github.com/nicocha30/gvisor-ligolo@v0.0.0-20230726075806-989fa2c0a413/pkg/sentry/socket/netlink/provider.go

github.com/nicocha30/gvisor-ligolo@v0.0.0-20230726075806-989fa2c0a413/pkg/sentry/socket/netlink/provider.go (about)

     1  // Copyright 2018 The gVisor Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package netlink
    16  
    17  import (
    18  	"fmt"
    19  
    20  	"github.com/nicocha30/gvisor-ligolo/pkg/abi/linux"
    21  	"github.com/nicocha30/gvisor-ligolo/pkg/context"
    22  	"github.com/nicocha30/gvisor-ligolo/pkg/sentry/fsimpl/sockfs"
    23  	"github.com/nicocha30/gvisor-ligolo/pkg/sentry/kernel"
    24  	"github.com/nicocha30/gvisor-ligolo/pkg/sentry/socket"
    25  	"github.com/nicocha30/gvisor-ligolo/pkg/sentry/vfs"
    26  	"github.com/nicocha30/gvisor-ligolo/pkg/syserr"
    27  )
    28  
    29  // Protocol is the implementation of a netlink socket protocol.
    30  type Protocol interface {
    31  	// Protocol returns the Linux netlink protocol value.
    32  	Protocol() int
    33  
    34  	// CanSend returns true if this protocol may ever send messages.
    35  	//
    36  	// TODO(gvisor.dev/issue/1119): This is a workaround to allow
    37  	// advertising support for otherwise unimplemented features on sockets
    38  	// that will never send messages, thus making those features no-ops.
    39  	CanSend() bool
    40  
    41  	// ProcessMessage processes a single message from userspace.
    42  	//
    43  	// If err == nil, any messages added to ms will be sent back to the
    44  	// other end of the socket. Setting ms.Multi will cause an NLMSG_DONE
    45  	// message to be sent even if ms contains no messages.
    46  	ProcessMessage(ctx context.Context, msg *Message, ms *MessageSet) *syserr.Error
    47  }
    48  
    49  // Provider is a function that creates a new Protocol for a specific netlink
    50  // protocol.
    51  //
    52  // Note that this is distinct from socket.Provider, which is used for all
    53  // socket families.
    54  type Provider func(t *kernel.Task) (Protocol, *syserr.Error)
    55  
    56  // protocols holds a map of all known address protocols and their provider.
    57  var protocols = make(map[int]Provider)
    58  
    59  // RegisterProvider registers the provider of a given address protocol so that
    60  // netlink sockets of that type can be created via socket(2).
    61  //
    62  // Preconditions: May only be called before any netlink sockets are created.
    63  func RegisterProvider(protocol int, provider Provider) {
    64  	if p, ok := protocols[protocol]; ok {
    65  		panic(fmt.Sprintf("Netlink protocol %d already provided by %+v", protocol, p))
    66  	}
    67  
    68  	protocols[protocol] = provider
    69  }
    70  
    71  // socketProvider implements socket.Provider.
    72  type socketProvider struct {
    73  }
    74  
    75  // Socket implements socket.Provider.Socket.
    76  func (*socketProvider) Socket(t *kernel.Task, stype linux.SockType, protocol int) (*vfs.FileDescription, *syserr.Error) {
    77  	// Netlink sockets must be specified as datagram or raw, but they
    78  	// behave the same regardless of type.
    79  	if stype != linux.SOCK_DGRAM && stype != linux.SOCK_RAW {
    80  		return nil, syserr.ErrSocketNotSupported
    81  	}
    82  
    83  	provider, ok := protocols[protocol]
    84  	if !ok {
    85  		return nil, syserr.ErrProtocolNotSupported
    86  	}
    87  
    88  	p, err := provider(t)
    89  	if err != nil {
    90  		return nil, err
    91  	}
    92  
    93  	s, err := New(t, stype, p)
    94  	if err != nil {
    95  		return nil, err
    96  	}
    97  
    98  	vfsfd := &s.vfsfd
    99  	mnt := t.Kernel().SocketMount()
   100  	d := sockfs.NewDentry(t, mnt)
   101  	defer d.DecRef(t)
   102  	if err := vfsfd.Init(s, linux.O_RDWR, mnt, d, &vfs.FileDescriptionOptions{
   103  		DenyPRead:         true,
   104  		DenyPWrite:        true,
   105  		UseDentryMetadata: true,
   106  	}); err != nil {
   107  		return nil, syserr.FromError(err)
   108  	}
   109  	return vfsfd, nil
   110  }
   111  
   112  // Pair implements socket.Provider.Pair by returning an error.
   113  func (*socketProvider) Pair(*kernel.Task, linux.SockType, int) (*vfs.FileDescription, *vfs.FileDescription, *syserr.Error) {
   114  	// Netlink sockets never supports creating socket pairs.
   115  	return nil, nil, syserr.ErrNotSupported
   116  }
   117  
   118  // init registers the socket provider.
   119  func init() {
   120  	socket.RegisterProvider(linux.AF_NETLINK, &socketProvider{})
   121  }