1 /*
2 * Copyright (c) 2014 Zubin Mithra <zubin.mithra@gmail.com>
3 * Copyright (c) 2014-2016 Dmitry V. Levin <ldv@altlinux.org>
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #include "defs.h"
30 #include <netinet/in.h>
31 #include <sys/socket.h>
32 #include <arpa/inet.h>
33 #include <linux/netlink.h>
34 #include <linux/sock_diag.h>
35 #include <linux/inet_diag.h>
36 #include <linux/unix_diag.h>
37 #include <linux/netlink_diag.h>
38 #include <linux/rtnetlink.h>
39 #include "xlat/netlink_protocols.h"
40
41 #include <sys/un.h>
42 #ifndef UNIX_PATH_MAX
43 # define UNIX_PATH_MAX sizeof(((struct sockaddr_un *) 0)->sun_path)
44 #endif
45
46 typedef struct {
47 unsigned long inode;
48 char *details;
49 } cache_entry;
50
51 #define CACHE_SIZE 1024U
52 static cache_entry cache[CACHE_SIZE];
53 #define CACHE_MASK (CACHE_SIZE - 1)
54
55 static int
cache_and_print_inode_details(const unsigned long inode,char * const details)56 cache_and_print_inode_details(const unsigned long inode, char *const details)
57 {
58 cache_entry *e = &cache[inode & CACHE_MASK];
59 free(e->details);
60 e->inode = inode;
61 e->details = details;
62
63 tprints(details);
64 return 1;
65 }
66
67 bool
print_sockaddr_by_inode_cached(const unsigned long inode)68 print_sockaddr_by_inode_cached(const unsigned long inode)
69 {
70 const cache_entry *const e = &cache[inode & CACHE_MASK];
71 if (e && inode == e->inode) {
72 tprints(e->details);
73 return true;
74 }
75 return false;
76 }
77
78 static bool
send_query(const int fd,void * req,size_t req_size)79 send_query(const int fd, void *req, size_t req_size)
80 {
81 struct sockaddr_nl nladdr = {
82 .nl_family = AF_NETLINK
83 };
84 struct iovec iov = {
85 .iov_base = req,
86 .iov_len = req_size
87 };
88 const struct msghdr msg = {
89 .msg_name = &nladdr,
90 .msg_namelen = sizeof(nladdr),
91 .msg_iov = &iov,
92 .msg_iovlen = 1
93 };
94
95 for (;;) {
96 if (sendmsg(fd, &msg, 0) < 0) {
97 if (errno == EINTR)
98 continue;
99 return false;
100 }
101 return true;
102 }
103 }
104
105 static bool
inet_send_query(const int fd,const int family,const int proto)106 inet_send_query(const int fd, const int family, const int proto)
107 {
108 struct {
109 const struct nlmsghdr nlh;
110 const struct inet_diag_req_v2 idr;
111 } req = {
112 .nlh = {
113 .nlmsg_len = sizeof(req),
114 .nlmsg_type = SOCK_DIAG_BY_FAMILY,
115 .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST
116 },
117 .idr = {
118 .sdiag_family = family,
119 .sdiag_protocol = proto,
120 .idiag_states = -1
121 }
122 };
123 return send_query(fd, &req, sizeof(req));
124 }
125
126 static int
inet_parse_response(const char * const proto_name,const void * const data,const int data_len,const unsigned long inode)127 inet_parse_response(const char *const proto_name, const void *const data,
128 const int data_len, const unsigned long inode)
129 {
130 const struct inet_diag_msg *const diag_msg = data;
131 static const char zero_addr[sizeof(struct in6_addr)];
132 socklen_t addr_size, text_size;
133
134 if (data_len < (int) NLMSG_LENGTH(sizeof(*diag_msg)))
135 return -1;
136 if (diag_msg->idiag_inode != inode)
137 return 0;
138
139 switch(diag_msg->idiag_family) {
140 case AF_INET:
141 addr_size = sizeof(struct in_addr);
142 text_size = INET_ADDRSTRLEN;
143 break;
144 case AF_INET6:
145 addr_size = sizeof(struct in6_addr);
146 text_size = INET6_ADDRSTRLEN;
147 break;
148 default:
149 return -1;
150 }
151
152 char src_buf[text_size];
153 char *details;
154
155 if (!inet_ntop(diag_msg->idiag_family, diag_msg->id.idiag_src,
156 src_buf, text_size))
157 return -1;
158
159 if (diag_msg->id.idiag_dport ||
160 memcmp(zero_addr, diag_msg->id.idiag_dst, addr_size)) {
161 char dst_buf[text_size];
162
163 if (!inet_ntop(diag_msg->idiag_family, diag_msg->id.idiag_dst,
164 dst_buf, text_size))
165 return -1;
166
167 if (asprintf(&details, "%s:[%s:%u->%s:%u]", proto_name,
168 src_buf, ntohs(diag_msg->id.idiag_sport),
169 dst_buf, ntohs(diag_msg->id.idiag_dport)) < 0)
170 return false;
171 } else {
172 if (asprintf(&details, "%s:[%s:%u]", proto_name, src_buf,
173 ntohs(diag_msg->id.idiag_sport)) < 0)
174 return false;
175 }
176
177 return cache_and_print_inode_details(inode, details);
178 }
179
180 static bool
receive_responses(const int fd,const unsigned long inode,const char * proto_name,int (* parser)(const char *,const void *,int,unsigned long))181 receive_responses(const int fd, const unsigned long inode,
182 const char *proto_name,
183 int (* parser) (const char *, const void *,
184 int, unsigned long))
185 {
186 static union {
187 struct nlmsghdr hdr;
188 long buf[8192 / sizeof(long)];
189 } hdr_buf;
190
191 struct sockaddr_nl nladdr = {
192 .nl_family = AF_NETLINK
193 };
194 struct iovec iov = {
195 .iov_base = hdr_buf.buf,
196 .iov_len = sizeof(hdr_buf.buf)
197 };
198 int flags = 0;
199
200 for (;;) {
201 struct msghdr msg = {
202 .msg_name = &nladdr,
203 .msg_namelen = sizeof(nladdr),
204 .msg_iov = &iov,
205 .msg_iovlen = 1
206 };
207
208 ssize_t ret = recvmsg(fd, &msg, flags);
209 if (ret < 0) {
210 if (errno == EINTR)
211 continue;
212 return false;
213 }
214
215 const struct nlmsghdr *h = &hdr_buf.hdr;
216 if (!NLMSG_OK(h, ret))
217 return false;
218 for (; NLMSG_OK(h, ret); h = NLMSG_NEXT(h, ret)) {
219 if (h->nlmsg_type != SOCK_DIAG_BY_FAMILY)
220 return false;
221 const int rc = parser(proto_name, NLMSG_DATA(h),
222 h->nlmsg_len, inode);
223 if (rc > 0)
224 return true;
225 if (rc < 0)
226 return false;
227 }
228 flags = MSG_DONTWAIT;
229 }
230 }
231
232 static bool
inet_print(const int fd,const int family,const int protocol,const unsigned long inode,const char * proto_name)233 inet_print(const int fd, const int family, const int protocol,
234 const unsigned long inode, const char *proto_name)
235 {
236 return inet_send_query(fd, family, protocol)
237 && receive_responses(fd, inode, proto_name, inet_parse_response);
238 }
239
240 static bool
unix_send_query(const int fd,const unsigned long inode)241 unix_send_query(const int fd, const unsigned long inode)
242 {
243 struct {
244 const struct nlmsghdr nlh;
245 const struct unix_diag_req udr;
246 } req = {
247 .nlh = {
248 .nlmsg_len = sizeof(req),
249 .nlmsg_type = SOCK_DIAG_BY_FAMILY,
250 .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST
251 },
252 .udr = {
253 .sdiag_family = AF_UNIX,
254 .udiag_ino = inode,
255 .udiag_states = -1,
256 .udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER
257 }
258 };
259 return send_query(fd, &req, sizeof(req));
260 }
261
262 static int
unix_parse_response(const char * proto_name,const void * data,const int data_len,const unsigned long inode)263 unix_parse_response(const char *proto_name, const void *data,
264 const int data_len, const unsigned long inode)
265 {
266 const struct unix_diag_msg *diag_msg = data;
267 struct rtattr *attr;
268 int rta_len = data_len - NLMSG_LENGTH(sizeof(*diag_msg));
269 uint32_t peer = 0;
270 size_t path_len = 0;
271 char path[UNIX_PATH_MAX + 1];
272
273 if (rta_len < 0)
274 return -1;
275 if (diag_msg->udiag_ino != inode)
276 return 0;
277 if (diag_msg->udiag_family != AF_UNIX)
278 return -1;
279
280 for (attr = (struct rtattr *) (diag_msg + 1);
281 RTA_OK(attr, rta_len);
282 attr = RTA_NEXT(attr, rta_len)) {
283 switch (attr->rta_type) {
284 case UNIX_DIAG_NAME:
285 if (!path_len) {
286 path_len = RTA_PAYLOAD(attr);
287 if (path_len > UNIX_PATH_MAX)
288 path_len = UNIX_PATH_MAX;
289 memcpy(path, RTA_DATA(attr), path_len);
290 path[path_len] = '\0';
291 }
292 break;
293 case UNIX_DIAG_PEER:
294 if (RTA_PAYLOAD(attr) >= 4)
295 peer = *(uint32_t *) RTA_DATA(attr);
296 break;
297 }
298 }
299
300 /*
301 * print obtained information in the following format:
302 * "UNIX:[" SELF_INODE [ "->" PEER_INODE ][ "," SOCKET_FILE ] "]"
303 */
304 if (!peer && !path_len)
305 return -1;
306
307 char peer_str[3 + sizeof(peer) * 3];
308 if (peer)
309 snprintf(peer_str, sizeof(peer_str), "->%u", peer);
310 else
311 peer_str[0] = '\0';
312
313 const char *path_str;
314 if (path_len) {
315 char *outstr = alloca(4 * path_len + 4);
316
317 outstr[0] = ',';
318 if (path[0] == '\0') {
319 outstr[1] = '@';
320 string_quote(path + 1, outstr + 2,
321 path_len - 1, QUOTE_0_TERMINATED);
322 } else {
323 string_quote(path, outstr + 1,
324 path_len, QUOTE_0_TERMINATED);
325 }
326 path_str = outstr;
327 } else {
328 path_str = "";
329 }
330
331 char *details;
332 if (asprintf(&details, "%s:[%lu%s%s]", proto_name, inode,
333 peer_str, path_str) < 0)
334 return -1;
335
336 return cache_and_print_inode_details(inode, details);
337 }
338
339 static bool
netlink_send_query(const int fd,const unsigned long inode)340 netlink_send_query(const int fd, const unsigned long inode)
341 {
342 struct {
343 const struct nlmsghdr nlh;
344 const struct netlink_diag_req ndr;
345 } req = {
346 .nlh = {
347 .nlmsg_len = sizeof(req),
348 .nlmsg_type = SOCK_DIAG_BY_FAMILY,
349 .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST
350 },
351 .ndr = {
352 .sdiag_family = AF_NETLINK,
353 .sdiag_protocol = NDIAG_PROTO_ALL,
354 .ndiag_show = NDIAG_SHOW_MEMINFO
355 }
356 };
357 return send_query(fd, &req, sizeof(req));
358 }
359
360 static int
netlink_parse_response(const char * proto_name,const void * data,const int data_len,const unsigned long inode)361 netlink_parse_response(const char *proto_name, const void *data,
362 const int data_len, const unsigned long inode)
363 {
364 const struct netlink_diag_msg *const diag_msg = data;
365 const char *netlink_proto;
366 char *details;
367
368 if (data_len < (int) NLMSG_LENGTH(sizeof(*diag_msg)))
369 return -1;
370 if (diag_msg->ndiag_ino != inode)
371 return 0;
372
373 if (diag_msg->ndiag_family != AF_NETLINK)
374 return -1;
375
376 netlink_proto = xlookup(netlink_protocols,
377 diag_msg->ndiag_protocol);
378
379 if (netlink_proto) {
380 static const char netlink_prefix[] = "NETLINK_";
381 const size_t netlink_prefix_len =
382 sizeof(netlink_prefix) -1;
383 if (strncmp(netlink_proto, netlink_prefix,
384 netlink_prefix_len) == 0)
385 netlink_proto += netlink_prefix_len;
386 if (asprintf(&details, "%s:[%s:%u]", proto_name,
387 netlink_proto, diag_msg->ndiag_portid) < 0)
388 return -1;
389 } else {
390 if (asprintf(&details, "%s:[%u]", proto_name,
391 (unsigned) diag_msg->ndiag_protocol) < 0)
392 return -1;
393 }
394
395 return cache_and_print_inode_details(inode, details);
396 }
397
398 static bool
unix_print(const int fd,const unsigned long inode)399 unix_print(const int fd, const unsigned long inode)
400 {
401 return unix_send_query(fd, inode)
402 && receive_responses(fd, inode, "UNIX", unix_parse_response);
403 }
404
405 static bool
tcp_v4_print(const int fd,const unsigned long inode)406 tcp_v4_print(const int fd, const unsigned long inode)
407 {
408 return inet_print(fd, AF_INET, IPPROTO_TCP, inode, "TCP");
409 }
410
411 static bool
udp_v4_print(const int fd,const unsigned long inode)412 udp_v4_print(const int fd, const unsigned long inode)
413 {
414 return inet_print(fd, AF_INET, IPPROTO_UDP, inode, "UDP");
415 }
416
417 static bool
tcp_v6_print(const int fd,const unsigned long inode)418 tcp_v6_print(const int fd, const unsigned long inode)
419 {
420 return inet_print(fd, AF_INET6, IPPROTO_TCP, inode, "TCPv6");
421 }
422
423 static bool
udp_v6_print(const int fd,const unsigned long inode)424 udp_v6_print(const int fd, const unsigned long inode)
425 {
426 return inet_print(fd, AF_INET6, IPPROTO_UDP, inode, "UDPv6");
427 }
428
429 static bool
netlink_print(const int fd,const unsigned long inode)430 netlink_print(const int fd, const unsigned long inode)
431 {
432 return netlink_send_query(fd, inode)
433 && receive_responses(fd, inode, "NETLINK",
434 netlink_parse_response);
435 }
436
437 static const struct {
438 const char *const name;
439 bool (*const print)(int, unsigned long);
440 } protocols[] = {
441 [SOCK_PROTO_UNIX] = { "UNIX", unix_print },
442 [SOCK_PROTO_TCP] = { "TCP", tcp_v4_print },
443 [SOCK_PROTO_UDP] = { "UDP", udp_v4_print },
444 [SOCK_PROTO_TCPv6] = { "TCPv6", tcp_v6_print },
445 [SOCK_PROTO_UDPv6] = { "UDPv6", udp_v6_print },
446 [SOCK_PROTO_NETLINK] = { "NETLINK", netlink_print }
447 };
448
449 enum sock_proto
get_proto_by_name(const char * const name)450 get_proto_by_name(const char *const name)
451 {
452 unsigned int i;
453 for (i = (unsigned int) SOCK_PROTO_UNKNOWN + 1;
454 i < ARRAY_SIZE(protocols); ++i) {
455 if (protocols[i].name && !strcmp(name, protocols[i].name))
456 return (enum sock_proto) i;
457 }
458 return SOCK_PROTO_UNKNOWN;
459 }
460
461 /* Given an inode number of a socket, print out the details
462 * of the ip address and port. */
463
464 bool
print_sockaddr_by_inode(const unsigned long inode,const enum sock_proto proto)465 print_sockaddr_by_inode(const unsigned long inode, const enum sock_proto proto)
466 {
467 if ((unsigned int) proto >= ARRAY_SIZE(protocols) ||
468 (proto != SOCK_PROTO_UNKNOWN && !protocols[proto].print))
469 return false;
470
471 const int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG);
472 if (fd < 0)
473 return false;
474 bool r = false;
475
476 if (proto != SOCK_PROTO_UNKNOWN) {
477 r = protocols[proto].print(fd, inode);
478 if (!r) {
479 tprintf("%s:[%lu]", protocols[proto].name, inode);
480 r = true;
481 }
482 } else {
483 unsigned int i;
484 for (i = (unsigned int) SOCK_PROTO_UNKNOWN + 1;
485 i < ARRAY_SIZE(protocols); ++i) {
486 if (!protocols[i].print)
487 continue;
488 r = protocols[i].print(fd, inode);
489 if (r)
490 break;
491 }
492 }
493
494 close(fd);
495 return r;
496 }
497