本地库覆盖glibc的getifaddrs
基本原理:(原理类似libSegFault.so这个库)
使用linux的环境变量“LD_PRELOAD”来提前载入一个库,然后这个库里面的同名API就可以覆盖后续的共享库的API了(glibc里面的若链接的API是可以被覆盖的)。如我们在自己的共享库中重写一个API
int getifaddrs (struct ifaddrs **ifap);
主要修改代码点:
-
在一个新的共享库里重写/覆盖getifaddrs(), 生产一个共享库libovfuns.so,把它拷贝到/opt/lib里面。主要修改点事去掉原有glibc里__netlink_assert_response(...)的abort处理,同时是在系统的文件里面记录一条异常log:(/opt/log/overwirte_fun.log)
static void __netlink_assert_response (int fd, ssize_t result) { if (result < 0) { /* Check if the error is unexpected. */ bool terminate = false; int error_code = errno; int family = get_address_family (fd); if (family != AF_NETLINK) /* If the address family does not match (or getsockname failed), report the original error. */ terminate = true; else if (error_code == EBADF || error_code == ENOTCONN || error_code == ENOTSOCK || error_code == ECONNREFUSED) /* These errors indicate that the descriptor is not a connected socket. */ terminate = true; else if (error_code == EAGAIN || error_code == EWOULDBLOCK) { /* The kernel might return EAGAIN for other reasons than a non-blocking socket. But if the socket is not blocking, it is not ours, so report the error. */ int mode = fcntl (fd, F_GETFL, 0); if (mode < 0 || (mode & O_NONBLOCK) != 0) terminate = true; } printf("[%s %d]\n", __func__, __LINE__); if (terminate) { char message[200]; if (family < 0) snprintf (message, sizeof (message), "Inovance overwrite: Unexpected error %d on netlink descriptor %d", error_code, fd); else snprintf (message, sizeof (message), "Inovance overwrite: Unexpected error %d on netlink descriptor %d" " (address family %d)", error_code, fd, family); //just use the log message replace the "__libc_fatal" // __libc_fatal (message); overwrite_fun_log("getifaddrs", message); } else /* Restore orignal errno value. */ set_errno (error_code); } else if (result < sizeof (struct nlmsghdr)) { char message[200]; int family = get_address_family (fd); if (family < 0) snprintf (message, sizeof (message), "Inovance overwrite: Unexpected netlink response of size %zd" " on descriptor %d", result, fd); else snprintf (message, sizeof (message), "Inovance overwrite: Unexpected netlink response of size %zd" " on descriptor %d (address family %d)", result, fd, family); //just use the log message replace the "__libc_fatal" // __libc_fatal (message); overwrite_fun_log("getifaddrs", message); } } -
修改test启动的服务脚本:在原有服务脚本里面增加如下行,用于设置环境变量Environment="LD_PRELOAD=/opt/runtime/libovfuns.so"
-
root@xxx:# cat /lib/systemd/system/test.service [Unit] Description=Inovance CoDeSys Control Progres Wants=inovance-daemon.service After=inovance-daemon.service [Service] Type=simple Environment="LD_PRELOAD=/opt/lib/libovfuns.so" PIDFile=/run/test.pid ExecStartPre=/bin/sleep 5 ExecStart=/opt/xxx/test StandardOutput=null StandardError=null #Restart=always #RestartSec=1 #StartLimitInterval=0 [Install] WantedBy=multi-user.target -
下面是测试代码,编译时使用gcc -L/opt/runtime/ -I./lib -lovfuns -o test test.c
-
生产test测试程序
#define _GNU_SOURCE /* To get defns of NI_MAXSERV and NI_MAXHOST */ #include <arpa/inet.h> #include <sys/socket.h> #include <netdb.h> #include "my_ifaddrs.h" #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <linux/if_link.h> int main(int argc, char *argv[]) { struct ifaddrs *ifaddr, *ifa; int family, s, n; char host[NI_MAXHOST]; if (getifaddrs(&ifaddr) == -1) { perror("getifaddrs"); exit(EXIT_FAILURE); } /* Walk through linked list, maintaining head pointer so we can free list later */ for (ifa = ifaddr, n = 0; ifa != NULL; ifa = ifa->ifa_next, n++) { if (ifa->ifa_addr == NULL) continue; family = ifa->ifa_addr->sa_family; /* Display interface name and family (including symbolic form of the latter for the common families) */ printf("%-8s %s (%d)\n", ifa->ifa_name, (family == AF_PACKET) ? "AF_PACKET" : (family == AF_INET) ? "AF_INET" : (family == AF_INET6) ? "AF_INET6" : "???", family); /* For an AF_INET* interface address, display the address */ if (family == AF_INET || family == AF_INET6) { s = getnameinfo(ifa->ifa_addr, (family == AF_INET) ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6), host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST); if (s != 0) { printf("getnameinfo() failed: %s\n", gai_strerror(s)); exit(EXIT_FAILURE); } printf("\t\taddress: <%s>\n", host); } else if (family == AF_PACKET && ifa->ifa_data != NULL) { struct rtnl_link_stats *stats = ifa->ifa_data; printf("\t\ttx_packets = %10u; rx_packets = %10u\n" "\t\ttx_bytes = %10u; rx_bytes = %10u\n", stats->tx_packets, stats->rx_packets, stats->tx_bytes, stats->rx_bytes); } } freeifaddrs(ifaddr); exit(EXIT_SUCCESS); }测试添加和不添加环境量,程序使用的API是不同的,具体测试log如下所示:
不添加环境变量,程序使用原始API
root@xxx:# ./test
lo AF_PACKET (17)
tx_packets = 65; rx_packets = 65
tx_bytes = 3180; rx_bytes = 3180
enp1s0 AF_PACKET (17)
tx_packets = 686; rx_packets = 3008
tx_bytes = 50762; rx_bytes = 192738
enp2s0 AF_PACKET (17)
tx_packets = 118; rx_packets = 204
tx_bytes = 19366; rx_bytes = 22391
enp3s0 AF_PACKET (17)
tx_packets = 0; rx_packets = 0
tx_bytes = 0; rx_bytes = 0
enp4s0 AF_PACKET (17)
tx_packets = 0; rx_packets = 16
tx_bytes = 0; rx_bytes = 960
tunl0 AF_PACKET (17)
tx_packets = 0; rx_packets = 0
tx_bytes = 0; rx_bytes = 0
tap0 AF_PACKET (17)
tx_packets = 0; rx_packets = 0
tx_bytes = 0; rx_bytes = 0
tap1 AF_PACKET (17)
tx_packets = 0; rx_packets = 0
tx_bytes = 0; rx_bytes = 0
lo AF_INET (2)
address: <127.0.0.1>
enp1s0 AF_INET (2)
address: <10.61.64.75>
enp2s0 AF_INET (2)
address: <192.168.2.88>
添加环境变量,程序使用新的API
root@xxx:# env LD_PRELOAD=/opt/runtime/libovfuns.so ./test
[__netlink_request 601] <------这个log是新的API里面的
[__netlink_request 604]
[__netlink_request 601]
[__netlink_request 604]
[__netlink_request 601]
[__netlink_request 604]
[__netlink_request 601]
[__netlink_request 604]
[__netlink_request 601]
[__netlink_request 604]
lo AF_PACKET (17)
tx_packets = 107; rx_packets = 107
tx_bytes = 5196; rx_bytes = 5196
enp1s0 AF_PACKET (17)
tx_packets = 1138; rx_packets = 4968
tx_bytes = 83894; rx_bytes = 316171
enp2s0 AF_PACKET (17)
tx_packets = 160; rx_packets = 251
tx_bytes = 23366; rx_bytes = 26263
enp3s0 AF_PACKET (17)
tx_packets = 0; rx_packets = 0
tx_bytes = 0; rx_bytes = 0
enp4s0 AF_PACKET (17)
tx_packets = 0; rx_packets = 24
tx_bytes = 0; rx_bytes = 1440
tunl0 AF_PACKET (17)
tx_packets = 0; rx_packets = 0
tx_bytes = 0; rx_bytes = 0
tap0 AF_PACKET (17)
tx_packets = 0; rx_packets = 0
tx_bytes = 0; rx_bytes = 0
tap1 AF_PACKET (17)
tx_packets = 0; rx_packets = 0
tx_bytes = 0; rx_bytes = 0
lo AF_INET (2)
address: <127.0.0.1>
enp1s0 AF_INET (2)
address: <10.61.64.75>
enp2s0 AF_INET (2)
address: <192.168.2.88>
1457
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
