SockDiag.h revision 0b733e4407db9d198b75743727c5827daa65490e 
1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef _SOCK_DIAG_H
18#define _SOCK_DIAG_H
19
20#include <unistd.h>
21#include <sys/socket.h>
22
23#include <linux/netlink.h>
24#include <linux/sock_diag.h>
25#include <linux/inet_diag.h>
26
27#include <functional>
28#include <set>
29
30#include "NetlinkCommands.h"
31#include "Permission.h"
32#include "UidRanges.h"
33
34struct inet_diag_msg;
35class SockDiagTest;
36
37namespace android {
38namespace net {
39
40class SockDiag {
41
42  public:
43    static const int kBufferSize = 4096;
44
45    // Callback function that is called once for every socket in the dump. A return value of true
46    // means destroy the socket.
47    typedef std::function<bool(uint8_t proto, const inet_diag_msg *)> DestroyFilter;
48
49    struct DestroyRequest {
50        nlmsghdr nlh;
51        inet_diag_req_v2 req;
52    } __attribute__((__packed__));
53
54    SockDiag() : mSock(-1), mWriteSock(-1), mSocketsDestroyed(0) {}
55    bool open();
56    virtual ~SockDiag() { closeSocks(); }
57
58    int sendDumpRequest(uint8_t proto, uint8_t family, uint32_t states);
59    int sendDumpRequest(uint8_t proto, uint8_t family, const char *addrstr);
60    int readDiagMsg(uint8_t proto, const DestroyFilter& callback);
61
62    int sockDestroy(uint8_t proto, const inet_diag_msg *);
63    // Destroys all sockets on the given IPv4 or IPv6 address.
64    int destroySockets(const char *addrstr);
65    // Destroys all sockets for the given protocol and UID.
66    int destroySockets(uint8_t proto, uid_t uid, bool excludeLoopback);
67    // Destroys all "live" (CONNECTED, SYN_SENT, SYN_RECV) TCP sockets for the given UID ranges.
68    int destroySockets(const UidRanges& uidRanges, const std::set<uid_t>& skipUids,
69                       bool excludeLoopback);
70    // Destroys all "live" (CONNECTED, SYN_SENT, SYN_RECV) TCP sockets that no longer have
71    // the permissions required by the specified network.
72    int destroySocketsLackingPermission(unsigned netId, Permission permission,
73                                        bool excludeLoopback);
74
75  private:
76    friend class SockDiagTest;
77    int mSock;
78    int mWriteSock;
79    int mSocketsDestroyed;
80    int sendDumpRequest(uint8_t proto, uint8_t family, uint32_t states, iovec *iov, int iovcnt);
81    int destroySockets(uint8_t proto, int family, const char *addrstr);
82    int destroyLiveSockets(DestroyFilter destroy, const char *what, iovec *iov, int iovcnt);
83    bool hasSocks() { return mSock != -1 && mWriteSock != -1; }
84    void closeSocks() { close(mSock); close(mWriteSock); mSock = mWriteSock = -1; }
85    static bool isLoopbackSocket(const inet_diag_msg *msg);
86};
87
88}  // namespace net
89}  // namespace android
90
91#endif  // _SOCK_DIAG_H
92