1 /*
2  * lib/nl.c		Core Netlink Interface
3  *
4  *	This library is free software; you can redistribute it and/or
5  *	modify it under the terms of the GNU Lesser General Public
6  *	License as published by the Free Software Foundation version 2.1
7  *	of the License.
8  *
9  * Copyright (c) 2003-2012 Thomas Graf <tgraf@suug.ch>
10  */
11 
12 /**
13  * @defgroup core Core Library (libnl)
14  *
15  * Socket handling, connection management, sending and receiving of data,
16  * message construction and parsing, object caching system, ...
17  *
18  * This is the API reference of the core library. It is not meant as a guide
19  * but as a reference. Please refer to the core library guide for detailed
20  * documentation on the library architecture and examples:
21  *
22  * * @ref_asciidoc{core,_,Netlink Core Library Development Guide}
23  *
24  *
25  * @{
26  */
27 
28 #include <netlink-private/netlink.h>
29 #include <netlink-private/socket.h>
30 #include <netlink/netlink.h>
31 #include <netlink/utils.h>
32 #include <netlink/handlers.h>
33 #include <netlink/msg.h>
34 #include <netlink/attr.h>
35 
36 /**
37  * @defgroup core_types Data Types
38  *
39  * Core library data types
40  * @{
41  * @}
42  *
43  * @defgroup send_recv Send & Receive Data
44  *
45  * Connection management, sending & receiving of data
46  *
47  * Related sections in the development guide:
48  * - @core_doc{core_send_recv, Sending & Receiving}
49  * - @core_doc{core_sockets, Sockets}
50  *
51  * @{
52  *
53  * Header
54  * ------
55  * ~~~~{.c}
56  * #include <netlink/netlink.h>
57  * ~~~~
58  */
59 
60 /**
61  * @name Connection Management
62  * @{
63  */
64 
65 /**
66  * Create file descriptor and bind socket.
67  * @arg sk		Netlink socket (required)
68  * @arg protocol	Netlink protocol to use (required)
69  *
70  * Creates a new Netlink socket using `socket()` and binds the socket to the
71  * protocol and local port specified in the `sk` socket object. Fails if
72  * the socket is already connected.
73  *
74  * @note If available, the `close-on-exec` (`SOCK_CLOEXEC`) feature is enabled
75  *       automatically on the new file descriptor. This causes the socket to
76  *       be closed automatically if any of the `exec` family functions succeed.
77  *       This is essential for multi threaded programs.
78  *
79  * @note The local port (`nl_socket_get_local_port()`) is unspecified after
80  *       creating a new socket. It only gets determined when accessing the
81  *       port the first time or during `nl_connect()`. When nl_connect()
82  *       fails during `bind()` due to `ADDRINUSE`, it will retry with
83  *       different ports if the port is unspecified. Unless you want to enforce
84  *       the use of a specific local port, don't access the local port (or
85  *       reset it to `unspecified` by calling `nl_socket_set_local_port(sk, 0)`).
86  *       This capability is indicated by
87  *       `%NL_CAPABILITY_NL_CONNECT_RETRY_GENERATE_PORT_ON_ADDRINUSE`.
88  *
89  * @see nl_socket_alloc()
90  * @see nl_close()
91  *
92  * @return 0 on success or a negative error code.
93  *
94  * @retval -NLE_BAD_SOCK Socket is already connected
95  */
nl_connect(struct nl_sock * sk,int protocol)96 int nl_connect(struct nl_sock *sk, int protocol)
97 {
98 	int err, flags = 0;
99 	int errsv;
100 	socklen_t addrlen;
101 
102 #ifdef SOCK_CLOEXEC
103 	flags |= SOCK_CLOEXEC;
104 #endif
105 
106         if (sk->s_fd != -1)
107                 return -NLE_BAD_SOCK;
108 
109 	sk->s_fd = socket(AF_NETLINK, SOCK_RAW | flags, protocol);
110 	if (sk->s_fd < 0) {
111 		errsv = errno;
112 		NL_DBG(4, "nl_connect(%p): socket() failed with %d\n", sk, errsv);
113 		err = -nl_syserr2nlerr(errsv);
114 		goto errout;
115 	}
116 
117 	if (!(sk->s_flags & NL_SOCK_BUFSIZE_SET)) {
118 		err = nl_socket_set_buffer_size(sk, 0, 0);
119 		if (err < 0)
120 			goto errout;
121 	}
122 
123 	if (_nl_socket_is_local_port_unspecified (sk)) {
124 		uint32_t port;
125 		uint32_t used_ports[32] = { 0 };
126 
127 		while (1) {
128 			port = _nl_socket_generate_local_port_no_release(sk);
129 
130 			if (port == UINT32_MAX) {
131 				NL_DBG(4, "nl_connect(%p): no more unused local ports.\n", sk);
132 				_nl_socket_used_ports_release_all(used_ports);
133 				err = -NLE_EXIST;
134 				goto errout;
135 			}
136 			err = bind(sk->s_fd, (struct sockaddr*) &sk->s_local,
137 				   sizeof(sk->s_local));
138 			if (err == 0)
139 				break;
140 
141 			errsv = errno;
142 			if (errsv == EADDRINUSE) {
143 				NL_DBG(4, "nl_connect(%p): local port %u already in use. Retry.\n", sk, (unsigned) port);
144 				_nl_socket_used_ports_set(used_ports, port);
145 			} else {
146 				NL_DBG(4, "nl_connect(%p): bind() for port %u failed with %d\n", sk, (unsigned) port, errsv);
147 				_nl_socket_used_ports_release_all(used_ports);
148 				err = -nl_syserr2nlerr(errsv);
149 				goto errout;
150 			}
151 		}
152 		_nl_socket_used_ports_release_all(used_ports);
153 	} else {
154 		err = bind(sk->s_fd, (struct sockaddr*) &sk->s_local,
155 			   sizeof(sk->s_local));
156 		if (err != 0) {
157 			errsv = errno;
158 			NL_DBG(4, "nl_connect(%p): bind() failed with %d\n", sk, errsv);
159 			err = -nl_syserr2nlerr(errsv);
160 			goto errout;
161 		}
162 	}
163 
164 	addrlen = sizeof(sk->s_local);
165 	err = getsockname(sk->s_fd, (struct sockaddr *) &sk->s_local,
166 			  &addrlen);
167 	if (err < 0) {
168 		err = -nl_syserr2nlerr(errno);
169 		goto errout;
170 	}
171 
172 	if (addrlen != sizeof(sk->s_local)) {
173 		err = -NLE_NOADDR;
174 		goto errout;
175 	}
176 
177 	if (sk->s_local.nl_family != AF_NETLINK) {
178 		err = -NLE_AF_NOSUPPORT;
179 		goto errout;
180 	}
181 
182 	sk->s_proto = protocol;
183 
184 	return 0;
185 errout:
186         if (sk->s_fd != -1) {
187     		close(sk->s_fd);
188     		sk->s_fd = -1;
189         }
190 
191 	return err;
192 }
193 
194 /**
195  * Close Netlink socket
196  * @arg sk		Netlink socket (required)
197  *
198  * Closes the Netlink socket using `close()`.
199  *
200  * @note The socket is closed automatically if a `struct nl_sock` object is
201  *       freed using `nl_socket_free()`.
202  *
203  * @see nl_connect()
204  */
nl_close(struct nl_sock * sk)205 void nl_close(struct nl_sock *sk)
206 {
207 	if (sk->s_fd >= 0) {
208 		close(sk->s_fd);
209 		sk->s_fd = -1;
210 	}
211 
212 	sk->s_proto = 0;
213 }
214 
215 /** @} */
216 
217 /**
218  * @name Send
219  * @{
220  */
221 
222 /**
223  * Transmit raw data over Netlink socket.
224  * @arg sk		Netlink socket (required)
225  * @arg buf		Buffer carrying data to send (required)
226  * @arg size		Size of buffer (required)
227  *
228  * Transmits "raw" data over the specified Netlink socket. Unlike the other
229  * transmit functions it does not modify the data in any way. It directly
230  * passes the buffer \c buf of \c size to sendto().
231  *
232  * The message is addressed to the peer as specified in the socket by either
233  * the nl_socket_set_peer_port() or nl_socket_set_peer_groups() function.
234  *
235  * @note Because there is no indication on the message boundaries of the data
236  *       being sent, the \c NL_CB_MSG_OUT callback handler will not be invoked
237  *       for data that is being sent using this function.
238  *
239  * @see nl_socket_set_peer_port()
240  * @see nl_socket_set_peer_groups()
241  * @see nl_sendmsg()
242  *
243  * @return Number of bytes sent or a negative error code.
244  */
nl_sendto(struct nl_sock * sk,void * buf,size_t size)245 int nl_sendto(struct nl_sock *sk, void *buf, size_t size)
246 {
247 	int ret;
248 
249 	if (!buf)
250 		return -NLE_INVAL;
251 
252 	if (sk->s_fd < 0)
253 		return -NLE_BAD_SOCK;
254 
255 	ret = sendto(sk->s_fd, buf, size, 0, (struct sockaddr *)
256 		     &sk->s_peer, sizeof(sk->s_peer));
257 	if (ret < 0)
258 		return -nl_syserr2nlerr(errno);
259 
260 	return ret;
261 }
262 
263 /**
264  * Transmit Netlink message using sendmsg()
265  * @arg sk		Netlink socket (required)
266  * @arg msg		Netlink message to be sent (required)
267  * @arg hdr		sendmsg() message header (required)
268  *
269  * Transmits the message specified in \c hdr over the Netlink socket using the
270  * sendmsg() system call.
271  *
272  * @attention
273  * The `msg` argument will *not* be used to derive the message payload that
274  * is being sent out. The `msg` argument is *only* passed on to the
275  * `NL_CB_MSG_OUT` callback. The caller is responsible to initialize the
276  * `hdr` struct properly and have it point to the message payload and
277  * socket address.
278  *
279  * @note
280  * This function uses `nlmsg_set_src()` to modify the `msg` argument prior to
281  * invoking the `NL_CB_MSG_OUT` callback to provide the local port number.
282  *
283  * @callback This function triggers the `NL_CB_MSG_OUT` callback.
284  *
285  * @attention
286  * Think twice before using this function. It provides a low level access to
287  * the Netlink socket. Among other limitations, it does not add credentials
288  * even if enabled or respect the destination address specified in the `msg`
289  * object.
290  *
291  * @see nl_socket_set_local_port()
292  * @see nl_send_auto()
293  * @see nl_send_iovec()
294  *
295  * @return Number of bytes sent on success or a negative error code.
296  *
297  * @lowlevel
298  */
nl_sendmsg(struct nl_sock * sk,struct nl_msg * msg,struct msghdr * hdr)299 int nl_sendmsg(struct nl_sock *sk, struct nl_msg *msg, struct msghdr *hdr)
300 {
301 	struct nl_cb *cb;
302 	int ret;
303 
304 	if (sk->s_fd < 0)
305 		return -NLE_BAD_SOCK;
306 
307 	nlmsg_set_src(msg, &sk->s_local);
308 
309 	cb = sk->s_cb;
310 	if (cb->cb_set[NL_CB_MSG_OUT])
311 		if ((ret = nl_cb_call(cb, NL_CB_MSG_OUT, msg)) != NL_OK)
312 			return ret;
313 
314 	ret = sendmsg(sk->s_fd, hdr, 0);
315 	if (ret < 0)
316 		return -nl_syserr2nlerr(errno);
317 
318 	NL_DBG(4, "sent %d bytes\n", ret);
319 	return ret;
320 }
321 
322 
323 /**
324  * Transmit Netlink message (taking IO vector)
325  * @arg sk		Netlink socket (required)
326  * @arg msg		Netlink message to be sent (required)
327  * @arg iov		IO vector to be sent (required)
328  * @arg iovlen		Number of struct iovec to be sent (required)
329  *
330  * This function is identical to nl_send() except that instead of taking a
331  * `struct nl_msg` object it takes an IO vector. Please see the description
332  * of `nl_send()`.
333  *
334  * @callback This function triggers the `NL_CB_MSG_OUT` callback.
335  *
336  * @see nl_send()
337  *
338  * @return Number of bytes sent on success or a negative error code.
339  *
340  * @lowlevel
341  */
nl_send_iovec(struct nl_sock * sk,struct nl_msg * msg,struct iovec * iov,unsigned iovlen)342 int nl_send_iovec(struct nl_sock *sk, struct nl_msg *msg, struct iovec *iov, unsigned iovlen)
343 {
344 	struct sockaddr_nl *dst;
345 	struct ucred *creds;
346 	struct msghdr hdr = {
347 		.msg_name = (void *) &sk->s_peer,
348 		.msg_namelen = sizeof(struct sockaddr_nl),
349 		.msg_iov = iov,
350 		.msg_iovlen = iovlen,
351 	};
352 
353 	/* Overwrite destination if specified in the message itself, defaults
354 	 * to the peer address of the socket.
355 	 */
356 	dst = nlmsg_get_dst(msg);
357 	if (dst->nl_family == AF_NETLINK)
358 		hdr.msg_name = dst;
359 
360 	/* Add credentials if present. */
361 	creds = nlmsg_get_creds(msg);
362 	if (creds != NULL) {
363 		char buf[CMSG_SPACE(sizeof(struct ucred))];
364 		struct cmsghdr *cmsg;
365 
366 		hdr.msg_control = buf;
367 		hdr.msg_controllen = sizeof(buf);
368 
369 		cmsg = CMSG_FIRSTHDR(&hdr);
370 		cmsg->cmsg_level = SOL_SOCKET;
371 		cmsg->cmsg_type = SCM_CREDENTIALS;
372 		cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
373 		memcpy(CMSG_DATA(cmsg), creds, sizeof(struct ucred));
374 	}
375 
376 	return nl_sendmsg(sk, msg, &hdr);
377 }
378 
379 /**
380  * Transmit Netlink message
381  * @arg sk		Netlink socket (required)
382  * @arg msg		Netlink message (required)
383  *
384  * Transmits the Netlink message `msg` over the Netlink socket using the
385  * `sendmsg()` system call. This function is based on `nl_send_iovec()` but
386  * takes care of initializing a `struct iovec` based on the `msg` object.
387  *
388  * The message is addressed to the peer as specified in the socket by either
389  * the nl_socket_set_peer_port() or nl_socket_set_peer_groups() function.
390  * The peer address can be overwritten by specifying an address in the `msg`
391  * object using nlmsg_set_dst().
392  *
393  * If present in the `msg`, credentials set by the nlmsg_set_creds() function
394  * are added to the control buffer of the message.
395  *
396  * @par Overwriting Capability:
397  * Calls to this function can be overwritten by providing an alternative using
398  * the nl_cb_overwrite_send() function.
399  *
400  * @callback This function triggers the `NL_CB_MSG_OUT` callback.
401  *
402  * @attention
403  * Unlike `nl_send_auto()`, this function does *not* finalize the message in
404  * terms of automatically adding needed flags or filling out port numbers.
405  *
406  * @see nl_send_auto()
407  * @see nl_send_iovec()
408  * @see nl_socket_set_peer_port()
409  * @see nl_socket_set_peer_groups()
410  * @see nlmsg_set_dst()
411  * @see nlmsg_set_creds()
412  * @see nl_cb_overwrite_send()
413  *
414  * @return Number of bytes sent on success or a negative error code.
415 */
nl_send(struct nl_sock * sk,struct nl_msg * msg)416 int nl_send(struct nl_sock *sk, struct nl_msg *msg)
417 {
418 	struct nl_cb *cb = sk->s_cb;
419 
420 	if (cb->cb_send_ow)
421 		return cb->cb_send_ow(sk, msg);
422 	else {
423 		struct iovec iov = {
424 			.iov_base = (void *) nlmsg_hdr(msg),
425 			.iov_len = nlmsg_hdr(msg)->nlmsg_len,
426 		};
427 
428 		return nl_send_iovec(sk, msg, &iov, 1);
429 	}
430 }
431 
432 /**
433  * Finalize Netlink message
434  * @arg sk		Netlink socket (required)
435  * @arg msg		Netlink message (required)
436  *
437  * This function finalizes a Netlink message by completing the message with
438  * desirable flags and values depending on the socket configuration.
439  *
440  *  - If not yet filled out, the source address of the message (`nlmsg_pid`)
441  *    will be set to the local port number of the socket.
442  *  - If not yet specified, the next available sequence number is assigned
443  *    to the message (`nlmsg_seq`).
444  *  - If not yet specified, the protocol field of the message will be set to
445  *    the protocol field of the socket.
446  *  - The `NLM_F_REQUEST` Netlink message flag will be set.
447  *  - The `NLM_F_ACK` flag will be set if Auto-ACK mode is enabled on the
448  *    socket.
449  */
nl_complete_msg(struct nl_sock * sk,struct nl_msg * msg)450 void nl_complete_msg(struct nl_sock *sk, struct nl_msg *msg)
451 {
452 	struct nlmsghdr *nlh;
453 
454 	nlh = nlmsg_hdr(msg);
455 	if (nlh->nlmsg_pid == NL_AUTO_PORT)
456 		nlh->nlmsg_pid = nl_socket_get_local_port(sk);
457 
458 	if (nlh->nlmsg_seq == NL_AUTO_SEQ)
459 		nlh->nlmsg_seq = sk->s_seq_next++;
460 
461 	if (msg->nm_protocol == -1)
462 		msg->nm_protocol = sk->s_proto;
463 
464 	nlh->nlmsg_flags |= NLM_F_REQUEST;
465 
466 	if (!(sk->s_flags & NL_NO_AUTO_ACK))
467 		nlh->nlmsg_flags |= NLM_F_ACK;
468 }
469 
470 /**
471  * Finalize and transmit Netlink message
472  * @arg sk		Netlink socket (required)
473  * @arg msg		Netlink message (required)
474  *
475  * Finalizes the message by passing it to `nl_complete_msg()` and transmits it
476  * by passing it to `nl_send()`.
477  *
478  * @callback This function triggers the `NL_CB_MSG_OUT` callback.
479  *
480  * @see nl_complete_msg()
481  * @see nl_send()
482  *
483  * @return Number of bytes sent or a negative error code.
484  */
nl_send_auto(struct nl_sock * sk,struct nl_msg * msg)485 int nl_send_auto(struct nl_sock *sk, struct nl_msg *msg)
486 {
487 	nl_complete_msg(sk, msg);
488 
489 	return nl_send(sk, msg);
490 }
491 
492 /**
493  * Finalize and transmit Netlink message and wait for ACK or error message
494  * @arg sk		Netlink socket (required)
495  * @arg msg		Netlink message (required)
496  *
497  * Passes the `msg` to `nl_send_auto()` to finalize and transmit it. Frees the
498  * message and waits (sleeps) for the ACK or error message to be received.
499  *
500  * @attention
501  * Disabling Auto-ACK (nl_socket_disable_auto_ack()) will cause this function
502  * to return immediately after transmitting the message. However, the peer may
503  * still be returning an error message in response to the request. It is the
504  * responsibility of the caller to handle such messages.
505  *
506  * @callback This function triggers the `NL_CB_MSG_OUT` callback.
507  *
508  * @attention
509  * This function frees the `msg` object after transmitting it by calling
510  * `nlmsg_free()`.
511  *
512  * @see nl_send_auto().
513  * @see nl_wait_for_ack()
514  *
515  * @return 0 on success or a negative error code.
516  */
nl_send_sync(struct nl_sock * sk,struct nl_msg * msg)517 int nl_send_sync(struct nl_sock *sk, struct nl_msg *msg)
518 {
519 	int err;
520 
521 	err = nl_send_auto(sk, msg);
522 	nlmsg_free(msg);
523 	if (err < 0)
524 		return err;
525 
526 	return wait_for_ack(sk);
527 }
528 
529 /**
530  * Construct and transmit a Netlink message
531  * @arg sk		Netlink socket (required)
532  * @arg type		Netlink message type (required)
533  * @arg flags		Netlink message flags (optional)
534  * @arg buf		Data buffer (optional)
535  * @arg size		Size of data buffer (optional)
536  *
537  * Allocates a new Netlink message based on `type` and `flags`. If `buf`
538  * points to payload of length `size` that payload will be appended to the
539  * message.
540  *
541  * Sends out the message using `nl_send_auto()` and frees the message
542  * afterwards.
543  *
544  * @see nl_send_auto()
545  *
546  * @return Number of characters sent on success or a negative error code.
547  * @retval -NLE_NOMEM Unable to allocate Netlink message
548  */
nl_send_simple(struct nl_sock * sk,int type,int flags,void * buf,size_t size)549 int nl_send_simple(struct nl_sock *sk, int type, int flags, void *buf,
550 		   size_t size)
551 {
552 	int err;
553 	struct nl_msg *msg;
554 
555 	msg = nlmsg_alloc_simple(type, flags);
556 	if (!msg)
557 		return -NLE_NOMEM;
558 
559 	if (buf && size) {
560 		err = nlmsg_append(msg, buf, size, NLMSG_ALIGNTO);
561 		if (err < 0)
562 			goto errout;
563 	}
564 
565 	err = nl_send_auto(sk, msg);
566 errout:
567 	nlmsg_free(msg);
568 
569 	return err;
570 }
571 
572 /** @} */
573 
574 /**
575  * @name Receive
576  * @{
577  */
578 
579 /**
580  * Receive data from netlink socket
581  * @arg sk		Netlink socket (required)
582  * @arg nla		Netlink socket structure to hold address of peer (required)
583  * @arg buf		Destination pointer for message content (required)
584  * @arg creds		Destination pointer for credentials (optional)
585  *
586  * Receives data from a connected netlink socket using recvmsg() and returns
587  * the number of bytes read. The read data is stored in a newly allocated
588  * buffer that is assigned to \c *buf. The peer's netlink address will be
589  * stored in \c *nla.
590  *
591  * This function blocks until data is available to be read unless the socket
592  * has been put into non-blocking mode using nl_socket_set_nonblocking() in
593  * which case this function will return immediately with a return value of 0.
594  *
595  * The buffer size used when reading from the netlink socket and thus limiting
596  * the maximum size of a netlink message that can be read defaults to the size
597  * of a memory page (getpagesize()). The buffer size can be modified on a per
598  * socket level using the function nl_socket_set_msg_buf_size().
599  *
600  * If message peeking is enabled using nl_socket_enable_msg_peek() the size of
601  * the message to be read will be determined using the MSG_PEEK flag prior to
602  * performing the actual read. This leads to an additional recvmsg() call for
603  * every read operation which has performance implications and is not
604  * recommended for high throughput protocols.
605  *
606  * An eventual interruption of the recvmsg() system call is automatically
607  * handled by retrying the operation.
608  *
609  * If receiving of credentials has been enabled using the function
610  * nl_socket_set_passcred(), this function will allocate a new struct ucred
611  * filled with the received credentials and assign it to \c *creds. The caller
612  * is responsible for freeing the buffer.
613  *
614  * @note The caller is responsible to free the returned data buffer and if
615  *       enabled, the credentials buffer.
616  *
617  * @see nl_socket_set_nonblocking()
618  * @see nl_socket_set_msg_buf_size()
619  * @see nl_socket_enable_msg_peek()
620  * @see nl_socket_set_passcred()
621  *
622  * @return Number of bytes read, 0 on EOF, 0 on no data event (non-blocking
623  *         mode), or a negative error code.
624  */
nl_recv(struct nl_sock * sk,struct sockaddr_nl * nla,unsigned char ** buf,struct ucred ** creds)625 int nl_recv(struct nl_sock *sk, struct sockaddr_nl *nla,
626 	    unsigned char **buf, struct ucred **creds)
627 {
628 	ssize_t n;
629 	int flags = 0;
630 	static int page_size = 0;
631 	struct iovec iov;
632 	struct msghdr msg = {
633 		.msg_name = (void *) nla,
634 		.msg_namelen = sizeof(struct sockaddr_nl),
635 		.msg_iov = &iov,
636 		.msg_iovlen = 1,
637 	};
638 	struct ucred* tmpcreds = NULL;
639 	int retval = 0;
640 
641 	if (!buf || !nla)
642 		return -NLE_INVAL;
643 
644 	if (sk->s_flags & NL_MSG_PEEK)
645 		flags |= MSG_PEEK | MSG_TRUNC;
646 
647 	if (page_size == 0)
648 		page_size = getpagesize() * 4;
649 
650 	iov.iov_len = sk->s_bufsize ? : page_size;
651 	iov.iov_base = malloc(iov.iov_len);
652 
653 	if (!iov.iov_base) {
654 		retval = -NLE_NOMEM;
655 		goto abort;
656 	}
657 
658 	if (creds && (sk->s_flags & NL_SOCK_PASSCRED)) {
659 		msg.msg_controllen = CMSG_SPACE(sizeof(struct ucred));
660 		msg.msg_control = malloc(msg.msg_controllen);
661 		if (!msg.msg_control) {
662 			retval = -NLE_NOMEM;
663 			goto abort;
664 		}
665 	}
666 retry:
667 
668 	n = recvmsg(sk->s_fd, &msg, flags);
669 	if (!n) {
670 		retval = 0;
671 		goto abort;
672 	}
673 	if (n < 0) {
674 		if (errno == EINTR) {
675 			NL_DBG(3, "recvmsg() returned EINTR, retrying\n");
676 			goto retry;
677 		}
678 		retval = -nl_syserr2nlerr(errno);
679 		goto abort;
680 	}
681 
682 	if (msg.msg_flags & MSG_CTRUNC) {
683 		void *tmp;
684 		msg.msg_controllen *= 2;
685 		tmp = realloc(msg.msg_control, msg.msg_controllen);
686 		if (!tmp) {
687 			retval = -NLE_NOMEM;
688 			goto abort;
689 		}
690 		msg.msg_control = tmp;
691 		goto retry;
692 	}
693 
694 	if (iov.iov_len < n || (msg.msg_flags & MSG_TRUNC)) {
695 		void *tmp;
696 		/* Provided buffer is not long enough, enlarge it
697 		 * to size of n (which should be total length of the message)
698 		 * and try again. */
699 		iov.iov_len = n;
700 		tmp = realloc(iov.iov_base, iov.iov_len);
701 		if (!tmp) {
702 			retval = -NLE_NOMEM;
703 			goto abort;
704 		}
705 		iov.iov_base = tmp;
706 		flags = 0;
707 		goto retry;
708 	}
709 
710         if (flags != 0) {
711 		/* Buffer is big enough, do the actual reading */
712 		flags = 0;
713 		goto retry;
714 	}
715 
716 	if (msg.msg_namelen != sizeof(struct sockaddr_nl)) {
717 		retval =  -NLE_NOADDR;
718 		goto abort;
719 	}
720 
721 	if (creds && (sk->s_flags & NL_SOCK_PASSCRED)) {
722 		struct cmsghdr *cmsg;
723 
724 		for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
725 			if (cmsg->cmsg_level != SOL_SOCKET)
726 				continue;
727 			if (cmsg->cmsg_type != SCM_CREDENTIALS)
728 				continue;
729 			tmpcreds = malloc(sizeof(*tmpcreds));
730 			if (!tmpcreds) {
731 				retval = -NLE_NOMEM;
732 				goto abort;
733 			}
734 			memcpy(tmpcreds, CMSG_DATA(cmsg), sizeof(*tmpcreds));
735 			break;
736 		}
737 	}
738 
739 	retval = n;
740 abort:
741 	free(msg.msg_control);
742 
743 	if (retval <= 0) {
744 		free(iov.iov_base);
745 		iov.iov_base = NULL;
746 		free(tmpcreds);
747 		tmpcreds = NULL;
748 	} else
749 		*buf = iov.iov_base;
750 
751 	if (creds)
752 		*creds = tmpcreds;
753 
754 	return retval;
755 }
756 
757 /** @cond SKIP */
758 #define NL_CB_CALL(cb, type, msg) \
759 do { \
760 	err = nl_cb_call(cb, type, msg); \
761 	switch (err) { \
762 	case NL_OK: \
763 		err = 0; \
764 		break; \
765 	case NL_SKIP: \
766 		goto skip; \
767 	case NL_STOP: \
768 		goto stop; \
769 	default: \
770 		goto out; \
771 	} \
772 } while (0)
773 /** @endcond */
774 
recvmsgs(struct nl_sock * sk,struct nl_cb * cb)775 static int recvmsgs(struct nl_sock *sk, struct nl_cb *cb)
776 {
777 	int n, err = 0, multipart = 0, interrupted = 0, nrecv = 0;
778 	unsigned char *buf = NULL;
779 	struct nlmsghdr *hdr;
780 
781 	/*
782 	nla is passed on to not only to nl_recv() but may also be passed
783 	to a function pointer provided by the caller which may or may not
784 	initialize the variable. Thomas Graf.
785 	*/
786 	struct sockaddr_nl nla = {0};
787 	struct nl_msg *msg = NULL;
788 	struct ucred *creds = NULL;
789 
790 continue_reading:
791 	NL_DBG(3, "Attempting to read from %p\n", sk);
792 	if (cb->cb_recv_ow)
793 		n = cb->cb_recv_ow(sk, &nla, &buf, &creds);
794 	else
795 		n = nl_recv(sk, &nla, &buf, &creds);
796 
797 	if (n <= 0)
798 		return n;
799 
800 	NL_DBG(3, "recvmsgs(%p): Read %d bytes\n", sk, n);
801 
802 	hdr = (struct nlmsghdr *) buf;
803 	while (nlmsg_ok(hdr, n)) {
804 		NL_DBG(3, "recvmsgs(%p): Processing valid message...\n", sk);
805 
806 		nlmsg_free(msg);
807 		msg = nlmsg_convert(hdr);
808 		if (!msg) {
809 			err = -NLE_NOMEM;
810 			goto out;
811 		}
812 
813 		nlmsg_set_proto(msg, sk->s_proto);
814 		nlmsg_set_src(msg, &nla);
815 		if (creds)
816 			nlmsg_set_creds(msg, creds);
817 
818 		nrecv++;
819 
820 		/* Raw callback is the first, it gives the most control
821 		 * to the user and he can do his very own parsing. */
822 		if (cb->cb_set[NL_CB_MSG_IN])
823 			NL_CB_CALL(cb, NL_CB_MSG_IN, msg);
824 
825 		/* Sequence number checking. The check may be done by
826 		 * the user, otherwise a very simple check is applied
827 		 * enforcing strict ordering */
828 		if (cb->cb_set[NL_CB_SEQ_CHECK]) {
829 			NL_CB_CALL(cb, NL_CB_SEQ_CHECK, msg);
830 
831 		/* Only do sequence checking if auto-ack mode is enabled */
832 		} else if (!(sk->s_flags & NL_NO_AUTO_ACK)) {
833 			if (hdr->nlmsg_seq != sk->s_seq_expect) {
834 				if (cb->cb_set[NL_CB_INVALID])
835 					NL_CB_CALL(cb, NL_CB_INVALID, msg);
836 				else {
837 					err = -NLE_SEQ_MISMATCH;
838 					goto out;
839 				}
840 			}
841 		}
842 
843 		if (hdr->nlmsg_type == NLMSG_DONE ||
844 		    hdr->nlmsg_type == NLMSG_ERROR ||
845 		    hdr->nlmsg_type == NLMSG_NOOP ||
846 		    hdr->nlmsg_type == NLMSG_OVERRUN) {
847 			/* We can't check for !NLM_F_MULTI since some netlink
848 			 * users in the kernel are broken. */
849 			sk->s_seq_expect++;
850 			NL_DBG(3, "recvmsgs(%p): Increased expected " \
851 			       "sequence number to %d\n",
852 			       sk, sk->s_seq_expect);
853 		}
854 
855 		if (hdr->nlmsg_flags & NLM_F_MULTI)
856 			multipart = 1;
857 
858 		if (hdr->nlmsg_flags & NLM_F_DUMP_INTR) {
859 			if (cb->cb_set[NL_CB_DUMP_INTR])
860 				NL_CB_CALL(cb, NL_CB_DUMP_INTR, msg);
861 			else {
862 				/*
863 				 * We have to continue reading to clear
864 				 * all messages until a NLMSG_DONE is
865 				 * received and report the inconsistency.
866 				 */
867 				interrupted = 1;
868 			}
869 		}
870 
871 		/* Other side wishes to see an ack for this message */
872 		if (hdr->nlmsg_flags & NLM_F_ACK) {
873 			if (cb->cb_set[NL_CB_SEND_ACK])
874 				NL_CB_CALL(cb, NL_CB_SEND_ACK, msg);
875 			else {
876 				/* FIXME: implement */
877 			}
878 		}
879 
880 		/* messages terminates a multipart message, this is
881 		 * usually the end of a message and therefore we slip
882 		 * out of the loop by default. the user may overrule
883 		 * this action by skipping this packet. */
884 		if (hdr->nlmsg_type == NLMSG_DONE) {
885 			multipart = 0;
886 			if (cb->cb_set[NL_CB_FINISH])
887 				NL_CB_CALL(cb, NL_CB_FINISH, msg);
888 		}
889 
890 		/* Message to be ignored, the default action is to
891 		 * skip this message if no callback is specified. The
892 		 * user may overrule this action by returning
893 		 * NL_PROCEED. */
894 		else if (hdr->nlmsg_type == NLMSG_NOOP) {
895 			if (cb->cb_set[NL_CB_SKIPPED])
896 				NL_CB_CALL(cb, NL_CB_SKIPPED, msg);
897 			else
898 				goto skip;
899 		}
900 
901 		/* Data got lost, report back to user. The default action is to
902 		 * quit parsing. The user may overrule this action by retuning
903 		 * NL_SKIP or NL_PROCEED (dangerous) */
904 		else if (hdr->nlmsg_type == NLMSG_OVERRUN) {
905 			if (cb->cb_set[NL_CB_OVERRUN])
906 				NL_CB_CALL(cb, NL_CB_OVERRUN, msg);
907 			else {
908 				err = -NLE_MSG_OVERFLOW;
909 				goto out;
910 			}
911 		}
912 
913 		/* Message carries a nlmsgerr */
914 		else if (hdr->nlmsg_type == NLMSG_ERROR) {
915 			struct nlmsgerr *e = nlmsg_data(hdr);
916 
917 			if (hdr->nlmsg_len < nlmsg_size(sizeof(*e))) {
918 				/* Truncated error message, the default action
919 				 * is to stop parsing. The user may overrule
920 				 * this action by returning NL_SKIP or
921 				 * NL_PROCEED (dangerous) */
922 				if (cb->cb_set[NL_CB_INVALID])
923 					NL_CB_CALL(cb, NL_CB_INVALID, msg);
924 				else {
925 					err = -NLE_MSG_TRUNC;
926 					goto out;
927 				}
928 			} else if (e->error) {
929 				/* Error message reported back from kernel. */
930 				if (cb->cb_err) {
931 					err = cb->cb_err(&nla, e,
932 							   cb->cb_err_arg);
933 					if (err < 0)
934 						goto out;
935 					else if (err == NL_SKIP)
936 						goto skip;
937 					else if (err == NL_STOP) {
938 						err = -nl_syserr2nlerr(e->error);
939 						goto out;
940 					}
941 				} else {
942 					err = -nl_syserr2nlerr(e->error);
943 					goto out;
944 				}
945 			} else if (cb->cb_set[NL_CB_ACK])
946 				NL_CB_CALL(cb, NL_CB_ACK, msg);
947 		} else {
948 			/* Valid message (not checking for MULTIPART bit to
949 			 * get along with broken kernels. NL_SKIP has no
950 			 * effect on this.  */
951 			if (cb->cb_set[NL_CB_VALID])
952 				NL_CB_CALL(cb, NL_CB_VALID, msg);
953 		}
954 skip:
955 		err = 0;
956 		hdr = nlmsg_next(hdr, &n);
957 	}
958 
959 	nlmsg_free(msg);
960 	free(buf);
961 	free(creds);
962 	buf = NULL;
963 	msg = NULL;
964 	creds = NULL;
965 
966 	if (multipart) {
967 		/* Multipart message not yet complete, continue reading */
968 		goto continue_reading;
969 	}
970 stop:
971 	err = 0;
972 out:
973 	nlmsg_free(msg);
974 	free(buf);
975 	free(creds);
976 
977 	if (interrupted)
978 		err = -NLE_DUMP_INTR;
979 
980 	if (!err)
981 		err = nrecv;
982 
983 	return err;
984 }
985 
986 /**
987  * Receive a set of messages from a netlink socket and report parsed messages
988  * @arg sk		Netlink socket.
989  * @arg cb		set of callbacks to control behaviour.
990  *
991  * This function is identical to nl_recvmsgs() to the point that it will
992  * return the number of parsed messages instead of 0 on success.
993  *
994  * @see nl_recvmsgs()
995  *
996  * @return Number of received messages or a negative error code from nl_recv().
997  */
nl_recvmsgs_report(struct nl_sock * sk,struct nl_cb * cb)998 int nl_recvmsgs_report(struct nl_sock *sk, struct nl_cb *cb)
999 {
1000 	if (cb->cb_recvmsgs_ow)
1001 		return cb->cb_recvmsgs_ow(sk, cb);
1002 	else
1003 		return recvmsgs(sk, cb);
1004 }
1005 
1006 /**
1007  * Receive a set of messages from a netlink socket.
1008  * @arg sk		Netlink socket.
1009  * @arg cb		set of callbacks to control behaviour.
1010  *
1011  * Repeatedly calls nl_recv() or the respective replacement if provided
1012  * by the application (see nl_cb_overwrite_recv()) and parses the
1013  * received data as netlink messages. Stops reading if one of the
1014  * callbacks returns NL_STOP or nl_recv returns either 0 or a negative error code.
1015  *
1016  * A non-blocking sockets causes the function to return immediately if
1017  * no data is available.
1018  *
1019  * @see nl_recvmsgs_report()
1020  *
1021  * @return 0 on success or a negative error code from nl_recv().
1022  */
nl_recvmsgs(struct nl_sock * sk,struct nl_cb * cb)1023 int nl_recvmsgs(struct nl_sock *sk, struct nl_cb *cb)
1024 {
1025 	int err;
1026 
1027 	if ((err = nl_recvmsgs_report(sk, cb)) > 0)
1028 		err = 0;
1029 
1030 	return err;
1031 }
1032 
1033 /**
1034  * Receive a set of message from a netlink socket using handlers in nl_sock.
1035  * @arg sk		Netlink socket.
1036  *
1037  * Calls nl_recvmsgs() with the handlers configured in the netlink socket.
1038  */
nl_recvmsgs_default(struct nl_sock * sk)1039 int nl_recvmsgs_default(struct nl_sock *sk)
1040 {
1041 	return nl_recvmsgs(sk, sk->s_cb);
1042 
1043 }
1044 
ack_wait_handler(struct nl_msg * msg,void * arg)1045 static int ack_wait_handler(struct nl_msg *msg, void *arg)
1046 {
1047 	return NL_STOP;
1048 }
1049 
1050 /**
1051  * Wait for ACK.
1052  * @arg sk		Netlink socket.
1053  * @pre The netlink socket must be in blocking state.
1054  *
1055  * Waits until an ACK is received for the latest not yet acknowledged
1056  * netlink message.
1057  */
nl_wait_for_ack(struct nl_sock * sk)1058 int nl_wait_for_ack(struct nl_sock *sk)
1059 {
1060 	int err;
1061 	struct nl_cb *cb;
1062 
1063 	cb = nl_cb_clone(sk->s_cb);
1064 	if (cb == NULL)
1065 		return -NLE_NOMEM;
1066 
1067 	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, NULL);
1068 	err = nl_recvmsgs(sk, cb);
1069 	nl_cb_put(cb);
1070 
1071 	return err;
1072 }
1073 
1074 /** @cond SKIP */
1075 struct pickup_param
1076 {
1077 	int (*parser)(struct nl_cache_ops *, struct sockaddr_nl *,
1078 		      struct nlmsghdr *, struct nl_parser_param *);
1079 	struct nl_object *result;
1080 };
1081 
__store_answer(struct nl_object * obj,struct nl_parser_param * p)1082 static int __store_answer(struct nl_object *obj, struct nl_parser_param *p)
1083 {
1084 	struct pickup_param *pp = p->pp_arg;
1085 	/*
1086 	 * the parser will put() the object at the end, expecting the cache
1087 	 * to take the reference.
1088 	 */
1089 	nl_object_get(obj);
1090 	pp->result =  obj;
1091 
1092 	return 0;
1093 }
1094 
__pickup_answer(struct nl_msg * msg,void * arg)1095 static int __pickup_answer(struct nl_msg *msg, void *arg)
1096 {
1097 	struct pickup_param *pp = arg;
1098 	struct nl_parser_param parse_arg = {
1099 		.pp_cb = __store_answer,
1100 		.pp_arg = pp,
1101 	};
1102 
1103 	return pp->parser(NULL, &msg->nm_src, msg->nm_nlh, &parse_arg);
1104 }
1105 
1106 /** @endcond */
1107 
1108 /**
1109  * Pickup netlink answer, parse is and return object
1110  * @arg sk		Netlink socket
1111  * @arg parser		Parser function to parse answer
1112  * @arg result		Result pointer to return parsed object
1113  *
1114  * @return 0 on success or a negative error code.
1115  */
nl_pickup(struct nl_sock * sk,int (* parser)(struct nl_cache_ops *,struct sockaddr_nl *,struct nlmsghdr *,struct nl_parser_param *),struct nl_object ** result)1116 int nl_pickup(struct nl_sock *sk,
1117 	      int (*parser)(struct nl_cache_ops *, struct sockaddr_nl *,
1118 			    struct nlmsghdr *, struct nl_parser_param *),
1119 	      struct nl_object **result)
1120 {
1121 	struct nl_cb *cb;
1122 	int err;
1123 	struct pickup_param pp = {
1124 		.parser = parser,
1125 	};
1126 
1127 	cb = nl_cb_clone(sk->s_cb);
1128 	if (cb == NULL)
1129 		return -NLE_NOMEM;
1130 
1131 	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, __pickup_answer, &pp);
1132 
1133 	err = nl_recvmsgs(sk, cb);
1134 	if (err < 0)
1135 		goto errout;
1136 
1137 	*result = pp.result;
1138 errout:
1139 	nl_cb_put(cb);
1140 
1141 	return err;
1142 }
1143 
1144 /** @} */
1145 
1146 /**
1147  * @name Deprecated
1148  * @{
1149  */
1150 
1151 /**
1152  * @deprecated Please use nl_complete_msg()
1153  */
nl_auto_complete(struct nl_sock * sk,struct nl_msg * msg)1154 void nl_auto_complete(struct nl_sock *sk, struct nl_msg *msg)
1155 {
1156 	nl_complete_msg(sk, msg);
1157 }
1158 
1159 /**
1160  * @deprecated Please use nl_send_auto()
1161  */
nl_send_auto_complete(struct nl_sock * sk,struct nl_msg * msg)1162 int nl_send_auto_complete(struct nl_sock *sk, struct nl_msg *msg)
1163 {
1164 	return nl_send_auto(sk, msg);
1165 }
1166 
1167 
1168 /** @} */
1169 
1170 /** @} */
1171 
1172 /** @} */
1173