本地库覆盖glibc的API

原创已于 2022-11-20 19:52:40 修改 · 置顶 · 764 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#linux #开发语言

于 2022-11-20 19:03:59 首次发布

技术分享专栏收录该内容

17 篇文章

订阅专栏

本文介绍如何通过修改Linux环境变量LD_PRELOAD来覆盖glibc中的getifaddrs函数，实现对网络接口信息获取过程的自定义处理。文章详细展示了如何创建并加载自定义共享库以替换原有的glibc行为。

本地库覆盖glibc的getifaddrs

基本原理：（原理类似libSegFault.so这个库）

使用linux的环境变量“LD_PRELOAD”来提前载入一个库，然后这个库里面的同名API就可以覆盖后续的共享库的API了(glibc里面的若链接的API是可以被覆盖的)。如我们在自己的共享库中重写一个API

int getifaddrs (struct ifaddrs **ifap)；

主要修改代码点：

在一个新的共享库里重写/覆盖getifaddrs(), 生产一个共享库libovfuns.so，把它拷贝到/opt/lib里面。主要修改点事去掉原有glibc里__netlink_assert_response(...)的abort处理，同时是在系统的文件里面记录一条异常log：（/opt/log/overwirte_fun.log）

static void __netlink_assert_response (int fd, ssize_t result)
{
  if (result < 0)
    {
      /* Check if the error is unexpected.  */
      bool terminate = false;
      int error_code = errno;
      int family = get_address_family (fd);
      if (family != AF_NETLINK)
        /* If the address family does not match (or getsockname
           failed), report the original error.  */
        terminate = true;
      else if (error_code == EBADF
          || error_code == ENOTCONN
          || error_code == ENOTSOCK
          || error_code == ECONNREFUSED)
        /* These errors indicate that the descriptor is not a
           connected socket.  */
        terminate = true;
      else if (error_code == EAGAIN || error_code == EWOULDBLOCK)
        {
          /* The kernel might return EAGAIN for other reasons than a
             non-blocking socket.  But if the socket is not blocking,
             it is not ours, so report the error.  */
          int mode = fcntl (fd, F_GETFL, 0);
          if (mode < 0 || (mode & O_NONBLOCK) != 0)
            terminate = true;
        }
	    printf("[%s %d]\n", __func__, __LINE__);
      if (terminate)
        {
          char message[200];
          if (family < 0)
            snprintf (message, sizeof (message),
                        "Inovance overwrite： Unexpected error %d on netlink descriptor %d",
                        error_code, fd);
          else
            snprintf (message, sizeof (message),
                        "Inovance overwrite： Unexpected error %d on netlink descriptor %d"
                        " (address family %d)",
                        error_code, fd, family);
    //just use the log message replace the "__libc_fatal"
        //    __libc_fatal (message);
        overwrite_fun_log("getifaddrs", message);

        }
      else
        /* Restore orignal errno value.  */
        set_errno (error_code);
    }
  else if (result < sizeof (struct nlmsghdr))
    {
      char message[200];
      int family = get_address_family (fd);
      if (family < 0)
          snprintf (message, sizeof (message),
                      "Inovance overwrite： Unexpected netlink response of size %zd"
                      " on descriptor %d",
                      result, fd);
      else
          snprintf (message, sizeof (message),
                      "Inovance overwrite： Unexpected netlink response of size %zd"
                      " on descriptor %d (address family %d)",
                      result, fd, family);
    //just use the log message replace the "__libc_fatal"
    //   __libc_fatal (message);
        overwrite_fun_log("getifaddrs", message);
    }
}

修改test启动的服务脚本：在原有服务脚本里面增加如下行，用于设置环境变量Environment="LD_PRELOAD=/opt/runtime/libovfuns.so"

root@xxx:# cat /lib/systemd/system/test.service
[Unit]
Description=Inovance CoDeSys Control Progres
Wants=inovance-daemon.service
After=inovance-daemon.service

[Service]
Type=simple
Environment="LD_PRELOAD=/opt/lib/libovfuns.so"
PIDFile=/run/test.pid
ExecStartPre=/bin/sleep 5
ExecStart=/opt/xxx/test
StandardOutput=null
StandardError=null
#Restart=always
#RestartSec=1
#StartLimitInterval=0

[Install]
WantedBy=multi-user.target

下面是测试代码，编译时使用gcc -L/opt/runtime/ -I./lib -lovfuns -o test test.c

生产test测试程序

 #define _GNU_SOURCE     /* To get defns of NI_MAXSERV and NI_MAXHOST */
       #include <arpa/inet.h>
       #include <sys/socket.h>
       #include <netdb.h>
       #include "my_ifaddrs.h"
       #include <stdio.h>
       #include <stdlib.h>
       #include <unistd.h>
       #include <linux/if_link.h>


       int main(int argc, char *argv[])
       {
           struct ifaddrs *ifaddr, *ifa;
           int family, s, n;
           char host[NI_MAXHOST];

           if (getifaddrs(&ifaddr) == -1) {
               perror("getifaddrs");
               exit(EXIT_FAILURE);
           }

           /* Walk through linked list, maintaining head pointer so we
              can free list later */

           for (ifa = ifaddr, n = 0; ifa != NULL; ifa = ifa->ifa_next, n++) {
               if (ifa->ifa_addr == NULL)
                   continue;

               family = ifa->ifa_addr->sa_family;

               /* Display interface name and family (including symbolic
                  form of the latter for the common families) */

               printf("%-8s %s (%d)\n",
                      ifa->ifa_name,
                      (family == AF_PACKET) ? "AF_PACKET" :
                      (family == AF_INET) ? "AF_INET" :
                      (family == AF_INET6) ? "AF_INET6" : "???",
                      family);

               /* For an AF_INET* interface address, display the address */

               if (family == AF_INET || family == AF_INET6) {
                   s = getnameinfo(ifa->ifa_addr,
                           (family == AF_INET) ? sizeof(struct sockaddr_in) :
                                                 sizeof(struct sockaddr_in6),
                           host, NI_MAXHOST,
                           NULL, 0, NI_NUMERICHOST);
                   if (s != 0) {
                       printf("getnameinfo() failed: %s\n", gai_strerror(s));
                       exit(EXIT_FAILURE);
                   }

                   printf("\t\taddress: <%s>\n", host);

               } else if (family == AF_PACKET && ifa->ifa_data != NULL) {
                   struct rtnl_link_stats *stats = ifa->ifa_data;

                   printf("\t\ttx_packets = %10u; rx_packets = %10u\n"
                          "\t\ttx_bytes   = %10u; rx_bytes   = %10u\n",
                          stats->tx_packets, stats->rx_packets,
                          stats->tx_bytes, stats->rx_bytes);
               }
           }

           freeifaddrs(ifaddr);
           exit(EXIT_SUCCESS);
       }

测试添加和不添加环境量，程序使用的API是不同的，具体测试log如下所示：

不添加环境变量，程序使用原始API

root@xxx:# ./test

lo AF_PACKET (17)

tx_packets = 65; rx_packets = 65

tx_bytes = 3180; rx_bytes = 3180

enp1s0 AF_PACKET (17)

tx_packets = 686; rx_packets = 3008

tx_bytes = 50762; rx_bytes = 192738

enp2s0 AF_PACKET (17)

tx_packets = 118; rx_packets = 204

tx_bytes = 19366; rx_bytes = 22391