bytemark/netlinkrb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reorganise under Linux::

Browse Source
This commit is contained in:
Brian Candler
2011-05-06 09:49:47 +01:00
parent f1c29980a8
commit e07af9a315
22 changed files with 146 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

199
lib/linux/c_struct.rb Normal file
View File

@@ -0,0 +1,199 @@
module Linux
# This class allows defining of C-style structures, and converting
# object instances to and from a packed binary representation.
#
# A new structure is created by subclassing CStruct, and then using the
# 'field' metaprogramming macro to define each field:
#
# class Foo < Linux::CStruct
# field :bar, :char
# field :baz, :long
#
# # custom packing
# field :qux, :pattern => "Z16", :default => EMPTY_STRING
#
# # user-defined types
# define_type :str16, :pattern => "Z16", :default => EMPTY_STRING
# field :qux2, :str16
# field :qux3, :str16
# end
#
# You can then instantiate the structure by calling 'new'. You may pass in
# a hash of values to initialize the structure.
#
# msg = Foo.new(:bar => 123)
# msg.bar = 456 # accessor methods
# str = msg.to_str # convert to binary
# msg2 = Foo.parse(str) # convert from binary
# msg2 = Foo.new(msg) # copy an existing object
class CStruct
EMPTY_STRING = "".freeze #:nodoc:
EMPTY_ARRAY = [].freeze #:nodoc:
TYPE_INFO = {} #:nodoc
# The size of the structure (in bytes)
def self.bytesize
@bytesize
end
# Define a new type for use with 'field'. You supply the
# symbolic name for the type, and a set of options.
# :pattern => "str" # format string for Array#pack / String#unpack
# :default => val # default (if not 0)
# :size => 16 # size of this entry
# :align => 4 # align to 4-byte boundary (must be power-of-two)
# :align => true # align to [size]-byte boundary
#
# If you do not specify :size then it is calculated by packing an
# instance of the default value.
def self.define_type(name, opt)
TYPE_INFO[name] = opt
end
# Return a type info hash given a type id. Raises IndexError if not found.
def self.find_type(type)
case type
when nil, Hash
type
else
TYPE_INFO.fetch(type)
end
end
define_type :uchar, :pattern => "C"
define_type :uint16, :pattern => "S", :align => true
define_type :uint32, :pattern => "L", :align => true
define_type :uint64, :pattern => "Q", :align => true
define_type :char, :pattern => "c"
define_type :int16, :pattern => "s", :align => true
define_type :int32, :pattern => "l", :align => true
define_type :int64, :pattern => "q", :align => true
define_type :ushort, :pattern => "S_", :align => true
define_type :uint, :pattern => "I", :align => true
define_type :ulong, :pattern => "L_", :align => true
define_type :short, :pattern => "s_", :align => true
define_type :int, :pattern => "i", :align => true
define_type :long, :pattern => "l_", :align => true
define_type :ns, :pattern => "n", :align => true
define_type :nl, :pattern => "N", :align => true
SIZEOF_SIZE_T = Integer(`echo __SIZEOF_SIZE_T__ | gcc -E -P -`) rescue 1.size
define_type :size_t,
case SIZEOF_SIZE_T
when 8
{:pattern => "Q", :align => true}
when 4
{:pattern => "L", :align => true}
else
raise "Bad size_t (#{SIZEOF_SIZE_T.inspect})"
end
# these can be used at end of structure only
define_type :binary, :pattern => "a*", :default => EMPTY_STRING
# cstring has \x00 terminator when sent over wire
define_type :cstring, :pattern => "Z*", :default => EMPTY_STRING
def initialize(h=nil)
if h.instance_of?(self.class)
@attrs = h.to_hash.dup
else
@attrs = {}
h.each { |k,v| self[k] = v } if h
end
end
# This hook is called after unpacking from binary, and can be used
# for fixing up the data
def after_parse
end
def to_hash
@attrs
end
def each(&blk)
@attrs.each(&blk)
end
# Set a field by name. Currently can use either symbol or string as key.
def []=(k,v)
send "#{k}=", v
end
# Retrieve a field by name. Must use symbol as key.
def [](k)
@attrs[k]
end
def self.inherited(subclass) #:nodoc:
subclass.const_set(:FIELDS, [])
subclass.const_set(:FORMAT, "")
subclass.const_set(:DEFAULTS, {})
subclass.instance_variable_set(:@bytesize, 0)
end
# Define a field for this message, which creates accessor methods and
# sets up data required to pack and unpack the structure.
# field :foo, :uchar
# field :foo, :uchar, :default=>0xff # use this default value
def self.field(name, type, opt={})
info = find_type(type)
pattern = info[:pattern]
default = opt.fetch(:default) { info.fetch(:default, 0) }
# Apply padding for structure alignment if necessary
size = info[:size] || [default].pack(pattern).bytesize
if align = info[:align]
align = size if align == true
field_pad alignto(@bytesize, align) - @bytesize
end
@bytesize += size
self::FIELDS << name
self::FORMAT << pattern
self::DEFAULTS[name] = default
define_method name do
@attrs[name]
end
define_method "#{name}=" do |val|
@attrs.store name, val
end
end
# Skip pad byte(s) - default 1
def self.field_pad(count=1)
if count > 0
self::FORMAT << "x#{count}"
@bytesize += count
end
end
# Returns the packed binary representation of this structure
def to_str
self.class::FIELDS.map { |key| self[key] || self.class::DEFAULTS[key] }.pack(self.class::FORMAT)
end
def inspect
"#<#{self.class} #{@attrs.inspect}>"
end
# Convert a binary representation of this structure into an object instance.
# If a block is given, the object is yielded to that block. Finally the
# after_parse hook is called.
def self.parse(data, obj=new)
data.unpack(self::FORMAT).zip(self::FIELDS).each do |val, key|
obj[key] = val
end
yield obj if block_given?
obj.after_parse
obj
end
# Round up a number to multiple of m, where m is a power of two
def self.alignto(val, m)
(val + (m-1)) & ~(m-1)
end
end
end # module Linux

396
lib/linux/constants.rb Normal file
View File

@@ -0,0 +1,396 @@
require 'socket'
class Socket
# From bits/socket.h
PF_NETLINK = 16 unless defined? Socket::PF_NETLINK
AF_NETLINK = PF_NETLINK unless defined? Socket::AF_NETLINK
# From in.h
IPPROTO_IPV6 = 41 unless defined? Socket::IPPROTO_IPV6
end
module Linux
# From linux/netlink.h
NETLINK_ROUTE = 0
NETLINK_UNUSED = 1
NETLINK_USERSOCK = 2
NETLINK_FIREWALL = 3
NETLINK_INET_DIAG = 4
NETLINK_NFLOG = 5
NETLINK_XFRM = 6
NETLINK_SELINUX = 7
NETLINK_ISCSI = 8
NETLINK_AUDIT = 9
NETLINK_FIB_LOOKUP = 10
NETLINK_CONNECTOR = 11
NETLINK_NETFILTER = 12
NETLINK_IP6_FW = 13
NETLINK_DNRTMSG = 14
NETLINK_KOBJECT_UEVENT = 15
NETLINK_GENERIC = 16
NETLINK_SCSITRANSPORT = 18
NETLINK_ECRYPTFS = 19
NLM_F_REQUEST = 1
NLM_F_MULTI = 2
NLM_F_ACK = 4
NLM_F_ECHO = 8
NLM_F_ROOT = 0x100
NLM_F_MATCH = 0x200
NLM_F_ATOMIC = 0x400
NLM_F_DUMP = (NLM_F_ROOT|NLM_F_MATCH)
NLM_F_REPLACE = 0x100
NLM_F_EXCL = 0x200
NLM_F_CREATE = 0x400
NLM_F_APPEND = 0x800
NLMSG_ALIGNTO = 4
NLMSG_NOOP = 0x1
NLMSG_ERROR = 0x2
NLMSG_DONE = 0x3
NLMSG_OVERRUN = 0x4
NETLINK_ADD_MEMBERSHIP = 1
NETLINK_DROP_MEMBERSHIP = 2
NETLINK_PKTINFO = 3
NETLINK_BROADCAST_ERROR = 4
NETLINK_NO_ENOBUFS = 5
NETLINK_UNCONNECTED = 0
NETLINK_CONNECTED = 1
NLA_F_NESTED = (1 << 15)
NLA_F_NET_BYTEORDER = (1 << 14)
NLA_TYPE_MASK = ~(NLA_F_NESTED | NLA_F_NET_BYTEORDER)
NLA_ALIGNTO = 4
# from linux/rtnetlink.h.
RTM_NEWLINK = 16
RTM_DELLINK = 17
RTM_GETLINK = 18
RTM_SETLINK = 19
RTM_NEWADDR = 20
RTM_DELADDR = 21
RTM_GETADDR = 22
RTM_NEWROUTE = 24
RTM_DELROUTE = 25
RTM_GETROUTE = 26
RTM_NEWNEIGH = 28
RTM_DELNEIGH = 29
RTM_GETNEIGH = 30
RTM_NEWRULE = 32
RTM_DELRULE = 33
RTM_GETRULE = 34
RTM_NEWQDISC = 36
RTM_DELQDISC = 37
RTM_GETQDISC = 38
RTM_NEWTCLASS = 40
RTM_DELTCLASS = 41
RTM_GETTCLASS = 42
RTM_NEWTFILTER = 44
RTM_DELTFILTER = 45
RTM_GETTFILTER = 46
RTM_NEWACTION = 48
RTM_DELACTION = 49
RTM_GETACTION = 50
RTM_NEWPREFIX = 52
RTM_GETMULTICAST = 58
RTM_GETANYCAST = 62
RTM_NEWNEIGHTBL = 64
RTM_GETNEIGHTBL = 66
RTM_SETNEIGHTBL = 67
RTM_NEWNDUSEROPT = 68
RTM_NEWADDRLABEL = 72
RTM_DELADDRLABEL = 73
RTM_GETADDRLABEL = 74
RTM_GETDCB = 78
RTM_SETDCB = 79
# RT#type
RTN_UNSPEC = 0
RTN_UNICAST = 1
RTN_LOCAL = 2
RTN_BROADCAST = 3
RTN_ANYCAST = 4
RTN_MULTICAST = 5
RTN_BLACKHOLE = 6
RTN_UNREACHABLE = 7
RTN_PROHIBIT = 8
RTN_THROW = 9
RTN_NAT = 10
RTN_XRESOLVE = 11
# RT#protocol
RTPROT_UNSPEC = 0
RTPROT_REDIRECT = 1
RTPROT_KERNEL = 2
RTPROT_BOOT = 3
RTPROT_STATIC = 4
RTPROT_GATED = 8
RTPROT_RA = 9
RTPROT_MRT = 10
RTPROT_ZEBRA = 11
RTPROT_BIRD = 12
RTPROT_DNROUTED = 13
RTPROT_XORP = 14
RTPROT_NTK = 15
RTPROT_DHCP = 16
# RT#scope, IFAddr#scope
RT_SCOPE_UNIVERSE = 0
RT_SCOPE_SITE = 200
RT_SCOPE_LINK = 253
RT_SCOPE_HOST = 254
RT_SCOPE_NOWHERE = 255
# RT#flags
RTM_F_NOTIFY = 0x100
RTM_F_CLONED = 0x200
RTM_F_EQUALIZE = 0x400
RTM_F_PREFIX = 0x800
# RT#table (reserved values)
RT_TABLE_UNSPEC = 0
RT_TABLE_COMPAT = 252
RT_TABLE_DEFAULT = 253
RT_TABLE_MAIN = 254
RT_TABLE_LOCAL = 255
# routing message attributes
RTA_UNSPEC = 0
RTA_DST = 1
RTA_SRC = 2
RTA_IIF = 3
RTA_OIF = 4
RTA_GATEWAY = 5
RTA_PRIORITY = 6
RTA_PREFSRC = 7
RTA_METRICS = 8
RTA_MULTIPATH = 9
RTA_FLOW = 11
RTA_CACHEINFO = 12
RTA_TABLE = 15
# Keys for RT#metrics
RTAX_UNSPEC = 0
RTAX_LOCK = 1
RTAX_MTU = 2
RTAX_WINDOW = 3
RTAX_RTT = 4
RTAX_RTTVAR = 5
RTAX_SSTHRESH = 6
RTAX_CWND = 7
RTAX_ADVMSS = 8
RTAX_REORDERING = 9
RTAX_HOPLIMIT = 10
RTAX_INITCWND = 11
RTAX_FEATURES = 12
RTAX_RTO_MIN = 13
RTAX_INITRWND = 14
# from linux/if_link.h
IFLA_UNSPEC = 0
IFLA_ADDRESS = 1
IFLA_BROADCAST = 2
IFLA_IFNAME = 3
IFLA_MTU = 4
IFLA_LINK = 5
IFLA_QDISC = 6
IFLA_STATS = 7
IFLA_COST = 8
IFLA_PRIORITY = 9
IFLA_MASTER = 10
IFLA_WIRELESS = 11
IFLA_PROTINFO = 12
IFLA_TXQLEN = 13
IFLA_MAP = 14
IFLA_WEIGHT = 15
IFLA_OPERSTATE = 16
IFLA_LINKMODE = 17
IFLA_LINKINFO = 18 # Nested IFLA_INFO_*
IFLA_NET_NS_PID = 19
IFLA_IFALIAS = 20
IFLA_NUM_VF = 21
IFLA_VFINFO_LIST = 22
IFLA_STATS64 = 23
IFLA_VF_PORTS = 24
IFLA_PORT_SELF = 25
IFLA_INFO_UNSPEC = 0
IFLA_INFO_KIND = 1 # "vlan", "gre" etc
IFLA_INFO_DATA = 2 # packed rtattrs specific to type, e.g. vlan
IFLA_INFO_XSTATS = 3
# INFO_DATA for INFO_KIND == "vlan"
IFLA_VLAN_UNSPEC = 0
IFLA_VLAN_ID = 1 # ushort
IFLA_VLAN_FLAGS = 2 # struct ifla_vlan_flags
IFLA_VLAN_EGRESS_QOS = 3 # followed by instance of IFLA_VLAN_QOS_*
IFLA_VLAN_INGRESS_QOS = 4 # followed by instance of IFLA_VLAN_QOS_*
IFLA_VLAN_QOS_UNSPEC = 0
IFLA_VLAN_QOS_MAPPING = 1
IFLA_MACVLAN_UNSPEC = 0
IFLA_MACVLAN_MODE = 1
MACVLAN_MODE_PRIVATE = 1
MACVLAN_MODE_VEPA = 2
MACVLAN_MODE_BRIDGE = 4
# linux/if_vlan.h
VLAN_FLAG_REORDER_HDR = 0x1
VLAN_FLAG_GVRP = 0x2
VLAN_FLAG_LOOSE_BINDING = 0x4
# from linux/if_addr.h
IFA_UNSPEC = 0
IFA_ADDRESS = 1
IFA_LOCAL = 2
IFA_LABEL = 3
IFA_BROADCAST = 4
IFA_ANYCAST = 5
IFA_CACHEINFO = 6
IFA_MULTICAST = 7
IFA_F_SECONDARY = 0x01
IFA_F_TEMPORARY = IFA_F_SECONDARY
IFA_F_NODAD = 0x02
IFA_F_OPTIMISTIC = 0x04
IFA_F_DADFAILED = 0x08
IFA_F_HOMEADDRESS = 0x10
IFA_F_DEPRECATED = 0x20
IFA_F_TENTATIVE = 0x40
IFA_F_PERMANENT = 0x80
# from linux/if_arp.h
ARPHRD_NETROM = 0
ARPHRD_ETHER = 1
ARPHRD_EETHER = 2
ARPHRD_AX25 = 3
ARPHRD_PRONET = 4
ARPHRD_CHAOS = 5
ARPHRD_IEEE802 = 6
ARPHRD_ARCNET = 7
ARPHRD_APPLETLK = 8
ARPHRD_DLCI = 15
ARPHRD_ATM = 19
ARPHRD_METRICOM = 23
ARPHRD_IEEE1394 = 24
ARPHRD_EUI64 = 27
ARPHRD_INFINIBAND = 32
ARPHRD_LOOPBACK = 772
# ... others to be added as required
# linux/if.h
IFNAMSIZ = 16
IFALIASZ = 256
IFF_UP = 0x1
IFF_BROADCAST = 0x2
IFF_DEBUG = 0x4
IFF_LOOPBACK = 0x8
IFF_POINTOPOINT = 0x10
IFF_NOTRAILERS = 0x20
IFF_RUNNING = 0x40
IFF_NOARP = 0x80
IFF_PROMISC = 0x100
IFF_ALLMULTI = 0x200
IFF_MASTER = 0x400
IFF_SLAVE = 0x800
IFF_MULTICAST = 0x1000
IFF_PORTSEL = 0x2000
IFF_AUTOMEDIA = 0x4000
IFF_DYNAMIC = 0x8000
IFF_LOWER_UP = 0x10000
IFF_DORMANT = 0x20000
IFF_ECHO = 0x40000
IFF_VOLATILE = (IFF_LOOPBACK|IFF_POINTOPOINT|IFF_BROADCAST|IFF_ECHO|\
IFF_MASTER|IFF_SLAVE|IFF_RUNNING|IFF_LOWER_UP|IFF_DORMANT)
# linux/netfilter.h
NF_DROP = 0
NF_ACCEPT = 1
NF_STOLEN = 2
NF_QUEUE = 3
NF_REPEAT = 4
NF_STOP = 5
NF_INET_PRE_ROUTING = 0
NF_INET_LOCAL_IN = 1
NF_INET_FORWARD = 2
NF_INET_LOCAL_OUT = 3
NF_INET_POST_ROUTING = 4
NF_INET_NUMHOOKS = 5
NFPROTO_UNSPEC = 0
NFPROTO_IPV4 = 2
NFPROTO_ARP = 3
NFPROTO_BRIDGE = 7
NFPROTO_IPV6 = 10
NFPROTO_DECNET = 12
# linux/netfilter_ipv4/ip_queue.h
IPQ_COPY_NONE = 0
IPQ_COPY_META = 1
IPQ_COPY_PACKET = 2
IPQM_MODE = 17
IPQM_VERDICT = 18
IPQM_PACKET = 19
IPQM_MAX = 20
# linux/netfilter_ipv4/ipt_ULOG.h
ULOG_MAC_LEN = 80
ULOG_PREFIX_LEN = 32
# linux/netfilter/x_tables.h
XT_TABLE_MAXNAMELEN = 32
XT_CONTINUE = 0xffffffff
XT_RETURN = (-NF_REPEAT - 1)
XT_INV_PROTO = 0x40
# linux/netfilter_ipv4/ip_tables.h
IPT_TABLE_MAXNAMELEN = XT_TABLE_MAXNAMELEN
IPT_F_FRAG = 0x01
IPT_F_GOTO = 0x02
IPT_F_MASK = 0x03
IPT_INV_VIA_IN = 0x01
IPT_INV_VIA_OUT = 0x02
IPT_INV_TOS = 0x04
IPT_INV_SRCIP = 0x08
IPT_INV_DSTIP = 0x10
IPT_INV_FRAG = 0x20
IPT_INV_PROTO = XT_INV_PROTO
IPT_INV_MASK = 0x7f
IPT_BASE_CTL = 64
IPT_SO_SET_REPLACE = IPT_BASE_CTL
IPT_SO_SET_ADD_COUNTERS = IPT_BASE_CTL + 1
IPT_SO_GET_INFO = IPT_BASE_CTL
IPT_SO_GET_ENTRIES = IPT_BASE_CTL + 1
IPT_SO_GET_REVISION_MATCH = IPT_BASE_CTL + 2
IPT_SO_GET_REVISION_TARGET = IPT_BASE_CTL + 3
IPT_CONTINUE = XT_CONTINUE
IPT_RETURN = XT_RETURN
end

15
lib/linux/error.rb Normal file
View File

@@ -0,0 +1,15 @@
module Linux
ERRNO_MAP = {} #:nodoc:
Errno.constants.each do |k|
klass = Errno.const_get(k)
next unless klass.is_a?(Class) and Class.const_defined?(:Errno)
ERRNO_MAP[klass::Errno] = klass
end
# Raise an Errno exception if the given rc is negative
def self.check_error(rc)
if rc < 0
raise ERRNO_MAP[-rc] || "System error #{-rc}"
end
end
end

76
lib/linux/iptables4.rb Normal file
View File

@@ -0,0 +1,76 @@
require 'socket'
require 'linux/constants'
require 'linux/c_struct'
require 'linux/netlink/message' # just for :dev_name type
module Linux
#-
# Definitions mainly from linux/netfilter_ipv4/ip_tables.h
#+
# struct ipt_getinfo
class IPTGetInfo < CStruct
field :name, :pattern=>"Z#{IPT_TABLE_MAXNAMELEN}", :default=>EMPTY_STRING
field :valid_hooks, :int
#field :hook_entry, :pattern=>"I#{NF_INET_NUMHOOKS}", :default=>[0]*NF_INET_NUMHOOKS
#field :underflow, :pattern=>"I#{NF_INET_NUMHOOKS}", :default=>[0]*NF_INET_NUMHOOKS
field :hook_entry, :pattern=>"a#{NF_INET_NUMHOOKS*4}", :default=>EMPTY_STRING
field :underflow, :pattern=>"a#{NF_INET_NUMHOOKS*4}", :default=>EMPTY_STRING
field :num_entries, :int
field :size, :int
end
# struct ipt_get_entries
class IPTGetEntries < CStruct
field :name, :pattern=>"Z#{IPT_TABLE_MAXNAMELEN}", :default=>EMPTY_STRING
field :size, :uint
#field :entrytable, :pattern=>
field :entrytable, :binary # struct ipt_entry entrytable[]
end
# struct ipt_entry
class IPTEntry < CStruct
#### struct ipt_ip
field :src, :nl # struct in_addr
field :dst, :nl
field :smsk, :nl
field :dmsk, :nl
field :iniface, :dev_name
field :outiface, :dev_name
field :iniface_mask, :dev_name
field :outiface_mask, :dev_name
field :proto, :uint16
field :flags, :uchar
field :invflags, :uchar
####
field :nfcache, :int
field :target_offset, :uint16
field :next_offset, :uint16
field :comefrom, :uint
field :packet_count, :uint64
field :byte_count, :uint64
field :elems, :binary
end
# Class for handling iptables. Note that this doesn't actually use
# Netlink at all :-(
class Iptables4
TC_AF = Socket::AF_INET
TC_IPPROTO = Socket::IPPROTO_IP
SO_GET_INFO = IPT_SO_GET_INFO
STRUCT_GETINFO = IPTGetInfo
STRUCT_GET_ENTRIES = IPTGetEntries
def initialize(tablename = "filter")
@socket = Socket.new(TC_AF, Socket::SOCK_RAW, Socket::IPPROTO_RAW)
info = STRUCT_GETINFO.new(:name => tablename)
# FIXME: ruby won't let us pass structure to getsockopt!!
@socket.getsockopt(TC_IPPROTO, SO_GET_INFO, info)
warn "valid_hooks=0x%08x, num_entries=%d, size=%d" % [info.valid_hooks, info.size, info.num_entries]
end
end
end
if __FILE__ == $0
iptables = Linux::Iptables4.new
end

83
lib/linux/netlink/firewall.rb Normal file
View File

@@ -0,0 +1,83 @@
# This file implements the messages and methods for the NETLINK_FIREWALL
# protocol.
#
# TODO: implement multiple queue support (NFQUEUE)
require 'linux/netlink/nlsocket'
require 'linux/netlink/message'
module Linux
module Netlink
# struct ipq_packet_msg
class IPQPacket < Message
code IPQM_PACKET
field :packet_id, :ulong
field :mark, :ulong
field :timestamp_sec, :long
field :timestamp_usec, :long
field :hook, :uint
field :indev_name, :dev_name
field :outdev_name, :dev_name
field :hw_protocol, :ns
field :hw_type, :ushort
field :hw_addrlen, :uchar
field :hw_addr, :pattern => "a8", :default => EMPTY_STRING
field :data_len, :size_t
field :payload, :binary
def after_parse #:nodoc:
payload.slice!(data_len..-1) if payload.length > data_len
end
end
# struct ipq_verdict_msg
class IPQVerdict < Message
code IPQM_VERDICT
field :value, :uint # NF_*
field :id, :ulong
field :data_len, :size_t # TODO: auto set from payload.bytesize
field :payload, :binary # optional replacement packet
end
# struct ipq_mode_msg
class IPQMode < Message
code IPQM_MODE
field :value, :uchar # IPQ_*
field :range, :size_t
# NOTE! Kernel enforced that IPQM_MODE messages must be at least
# as large as IPQM_VERDICT messages (otherwise you get EINVAL)
field_pad IPQVerdict.bytesize - bytesize
end
module Firewall
class Socket < NLSocket
def initialize(opt={})
super(opt.merge(:protocol => Linux::NETLINK_FIREWALL))
end
# Set mode to IPQ_COPY_META to receive metadata only, IPQ_COPY_PACKET
# to get packet content, or IPQ_COPY_NONE to disable receipt of packets.
# size=0 means copy whole packet, but you can specify a limit instead.
def set_mode(mode, size=0)
send_request IPQM_MODE, IPQMode.new(:value=>mode, :range=>size)
end
# As packets are received they are yielded to the block. The block
# must return one of the NF_* values, e.g. NF_ACCEPT/NF_DROP.
# nil is treated as NF_ACCEPT.
def dequeue_packets #:yields: pkt
receive_stream(IPQM_PACKET) do |pkt|
verdict = (yield pkt) || NF_ACCEPT
send_request IPQM_VERDICT, IPQVerdict.new(
:value => verdict,
:id => pkt.packet_id
)
end
end
end
end
end
end # module Linux

224
lib/linux/netlink/message.rb Normal file
View File

@@ -0,0 +1,224 @@
require 'linux/c_struct'
require 'linux/constants'
require 'ipaddr'
module Linux
module Netlink
NLMSGHDR_PACK = "LSSLL".freeze # :nodoc:
NLMSGHDR_SIZE = [0,0,0,0,0].pack(NLMSGHDR_PACK).bytesize # :nodoc:
EMPTY_STRING = "".freeze #:nodoc:
EMPTY_ARRAY = [].freeze #:nodoc:
# This is the base class from which all Netlink messages are derived.
# To define a new Netlink message, make a subclass and then call the
# "field" metaprogramming method to define the parts of the message, in
# order. The "code" metaprogramming method defines which incoming message
# types are to be built using this structure.
#
# Use RtattrMessage instead for messages which are followed by variable rtattrs.
class Message < CStruct
# Map of numeric message type code => message class
# (TODO: should these be scoped to NETLINK_* protocol id?)
CODE_TO_MESSAGE = {}
# Define which message type code(s) to build using this structure
def self.code(*codes)
codes.each do |code|
warn "Duplicate message code: #{code}" if CODE_TO_MESSAGE[code]
CODE_TO_MESSAGE[code] = self
end
end
NLMSG_ALIGNTO_1 = NLMSG_ALIGNTO-1 #:nodoc:
NLMSG_ALIGNTO_1_MASK = ~NLMSG_ALIGNTO_1 #:nodoc:
# Round up a length to a multiple of NLMSG_ALIGNTO bytes
def self.nlmsg_align(n)
(n + NLMSG_ALIGNTO_1) & NLMSG_ALIGNTO_1_MASK
end
PADDING = ("\000" * NLMSG_ALIGNTO).freeze #:nodoc:
# Pad a string up to a multiple of NLMSG_ALIGNTO bytes. Returns str.
def self.nlmsg_pad(str)
str << PADDING[0, nlmsg_align(str.bytesize) - str.bytesize]
end
end
# Extends Message to support variable Rtattr attributes. Use 'field'
# to define the fixed parts of the message, and 'rtattr' to define the
# permitted rtattrs. We assume that any particular rtattr is not repeated,
# so we store them in the same underlying hash and create simple accessors
# for them.
#
# As well as using :pattern for simple pack/unpack, you can also
# specify :pack and :unpack lambdas to do higher-level conversion
# of field values.
class RtattrMessage < Message
define_type :dev_name, :pattern=>"Z#{IFNAMSIZ}", :default=>EMPTY_STRING
# L2 addresses are presented as ASCII hex. You may optionally include
# colons, hyphens or dots.
# IFInfo.new(:address => "00:11:22:33:44:55") # this is OK
define_type :l2addr,
:pack => lambda { |val,obj| [val.delete(":.-")].pack("H*") }, # hyphen last, otherwise it's a character range
:unpack => lambda { |val,obj| val.unpack("H*").first }
# L3 addresses are presented as IPAddr objects where possible. When
# setting an address, you may provide an IPAddr object, an IP in readable
# string form, or an integer. All of the following are acceptable:
# IFAddr.new(:family=>Socket::AF_INET, :address=>IPAddr.new("1.2.3.4"))
# IFAddr.new(:family=>Socket::AF_INET, :address=>"1.2.3.4")
# IFAddr.new(:family=>Socket::AF_INET, :address=>0x01020304)
# Furthermore, the 'family' will be set automatically if it is unset
# at the time the message is encoded:
# IFAddr.new(:address=>IPAddr.new("1.2.3.4")).to_str # ok
# IFAddr.new(:address=>"1.2.3.4").to_str # ok
# IFAddr.new(:address=>0x01020304).to_str # error, unknown family
# IFAddr.new(:address=>"1.2.3.4", :local=>"::1").to_str # error, mismatched families
define_type :l3addr,
:pack => lambda { |val,obj|
case obj.family
when Socket::AF_INET, Socket::AF_INET6
ip = case val
when IPAddr
val
when Integer
IPAddr.new(val, obj.family)
else
IPAddr.new(val)
end
raise "Mismatched address family" unless ip.family == obj.family
ip.hton
when nil, Socket::AF_UNSPEC
ip = case val
when IPAddr
val
when Integer
raise "Missing address family"
else
IPAddr.new(val)
end
obj.family = ip.family
ip.hton
else
raise "Mismatched address family" if val.is_a?(IPAddr)
val
end
},
:unpack => lambda { |val,obj|
case obj.family
when Socket::AF_INET, Socket::AF_INET6
IPAddr.new_ntoh(val)
else
val
end
}
RTATTR_PACK = "S_S_".freeze #:nodoc:
RTATTR_SIZE = [0,0].pack(RTATTR_PACK).bytesize #:nodoc:
def self.inherited(subclass) #:nodoc:
super
subclass.const_set(:RTATTRS, {})
end
# Define an rtattr. You need to provide the code, and optionally the
# type (if not provided, it will just be returned as a raw binary string)
# rtattr :foo, 12
# rtattr :foo, 12, :uint
def self.rtattr(name, code, type=nil)
info = find_type(type)
self::RTATTRS[code] = [name, info]
define_method name do
@attrs[name] # rtattrs are optional, non-existent returns nil
end
define_method "#{name}=" do |val|
@attrs.store name, val
end
end
# Return the byte offset to the first rtattr
def self.attr_offset
@attr_offset ||= Message.nlmsg_align(@bytesize)
end
# Returns the packed binary representation of the entire message.
# The main message is processed *after* the rtattrs; this is so that
# the address family can be set automatically while processing any
# optional l3 address rtattrs.
def to_str
data = ""
self.class::RTATTRS.each do |code, (name, info)|
if val = @attrs[name]
Message.nlmsg_pad(data) # assume NLMSG_ALIGNTO == NLA_ALIGNTO
if !info
val = val.to_str # raw binary or nested structure
elsif pack = info[:pack]
val = pack[val,self]
elsif pattern = info[:pattern]
val = Array(val).pack(pattern)
else
val = val.to_str
end
data << [val.bytesize+RTATTR_SIZE, code].pack(RTATTR_PACK) << val
end
end
data.empty? ? super : Message.nlmsg_pad(super) + data
end
# Convert a binary representation of this message into an object instance.
# The main message is processed *before* the rtattrs, so that the
# address family is available for l3 address rtattrs.
def self.parse(data,*rest)
super(data,*rest) do |res|
attrs = res.to_hash
unpack_rtattr(data, attr_offset) do |code, val|
name, info = self::RTATTRS[code]
if name
if !info
# skip
elsif unpack = info[:unpack]
val = unpack[val,res]
elsif pattern = info[:pattern]
val = val.unpack(pattern).first
end
warn "Duplicate attribute #{name} (#{code}): #{attrs[name].inspect} -> #{val.inspect}" if attrs[name]
attrs[name] = val
else
warn "Unknown attribute #{code}, value #{val.inspect}"
attrs[code] = val
end
end
yield res if block_given?
end
end
# Unpack a string containing a sequence of rtattrs, yielding each in turn.
def self.unpack_rtattr(data, ptr=0) #:nodoc:
while ptr < data.bytesize
raise "Truncated rtattr header!" if ptr + RTATTR_SIZE > data.bytesize
len, code = data[ptr, RTATTR_SIZE].unpack(RTATTR_PACK)
raise "Truncated rtattr body!" if ptr + len > data.bytesize
raise "Invalid rtattr len!" if len < RTATTR_SIZE
yield code, data[ptr+RTATTR_SIZE, len-RTATTR_SIZE]
ptr = Message.nlmsg_align(ptr + len) # assume NLMSG_ALIGNTO == NLA_ALIGNTO
end
end
end
# struct nlmsgerr (netlink.h)
class Err < Message
code NLMSG_ERROR
field :error, :int
#field :msg, :pattern => NLMSGHDR_PACK (can't, returns multiple values)
field :msg_len, :uint32
field :msg_type, :uint16
field :msg_flags, :uint16
field :msg_seq, :uint32
field :msg_pid, :uint32
end
end
end # module Linux

48
lib/linux/netlink/nflog.rb Normal file
View File

@@ -0,0 +1,48 @@
require 'linux/netlink/message'
require 'linux/netlink/nlsocket'
module Linux
module Netlink
ULOG_NL_EVENT = 111 # from ipv4/netfilter/ipt_ULOG.c
# struct ulog_packet_msg
class UlogPacket < Message
code ULOG_NL_EVENT
field :mark, :ulong
field :timestamp_sec, :long
field :timestamp_usec, :long
field :hook, :uint
field :indev_name, :dev_name
field :outdev_name, :dev_name
field :data_len, :size_t
field :prefix, :pattern=>"Z#{ULOG_PREFIX_LEN}", :default=>EMPTY_STRING
field :mac_len, :uchar
field :mac, :pattern=>"a#{ULOG_MAC_LEN}", :default=>EMPTY_STRING
field :payload, :binary
def after_parse #:nodoc:
mac.slice!(mac_len..-1) if mac.length > mac_len
payload.slice!(data_len..-1) if payload.length > mac_len
end
end
module NFLog
class Socket < NLSocket
# Create a socket to listen for ulog packets. You must pass :group=>N
# (where N is 1 to 32) or :groups=>bitmap to listen on multiple groups
def initialize(opt={})
unless opt[:groups]
opt[:groups] = 1 << (opt.fetch(:group) - 1)
end
super(opt.merge(:protocol => NETLINK_NFLOG))
end
# Receive packets and yield them to the block
def dequeue_packets(&blk)
receive_stream(ULOG_NL_EVENT, &blk)
end
end
end
end
end # module Linux

240
lib/linux/netlink/nlsocket.rb Normal file
View File

@@ -0,0 +1,240 @@
require 'socket'
require 'linux/constants'
require 'linux/error'
require 'linux/netlink/message'
module Linux
module Netlink
# NLSocket provides low-level sending and receiving of messages across
# a netlink socket, adding headers to sent messages and parsing
# received messages.
class NLSocket
DEFAULT_TIMEOUT = 5
SOCKADDR_PACK = "SSLL".freeze #:nodoc:
# Generate a sockaddr_nl. Pass :pid and/or :groups.
def self.sockaddr(opt={})
[Socket::AF_NETLINK, 0, opt[:pid] || 0, opt[:groups] || 0].pack("SSLL")
end
# Default sockaddr_nl with 0 pid (send to kernel) and no multicast groups
SOCKADDR_DEFAULT = sockaddr.freeze
# Check the sockaddr on a received message. Raises an error if the AF
# is not AF_NETLINK or the PID is not 0 (this is important for security)
def self.check_sockaddr(str)
af, pad, pid, groups = str.unpack(SOCKADDR_PACK)
raise "Bad AF #{af}!" if af != Socket::AF_NETLINK
raise "Bad PID #{pid}!" if pid != 0
end
attr_accessor :socket # the underlying Socket
attr_accessor :seq # the last sequence number used
attr_accessor :pid # default pid to include in message headers
attr_accessor :timeout # default timeout when receiving message
attr_accessor :junk_handler # proc to log or handle unexpected messages
# Create a new Netlink socket. Pass in chosen protocol:
# :protocol => Linux::NETLINK_ARPD
# :protocol => Linux::NETLINK_FIREWALL
# :protocol => Linux::NETLINK_ROUTE
# etc. Other options:
# :groups => N (subscribe to multicast groups, default to 0)
# :seq => N (override initial sequence number)
# :pid => N (override PID)
# :timeout => N (seconds, default to DEFAULT_TIMEOUT. Pass nil for no timeout)
# :junk_handler => lambda { ... } for unexpected packets
def initialize(opt)
@socket ||= opt[:socket] || ::Socket.new(
Socket::AF_NETLINK,
Socket::SOCK_DGRAM,
opt[:protocol] || (raise "Missing :protocol")
)
@socket.bind(NLSocket.sockaddr(opt)) unless opt[:socket]
@seq = opt[:seq] || Time.now.to_i
@pid = opt[:pid] || $$
@timeout = opt.has_key?(:timeout) ? opt[:timeout] : DEFAULT_TIMEOUT
if opt.has_key?(:junk_handler)
@junk_handler = opt[:junk_handler]
elsif $VERBOSE
@junk_handler = lambda { |type, flags, seq, pid, msg|
warn "Discarding junk message (#{type}, #{flags}, #{seq}, #{pid}) #{msg.inspect}"
}
end
end
# Generate the next sequence number
def next_seq
@seq = (@seq + 1) & 0xffffffff
end
# Add a header and send a single message over the socket.
# type:: the message type code
# msg:: the message to send (without header)
# flags:: message header flags, default NLM_F_REQUEST
# sockaddr:: destination sockaddr, defaults to pid=0 and groups=0
# seq:: sequence number, defaults to bump internal sequence
# pid:: pid, defaults to $$
# vflags:: sendmsg flags, defaults to 0
# Normally 'msg' would be an instance of a Netlink::Message subclass,
# although in fact any object which respond to #to_str will do (if you
# want to pack the message body yourself).
def send_request(type, msg, flags=NLM_F_REQUEST, sockaddr=SOCKADDR_DEFAULT, seq=next_seq, pid=@pid, vflags=0, controls=[])
@socket.sendmsg(
build_message(type, msg, flags, seq, pid),
vflags, sockaddr, *controls
)
end
# Build a message comprising header+body. It is not padded at the end.
def build_message(type, body, flags=NLM_F_REQUEST, seq=next_seq, pid=@pid)
body = body.to_str
header = [
body.bytesize + NLMSGHDR_SIZE,
type, flags, seq, pid
].pack(NLMSGHDR_PACK)
# assume the header is already aligned
header + body
end
# Send multiple Netlink::Message objects in a single message. They
# need to share the same type and flags, and will be sent with sequential
# sequence nos.
def send_requests(type, msgs, flags=NLM_F_REQUEST, pid=@pid)
msgs.each_with_index do |msg, index|
if index < msgs.size - 1
data << build_message(type, msg, flags|NLM_F_MULTI, next_seq, pid)
Message.nlmsg_pad(data)
else
data << build_message(type, msg, flags, next_seq, pid)
end
end
end
# Send a command and wait for an Errno::NOERROR as confirmation. Raise
# an exception if any error message is returned, or on timeout.
#
# (Compare: rtnl_talk in lib/libnetlink.c, with answer=NULL)
def cmd(type, msg, flags=NLM_F_REQUEST, resp_type=NLMSG_ERROR, timeout=@timeout, sockaddr=SOCKADDR_DEFAULT)
send_request(type, msg, flags|NLM_F_ACK, sockaddr)
receive_responses(true, timeout) do |type,msg|
return msg if type == resp_type
false
end
end
# Discard all waiting messages
def drain
while select([@socket], nil, nil, 0)
mesg, sender, rflags, controls = @socket.recvmsg
raise EOFError unless mesg
end
end
# Loop receiving responses until a DONE message is received (or you
# break out of the loop, or a timeout exception occurs). Checks the
# message type and pid/seq.
#
# Yields Netlink::Message objects, or if no block is given, returns an
# array of those objects.
#
# (Compare: rtnl_dump_filter_l in lib/libnetlink.c)
def receive_until_done(expected_type, timeout=@timeout, &blk) #:yields: msg
res = []
blk ||= lambda { |obj| res << obj }
receive_responses(true, timeout) do |type,msg|
return res if type == NLMSG_DONE
if type != expected_type
false
else
blk.call(msg) if msg
end
end
end
# This is the entry point for protocols which yield an infinite stream
# of messages (e.g. firewall, ulog). There is no timeout, and
# the pid/seq are not checked.
def receive_stream(expected_type) #:yields: msg
receive_responses(false, nil) do |type, msg|
if type != expected_type
false
else
yield msg
end
end
end
# This is the main loop for receiving responses, yielding the type and
# message object for each received message. It optionally checks the pid/seq
# and discards those which don't match. If the block returns 'false' then
# they are also logged as junk.
#
# Raises an exception on NLMSG_ERROR (other than Errno::NOERROR), or if
# no packet received within the specified timeout. Pass nil for infinite
# timeout.
def receive_responses(check_pid_seq, timeout=@timeout)
loop do
parse_yield(recvmsg(timeout)) do |type, flags, seq, pid, msg|
if !check_pid_seq || (pid == @pid && seq == @seq)
Linux.check_error(msg.error) if type == NLMSG_ERROR
res = yield type, msg
next unless res == false
end
@junk_handler[type, flags, seq, pid, msg] if @junk_handler
end
end
end
# Receive one datagram from kernel. Validates the sender, and returns
# the raw binary message. Raises an exception on timeout or if the
# kernel closes the socket.
def recvmsg(timeout=@timeout)
if select([@socket], nil, nil, timeout)
mesg, sender, rflags, controls = @socket.recvmsg
raise EOFError unless mesg
NLSocket.check_sockaddr(sender.to_sockaddr)
mesg
else
raise "Timeout"
end
end
# Parse netlink packet in a string buffer. Yield header fields plus
# a Netlink::Message-derived object for each message. For unknown message
# types it will yield a raw String, or nil if there is no message body.
def parse_yield(mesg) # :yields: type, flags, seq, pid, Message-or-nil
dechunk(mesg) do |type, flags, seq, pid, data|
klass = Message::CODE_TO_MESSAGE[type]
yield type, flags, seq, pid,
if klass
klass.parse(data)
elsif data && data != EMPTY_STRING
data
else
nil
end
end
end
# Parse netlink packet in a string buffer. Yield header and body
# components for each message in turn.
def dechunk(mesg) # :yields: type, flags, seq, pid, data
ptr = 0
while ptr < mesg.bytesize
raise "Truncated netlink header!" if ptr + NLMSGHDR_SIZE > mesg.bytesize
len, type, flags, seq, pid = mesg[ptr,NLMSGHDR_SIZE].unpack(NLMSGHDR_PACK)
STDERR.puts " len=#{len}, type=#{type}, flags=#{flags}, seq=#{seq}, pid=#{pid}" if $DEBUG
raise "Truncated netlink message!" if ptr + len > mesg.bytesize
raise "Invalid netlink len!" if len < NLMSGHDR_SIZE
data = mesg[ptr+NLMSGHDR_SIZE, len-NLMSGHDR_SIZE]
STDERR.puts " data=#{data.inspect}" if $DEBUG && !data.empty?
yield type, flags, seq, pid, data
ptr = ptr + Message.nlmsg_align(len)
break unless flags & Linux::NLM_F_MULTI
end
end
end
end
end # module Linux

71
lib/linux/netlink/route.rb Normal file
View File

@@ -0,0 +1,71 @@
# This file implements the messages and methods for the NETLINK_ROUTE protocol.
# Apart from a few utility functions for converting ifname to index and vice
# versa, the logic is delegated to separate classes for each entity
# (links, addresses etc)
require 'linux/netlink/nlsocket'
require 'linux/netlink/message'
module Linux
module Netlink
module Route
autoload :LinkHandler, 'linux/netlink/route/link_handler'
autoload :VlanHandler, 'linux/netlink/route/vlan_handler'
autoload :AddrHandler, 'linux/netlink/route/addr_handler'
autoload :RouteHandler, 'linux/netlink/route/route_handler'
# This class formats and receives messages using NETLINK_ROUTE protocol
class Socket < NLSocket
def initialize(opt={})
super(opt.merge(:protocol => Linux::NETLINK_ROUTE))
end
# Return a LinkHandler object for manipulating links
def link
@link ||= LinkHandler.new(self)
end
# Return a VlanHandler object for manipulating vlans
def vlan
@vlan ||= VlanHandler.new(self)
end
# Return a AddrHandler object for manipulating addresses
def addr
@addr ||= AddrHandler.new(self)
end
# Return a RT object for manipulating routes
def route
@route ||= RouteHandler.new(self)
end
# Convert an interface index into name string, or nil if the
# index is nil or 0. Raises exception for unknown values.
#
# ip = Linux::Netlink::Route::Socket.new
# ip.route(:family=>Socket::AF_INET) do |route|
# puts "iif=#{ip.ifname(route.iif)}"
# puts "oif=#{ip.ifname(route.oif)}"
# end
def ifname(index)
return nil if index.nil? || index == 0
link[index].ifname
end
# Convert an interface name into index. Returns 0 for nil or empty
# string. Otherwise raises an exception for unknown values.
def index(name)
case name
when Integer
name
when nil, EMPTY_STRING
0
else
link[name].index
end
end
end
end
end
end # module Linux

126
lib/linux/netlink/route/addr_handler.rb Normal file
View File

@@ -0,0 +1,126 @@
require 'linux/netlink/route'
require 'linux/netlink/route/handler'
module Linux
module Netlink
# struct ifa_cacheinfo
IFACacheInfo = Struct.new :prefered, :valid, :cstamp, :tstamp
# struct ifaddrmsg
class IFAddr < RtattrMessage
code RTM_NEWADDR, RTM_DELADDR, RTM_GETADDR
field :family, :uchar # Socket::AF_*
field :prefixlen, :uchar
field :flags, :uchar # IFA_F_*
field :scope, :uchar # RT_SCOPE_*
field :index, :int
rtattr :address, IFA_ADDRESS, :l3addr
rtattr :local, IFA_LOCAL, :l3addr
rtattr :label, IFA_LABEL, :cstring
rtattr :broadcast, IFA_BROADCAST, :l3addr
rtattr :anycast, IFA_ANYCAST, :l3addr
rtattr :cacheinfo, IFA_CACHEINFO,
:pack => lambda { |val,obj| val.to_a.pack("L*") },
:unpack => lambda { |str,obj| IFACacheInfo.new(*(str.unpack("L*"))) }
rtattr :multicast, IFA_MULTICAST, :l3addr
end
module Route
# This class provides an API for manipulating iaddresses.
class AddrHandler < Handler
def clear_cache
@addr = nil
end
# Download a list of link addresses. Either returns an array of
# Netlink::IFAddr objects, or yields them to the supplied block.
# You will need to use the 'index' to cross reference to the interface.
#
# A hash of kernel options may be supplied, but likely only :family
# is honoured.
#
# res = nl.read_addr(:family => Socket::AF_INET)
# p res
# [#<Linux::Netlink::IFAddr {:family=>2, :prefixlen=>8, :flags=>128, :scope=>254,
# :index=>1, :address=>#<IPAddr: IPv4:127.0.0.1/255.255.255.255>,
# :local=>#<IPAddr: IPv4:127.0.0.1/255.255.255.255>, :label=>"lo"}>, ...]
def read_addr(opt=nil, &blk)
@rtsocket.send_request RTM_GETADDR, IFAddr.new(opt),
NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST
@rtsocket.receive_until_done(RTM_NEWADDR, &blk)
end
class Filter < BaseFilter #:nodoc:
filter(:family) { |o,v| o.family == v }
filter(:scope) { |o,v| o.scope == scope }
filter(:flags) { |o,v| (o.flags & v) == v }
filter(:noflags) { |o,v| (o.flags & v) == 0 }
filter(:index) { |o,v| o.index == v }
end
# Iterate over all addresses, or addressees matching the given
# criteria. Returns an Enumerator if no block given.
#
# The full address list is read once and memoized, so
# it is efficient to call this method multiple times.
#
# nl.addr.list { |x| p x }
# addrs_eth0 = nl.addr.list(:index=>"eth0").to_a
# addrs_eth0_v4 = nl.addr.list(:index=>"eth0", :family=>Socket::AF_INET).to_a
def list(filter=nil, &blk)
@addr ||= read_addr
filter[:index] = index(filter[:index]) if filter && filter.has_key?(:index)
filter_list(@addr, filter, &blk)
end
alias :each :list
# Return addresses grouped by interface name. e.g.
# group_by_interface(:family => Socket::AF_INET).to_a
# #=> {"eth0"=>[addr, addr,...], "lo"=>[addr, addr,...]
#
# The hash has an empty array as its default, so it's safe to do
# group_by_interface(...)["eth0"].each { |a| ... }
# even if eth0 has no addresses matching the given filter.
def group_by_interface(*filter)
res = list(*filter).group_by { |a| ifname(a.index) }
res.default = EMPTY_ARRAY
res
end
# Add an IP address to an interface
#
# require 'netlink/route'
# ip = Linux::Netlink::Route::Socket.new
# ip.addr.add(:index=>"eth0", :local=>"1.2.3.4", :prefixlen=>24)
def add(opt)
ipaddr_modify(RTM_NEWADDR, NLM_F_CREATE|NLM_F_EXCL, opt)
end
def change(opt)
ipaddr_modify(RTM_NEWADDR, NLM_F_REPLACE, opt)
end
def replace(opt)
ipaddr_modify(RTM_NEWADDR, NLM_F_CREATE|NLM_F_REPLACE, opt)
end
# Delete an IP address from an interface. Pass in either a hash of
# parameters, or an existing IFAddr object.
def delete(opt)
ipaddr_modify(RTM_DELADDR, 0, opt)
end
def ipaddr_modify(code, flags, msg) #:nodoc:
msg = IFAddr.new(msg)
msg.index = index(msg.index) unless msg.index.is_a?(Integer)
msg.address ||= msg.local
# Note: IPAddr doesn't support addresses off the subnet base,
# so there's no point trying to set msg.prefixlen from the IPAddr mask
@rtsocket.cmd code, msg, flags|NLM_F_REQUEST
clear_cache
end
end
end
end
end # module Linux

48
lib/linux/netlink/route/handler.rb Normal file
View File

@@ -0,0 +1,48 @@
module Linux
module Netlink
module Route
# The base class containing shared methods between all the
# NETLINK_ROUTE handler classes.
class BaseFilter #:nodoc:
def self.filter name, &blk
define_method "#{name}=" do |matchval|
@conds << [blk, matchval]
end
end
def initialize(h)
@conds = []
h.each { |k,v| send "#{k}=", v }
end
def match(obj)
!@conds.find { |blk,matchval| !blk[obj,matchval] }
end
end
# Code which is common to all the NETLINK_ROUTE handlers
class Handler
def initialize(rtsocket = Route::Socket.new)
@rtsocket = rtsocket
clear_cache
end
def index(v)
@rtsocket.index(v)
end
def ifname(v)
@rtsocket.ifname(v)
end
# Generic listing and filtering
def filter_list(data, filter, &blk)
return data.each(&blk) unless filter
return to_enum(:list, filter) unless block_given?
fm = self.class::Filter.new(filter)
data.each { |o| yield o if fm.match(o) }
end
end
end
end
end # module Linux

247
lib/linux/netlink/route/link_handler.rb Normal file
View File

@@ -0,0 +1,247 @@
require 'linux/netlink/route'
require 'linux/netlink/route/handler'
module Linux
module Netlink
# struct rtnl_link_stats / rtnl_link_stats64
LinkStats = Struct.new :rx_packets, :tx_packets,
:rx_bytes, :tx_bytes,
:rx_errors, :tx_errors,
:rx_dropped, :tx_dropped,
:multicast, :collisions,
:rx_length_errors, :rx_over_errors,
:rx_crc_errors, :rx_frame_errors,
:rx_fifo_errors, :rx_missed_errors,
:tx_aborted_errorsr, :tx_carrier_errors,
:tx_fifo_errors, :tx_heartbeat_errors,
:tx_window_errors,
:rx_compressed, :tx_compressed
# struct ifmap
IFMap = Struct.new :mem_start, :mem_end, :base_addr, :irq, :dma, :port
# struct ifinfomsg
class IFInfo < RtattrMessage
code RTM_NEWLINK, RTM_DELLINK, RTM_GETLINK
field :family, :uchar
field :type, :ushort # ARPHRD_*
field :index, :int
field :flags, :uint # IFF_*
field :change, :uint, :default=>0xffffffff # flags to change
rtattr :address, IFLA_ADDRESS, :l2addr
rtattr :broadcast, IFLA_BROADCAST, :l2addr
rtattr :ifname, IFLA_IFNAME, :cstring
rtattr :mtu, IFLA_MTU, :uint32
rtattr :link, IFLA_LINK, :int32
rtattr :qdisc, IFLA_QDISC, :cstring
rtattr :stats32, IFLA_STATS,
:pack => lambda { |val,obj| val.to_a.pack("L23") },
:unpack => lambda { |str,obj| LinkStats.new(*(str.unpack("L23"))) }
rtattr :cost, IFLA_COST
rtattr :master, IFLA_MASTER, :uint32
rtattr :wireless, IFLA_WIRELESS
rtattr :protinfo, IFLA_PROTINFO, :uchar
rtattr :txqlen, IFLA_TXQLEN, :uint32
IFMAP_PACK = "QQQSCC".freeze #:nodoc:
rtattr :map, IFLA_MAP,
:pack => lambda { |val,obj| val.to_a.pack(IFMAP_PACK) },
:unpack => lambda { |str,obj| IFMap.new(*(str.unpack(IFMAP_PACK))) }
rtattr :weight, IFLA_WEIGHT, :uint32
rtattr :operstate, IFLA_OPERSTATE, :uchar
rtattr :linkmode, IFLA_LINKMODE, :uchar
rtattr :linkinfo, IFLA_LINKINFO # nested
rtattr :net_ns_pid, IFLA_NET_NS_PID, :uint32
rtattr :ifalias, IFLA_IFALIAS, :cstring
rtattr :num_vf, IFLA_NUM_VF, :uint32
rtattr :vfinfo_list, IFLA_VFINFO_LIST
rtattr :stats64, IFLA_STATS64,
:pack => lambda { |val,obj| val.to_a.pack("Q23") },
:unpack => lambda { |str,obj| LinkStats.new(*(str.unpack("Q23"))) }
rtattr :vf_ports, IFLA_VF_PORTS
rtattr :port_self, IFLA_PORT_SELF
# Return the best stats available (64bit or 32bit)
def stats
stats64 || stats32
end
# Link kind for special links, e.g. "vlan" or "gre"
def kind
linkinfo && linkinfo.kind
end
# Set link kind, creating a linkinfo member if necessary. e.g.
# i = IFAddr.new
# i.kind = "vlan"
# i.linkinfo.data = VlanInfo.new(...)
def kind=(str)
self.linkinfo ||= LinkInfo.new
linkinfo.kind = str
end
def kind?(str)
kind == str
end
def after_parse #:nodoc:
self.linkinfo = LinkInfo.parse(linkinfo) if linkinfo
end
end
class LinkInfo < RtattrMessage
rtattr :kind, IFLA_INFO_KIND, :cstring
rtattr :data, IFLA_INFO_DATA # rtattr packed, see below
rtattr :xstats, :IFLA_INFO_XSTATS # don't know
def after_parse #:nodoc:
case kind
when "vlan"
self.data = VlanInfo.parse(data)
end
end
end
class VlanFlags < CStruct
field :flags, :uint32
field :mask, :uint32, :default => 0xffffffff
end
# VLAN information is packed in rtattr format (there is no corresponding 'struct')
class VlanInfo < RtattrMessage
rtattr :id, IFLA_VLAN_ID, :ushort
rtattr :flags, IFLA_VLAN_FLAGS,
:unpack => lambda { |str,obj| VlanFlags.parse(str) }
rtattr :egress_qos, IFLA_VLAN_EGRESS_QOS
rtattr :ingress_qos, IFLA_VLAN_INGRESS_QOS
end
module Route
# This class provides an API for manipulating interfaces and addresses.
# Since we frequently need to map ifname to ifindex, or vice versa,
# we keep a memoized list of interfaces. If the interface list changes,
# you should create a new instance of this object.
class LinkHandler < Handler
def clear_cache
@link = nil
@linkmap = nil
end
# Download a list of links (interfaces). Either returns an array of
# Netlink::IFInfo objects, or yields them to the supplied block.
#
# res = ip.link.read_link
# p res
# [#<Linux::Netlink::IFInfo {:family=>0, :type=>772, :index=>1,
# :flags=>65609, :change=>0, :ifname=>"lo", :txqlen=>0, :operstate=>0,
# :linkmode=>0, :mtu=>16436, :qdisc=>"noqueue", :map=>"...",
# :address=>"\x00\x00\x00\x00\x00\x00", :broadcast=>"\x00\x00\x00\x00\x00\x00",
# :stats32=>#<struct Linux::Netlink::LinkStats rx_packets=22, ...>,
# :stats64=>#<struct Linux::Netlink::LinkStats rx_packets=22, ...>}>, ...]
def read_link(opt=nil, &blk)
@rtsocket.send_request RTM_GETLINK, IFInfo.new(opt),
NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST
@rtsocket.receive_until_done(RTM_NEWLINK, &blk)
end
class Filter < BaseFilter #:nodoc:
filter(:type) { |o,v| o.type == v }
filter(:kind) { |o,v| o.kind?(v) }
filter(:flags) { |o,v| (o.flags & v) == v }
filter(:noflags) { |o,v| (o.flags & v) == 0 }
filter(:link) { |o,v| o.link == v }
end
# Iterate over all interfaces, or interfaces matching the given
# criteria. Returns an Enumerator if no block given.
#
# The full interface list is read once and memoized, so
# it is efficient to call this method multiple times.
#
# ip.link.list { |x| p x }
# ethers = ip.link.list(:type => Linux::ARPHRD_ETHER).to_a
# vlans = ip.link.list(:kind => "vlan").to_a
# ip.link.list(:flags => Linux::IFF_RUNNING)
# ip.link.list(:noflags => Linux::IFF_POINTOPOINT)
# ip.link.list(:link => "lo") # vlan etc attached to this interface
def list(filter=nil, &blk)
@link ||= read_link
filter[:link] = index(filter[:link]) if filter && filter.has_key?(:link)
filter_list(@link, filter, &blk)
end
alias :each :list
# Return a memoized Hash of interfaces, keyed by both index and name
def linkmap
@linkmap ||= (
h = {}
list { |link| h[link.index] = h[link.ifname] = link }
h
)
end
# Return details of one interface, given its name or index.
# Raises exception if unknown value.
def [](key)
linkmap.fetch(key)
end
# Add an interface (raw). e.g.
#
# require 'linux/netlink/route'
# ip = Linux::Netlink::Route::Socket.new
# ip.link.add(
# :link=>"lo",
# :linkinfo=>Linux::Netlink::LinkInfo.new(
# :kind=>"vlan",
# :data=>Linux::Netlink::VlanInfo.new(
# :id=>1234,
# :flags => Linux::Netlink::VlanFlags.new(
# :flags=>Linux::VLAN_FLAG_LOOSE_BINDING,
# :mask=>0xffffffff
# ))))
def add(opt)
iplink_modify(RTM_NEWLINK, NLM_F_CREATE|NLM_F_EXCL, opt)
end
def change(opt)
iplink_modify(RTM_NEWLINK, NLM_F_REPLACE, opt)
end
def replace(opt)
iplink_modify(RTM_NEWLINK, NLM_F_CREATE|NLM_F_REPLACE, opt)
end
# Delete an existing link. Pass in ifname or index, or options
# hash {:index=>n}
def delete(opt)
case opt
when Integer
opt = {:index=>opt}
when String
opt = {:index=>index(opt)}
end
iplink_modify(RTM_DELLINK, 0, opt)
end
def iplink_modify(code, flags, msg) #:nodoc:
msg = IFInfo.new(msg)
if (flags & NLM_F_CREATE) != 0
raise "Missing :linkinfo" unless msg.linkinfo
raise "Missing :kind" unless msg.linkinfo.kind
else
raise "Missing :index" if msg.index.nil? || msg.index == 0
end
msg.index = index(msg.index) if msg.index.is_a?(String)
msg.link = index(msg.link) if msg.link.is_a?(String)
@rtsocket.cmd code, msg, flags|NLM_F_REQUEST
clear_cache
end
end
end
end
end # module Linux

199
lib/linux/netlink/route/route_handler.rb Normal file
View File

@@ -0,0 +1,199 @@
require 'linux/netlink/route'
require 'linux/netlink/route/handler'
module Linux
module Netlink
# struct rta_cacheinfo
RTACacheInfo = Struct.new :clntref, :lastuse, :expires, :error, :used, :id, :ts, :tsage
# struct rtmsg
class RT < RtattrMessage
code RTM_NEWROUTE, RTM_DELROUTE, RTM_GETROUTE
field :family, :uchar # Socket::AF_*
field :dst_len, :uchar
field :src_len, :uchar
field :tos, :uchar
field :table, :uchar # table id or RT_TABLE_*
field :protocol, :uchar # RTPROT_*
field :scope, :uchar # RT_SCOPE_*
field :type, :uchar # RTN_*
field :flags, :uint # RTM_F_*
rtattr :dst, RTA_DST, :l3addr
rtattr :src, RTA_SRC, :l3addr
rtattr :iif, RTA_IIF, :uint32
rtattr :oif, RTA_OIF, :uint32
rtattr :gateway, RTA_GATEWAY, :l3addr
rtattr :priority, RTA_PRIORITY, :uint32
rtattr :prefsrc, RTA_PREFSRC, :l3addr
rtattr :metrics, RTA_METRICS,
:unpack => lambda { |str,obj| RTAMetrics.parse(str) }
rtattr :multipath, RTA_MULTIPATH
rtattr :flow, RTA_FLOW
rtattr :cacheinfo, RTA_CACHEINFO,
:pack => lambda { |val,obj| val.to_a.pack("L*") },
:unpack => lambda { |str,obj| RTACacheInfo.new(*(str.unpack("L*"))) }
rtattr :table2, RTA_TABLE, :uint32 # NOTE: table in two places!
end
class RTAMetrics < RtattrMessage
rtattr :lock, RTAX_LOCK, :uint32
rtattr :mtu, RTAX_MTU, :uint32
rtattr :window, RTAX_WINDOW, :uint32
rtattr :rtt, RTAX_RTT, :uint32
rtattr :rttvar, RTAX_RTTVAR, :uint32
rtattr :ssthresh, RTAX_SSTHRESH, :uint32
rtattr :cwnd, RTAX_CWND, :uint32
rtattr :advmss, RTAX_ADVMSS, :uint32
rtattr :reordering, RTAX_REORDERING, :uint32
rtattr :hoplimit, RTAX_HOPLIMIT, :uint32
rtattr :initcwnd, RTAX_INITCWND, :uint32
rtattr :features, RTAX_FEATURES, :uint32
rtattr :rto_min, RTAX_RTO_MIN, :uint32
rtattr :initrwnd, RTAX_INITRWND, :uint32
end
module Route
# This class manipulates the kernel routing table
class RouteHandler < Handler
def clear_cache
@route = nil
end
# Send message to download the kernel routing table. Either returns an
# array of Netlink::RT objects, or yields them to the supplied block.
#
# A hash of kernel options may be supplied, but you might also have
# to perform your own filtering. e.g.
# read_route(:family=>Socket::AF_INET) # works
# read_route(:protocol=>Linux::RTPROT_STATIC) # ignored
#
# res = ip.route.read_route(:family => Socket::AF_INET)
# p res
# [#<Linux::Netlink::RT {:family=>2, :dst_len=>32, :src_len=>0, :tos=>0,
# :table=>255, :protocol=>2, :scope=>253, :type=>3, :flags=>0, :table2=>255,
# :dst=>#<IPAddr: IPv4:127.255.255.255/255.255.255.255>,
# :prefsrc=>#<IPAddr: IPv4:127.0.0.1/255.255.255.255>, :oif=>1}>, ...]
#
# Note that not all attributes will always be present. In particular,
# a defaultroute (dst_len=0) misses out the dst address completely:
#
# [#<Linux::Netlink::RT {:family=>2, :dst_len=>0, :src_len=>0, :tos=>0,
# :table=>254, :protocol=>4, :scope=>0, :type=>1, :flags=>0, :table2=>254,
# :gateway=>#<IPAddr: IPv4:10.69.255.253/255.255.255.255>, :oif=>2}>, ...]
def read_route(opt=nil, &blk)
@rtsocket.send_request RTM_GETROUTE, RT.new(opt),
NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST
@rtsocket.receive_until_done(RTM_NEWROUTE, &blk)
end
class Filter < BaseFilter #:nodoc:
filter(:family) { |o,v| o.family == v }
filter(:table) { |o,v| o.table == v }
filter(:protocol) { |o,v| o.protocol == v }
filter(:type) { |o,v| o.type == v }
filter(:scope) { |o,v| o.scope == v }
filter(:flags) { |o,v| (o.flags & v) == v }
filter(:noflags) { |o,v| (o.flags & v) == 0 }
filter(:oif) { |o,v| o.oif == v }
filter(:iif) { |o,v| o.iif == v }
end
# Return the memoized route table, filtered according to
# the optional criteria. Examples:
# :family => Socket::AF_INET
# :table => Linux::RT_TABLE_DEFAULT
# :protocol => Linux::RTPROT_STATIC
# :type => Linux::RTN_UNICAST
# :scope => Linux::RT_SCOPE_HOST
# :flags => Linux::RTM_F_NOTIFY
# :noflags => Linux::RTM_F_CLONED
# :oif => "eth0"
# :iif => "eth1"
def list(filter=nil, &blk)
@route ||= read_route
filter[:oif] = index(filter[:oif]) if filter && filter.has_key?(:oif)
filter[:iif] = index(filter[:iif]) if filter && filter.has_key?(:iif)
filter_list(@route, filter, &blk)
end
alias :each :list
def add(opt)
iproute_modify(RTM_NEWROUTE, NLM_F_CREATE|NLM_F_EXCL, opt)
end
def change(opt)
iproute_modify(RTM_NEWROUTE, NLM_F_REPLACE, opt)
end
def replace(opt)
iproute_modify(RTM_NEWROUTE, NLM_F_CREATE|NLM_F_REPLACE, opt)
end
def prepend(opt)
iproute_modify(RTM_NEWROUTE, NLM_F_CREATE, opt)
end
def append(opt)
iproute_modify(RTM_NEWROUTE, NLM_F_CREATE|NLM_F_APPEND, opt)
end
def test(opt)
iproute_modify(RTM_NEWROUTE, NLM_F_EXCL, opt)
end
def delete(opt)
iproute_modify(RTM_DELROUTE, 0, opt)
end
# Get route matching given criteria
def get(msg)
msg = RT.new(msg)
raise "Missing :dst" unless msg.dst
msg.iif = index(msg.iif) if msg.iif.is_a?(String)
msg.oif = index(msg.oif) if msg.oif.is_a?(String)
@rtsocket.cmd RTM_GETROUTE, msg, NLM_F_REQUEST, RTM_NEWROUTE
end
def iproute_modify(code, flags, msg) #:nodoc:
msg = RT.new(msg)
if code != RTM_DELROUTE
msg.protocol ||= RTPROT_BOOT
msg.type ||= RTN_UNICAST
end
# There is scary code in ip/iproute.c for setting defaults
unless msg.table
msg.table = case msg.type
when RTN_LOCAL, RTN_BROADCAST, RTN_NAT, RTN_ANYCAST
RT_TABLE_LOCAL
else
RT_TABLE_MAIN
end
end
unless msg.scope
msg.scope = (code != RTM_DELROUTE) ? RT_SCOPE_UNIVERSE : RT_SCOPE_NOWHERE
case msg.type
when RTN_LOCAL, RTN_NAT
msg.scope = RT_SCOPE_HOST
when RTN_BROADCAST, RTN_MULTICAST, RTN_ANYCAST
msg.scope RT_SCOPE_LINK
when RTN_UNICAST, RTN_UNSPEC
if code == RTM_DELROUTE
msg.scope = RT_SCOPE_NOWHERE
elsif !msg.gateway && !msg.multipath
msg.scope = RT_SCOPE_LINK
end
end
end
msg.iif = index(msg.iif) if msg.iif.is_a?(String)
msg.oif = index(msg.oif) if msg.oif.is_a?(String)
@rtsocket.cmd code, msg, flags|NLM_F_REQUEST
clear_cache
end
end
end
end
end # module Linux

67
lib/linux/netlink/route/vlan_handler.rb Normal file
View File

@@ -0,0 +1,67 @@
require 'linux/netlink/route'
require 'linux/netlink/route/handler'
module Linux
module Netlink
module Route
class VlanHandler < Handler
def clear_cache
# No cache
end
def list(filter={}, &blk)
@rtsocket.link.list(filter.merge(:kind=>"vlan"))
end
alias :each :list
# Higher-level API to manipulate VLAN interface.
# nl.vlans.add(
# :link=>"lo",
# :vlan_id=>1234,
# :vlan_flags=>Linux::VLAN_FLAG_LOOSE_BINDING,
# :vlan_mask=>0xffffffff
# )
def add(opt)
@rtsocket.link.add(vlan_options(opt))
end
def change(opt)
@rtsocket.link.change(vlan_options(opt))
end
def replace(opt)
@rtsocket.link.replace(vlan_options(opt))
end
# Delete vlan given :link and :vlan_id. If you want to delete
# by :index then call link.delete instead.
def delete(opt)
raise "Missing vlan_id" unless opt[:vlan_id]
raise "Missing link" unless opt[:link]
link = list(:link=>opt[:link]).find { |l|
l.linkinfo.data &&
l.linkinfo.data.id == opt[:vlan_id]
}
raise Errno::ENODEV unless link
@rtsocket.link.delete(link.index)
end
def vlan_options(orig) #:nodoc:
opt = orig.dup
opt[:link] = index(opt.fetch(:link))
li = opt[:linkinfo] ||= LinkInfo.new
li.kind = "vlan"
li.data ||= VlanInfo.new
li.data.id = opt.delete(:vlan_id) if opt.has_key?(:vlan_id)
if opt.has_key?(:vlan_flags)
li.data.flags ||= VlanFlags.new(:flags => opt.delete(:vlan_flags))
li.data.flags.mask = opt.delete(:vlan_mask) if opt.has_key?(:vlan_mask)
end
li.data.egress_qos = opt.delete(:egress_qos) if opt.has_key?(:egress_qos)
li.data.ingress_qos = opt.delete(:ingress_qos) if opt.has_key?(:ingress_qos)
opt
end
end
end
end
end # module Linux