1*8542734aSAndroid Build Coastguard Worker /* 2*8542734aSAndroid Build Coastguard Worker * Copyright (C) 2016 The Android Open Source Project 3*8542734aSAndroid Build Coastguard Worker * 4*8542734aSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*8542734aSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*8542734aSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*8542734aSAndroid Build Coastguard Worker * 8*8542734aSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*8542734aSAndroid Build Coastguard Worker * 10*8542734aSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*8542734aSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*8542734aSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*8542734aSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*8542734aSAndroid Build Coastguard Worker * limitations under the License. 15*8542734aSAndroid Build Coastguard Worker */ 16*8542734aSAndroid Build Coastguard Worker 17*8542734aSAndroid Build Coastguard Worker #ifndef _SOCK_DIAG_H 18*8542734aSAndroid Build Coastguard Worker #define _SOCK_DIAG_H 19*8542734aSAndroid Build Coastguard Worker 20*8542734aSAndroid Build Coastguard Worker #include <unistd.h> 21*8542734aSAndroid Build Coastguard Worker #include <sys/socket.h> 22*8542734aSAndroid Build Coastguard Worker 23*8542734aSAndroid Build Coastguard Worker #include <linux/netlink.h> 24*8542734aSAndroid Build Coastguard Worker #include <linux/sock_diag.h> 25*8542734aSAndroid Build Coastguard Worker #include <linux/inet_diag.h> 26*8542734aSAndroid Build Coastguard Worker 27*8542734aSAndroid Build Coastguard Worker #include <functional> 28*8542734aSAndroid Build Coastguard Worker #include <set> 29*8542734aSAndroid Build Coastguard Worker 30*8542734aSAndroid Build Coastguard Worker #include "Fwmark.h" 31*8542734aSAndroid Build Coastguard Worker #include "NetlinkCommands.h" 32*8542734aSAndroid Build Coastguard Worker #include "Permission.h" 33*8542734aSAndroid Build Coastguard Worker #include "UidRanges.h" 34*8542734aSAndroid Build Coastguard Worker 35*8542734aSAndroid Build Coastguard Worker struct inet_diag_msg; 36*8542734aSAndroid Build Coastguard Worker struct tcp_info; 37*8542734aSAndroid Build Coastguard Worker 38*8542734aSAndroid Build Coastguard Worker namespace android { 39*8542734aSAndroid Build Coastguard Worker namespace net { 40*8542734aSAndroid Build Coastguard Worker 41*8542734aSAndroid Build Coastguard Worker class SockDiag { 42*8542734aSAndroid Build Coastguard Worker 43*8542734aSAndroid Build Coastguard Worker public: 44*8542734aSAndroid Build Coastguard Worker static const int kBufferSize = 4096; 45*8542734aSAndroid Build Coastguard Worker 46*8542734aSAndroid Build Coastguard Worker // Callback function that is called once for every socket in the sockDestroy dump. 47*8542734aSAndroid Build Coastguard Worker // A return value of true means destroy the socket. 48*8542734aSAndroid Build Coastguard Worker typedef std::function<bool(uint8_t proto, const inet_diag_msg *)> DestroyFilter; 49*8542734aSAndroid Build Coastguard Worker 50*8542734aSAndroid Build Coastguard Worker // Callback function that is called once for every socket in the sockInfo dump. 51*8542734aSAndroid Build Coastguard Worker // 'tcp_info_length' is the length in bytes of the INET_DIAG_INFO attribute read from Netlink. 52*8542734aSAndroid Build Coastguard Worker // Knowing this length is necessary for handling struct tcp_info serialized from different 53*8542734aSAndroid Build Coastguard Worker // kernel versions. 54*8542734aSAndroid Build Coastguard Worker typedef std::function<void(Fwmark mark, const struct inet_diag_msg *, const struct tcp_info *, 55*8542734aSAndroid Build Coastguard Worker uint32_t tcp_info_length)> TcpInfoReader; 56*8542734aSAndroid Build Coastguard Worker 57*8542734aSAndroid Build Coastguard Worker struct DestroyRequest { 58*8542734aSAndroid Build Coastguard Worker nlmsghdr nlh; 59*8542734aSAndroid Build Coastguard Worker inet_diag_req_v2 req; 60*8542734aSAndroid Build Coastguard Worker } __attribute__((__packed__)); 61*8542734aSAndroid Build Coastguard Worker SockDiag()62*8542734aSAndroid Build Coastguard Worker SockDiag() : mSock(-1), mWriteSock(-1), mSocketsDestroyed(0) {} 63*8542734aSAndroid Build Coastguard Worker bool open(); ~SockDiag()64*8542734aSAndroid Build Coastguard Worker virtual ~SockDiag() { closeSocks(); } 65*8542734aSAndroid Build Coastguard Worker 66*8542734aSAndroid Build Coastguard Worker int sendDumpRequest(uint8_t proto, uint8_t family, uint32_t states); 67*8542734aSAndroid Build Coastguard Worker int sendDumpRequest(uint8_t proto, uint8_t family, const char *addrstr); 68*8542734aSAndroid Build Coastguard Worker int readDiagMsg(uint8_t proto, const DestroyFilter& callback); 69*8542734aSAndroid Build Coastguard Worker int readDiagMsgWithTcpInfo(const TcpInfoReader& callback); 70*8542734aSAndroid Build Coastguard Worker 71*8542734aSAndroid Build Coastguard Worker int sockDestroy(uint8_t proto, const inet_diag_msg *); 72*8542734aSAndroid Build Coastguard Worker // Destroys all sockets on the given IPv4 or IPv6 address. 73*8542734aSAndroid Build Coastguard Worker int destroySockets(const char* addrstr, int ifindex); 74*8542734aSAndroid Build Coastguard Worker // Destroys all sockets for the given protocol and UID. 75*8542734aSAndroid Build Coastguard Worker int destroySockets(uint8_t proto, uid_t uid, bool excludeLoopback); 76*8542734aSAndroid Build Coastguard Worker // Destroys all "live" (CONNECTED, SYN_SENT, SYN_RECV) TCP sockets for the given UID ranges. 77*8542734aSAndroid Build Coastguard Worker int destroySockets(const UidRanges& uidRanges, const std::set<uid_t>& skipUids, 78*8542734aSAndroid Build Coastguard Worker bool excludeLoopback); 79*8542734aSAndroid Build Coastguard Worker // Destroys all "live" (CONNECTED, SYN_SENT, SYN_RECV) TCP sockets that no longer have 80*8542734aSAndroid Build Coastguard Worker // the permissions required by the specified network. 81*8542734aSAndroid Build Coastguard Worker int destroySocketsLackingPermission(unsigned netId, Permission permission, 82*8542734aSAndroid Build Coastguard Worker bool excludeLoopback); 83*8542734aSAndroid Build Coastguard Worker 84*8542734aSAndroid Build Coastguard Worker // Dump struct tcp_info for all "live" (CONNECTED, SYN_SENT, SYN_RECV) TCP sockets. 85*8542734aSAndroid Build Coastguard Worker int getLiveTcpInfos(const TcpInfoReader& sockInfoReader); 86*8542734aSAndroid Build Coastguard Worker 87*8542734aSAndroid Build Coastguard Worker private: 88*8542734aSAndroid Build Coastguard Worker friend class SockDiagTest; 89*8542734aSAndroid Build Coastguard Worker int mSock; 90*8542734aSAndroid Build Coastguard Worker int mWriteSock; 91*8542734aSAndroid Build Coastguard Worker int mSocketsDestroyed; 92*8542734aSAndroid Build Coastguard Worker int sendDumpRequest(uint8_t proto, uint8_t family, uint8_t extensions, uint32_t states, 93*8542734aSAndroid Build Coastguard Worker iovec *iov, int iovcnt); 94*8542734aSAndroid Build Coastguard Worker int destroySockets(uint8_t proto, int family, const char* addrstr, int ifindex); 95*8542734aSAndroid Build Coastguard Worker int destroyLiveSockets(const DestroyFilter& destroy, const char *what, iovec *iov, int iovcnt); hasSocks()96*8542734aSAndroid Build Coastguard Worker bool hasSocks() { return mSock != -1 && mWriteSock != -1; } closeSocks()97*8542734aSAndroid Build Coastguard Worker void closeSocks() { close(mSock); close(mWriteSock); mSock = mWriteSock = -1; } 98*8542734aSAndroid Build Coastguard Worker static bool isLoopbackSocket(const inet_diag_msg *msg); 99*8542734aSAndroid Build Coastguard Worker }; 100*8542734aSAndroid Build Coastguard Worker 101*8542734aSAndroid Build Coastguard Worker } // namespace net 102*8542734aSAndroid Build Coastguard Worker } // namespace android 103*8542734aSAndroid Build Coastguard Worker 104*8542734aSAndroid Build Coastguard Worker #endif // _SOCK_DIAG_H 105