diff options
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/common.h | 115 | ||||
-rw-r--r-- | src/include/libnetlink.h | 163 | ||||
-rw-r--r-- | src/include/pid.h | 58 |
3 files changed, 336 insertions, 0 deletions
diff --git a/src/include/common.h b/src/include/common.h new file mode 100644 index 000000000..7ce1e9290 --- /dev/null +++ b/src/include/common.h | |||
@@ -0,0 +1,115 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com) | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | |||
21 | #ifndef COMMON_H | ||
22 | #define COMMON_H | ||
23 | #define _GNU_SOURCE | ||
24 | #include <stdio.h> | ||
25 | #include <sys/types.h> | ||
26 | #include <unistd.h> | ||
27 | #include <stdlib.h> | ||
28 | #include <stdint.h> | ||
29 | #include <stddef.h> | ||
30 | #include <string.h> | ||
31 | #include <ctype.h> | ||
32 | #include <assert.h> | ||
33 | |||
34 | #define errExit(msg) do { char msgout[500]; sprintf(msgout, "Error %s:%s(%d)", msg, __FUNCTION__, __LINE__); perror(msgout); exit(1);} while (0) | ||
35 | |||
36 | // macro to print ip addresses in a printf statement | ||
37 | #define PRINT_IP(A) \ | ||
38 | ((int) (((A) >> 24) & 0xFF)), ((int) (((A) >> 16) & 0xFF)), ((int) (((A) >> 8) & 0xFF)), ((int) ( (A) & 0xFF)) | ||
39 | |||
40 | // macro to print a mac addresses in a printf statement | ||
41 | #define PRINT_MAC(A) \ | ||
42 | ((unsigned) (*(A)) & 0xff), ((unsigned) (*((A) + 1) & 0xff)), ((unsigned) (*((A) + 2) & 0xff)), \ | ||
43 | ((unsigned) (*((A) + 3)) & 0xff), ((unsigned) (*((A) + 4) & 0xff)), ((unsigned) (*((A) + 5)) & 0xff) | ||
44 | |||
45 | // the number of bits in a network mask | ||
46 | static inline uint8_t mask2bits(uint32_t mask) { | ||
47 | uint32_t tmp = 0x80000000; | ||
48 | int i; | ||
49 | uint8_t rv = 0; | ||
50 | |||
51 | for (i = 0; i < 32; i++, tmp >>= 1) { | ||
52 | if (tmp & mask) | ||
53 | rv++; | ||
54 | else | ||
55 | break; | ||
56 | } | ||
57 | return rv; | ||
58 | } | ||
59 | |||
60 | // read an IPv4 address and convert it to uint32_t | ||
61 | static inline int atoip(const char *str, uint32_t *ip) { | ||
62 | unsigned a, b, c, d; | ||
63 | |||
64 | if (sscanf(str, "%u.%u.%u.%u", &a, &b, &c, &d) != 4 || a > 255 || b > 255 || c > 255 || d > 255) | ||
65 | return 1; | ||
66 | |||
67 | *ip = a * 0x1000000 + b * 0x10000 + c * 0x100 + d; | ||
68 | return 0; | ||
69 | } | ||
70 | |||
71 | // verify an ip address is in the network range given by ifip and mask | ||
72 | static inline char *in_netrange(uint32_t ip, uint32_t ifip, uint32_t ifmask) { | ||
73 | if ((ip & ifmask) != (ifip & ifmask)) | ||
74 | return "Error: the IP address is not in the interface range\n"; | ||
75 | else if ((ip & ifmask) == ip) | ||
76 | return "Error: the IP address is a network address\n"; | ||
77 | else if ((ip | ~ifmask) == ip) | ||
78 | return "Error: the IP address is a network address\n"; | ||
79 | return NULL; | ||
80 | } | ||
81 | |||
82 | // read a mac address | ||
83 | static inline int atomac(char *str, unsigned char macAddr[6]) { | ||
84 | unsigned mac[6]; | ||
85 | |||
86 | if (sscanf(str, "%2x:%2x:%2x:%2x:%2x:%2x", &mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]) != 6) | ||
87 | return 1; | ||
88 | |||
89 | int i; | ||
90 | for (i = 0; i < 6; i++) { | ||
91 | if (mac[i] > 0xff) | ||
92 | return 1; | ||
93 | |||
94 | macAddr[i] = (unsigned char) mac[i]; | ||
95 | } | ||
96 | |||
97 | return 0; | ||
98 | } | ||
99 | |||
100 | // check a mac address is configured | ||
101 | static inline int mac_not_zero(const unsigned char mac[6]) { | ||
102 | int i; | ||
103 | for (i = 0; i < 6; i++) { | ||
104 | if (mac[i] != 0) | ||
105 | return 1; | ||
106 | } | ||
107 | |||
108 | return 0; | ||
109 | } | ||
110 | |||
111 | int join_namespace(pid_t pid, char *type); | ||
112 | int name2pid(const char *name, pid_t *pid); | ||
113 | char *pid_proc_comm(const pid_t pid); | ||
114 | char *pid_proc_cmdline(const pid_t pid); | ||
115 | #endif | ||
diff --git a/src/include/libnetlink.h b/src/include/libnetlink.h new file mode 100644 index 000000000..e9cd6b186 --- /dev/null +++ b/src/include/libnetlink.h | |||
@@ -0,0 +1,163 @@ | |||
1 | /* file extracted from iproute2 software package | ||
2 | * | ||
3 | * Original source code: | ||
4 | * | ||
5 | * Information: | ||
6 | * http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 | ||
7 | * | ||
8 | * Download: | ||
9 | * http://www.kernel.org/pub/linux/utils/net/iproute2/ | ||
10 | * | ||
11 | * Repository: | ||
12 | * git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git | ||
13 | * | ||
14 | * License: GPL v2 | ||
15 | */ | ||
16 | |||
17 | |||
18 | #ifndef __LIBNETLINK_H__ | ||
19 | #define __LIBNETLINK_H__ 1 | ||
20 | |||
21 | #define _GNU_SOURCE | ||
22 | #include <stdio.h> | ||
23 | #include <stdlib.h> | ||
24 | #include <stdint.h> | ||
25 | #include <string.h> | ||
26 | #include <asm/types.h> | ||
27 | #include <linux/netlink.h> | ||
28 | #include <linux/rtnetlink.h> | ||
29 | #include <linux/if_link.h> | ||
30 | #include <linux/if_addr.h> | ||
31 | #include <linux/neighbour.h> | ||
32 | |||
33 | struct rtnl_handle | ||
34 | { | ||
35 | int fd; | ||
36 | struct sockaddr_nl local; | ||
37 | struct sockaddr_nl peer; | ||
38 | __u32 seq; | ||
39 | __u32 dump; | ||
40 | }; | ||
41 | |||
42 | extern int rcvbuf; | ||
43 | |||
44 | extern int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions); | ||
45 | extern int rtnl_open_byproto(struct rtnl_handle *rth, unsigned subscriptions, int protocol); | ||
46 | extern void rtnl_close(struct rtnl_handle *rth); | ||
47 | extern int rtnl_wilddump_request(struct rtnl_handle *rth, int fam, int type); | ||
48 | extern int rtnl_wilddump_req_filter(struct rtnl_handle *rth, int fam, int type, | ||
49 | __u32 filt_mask); | ||
50 | extern int rtnl_dump_request(struct rtnl_handle *rth, int type, void *req, int len); | ||
51 | |||
52 | typedef int (*rtnl_filter_t)(const struct sockaddr_nl *, | ||
53 | struct nlmsghdr *n, void *); | ||
54 | |||
55 | struct rtnl_dump_filter_arg | ||
56 | { | ||
57 | rtnl_filter_t filter; | ||
58 | void *arg1; | ||
59 | }; | ||
60 | |||
61 | extern int rtnl_dump_filter_l(struct rtnl_handle *rth, | ||
62 | const struct rtnl_dump_filter_arg *arg); | ||
63 | extern int rtnl_dump_filter(struct rtnl_handle *rth, rtnl_filter_t filter, | ||
64 | void *arg); | ||
65 | extern int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, | ||
66 | unsigned groups, struct nlmsghdr *answer); | ||
67 | extern int rtnl_send(struct rtnl_handle *rth, const void *buf, int); | ||
68 | extern int rtnl_send_check(struct rtnl_handle *rth, const void *buf, int); | ||
69 | |||
70 | extern int addattr(struct nlmsghdr *n, int maxlen, int type); | ||
71 | extern int addattr8(struct nlmsghdr *n, int maxlen, int type, __u8 data); | ||
72 | extern int addattr16(struct nlmsghdr *n, int maxlen, int type, __u16 data); | ||
73 | extern int addattr32(struct nlmsghdr *n, int maxlen, int type, __u32 data); | ||
74 | extern int addattr64(struct nlmsghdr *n, int maxlen, int type, __u64 data); | ||
75 | extern int addattrstrz(struct nlmsghdr *n, int maxlen, int type, const char *data); | ||
76 | |||
77 | extern int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, int alen); | ||
78 | extern int addraw_l(struct nlmsghdr *n, int maxlen, const void *data, int len); | ||
79 | extern struct rtattr *addattr_nest(struct nlmsghdr *n, int maxlen, int type); | ||
80 | extern int addattr_nest_end(struct nlmsghdr *n, struct rtattr *nest); | ||
81 | extern struct rtattr *addattr_nest_compat(struct nlmsghdr *n, int maxlen, int type, const void *data, int len); | ||
82 | extern int addattr_nest_compat_end(struct nlmsghdr *n, struct rtattr *nest); | ||
83 | extern int rta_addattr32(struct rtattr *rta, int maxlen, int type, __u32 data); | ||
84 | extern int rta_addattr_l(struct rtattr *rta, int maxlen, int type, const void *data, int alen); | ||
85 | |||
86 | extern int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int len); | ||
87 | extern int parse_rtattr_flags(struct rtattr *tb[], int max, struct rtattr *rta, | ||
88 | int len, unsigned short flags); | ||
89 | extern int parse_rtattr_byindex(struct rtattr *tb[], int max, struct rtattr *rta, int len); | ||
90 | extern int __parse_rtattr_nested_compat(struct rtattr *tb[], int max, struct rtattr *rta, int len); | ||
91 | |||
92 | #define parse_rtattr_nested(tb, max, rta) \ | ||
93 | (parse_rtattr((tb), (max), RTA_DATA(rta), RTA_PAYLOAD(rta))) | ||
94 | |||
95 | #define parse_rtattr_nested_compat(tb, max, rta, data, len) \ | ||
96 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \ | ||
97 | __parse_rtattr_nested_compat(tb, max, rta, len); }) | ||
98 | |||
99 | static inline __u8 rta_getattr_u8(const struct rtattr *rta) | ||
100 | { | ||
101 | return *(__u8 *)RTA_DATA(rta); | ||
102 | } | ||
103 | static inline __u16 rta_getattr_u16(const struct rtattr *rta) | ||
104 | { | ||
105 | return *(__u16 *)RTA_DATA(rta); | ||
106 | } | ||
107 | static inline __u32 rta_getattr_u32(const struct rtattr *rta) | ||
108 | { | ||
109 | return *(__u32 *)RTA_DATA(rta); | ||
110 | } | ||
111 | static inline __u64 rta_getattr_u64(const struct rtattr *rta) | ||
112 | { | ||
113 | __u64 tmp; | ||
114 | memcpy(&tmp, RTA_DATA(rta), sizeof(__u64)); | ||
115 | return tmp; | ||
116 | } | ||
117 | static inline const char *rta_getattr_str(const struct rtattr *rta) | ||
118 | { | ||
119 | return (const char *)RTA_DATA(rta); | ||
120 | } | ||
121 | |||
122 | extern int rtnl_listen(struct rtnl_handle *, rtnl_filter_t handler, | ||
123 | void *jarg); | ||
124 | extern int rtnl_from_file(FILE *, rtnl_filter_t handler, | ||
125 | void *jarg); | ||
126 | |||
127 | #define NLMSG_TAIL(nmsg) \ | ||
128 | ((struct rtattr *) (((void *) (nmsg)) + NLMSG_ALIGN((nmsg)->nlmsg_len))) | ||
129 | |||
130 | #ifndef IFA_RTA | ||
131 | #define IFA_RTA(r) \ | ||
132 | ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg)))) | ||
133 | #endif | ||
134 | #ifndef IFA_PAYLOAD | ||
135 | #define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg)) | ||
136 | #endif | ||
137 | |||
138 | #ifndef IFLA_RTA | ||
139 | #define IFLA_RTA(r) \ | ||
140 | ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg)))) | ||
141 | #endif | ||
142 | #ifndef IFLA_PAYLOAD | ||
143 | #define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg)) | ||
144 | #endif | ||
145 | |||
146 | #ifndef NDA_RTA | ||
147 | #define NDA_RTA(r) \ | ||
148 | ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg)))) | ||
149 | #endif | ||
150 | #ifndef NDA_PAYLOAD | ||
151 | #define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndmsg)) | ||
152 | #endif | ||
153 | |||
154 | #ifndef NDTA_RTA | ||
155 | #define NDTA_RTA(r) \ | ||
156 | ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndtmsg)))) | ||
157 | #endif | ||
158 | #ifndef NDTA_PAYLOAD | ||
159 | #define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndtmsg)) | ||
160 | #endif | ||
161 | |||
162 | #endif /* __LIBNETLINK_H__ */ | ||
163 | |||
diff --git a/src/include/pid.h b/src/include/pid.h new file mode 100644 index 000000000..aaadaa542 --- /dev/null +++ b/src/include/pid.h | |||
@@ -0,0 +1,58 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com) | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #ifndef PID_H | ||
21 | #define PID_H | ||
22 | extern int max_pids; | ||
23 | |||
24 | |||
25 | #define _GNU_SOURCE | ||
26 | #include <stdio.h> | ||
27 | #include <sys/types.h> | ||
28 | #include <unistd.h> | ||
29 | typedef struct { | ||
30 | short level; // -1 not a firejail process, 0 not investigated yet, 1 firejail process, > 1 firejail child | ||
31 | unsigned char zombie; | ||
32 | pid_t parent; | ||
33 | uid_t uid; | ||
34 | char *user; | ||
35 | char *cmd; | ||
36 | unsigned utime; | ||
37 | unsigned stime; | ||
38 | unsigned long long rx; // network rx, bytes | ||
39 | unsigned long long tx; // networking tx, bytes | ||
40 | unsigned rx_delta; | ||
41 | unsigned tx_delta; | ||
42 | } Process; | ||
43 | //extern Process pids[max_pids]; | ||
44 | extern Process *pids; | ||
45 | |||
46 | // pid functions | ||
47 | void pid_getmem(unsigned pid, unsigned *rss, unsigned *shared); | ||
48 | void pid_get_cpu_time(unsigned pid, unsigned *utime, unsigned *stime); | ||
49 | unsigned long long pid_get_start_time(unsigned pid); | ||
50 | uid_t pid_get_uid(pid_t pid); | ||
51 | char *pid_get_user_name(uid_t uid); | ||
52 | // print functions | ||
53 | void pid_print_tree(unsigned index, unsigned parent, int nowrap); | ||
54 | void pid_print_list(unsigned index, int nowrap); | ||
55 | void pid_store_cpu(unsigned index, unsigned parent, unsigned *utime, unsigned *stime); | ||
56 | void pid_read(pid_t mon_pid); | ||
57 | |||
58 | #endif | ||