ifconfig ethtool ip 实现流程 ----也就是一个ioctl

今天 顺便看了一下 ifconfig  ip ethtool 工具的strace 结果 ；

发现其实就是  创建一个 socket-fd 然后 指定接口名， 然后设置 /获取  相关属性

 

 

 

 

也就是通过 ioctl netlink 接口 获取设置信息

看下网络设备结构：

 

 

 

 

 

 

目前ioctl 源码在：fs/ioctl.c文件中

SYSCALL_DEFINE3(ioctl,

Follows an explanation of the patch that introduced unlocked_ioctl and compat_ioctl into 2.6.11.
The removal of the ioctl field happened a lot later, in 2.6.36.

Explanation: When ioctl was executed, it took the Big Kernel Lock (BKL), so nothing else could
execute at the same time. This is very bad on a multiprocessor machine, so there was a big effort
to get rid of the BKL. First, unlocked_ioctl was introduced. It lets each driver writer choose
what lock to use instead. This can be difficult, so there was a period of transition during which
old drivers still worked (using ioctl) but new drivers could use the improved interface (unlocked_ioctl).
Eventually all drivers were converted and ioctl could be removed.

compat_ioctl is actually unrelated, even though it was added at the same time.
Its purpose is to allow 32-bit userland programs to make ioctl calls on a 64-bit kernel.
The meaning of the last argument to ioctl depends on the driver, so there is no way to
do a driver-independent conversion

ioctl : (在2.6.36后，去除了该字段)，应用程序进入内核持有giant lock/big-lock/kernel-lock(大内核锁)，同一时刻只有一个应用程序进入kernel space
unlocked_ioctl : 64为应用程序调用的，非大内核锁
compat_ioctl : 32为应用程序调用的，非大内核锁

 

 引用计数

引用计数：内核的一种机制。为了减少内核内存泄漏和防止UAF，大多数Linux的数据结构中有ref counter，为atomic_t类型（int）。通过如下原子操作对ref counter进行操作：
    atomic_inc()
    atomic_add()
    atomic_dec_and_test() // 减去1并测试它是否等于零

漏洞：这些操作都要由开发人员手动调用来完成。当一个对象被另一个对象引用时，增加其refcounter；删除此引用时，减少refcounter。当refcounter为零时，通常会释放该对象。如果处理不当导致不平衡，会引发以下漏洞。

    refcounter减少两次：UAF。
    refcounter增加两次：内存泄漏或整数溢出导致UAF。

Linux内核有专门的函数来处理具有通用接口的refcounter（如kref,kobject），但没有得到系统的使用。通常来说，struct对象有自己的refcounter处理函数，*_get()类函数负责引用，*_put()类函数负责释放（不能完全根据名字来判断功能，还需要看代码，例如skb_put()不减少任何refcounter）。示例如下：

    struct sock： sock_hold(), sock_put()
    struct file： fget(), fput()
    struct files_struct： get_files_struct(), put_files_struct()