[03/15] inet: raw -- Check for kernel diag module support

Submitted by Cyrill Gorcunov on Sept. 13, 2018, 7:57 p.m.

Details

Message ID 20180913195758.30566-4-gorcunov@gmail.com
State Accepted
Series "net: Add support for raw inet sockets"
Headers show

Commit Message

Cyrill Gorcunov Sept. 13, 2018, 7:57 p.m.
To collect raw sockets we need the kernel to support raw_diag module.

Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
---
 criu/cr-check.c |  9 +++++++++
 criu/sockets.c  | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)

Patch hide | download patch | download mbox

diff --git a/criu/cr-check.c b/criu/cr-check.c
index 1c12ec256bc2..af52eb549972 100644
--- a/criu/cr-check.c
+++ b/criu/cr-check.c
@@ -1086,6 +1086,13 @@  static int check_kcmp_epoll(void)
 	return 0;
 }
 
+static int check_net_diag_raw(void)
+{
+	check_sock_diag();
+	return (socket_test_collect_bit(AF_INET, IPPROTO_RAW) &&
+		socket_test_collect_bit(AF_INET6, IPPROTO_RAW)) ? 0 : -1;
+}
+
 static int (*chk_feature)(void);
 
 /*
@@ -1194,6 +1201,7 @@  int cr_check(void)
 		ret |= check_uffd_noncoop();
 		ret |= check_sk_netns();
 		ret |= check_kcmp_epoll();
+		ret |= check_net_diag_raw();
 	}
 
 	/*
@@ -1292,6 +1300,7 @@  static struct feature_list feature_list[] = {
 	{ "can_map_vdso", check_can_map_vdso},
 	{ "sk_ns", check_sk_netns },
 	{ "sk_unix_file", check_sk_unix_file },
+	{ "net_diag_raw", check_net_diag_raw },
 	{ "nsid", check_nsid },
 	{ "link_nsid", check_link_nsid},
 	{ "kcmp_epoll", check_kcmp_epoll},
diff --git a/criu/sockets.c b/criu/sockets.c
index bda5e445b6bc..bd4e1a967a51 100644
--- a/criu/sockets.c
+++ b/criu/sockets.c
@@ -105,9 +105,11 @@  enum socket_cl_bits
 	INET_TCP_CL_BIT,
 	INET_UDP_CL_BIT,
 	INET_UDPLITE_CL_BIT,
+	INET_RAW_CL_BIT,
 	INET6_TCP_CL_BIT,
 	INET6_UDP_CL_BIT,
 	INET6_UDPLITE_CL_BIT,
+	INET6_RAW_CL_BIT,
 	UNIX_CL_BIT,
 	PACKET_CL_BIT,
 	_MAX_CL_BIT,
@@ -133,6 +135,8 @@  enum socket_cl_bits get_collect_bit_nr(unsigned int family, unsigned int proto)
 			return INET_UDP_CL_BIT;
 		if (proto == IPPROTO_UDPLITE)
 			return INET_UDPLITE_CL_BIT;
+		if (proto == IPPROTO_RAW)
+			return INET_RAW_CL_BIT;
 	}
 	if (family == AF_INET6) {
 		if (proto == IPPROTO_TCP)
@@ -141,6 +145,8 @@  enum socket_cl_bits get_collect_bit_nr(unsigned int family, unsigned int proto)
 			return INET6_UDP_CL_BIT;
 		if (proto == IPPROTO_UDPLITE)
 			return INET6_UDPLITE_CL_BIT;
+		if (proto == IPPROTO_RAW)
+			return INET6_RAW_CL_BIT;
 	}
 
 	pr_err("Unknown pair family %d proto %d\n", family, proto);
@@ -650,6 +656,9 @@  static int inet_receive_one(struct nlmsghdr *h, struct ns_id *ns, void *arg)
 	case IPPROTO_UDPLITE:
 		type = SOCK_DGRAM;
 		break;
+	case IPPROTO_RAW:
+		type = SOCK_RAW;
+		break;
 	default:
 		BUG_ON(1);
 		return -1;
@@ -725,6 +734,18 @@  int collect_sockets(struct ns_id *ns)
 	if (tmp)
 		err = tmp;
 
+	/* Collect IPv4 RAW sockets */
+	req.r.i.sdiag_family	= AF_INET;
+	req.r.i.sdiag_protocol	= IPPROTO_RAW;
+	req.r.i.idiag_ext	= 0;
+	req.r.i.idiag_states	= -1; /* All */
+	tmp = do_collect_req(nl, &req, sizeof(req), inet_receive_one, ns, &req.r.i);
+	if (tmp) {
+		pr_warn("The current kernel doesn't support ipv4 raw_diag module\n");
+		if (tmp != -ENOENT)
+			err = tmp;
+	}
+
 	/* Collect IPv6 TCP sockets */
 	req.r.i.sdiag_family	= AF_INET6;
 	req.r.i.sdiag_protocol	= IPPROTO_TCP;
@@ -756,6 +777,18 @@  int collect_sockets(struct ns_id *ns)
 	if (tmp)
 		err = tmp;
 
+	/* Collect IPv6 RAW sockets */
+	req.r.i.sdiag_family	= AF_INET6;
+	req.r.i.sdiag_protocol	= IPPROTO_RAW;
+	req.r.i.idiag_ext	= 0;
+	req.r.i.idiag_states	= -1; /* All */
+	tmp = do_collect_req(nl, &req, sizeof(req), inet_receive_one, ns, &req.r.i);
+	if (tmp) {
+		pr_warn("The current kernel doesn't support ipv6 raw_diag module\n");
+		if (tmp != -ENOENT)
+			err = tmp;
+	}
+
 	req.r.p.sdiag_family	= AF_PACKET;
 	req.r.p.sdiag_protocol	= 0;
 	req.r.p.pdiag_show	= PACKET_SHOW_INFO | PACKET_SHOW_MCLIST |

Comments

Radostin Stoyanov Sept. 26, 2018, 9:44 p.m.
Hi all,

CONFIG_INET_RAW_DIAG and CONFIG_INET_UDP_DIAG are not set by default in
the Fedora kernel:

https://src.fedoraproject.org/cgit/rpms/kernel.git/tree/kernel-x86_64.config?h=f28#n2254
https://src.fedoraproject.org/cgit/rpms/kernel.git/tree/kernel-x86_64.config?h=f29#n2245

Can we change that?

Radostin

On 13/09/2018 20:57, Cyrill Gorcunov wrote:
> To collect raw sockets we need the kernel to support raw_diag module.
>
> Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
> ---
>  criu/cr-check.c |  9 +++++++++
>  criu/sockets.c  | 33 +++++++++++++++++++++++++++++++++
>  2 files changed, 42 insertions(+)
>
> diff --git a/criu/cr-check.c b/criu/cr-check.c
> index 1c12ec256bc2..af52eb549972 100644
> --- a/criu/cr-check.c
> +++ b/criu/cr-check.c
> @@ -1086,6 +1086,13 @@ static int check_kcmp_epoll(void)
>  	return 0;
>  }
>  
> +static int check_net_diag_raw(void)
> +{
> +	check_sock_diag();
> +	return (socket_test_collect_bit(AF_INET, IPPROTO_RAW) &&
> +		socket_test_collect_bit(AF_INET6, IPPROTO_RAW)) ? 0 : -1;
> +}
> +
>  static int (*chk_feature)(void);
>  
>  /*
> @@ -1194,6 +1201,7 @@ int cr_check(void)
>  		ret |= check_uffd_noncoop();
>  		ret |= check_sk_netns();
>  		ret |= check_kcmp_epoll();
> +		ret |= check_net_diag_raw();
>  	}
>  
>  	/*
> @@ -1292,6 +1300,7 @@ static struct feature_list feature_list[] = {
>  	{ "can_map_vdso", check_can_map_vdso},
>  	{ "sk_ns", check_sk_netns },
>  	{ "sk_unix_file", check_sk_unix_file },
> +	{ "net_diag_raw", check_net_diag_raw },
>  	{ "nsid", check_nsid },
>  	{ "link_nsid", check_link_nsid},
>  	{ "kcmp_epoll", check_kcmp_epoll},
> diff --git a/criu/sockets.c b/criu/sockets.c
> index bda5e445b6bc..bd4e1a967a51 100644
> --- a/criu/sockets.c
> +++ b/criu/sockets.c
> @@ -105,9 +105,11 @@ enum socket_cl_bits
>  	INET_TCP_CL_BIT,
>  	INET_UDP_CL_BIT,
>  	INET_UDPLITE_CL_BIT,
> +	INET_RAW_CL_BIT,
>  	INET6_TCP_CL_BIT,
>  	INET6_UDP_CL_BIT,
>  	INET6_UDPLITE_CL_BIT,
> +	INET6_RAW_CL_BIT,
>  	UNIX_CL_BIT,
>  	PACKET_CL_BIT,
>  	_MAX_CL_BIT,
> @@ -133,6 +135,8 @@ enum socket_cl_bits get_collect_bit_nr(unsigned int family, unsigned int proto)
>  			return INET_UDP_CL_BIT;
>  		if (proto == IPPROTO_UDPLITE)
>  			return INET_UDPLITE_CL_BIT;
> +		if (proto == IPPROTO_RAW)
> +			return INET_RAW_CL_BIT;
>  	}
>  	if (family == AF_INET6) {
>  		if (proto == IPPROTO_TCP)
> @@ -141,6 +145,8 @@ enum socket_cl_bits get_collect_bit_nr(unsigned int family, unsigned int proto)
>  			return INET6_UDP_CL_BIT;
>  		if (proto == IPPROTO_UDPLITE)
>  			return INET6_UDPLITE_CL_BIT;
> +		if (proto == IPPROTO_RAW)
> +			return INET6_RAW_CL_BIT;
>  	}
>  
>  	pr_err("Unknown pair family %d proto %d\n", family, proto);
> @@ -650,6 +656,9 @@ static int inet_receive_one(struct nlmsghdr *h, struct ns_id *ns, void *arg)
>  	case IPPROTO_UDPLITE:
>  		type = SOCK_DGRAM;
>  		break;
> +	case IPPROTO_RAW:
> +		type = SOCK_RAW;
> +		break;
>  	default:
>  		BUG_ON(1);
>  		return -1;
> @@ -725,6 +734,18 @@ int collect_sockets(struct ns_id *ns)
>  	if (tmp)
>  		err = tmp;
>  
> +	/* Collect IPv4 RAW sockets */
> +	req.r.i.sdiag_family	= AF_INET;
> +	req.r.i.sdiag_protocol	= IPPROTO_RAW;
> +	req.r.i.idiag_ext	= 0;
> +	req.r.i.idiag_states	= -1; /* All */
> +	tmp = do_collect_req(nl, &req, sizeof(req), inet_receive_one, ns, &req.r.i);
> +	if (tmp) {
> +		pr_warn("The current kernel doesn't support ipv4 raw_diag module\n");
> +		if (tmp != -ENOENT)
> +			err = tmp;
> +	}
> +
>  	/* Collect IPv6 TCP sockets */
>  	req.r.i.sdiag_family	= AF_INET6;
>  	req.r.i.sdiag_protocol	= IPPROTO_TCP;
> @@ -756,6 +777,18 @@ int collect_sockets(struct ns_id *ns)
>  	if (tmp)
>  		err = tmp;
>  
> +	/* Collect IPv6 RAW sockets */
> +	req.r.i.sdiag_family	= AF_INET6;
> +	req.r.i.sdiag_protocol	= IPPROTO_RAW;
> +	req.r.i.idiag_ext	= 0;
> +	req.r.i.idiag_states	= -1; /* All */
> +	tmp = do_collect_req(nl, &req, sizeof(req), inet_receive_one, ns, &req.r.i);
> +	if (tmp) {
> +		pr_warn("The current kernel doesn't support ipv6 raw_diag module\n");
> +		if (tmp != -ENOENT)
> +			err = tmp;
> +	}
> +
>  	req.r.p.sdiag_family	= AF_PACKET;
>  	req.r.p.sdiag_protocol	= 0;
>  	req.r.p.pdiag_show	= PACKET_SHOW_INFO | PACKET_SHOW_MCLIST |
Cyrill Gorcunov Sept. 30, 2018, 7:01 a.m.
On Wed, Sep 26, 2018 at 10:44:40PM +0100, Radostin Stoyanov wrote:
> Hi all,
> 
> CONFIG_INET_RAW_DIAG and CONFIG_INET_UDP_DIAG are not set by default in
> the Fedora kernel:
> 
> https://src.fedoraproject.org/cgit/rpms/kernel.git/tree/kernel-x86_64.config?h=f28#n2254
> https://src.fedoraproject.org/cgit/rpms/kernel.git/tree/kernel-x86_64.config?h=f29#n2245
> 
> Can we change that?

Hi! Sorry for delay. I think we may ask someone from Fedora camp for it.
Not sure though whom exactly to ask. Andrew, do you happen to know?
Adrian Reber Oct. 1, 2018, 4:46 p.m.
On Sun, Sep 30, 2018 at 10:01:25AM +0300, Cyrill Gorcunov wrote:
> On Wed, Sep 26, 2018 at 10:44:40PM +0100, Radostin Stoyanov wrote:
> > Hi all,
> > 
> > CONFIG_INET_RAW_DIAG and CONFIG_INET_UDP_DIAG are not set by default in
> > the Fedora kernel:
> > 
> > https://src.fedoraproject.org/cgit/rpms/kernel.git/tree/kernel-x86_64.config?h=f28#n2254
> > https://src.fedoraproject.org/cgit/rpms/kernel.git/tree/kernel-x86_64.config?h=f29#n2245
> > 
> > Can we change that?
> 
> Hi! Sorry for delay. I think we may ask someone from Fedora camp for it.
> Not sure though whom exactly to ask. Andrew, do you happen to know?

Both options are available as a module. Is that not enough?

		Adrian
Cyrill Gorcunov Oct. 1, 2018, 4:57 p.m.
On Mon, Oct 01, 2018 at 06:46:29PM +0200, Adrian Reber wrote:
> > 
> > Hi! Sorry for delay. I think we may ask someone from Fedora camp for it.
> > Not sure though whom exactly to ask. Andrew, do you happen to know?
> 
> Both options are available as a module. Is that not enough?

It should be enough. I thought Radostin meant they are not enabled at all.
Radostin Stoyanov Oct. 1, 2018, 5:12 p.m.
On 01/10/2018 17:57, Cyrill Gorcunov wrote:
> On Mon, Oct 01, 2018 at 06:46:29PM +0200, Adrian Reber wrote:
>>> Hi! Sorry for delay. I think we may ask someone from Fedora camp for it.
>>> Not sure though whom exactly to ask. Andrew, do you happen to know?
>> Both options are available as a module. Is that not enough?
> It should be enough. I thought Radostin meant they are not enabled at all.
Sorry, I didn't know about this.
Adrian, thank you for pointing it out!

Radostin
Andrei Vagin Oct. 25, 2018, 2:53 a.m.
On Sun, Sep 30, 2018 at 10:01:25AM +0300, Cyrill Gorcunov wrote:
> On Wed, Sep 26, 2018 at 10:44:40PM +0100, Radostin Stoyanov wrote:
> > Hi all,
> > 
> > CONFIG_INET_RAW_DIAG and CONFIG_INET_UDP_DIAG are not set by default in
> > the Fedora kernel:
> > 
> > https://src.fedoraproject.org/cgit/rpms/kernel.git/tree/kernel-x86_64.config?h=f28#n2254
> > https://src.fedoraproject.org/cgit/rpms/kernel.git/tree/kernel-x86_64.config?h=f29#n2245
> > 
> > Can we change that?
> 
> Hi! Sorry for delay. I think we may ask someone from Fedora camp for it.
> Not sure though whom exactly to ask. Andrew, do you happen to know?

Hmm, I am not sure that I understand what you are talking about...

$ cat /etc/fedora-release 
Fedora release 28 (Twenty Eight)

$ cat /boot/config-4.18.10-200.fc28.x86_64 |  grep DIAG
CONFIG_PACKET_DIAG=m
CONFIG_UNIX_DIAG=m
CONFIG_SMC_DIAG=m
CONFIG_INET_DIAG=m
CONFIG_INET_TCP_DIAG=m
CONFIG_INET_UDP_DIAG=m
CONFIG_INET_RAW_DIAG=m
CONFIG_INET_DIAG_DESTROY=y
CONFIG_INET_SCTP_DIAG=m
CONFIG_TIPC_DIAG=m
CONFIG_VSOCKETS_DIAG=m
CONFIG_NETLINK_DIAG=m