SockDiag.h revision 0b733e4407db9d198b75743727c5827daa65490e
1/* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#ifndef _SOCK_DIAG_H 18#define _SOCK_DIAG_H 19 20#include <unistd.h> 21#include <sys/socket.h> 22 23#include <linux/netlink.h> 24#include <linux/sock_diag.h> 25#include <linux/inet_diag.h> 26 27#include <functional> 28#include <set> 29 30#include "NetlinkCommands.h" 31#include "Permission.h" 32#include "UidRanges.h" 33 34struct inet_diag_msg; 35class SockDiagTest; 36 37namespace android { 38namespace net { 39 40class SockDiag { 41 42 public: 43 static const int kBufferSize = 4096; 44 45 // Callback function that is called once for every socket in the dump. A return value of true 46 // means destroy the socket. 47 typedef std::function<bool(uint8_t proto, const inet_diag_msg *)> DestroyFilter; 48 49 struct DestroyRequest { 50 nlmsghdr nlh; 51 inet_diag_req_v2 req; 52 } __attribute__((__packed__)); 53 54 SockDiag() : mSock(-1), mWriteSock(-1), mSocketsDestroyed(0) {} 55 bool open(); 56 virtual ~SockDiag() { closeSocks(); } 57 58 int sendDumpRequest(uint8_t proto, uint8_t family, uint32_t states); 59 int sendDumpRequest(uint8_t proto, uint8_t family, const char *addrstr); 60 int readDiagMsg(uint8_t proto, const DestroyFilter& callback); 61 62 int sockDestroy(uint8_t proto, const inet_diag_msg *); 63 // Destroys all sockets on the given IPv4 or IPv6 address. 64 int destroySockets(const char *addrstr); 65 // Destroys all sockets for the given protocol and UID. 66 int destroySockets(uint8_t proto, uid_t uid, bool excludeLoopback); 67 // Destroys all "live" (CONNECTED, SYN_SENT, SYN_RECV) TCP sockets for the given UID ranges. 68 int destroySockets(const UidRanges& uidRanges, const std::set<uid_t>& skipUids, 69 bool excludeLoopback); 70 // Destroys all "live" (CONNECTED, SYN_SENT, SYN_RECV) TCP sockets that no longer have 71 // the permissions required by the specified network. 72 int destroySocketsLackingPermission(unsigned netId, Permission permission, 73 bool excludeLoopback); 74 75 private: 76 friend class SockDiagTest; 77 int mSock; 78 int mWriteSock; 79 int mSocketsDestroyed; 80 int sendDumpRequest(uint8_t proto, uint8_t family, uint32_t states, iovec *iov, int iovcnt); 81 int destroySockets(uint8_t proto, int family, const char *addrstr); 82 int destroyLiveSockets(DestroyFilter destroy, const char *what, iovec *iov, int iovcnt); 83 bool hasSocks() { return mSock != -1 && mWriteSock != -1; } 84 void closeSocks() { close(mSock); close(mWriteSock); mSock = mWriteSock = -1; } 85 static bool isLoopbackSocket(const inet_diag_msg *msg); 86}; 87 88} // namespace net 89} // namespace android 90 91#endif // _SOCK_DIAG_H 92