforcing strict ordering */ if (cb->cb_seq_check) { err = cb->cb_seq_check(&nla, hdr, cb->cb_seq_check_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } else if (hdr->nlmsg_seq != handle->h_seq_expect) { if (cb->cb_invalid) { err = cb->cb_invalid(&nla, hdr, cb->cb_invalid_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } else goto out; } if (hdr->nlmsg_type == NLMSG_DONE || hdr->nlmsg_type == NLMSG_ERROR || hdr->nlmsg_type == NLMSG_NOOP || hdr->nlmsg_type == NLMSG_OVERRUN) { /* We can't check for !NLM_F_MULTI since some netlink * users in the kernel are broken. */ handle->h_seq_expect++; } /* Other side wishes to see an ack for this message */ if (hdr->nlmsg_flags & NLM_F_ACK) { if (cb->cb_send_ack) { err = cb->cb_send_ack(&nla, hdr, cb->cb_send_ack_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } else { /* FIXME: implement */ } } /* messages terminates a multpart message, this is * usually the end of a message and therefore we slip * out of the loop by default. the user may overrule * this action by skipping this packet. */ if (hdr->nlmsg_type == NLMSG_DONE) { if (cb->cb_finish) { err = cb->cb_finish(&nla, hdr, cb->cb_finish_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } goto out; } /* Message to be ignored, the default action is to * skip this message if no callback is specified. The * user may overrule this action by returning * NL_PROCEED. */ else if (hdr->nlmsg_type == NLMSG_NOOP) { if (cb->cb_skipped) { err = cb->cb_skipped(&nla, hdr, cb->cb_skipped_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } else goto skip; } /* Data got lost, report back to user. The default action is to * quit parsing. The user may overrule this action by retuning * NL_SKIP or NL_PROCEED (dangerous) */ else if (hdr->nlmsg_type == NLMSG_OVERRUN) { if (cb->cb_overrun) { err = cb->cb_overrun(&nla, hdr, cb->cb_overrun_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } else goto out; } /* Message carries a nlmsgerr */ else if (hdr->nlmsg_type == NLMSG_ERROR) { struct nlmsgerr *e = (struct nlmsgerr*) NLMSG_DATA(hdr); if (hdr->nlmsg_len < NLMSG_LENGTH(sizeof(*e))) { /* Truncated error message, the default action * is to stop parsing. The user may overrule * this action by returning NL_SKIP or * NL_PROCEED (dangerous) */ if (cb->cb_invalid) { err = cb->cb_invalid(&nla, hdr, cb->cb_invalid_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } else goto out; } else if (e->error) { /* Error message reported back from kernel. */ if (cb->cb_error) { err = cb->cb_error(&nla, e, cb->cb_error_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } else goto out; } else if (cb->cb_ack) { /* ACK */ err = cb->cb_ack(&nla, hdr, cb->cb_ack_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } } else { /* Valid message (not checking for MULTIPART bit to * get along with broken kernels. NL_SKIP has no * effect on this. */ if (cb->cb_valid) { err = cb->cb_valid(&nla, hdr, cb->cb_valid_arg); if (err == NL_SKIP) goto skip; else if (err == NL_EXIT || err < 0) goto out; } } skip: hdr = NLMSG_NEXT(hdr, n); } if (buf) { free(buf); buf = NULL; } /* Multipart message not yet complete, continue reading */ goto continue_reading; out: if (buf) free(buf); return err; } /** * Receive a set of message from a netlink socket using handlers in nl_handle. * @arg handle netlink handle * * Calls nl_recvmsgs() with the handlers configured in the netlink handle. * * @see \ref Handlers */ int nl_recvmsgs_def(struct nl_handle *handle) { if (handle->h_cb.cb_recvmsgs_ow) return handle->h_cb.cb_recvmsgs_ow(handle, &handle->h_cb); else return nl_recvmsgs(handle, &handle->h_cb); } static int ack_wait_handler(struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) { return NL_EXIT; } /** * Wait for ACK. * @arg handle netlink handle * @pre The netlink socket must be in blocking state. * * Waits until an ACK is received for the latest not yet acknoledged * netlink message. */ int nl_wait_for_ack(struct nl_handle *handle) { struct nl_cb cb; memcpy(&cb, &handle->h_cb, sizeof(cb)); cb.cb_ack = ack_wait_handler; return nl_recvmsgs(handle, &cb); } /** @} */ /** * @name Netlink Family Translations * @{ */ static struct trans_tbl nlfamilies[] = { __ADD(NETLINK_ROUTE,route) __ADD(NETLINK_SKIP,skip) __ADD(NETLINK_USERSOCK,usersock) __ADD(NETLINK_FIREWALL,firewall) __ADD(NETLINK_TCPDIAG,tcpdiag) __ADD(NETLINK_NFLOG,nflog) __ADD(NETLINK_XFRM,xfrm) __ADD(NETLINK_SELINUX,selinux) __ADD(NETLINK_ARPD,arpd) __ADD(NETLINK_AUDIT,audit) __ADD(NETLINK_ROUTE6,route6) __ADD(NETLINK_IP6_FW,ip6_fw) __ADD(NETLINK_DNRTMSG,dnrtmsg) __ADD(NETLINK_KOBJECT_UEVENT,kobject_uevent) __ADD(NETLINK_TAPBASE,tapbase) }; /** * Convert a netlink family to a character string (Reentrant). * @arg family netlink family * @arg buf destination buffer * @arg len buffer length * * Converts a netlink family to a character string and stores it in * the specified destination buffer. * * @return The destination buffer or the family encoded in hexidecimal * form if no match was found. */ char * nl_nlfamily2str_r(int family, char *buf, size_t len) { return __type2str_r(family, buf, len, nlfamilies, ARRAY_SIZE(nlfamilies)); } /** * Convert a netlink family to a character string. * @arg family netlink family * * Converts a netlink family to a character string and stores it in a * static buffer. * * @return A static buffer or the family encoded in hexidecimal * form if no match was found. * @attention This funnction is NOT thread safe. */ char * nl_nlfamily2str(int family) { static char buf[32]; memset(buf, 0, sizeof(buf)); return __type2str_r(family, buf, sizeof(buf), nlfamilies, ARRAY_SIZE(nlfamilies)); } /** * Convert a character string to a netlink family * @arg name name of netlink family * * Converts the provided character string specifying a netlink * family to the corresponding numeric value. * * @return Netlink family negative value if none was found. */ int nl_str2nlfamily(const char *name) { return __str2type(name, nlfamilies, ARRAY_SIZE(nlfamilies)); }
/** * The kernel will return an operation not permitted error, because * we don't have necessary permissions for this request. * Anyway, this checks the basic send, receive, allocate functionality. */ int main(void) { logf_register(&logf_test_write, stdout); DEBUG("Unit Test: nl.test.c"); /* Open two sockets in order to check if message transmission works though */ DEBUG("Open two sockets"); nl_sock_t *sock1 = nl_sock_routing_new(); nl_sock_t *sock2 = nl_sock_routing_new(); ASSERT(sock1 && sock2); DEBUG("Check socket properties"); /* main point: different pids of the fd's */ ASSERT(sock1->fd != sock2->fd); ASSERT(sock1->local.nl_family == AF_NETLINK); ASSERT(sock1->local.nl_pid == (unsigned int) getpid()); ASSERT(sock1->local.nl_pid != sock2->local.nl_pid); print_sock(sock1); print_sock(sock2); /* Allocate a request message */ nl_msg_t *msg1 = nl_msg_new(NL_MSG_DEFAULT_SIZE); ASSERT(msg1); ASSERT(msg1->nlmsghdr.nlmsg_seq == 0 && msg1->nlmsghdr.nlmsg_pid == 0); print_msghdr(&msg1->nlmsghdr); DEBUG("Request message allocated, preparing now..."); /* Prepare request message */ { char* veth1 = "veth0"; char* veth2 = "veth1"; struct ifinfomsg link_req = { .ifi_family = AF_INET }; struct rtattr *attr1, *attr2, *attr3; /* Fill netlink message header */ ASSERT(nl_msg_set_type(msg1, RTM_NEWLINK) == 0); /* Set appropriate flags for request, creating new object, exclusive access and acknowledgment response */ ASSERT(nl_msg_set_flags(msg1,NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL | NLM_F_ACK) == 0); /* Fill link request header of request message */ ASSERT(nl_msg_set_link_req(msg1, &link_req) == 0); DEBUG("Print linked/lengthed msg:"); print_msg(msg1); /* Add the corresponding attributes to the netlink header */ attr1 = nl_msg_start_nested_attr(msg1, IFLA_LINKINFO); ASSERT(attr1); /* Set link type */ ASSERT(nl_msg_add_string(msg1, IFLA_INFO_KIND, "veth") == 0); /* Add nested attributes for INFO and PEER */ attr2 = nl_msg_start_nested_attr(msg1, IFLA_INFO_DATA); ASSERT(attr2); attr3 = nl_msg_start_nested_attr(msg1, VETH_INFO_PEER); ASSERT(attr3); /* VETH_INFO_PEER carries struct ifinfomsg plus optional IFLA attributes. A minimal size of sizeof(struct ifinfomsg) must be enforced or we may risk accessing that struct beyond the limits of the netlink message */ ASSERT(nl_msg_expand_len(msg1, sizeof(struct ifinfomsg)) == 0); /* Set veth2 name */ ASSERT(nl_msg_add_string(msg1, IFLA_IFNAME, veth2) == 0); /* Close nested attributes */ ASSERT(nl_msg_end_nested_attr(msg1, attr3) == 0); ASSERT(nl_msg_end_nested_attr(msg1, attr2) == 0); ASSERT(nl_msg_end_nested_attr(msg1, attr1) == 0); /* Set veth1 name */ ASSERT(nl_msg_add_string(msg1, IFLA_IFNAME, veth1) == 0); } DEBUG("Send and rec. this completely initialized msg.:"); print_msg(msg1); /* Send request message and wait for the response message */ nl_msg_send_kernel_verify(sock2, msg1); DEBUG("Message should have nlmsg_pid and nlmsg_seq set after transmission"); print_msg(msg1); /* seq. number set to socket fd to associate socket to message */ ASSERT(msg1->nlmsghdr.nlmsg_seq == (unsigned int) sock2->fd); DEBUG("Sent and received, errno is: %d", errno); ASSERT(errno == 1); DEBUG("uevent shall be creatable but not configurable, as the permissions are not given:"); nl_sock_t *sock3 = nl_sock_uevent_new(); ASSERT(sock3 == NULL); // free socks&msg nl_msg_free(msg1); nl_sock_free(sock1); nl_sock_free(sock2); return 0; }