| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
The cmd(3) man page says about CMSG_DATA():
> The pointer returned cannot be assumed to be suitably aligned for
> accessing arbitrary payload data types. Applications should not cast
> it to a pointer type matching the payload, but should instead use
> memcpy(3) to copy data to or from a suitably declared object.
Hence, if we want to use unaligned data in cmsg, we need to copy it
before use. That's typically important for reading timestamps in
RISCV32, as the time_t is 64bit and size_t is 32bit on the system.
|
|
|
|
| |
Addresses https://github.com/systemd/systemd/pull/27254#discussion_r1165267046.
|
|
|
|
| |
Follow-up for b6256af75e0609e451198ed90c293efd50827ab3.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently CMSG_DATA() alignment is very much undefined. Which is quite
an ABI fuck-up, but we need to deal with this. CMSG_TYPED_DATA() already
checks alignment of the specified pointer. Let's also check matching
alignment of the underlying structures, which we already can do at
compile-time.
See: #27241
(This does not fix #27241, but should catch such errors already at
compile-time instead of runtime)
|
|
|
|
| |
Function didn't actually return anything useful. Quite a shame.
|
|
|
|
|
| |
We'll use it from libsystemd0 later, but AF_INET/6 requires some
netlink calls and thus the additional library dependency
|
| |
|
|
|
|
| |
See previous commit for justification.
|
|
|
|
|
|
|
|
|
| |
This is a short helper for connecting to AF_UNIX sockets in the file
system. It works around the 108ch limit of sockaddr_un, and supports
"at" style fds.
This doesn't come with a test of its own, but the next patch will add
that.
|
|
|
|
|
| |
Let's avoid ambigituies here. (Interesting that the current users
compiled at all, in fact)
|
| |
|
|
|
|
| |
in_addr_union
|
|
|
|
|
| |
i.e. let's make sure to invalid uid/gid to UID_INVAID + GID_INVALID
instead of zero.
|
| |
|
|
|
|
|
|
|
|
| |
It does the same stuff, let's use the same codepaths as much as we can.
And while we are at it, let's generate good error codes in case we are
called with unsupported parameters/let's validate stuff more that might
originate from user input.
|
| |
|
|
|
|
|
|
| |
additional 64bit timeval or timespec
Fixes #20482 and #20564.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In general we almost never hit those asserts in production code, so users see
them very rarely, if ever. But either way, we just need something that users
can pass to the developers.
We have quite a few of those asserts, and some have fairly nice messages, but
many are like "WTF?" or "???" or "unexpected something". The error that is
printed includes the file location, and function name. In almost all functions
there's at most one assert, so the function name alone is enough to identify
the failure for a developer. So we don't get much extra from the message, and
we might just as well drop them.
Dropping them makes our code a tiny bit smaller, and most importantly, improves
development experience by making it easy to insert such an assert in the code
without thinking how to phrase the argument.
|
|
|
|
| |
ifname_valid_char()
|
|
|
|
|
|
|
|
| |
[59/1551] Compiling C object src/basic/libbasic.a.p/socket-util.c.o
../src/basic/socket-util.c: In function ‘socket_get_mtu’:
../src/basic/socket-util.c:1393:16: warning: ‘mtu’ may be used uninitialized in this function [-Wmaybe-uninitialized]
1393 | *ret = (size_t) mtu;
| ^~~~~~~~~~~~
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
As suggested in https://github.com/systemd/systemd/pull/11484#issuecomment-775288617.
This does not touch anything exposed in src/systemd. Changing the defines there
would be a compatibility break.
Note that tests are broken after this commit. They will be fixed in the next one.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This extracts the IP address (as union in_addr_union) from a socket
address (i.e. a struct sockaddr).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A variety of sockopts exist both for IPv4 and IPv6 but require a
different pair of sockopt level/option number. Let's add helpers for
these that internally determine the right sockopt to call.
This should shorten code that generically wants to support both ipv4 +
ipv6 and for the first time adds correct support for some cases where we
only called the ipv4 versions, and not the ipv6 options.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The helper turns on the protocol specific "packet info" structure cmsg
for three relevant protocols we know.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We always need to make them unions with a "struct cmsghdr" in them, so
that things properly aligned. Otherwise we might end up at an unaligned
address and the counting goes all wrong, possibly making the kernel
refuse our buffers.
Also, let's make sure we initialize the control buffers to zero when
sending, but leave them uninitialized when reading.
Both the alignment and the initialization thing is mentioned in the
cmsg(3) man page.
|
|
|
|
|
|
|
| |
around cmsg_find()
let's take this once step further, and add type-safety to cmsg_find(),
and imply the CMSG_DATA() macro for finding the cmsg payload.
|
| |
|
|
|
|
|
|
|
|
|
| |
In subsequent commits, calls to if_nametoindex() will be replaced by a wrapper
that falls back to alternative name resolution over netlink. netlink support
requires libsystemd (for sd-netlink), and we don't want to add any functions
that require netlink in basic/. So stuff that calls if_nametoindex() for user
supplied interface names, and everything that depends on that, needs to be
moved.
|
| |
|
| |
|
|
|
|
|
| |
Fix the following compile error:
src/basic/socket-util.h:187:30: error: implicit declaration of function 'strnlen'; did you mean 'strlen'? [-Werror=implicit-function-declaration]
|
|
|
|
|
|
|
|
|
|
|
| |
socket_bind_to_ifindex() uses the the SO_BINDTOIFINDEX sockopt of kernel
5.0, with a fallback to SO_BINDTODEVICE on older kernels.
socket_bind_to_ifname() is a trivial wrapper around SO_BINDTODEVICE, the
only benefit of using it instead of SO_BINDTODEVICE directly is that it
determines the size of the interface name properly so that it also works
for unbinding. Moreover, it's an attempt to unify our invocations of the
sockopt with a size of strlen(ifname) rather than strlen(ifname)+1...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are pretty careful to reject abstract sockets that are too long to fit in
the address structure as a NUL-terminated string. And since we parse sockets as
strings, it is not possible to embed a NUL in the the address either. But we
might receive an external socket (abstract or not), and we want to be able to
print its address in all cases. We would call socket_address_verify() and
refuse to print various sockets that the kernel considers legit.
Let's do the strict verification only in case of socket addresses we parse and
open ourselves, and do less strict verification when printing addresses of
existing sockets, and use c-escaping to print embedded NULs and such.
More tests are added.
This should make LGTM happier because on FIXME comment is removed.
|
|
|
|
|
|
| |
As suggested by @heftig:
https://github.com/systemd/systemd/commit/6d5e65f6454212cd400d0ebda34978a9f20cc26a#commitcomment-30938667
|
|
|
|
| |
This is what unix(7) recommends, hence do so.
|
|
|
|
|
|
| |
Properly initializing sun_path from foreign data is not easy, given the
size constraints, and NUL confusion. Let's add a helper function for
this.
|
|
|
|
|
|
|
|
|
| |
The helper is supposed to properly handle cases where .sun_path does not
contain a NUL byte, and thus copies out the path suffix a NUL as
necessary.
This also reworks the more specific socket_address_unlink() to be a
wrapper around the more generic sockaddr_un_unlink()
|
|
|
|
|
|
|
|
|
|
| |
These take a struct iovec to send data together with the passed FD.
The receive function returns the FD through an output argument. In case data is
received, but no FD is passed, the receive function will set the output
argument to -1 explicitly.
Update code in dynamic-user to use the new helpers.
|
|
|
|
|
|
|
|
|
|
|
| |
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
|