#include <limits.h>
#include <stdarg.h>
+#include "ss_util.h"
#include "utils.h"
#include "rt_names.h"
#include "ll_map.h"
#include "cg_map.h"
#include <linux/tcp.h>
-#include <linux/sock_diag.h>
-#include <linux/inet_diag.h>
#include <linux/unix_diag.h>
#include <linux/netdevice.h> /* for MAX_ADDR_LEN */
#include <linux/filter.h>
#define AF_VSOCK PF_VSOCK
#endif
-#define MAGIC_SEQ 123456
#define BUF_CHUNK (1024 * 1024) /* Buffer chunk allocation size */
#define BUF_CHUNKS_MAX 5 /* Maximum number of allocated buffer chunks */
#define LEN_ALIGN(x) (((x) + 1) & ~1)
-#define DIAG_REQUEST(_req, _r) \
- struct { \
- struct nlmsghdr nlh; \
- _r; \
- } _req = { \
- .nlh = { \
- .nlmsg_type = SOCK_DIAG_BY_FAMILY, \
- .nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST,\
- .nlmsg_seq = MAGIC_SEQ, \
- .nlmsg_len = sizeof(_req), \
- }, \
- }
-
#if HAVE_SELINUX
#include <selinux/selinux.h>
#else
--- /dev/null
+#ifndef __SS_UTIL_H__
+#define __SS_UTIL_H__
+
+#include <linux/sock_diag.h>
+#include <linux/inet_diag.h>
+
+#define MAGIC_SEQ 123456
+
+#define DIAG_REQUEST(_req, _r) \
+ struct { \
+ struct nlmsghdr nlh; \
+ _r; \
+ } _req = { \
+ .nlh = { \
+ .nlmsg_type = SOCK_DIAG_BY_FAMILY, \
+ .nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST,\
+ .nlmsg_seq = MAGIC_SEQ, \
+ .nlmsg_len = sizeof(_req), \
+ }, \
+ }
+
+#endif /* __SS_UTIL_H__ */
--- /dev/null
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "libnetlink.h"
+#include "ssfilter.h"
+#include "ss_util.h"
+
+static int dummy_filter(struct nlmsghdr *n, void *arg)
+{
+ /* just stops rtnl_dump_filter() */
+ return -1;
+}
+
+static bool cgroup_filter_check(void)
+{
+ struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
+ DIAG_REQUEST(req, struct inet_diag_req_v2 r);
+ struct instr {
+ struct inet_diag_bc_op op;
+ __u64 cgroup_id;
+ } __attribute__((packed));
+ int inslen = sizeof(struct instr);
+ struct instr instr = {
+ { INET_DIAG_BC_CGROUP_COND, inslen, inslen + 4 },
+ 0
+ };
+ struct rtnl_handle rth;
+ struct iovec iov[3];
+ struct msghdr msg;
+ struct rtattr rta;
+ int ret = false;
+ int iovlen = 3;
+
+ if (rtnl_open_byproto(&rth, 0, NETLINK_SOCK_DIAG))
+ return false;
+ rth.dump = MAGIC_SEQ;
+ rth.flags = RTNL_HANDLE_F_SUPPRESS_NLERR;
+
+ memset(&req.r, 0, sizeof(req.r));
+ req.r.sdiag_family = AF_INET;
+ req.r.sdiag_protocol = IPPROTO_TCP;
+ req.nlh.nlmsg_len += RTA_LENGTH(inslen);
+
+ rta.rta_type = INET_DIAG_REQ_BYTECODE;
+ rta.rta_len = RTA_LENGTH(inslen);
+
+ iov[0] = (struct iovec) { &req, sizeof(req) };
+ iov[1] = (struct iovec) { &rta, sizeof(rta) };
+ iov[2] = (struct iovec) { &instr, inslen };
+
+ msg = (struct msghdr) {
+ .msg_name = (void *)&nladdr,
+ .msg_namelen = sizeof(nladdr),
+ .msg_iov = iov,
+ .msg_iovlen = iovlen,
+ };
+
+ if (sendmsg(rth.fd, &msg, 0) < 0)
+ goto out;
+
+ if (rtnl_dump_filter(&rth, dummy_filter, NULL) < 0) {
+ ret = (errno != EINVAL);
+ goto out;
+ }
+
+ ret = true;
+
+out:
+ rtnl_close(&rth);
+
+ return ret;
+}
+
+
+struct filter_check_t {
+ bool (*check)(void);
+ int checked:1,
+ supported:1;
+};
+
+static struct filter_check_t filter_checks[SSF__MAX] = {
+ [SSF_CGROUPCOND] = { cgroup_filter_check, 0 },
+};
+
+bool ssfilter_is_supported(int type)
+{
+ struct filter_check_t f;
+
+ if (type >= SSF__MAX)
+ return false;
+
+ f = filter_checks[type];
+ if (!f.check)
+ return true;
+
+ if (!f.checked) {
+ f.supported = f.check();
+ f.checked = 1;
+ }
+
+ return f.supported;
+}