2 * Copyright (c) 2014 Zubin Mithra <zubin.mithra@gmail.com>
3 * Copyright (c) 2014-2016 Dmitry V. Levin <ldv@altlinux.org>
4 * Copyright (c) 2014-2018 The strace developers.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #include <netinet/in.h>
32 #include <sys/socket.h>
33 #include <arpa/inet.h>
35 #include <linux/sock_diag.h>
36 #include <linux/inet_diag.h>
37 #include <linux/unix_diag.h>
38 #include <linux/netlink_diag.h>
39 #include <linux/rtnetlink.h>
40 #if HAVE_LINUX_GENETLINK_H
41 #include <linux/genetlink.h>
46 # define UNIX_PATH_MAX sizeof(((struct sockaddr_un *) 0)->sun_path)
51 #define XLAT_MACROS_ONLY
52 # include "xlat/inet_protocols.h"
53 #undef XLAT_MACROS_ONLY
60 #define CACHE_SIZE 1024U
61 static cache_entry cache[CACHE_SIZE];
62 #define CACHE_MASK (CACHE_SIZE - 1)
65 cache_inode_details(const unsigned long inode, char *const details)
67 cache_entry *e = &cache[inode & CACHE_MASK];
76 get_sockaddr_by_inode_cached(const unsigned long inode)
78 const cache_entry *const e = &cache[inode & CACHE_MASK];
79 return (e && inode == e->inode) ? e->details : NULL;
83 print_sockaddr_by_inode_cached(const unsigned long inode)
85 const char *const details = get_sockaddr_by_inode_cached(inode);
94 send_query(struct tcb *tcp, const int fd, void *req, size_t req_size)
96 struct sockaddr_nl nladdr = {
97 .nl_family = AF_NETLINK
103 const struct msghdr msg = {
105 .msg_namelen = sizeof(nladdr),
111 if (sendmsg(fd, &msg, 0) < 0) {
121 inet_send_query(struct tcb *tcp, const int fd, const int family,
125 const struct nlmsghdr nlh;
126 const struct inet_diag_req_v2 idr;
129 .nlmsg_len = sizeof(req),
130 .nlmsg_type = SOCK_DIAG_BY_FAMILY,
131 .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST
134 .sdiag_family = family,
135 .sdiag_protocol = proto,
139 return send_query(tcp, fd, &req, sizeof(req));
143 inet_parse_response(const void *const data, const int data_len,
144 const unsigned long inode, void *opaque_data)
146 const char *const proto_name = opaque_data;
147 const struct inet_diag_msg *const diag_msg = data;
148 static const char zero_addr[sizeof(struct in6_addr)];
149 socklen_t addr_size, text_size;
151 if (data_len < (int) NLMSG_LENGTH(sizeof(*diag_msg)))
153 if (diag_msg->idiag_inode != inode)
156 switch (diag_msg->idiag_family) {
158 addr_size = sizeof(struct in_addr);
159 text_size = INET_ADDRSTRLEN;
162 addr_size = sizeof(struct in6_addr);
163 text_size = INET6_ADDRSTRLEN;
169 char src_buf[text_size];
172 /* open/closing brackets for IPv6 addresses */
173 const char *ob = diag_msg->idiag_family == AF_INET6 ? "[" : "";
174 const char *cb = diag_msg->idiag_family == AF_INET6 ? "]" : "";
176 if (!inet_ntop(diag_msg->idiag_family, diag_msg->id.idiag_src,
180 if (diag_msg->id.idiag_dport ||
181 memcmp(zero_addr, diag_msg->id.idiag_dst, addr_size)) {
182 char dst_buf[text_size];
184 if (!inet_ntop(diag_msg->idiag_family, diag_msg->id.idiag_dst,
188 if (asprintf(&details, "%s:[%s%s%s:%u->%s%s%s:%u]", proto_name,
189 ob, src_buf, cb, ntohs(diag_msg->id.idiag_sport),
190 ob, dst_buf, cb, ntohs(diag_msg->id.idiag_dport))
194 if (asprintf(&details, "%s:[%s%s%s:%u]",
195 proto_name, ob, src_buf, cb,
196 ntohs(diag_msg->id.idiag_sport)) < 0)
200 return cache_inode_details(inode, details);
204 receive_responses(struct tcb *tcp, const int fd, const unsigned long inode,
205 const unsigned long expected_msg_type,
206 int (*parser)(const void *, int,
207 unsigned long, void *),
212 long buf[8192 / sizeof(long)];
215 struct sockaddr_nl nladdr = {
216 .nl_family = AF_NETLINK
219 .iov_base = hdr_buf.buf,
220 .iov_len = sizeof(hdr_buf.buf)
225 struct msghdr msg = {
227 .msg_namelen = sizeof(nladdr),
232 ssize_t ret = recvmsg(fd, &msg, flags);
239 const struct nlmsghdr *h = &hdr_buf.hdr;
240 if (!NLMSG_OK(h, ret))
242 for (; NLMSG_OK(h, ret); h = NLMSG_NEXT(h, ret)) {
243 if (h->nlmsg_type != expected_msg_type)
245 const int rc = parser(NLMSG_DATA(h),
246 h->nlmsg_len, inode, opaque_data);
252 flags = MSG_DONTWAIT;
257 unix_send_query(struct tcb *tcp, const int fd, const unsigned long inode)
260 * The kernel bug was fixed in mainline by commit v4.5-rc6~35^2~11
261 * and backported to stable/linux-4.4.y by commit v4.4.4~297.
263 const uint16_t dump_flag =
264 os_release < KERNEL_VERSION(4, 4, 4) ? NLM_F_DUMP : 0;
267 const struct nlmsghdr nlh;
268 const struct unix_diag_req udr;
271 .nlmsg_len = sizeof(req),
272 .nlmsg_type = SOCK_DIAG_BY_FAMILY,
273 .nlmsg_flags = NLM_F_REQUEST | dump_flag
276 .sdiag_family = AF_UNIX,
279 .udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER,
280 .udiag_cookie = { ~0U, ~0U }
283 return send_query(tcp, fd, &req, sizeof(req));
287 unix_parse_response(const void *data, const int data_len,
288 const unsigned long inode, void *opaque_data)
290 const char *proto_name = opaque_data;
291 const struct unix_diag_msg *diag_msg = data;
293 int rta_len = data_len - NLMSG_LENGTH(sizeof(*diag_msg));
296 char path[UNIX_PATH_MAX + 1];
300 if (diag_msg->udiag_ino != inode)
302 if (diag_msg->udiag_family != AF_UNIX)
305 for (attr = (struct rtattr *) (diag_msg + 1);
306 RTA_OK(attr, rta_len);
307 attr = RTA_NEXT(attr, rta_len)) {
308 switch (attr->rta_type) {
311 path_len = RTA_PAYLOAD(attr);
312 if (path_len > UNIX_PATH_MAX)
313 path_len = UNIX_PATH_MAX;
314 memcpy(path, RTA_DATA(attr), path_len);
315 path[path_len] = '\0';
319 if (RTA_PAYLOAD(attr) >= 4)
320 peer = *(uint32_t *) RTA_DATA(attr);
326 * print obtained information in the following format:
327 * "UNIX:[" SELF_INODE [ "->" PEER_INODE ][ "," SOCKET_FILE ] "]"
329 if (!peer && !path_len)
332 char peer_str[3 + sizeof(peer) * 3];
334 xsprintf(peer_str, "->%u", peer);
338 const char *path_str;
340 char *outstr = alloca(4 * path_len + 4);
343 if (path[0] == '\0') {
345 string_quote(path + 1, outstr + 2,
346 path_len - 1, QUOTE_0_TERMINATED, NULL);
348 string_quote(path, outstr + 1,
349 path_len, QUOTE_0_TERMINATED, NULL);
357 if (asprintf(&details, "%s:[%lu%s%s]", proto_name, inode,
358 peer_str, path_str) < 0)
361 return cache_inode_details(inode, details);
365 netlink_send_query(struct tcb *tcp, const int fd, const unsigned long inode)
368 const struct nlmsghdr nlh;
369 const struct netlink_diag_req ndr;
372 .nlmsg_len = sizeof(req),
373 .nlmsg_type = SOCK_DIAG_BY_FAMILY,
374 .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST
377 .sdiag_family = AF_NETLINK,
378 .sdiag_protocol = NDIAG_PROTO_ALL
381 return send_query(tcp, fd, &req, sizeof(req));
385 netlink_parse_response(const void *data, const int data_len,
386 const unsigned long inode, void *opaque_data)
388 const char *proto_name = opaque_data;
389 const struct netlink_diag_msg *const diag_msg = data;
390 const char *netlink_proto;
393 if (data_len < (int) NLMSG_LENGTH(sizeof(*diag_msg)))
395 if (diag_msg->ndiag_ino != inode)
398 if (diag_msg->ndiag_family != AF_NETLINK)
401 netlink_proto = xlookup(netlink_protocols,
402 diag_msg->ndiag_protocol);
405 netlink_proto = STR_STRIP_PREFIX(netlink_proto, "NETLINK_");
406 if (asprintf(&details, "%s:[%s:%u]", proto_name,
407 netlink_proto, diag_msg->ndiag_portid) < 0)
410 if (asprintf(&details, "%s:[%u]", proto_name,
411 (unsigned) diag_msg->ndiag_protocol) < 0)
415 return cache_inode_details(inode, details);
419 unix_get(struct tcb *tcp, const int fd, const int family, const int proto,
420 const unsigned long inode, const char *name)
422 return unix_send_query(tcp, fd, inode)
423 && receive_responses(tcp, fd, inode, SOCK_DIAG_BY_FAMILY,
424 unix_parse_response, (void *) name)
425 ? get_sockaddr_by_inode_cached(inode) : NULL;
429 inet_get(struct tcb *tcp, const int fd, const int family, const int protocol,
430 const unsigned long inode, const char *proto_name)
432 return inet_send_query(tcp, fd, family, protocol)
433 && receive_responses(tcp, fd, inode, SOCK_DIAG_BY_FAMILY,
434 inet_parse_response, (void *) proto_name)
435 ? get_sockaddr_by_inode_cached(inode) : NULL;
439 netlink_get(struct tcb *tcp, const int fd, const int family, const int protocol,
440 const unsigned long inode, const char *proto_name)
442 return netlink_send_query(tcp, fd, inode)
443 && receive_responses(tcp, fd, inode, SOCK_DIAG_BY_FAMILY,
444 netlink_parse_response,
446 ? get_sockaddr_by_inode_cached(inode) : NULL;
449 static const struct {
450 const char *const name;
451 const char * (*const get)(struct tcb *, int fd, int family,
452 int protocol, unsigned long inode,
453 const char *proto_name);
457 [SOCK_PROTO_UNIX] = { "UNIX", unix_get, AF_UNIX},
459 * inet_diag handlers are currently implemented only for TCP,
460 * UDP(lite), SCTP, RAW, and DCCP, but we try to resolve it for all
461 * protocols anyway, just in case.
464 { "TCP", inet_get, AF_INET, IPPROTO_TCP },
466 { "UDP", inet_get, AF_INET, IPPROTO_UDP },
467 [SOCK_PROTO_UDPLITE] =
468 { "UDPLITE", inet_get, AF_INET, IPPROTO_UDPLITE },
470 { "DCCP", inet_get, AF_INET, IPPROTO_DCCP },
472 { "SCTP", inet_get, AF_INET, IPPROTO_SCTP },
473 [SOCK_PROTO_L2TP_IP] =
474 { "L2TP/IP", inet_get, AF_INET, IPPROTO_L2TP },
476 { "PING", inet_get, AF_INET, IPPROTO_ICMP },
478 { "RAW", inet_get, AF_INET, IPPROTO_RAW },
480 { "TCPv6", inet_get, AF_INET6, IPPROTO_TCP },
482 { "UDPv6", inet_get, AF_INET6, IPPROTO_UDP },
483 [SOCK_PROTO_UDPLITEv6] =
484 { "UDPLITEv6", inet_get, AF_INET6, IPPROTO_UDPLITE },
485 [SOCK_PROTO_DCCPv6] =
486 { "DCCPv6", inet_get, AF_INET6, IPPROTO_DCCP },
487 [SOCK_PROTO_SCTPv6] =
488 { "SCTPv6", inet_get, AF_INET6, IPPROTO_SCTP },
489 [SOCK_PROTO_L2TP_IPv6] =
490 { "L2TP/IPv6", inet_get, AF_INET6, IPPROTO_L2TP },
491 [SOCK_PROTO_PINGv6] =
492 { "PINGv6", inet_get, AF_INET6, IPPROTO_ICMP },
494 { "RAWv6", inet_get, AF_INET6, IPPROTO_RAW },
495 [SOCK_PROTO_NETLINK] = { "NETLINK", netlink_get, AF_NETLINK },
499 get_proto_by_name(const char *const name)
502 for (i = (unsigned int) SOCK_PROTO_UNKNOWN + 1;
503 i < ARRAY_SIZE(protocols); ++i) {
504 if (protocols[i].name && !strcmp(name, protocols[i].name))
505 return (enum sock_proto) i;
507 return SOCK_PROTO_UNKNOWN;
511 get_family_by_proto(enum sock_proto proto)
513 if ((size_t) proto < ARRAY_SIZE(protocols))
514 return protocols[proto].family;
520 get_sockaddr_by_inode_uncached(struct tcb *tcp, const unsigned long inode,
521 const enum sock_proto proto)
523 if ((unsigned int) proto >= ARRAY_SIZE(protocols) ||
524 (proto != SOCK_PROTO_UNKNOWN && !protocols[proto].get))
527 const int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG);
530 const char *details = NULL;
532 if (proto != SOCK_PROTO_UNKNOWN) {
533 details = protocols[proto].get(tcp, fd, protocols[proto].family,
534 protocols[proto].proto, inode,
535 protocols[proto].name);
538 for (i = (unsigned int) SOCK_PROTO_UNKNOWN + 1;
539 i < ARRAY_SIZE(protocols); ++i) {
540 if (!protocols[i].get)
542 details = protocols[i].get(tcp, fd,
543 protocols[proto].family,
544 protocols[proto].proto,
546 protocols[proto].name);
557 print_sockaddr_by_inode_uncached(struct tcb *tcp, const unsigned long inode,
558 const enum sock_proto proto)
560 const char *details = get_sockaddr_by_inode_uncached(tcp, inode, proto);
567 if ((unsigned int) proto < ARRAY_SIZE(protocols) &&
568 protocols[proto].name) {
569 tprintf("%s:[%lu]", protocols[proto].name, inode);
576 /* Given an inode number of a socket, return its protocol details. */
578 get_sockaddr_by_inode(struct tcb *const tcp, const int fd,
579 const unsigned long inode)
581 const char *details = get_sockaddr_by_inode_cached(inode);
582 return details ? details :
583 get_sockaddr_by_inode_uncached(tcp, inode, getfdproto(tcp, fd));
586 /* Given an inode number of a socket, print out its protocol details. */
588 print_sockaddr_by_inode(struct tcb *const tcp, const int fd,
589 const unsigned long inode)
591 return print_sockaddr_by_inode_cached(inode) ? true :
592 print_sockaddr_by_inode_uncached(tcp, inode,
593 getfdproto(tcp, fd));
596 #ifdef HAVE_LINUX_GENETLINK_H
598 * Managing the cache for decoding communications of Netlink GENERIC protocol
600 * As name shown Netlink GENERIC protocol is generic protocol. The
601 * numbers of msg types used in the protocol are not defined
602 * statically. Kernel defines them on demand. So the xlat converted
603 * from header files doesn't help for decoding the protocol. Following
604 * codes are building xlat(dyxlat) at runtime.
607 genl_send_dump_families(struct tcb *tcp, const int fd)
610 const struct nlmsghdr nlh;
611 struct genlmsghdr gnlh;
614 .nlmsg_len = sizeof(req),
615 .nlmsg_type = GENL_ID_CTRL,
616 .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST,
619 .cmd = CTRL_CMD_GETFAMILY,
622 return send_query(tcp, fd, &req, sizeof(req));
626 genl_parse_families_response(const void *const data,
627 const int data_len, const unsigned long inode,
630 struct dyxlat *const dyxlat = opaque_data;
631 const struct genlmsghdr *const gnlh = data;
633 int rta_len = data_len - NLMSG_LENGTH(sizeof(*gnlh));
636 unsigned int name_len = 0;
641 if (gnlh->cmd != CTRL_CMD_NEWFAMILY)
643 if (gnlh->version != 2)
646 for (attr = (struct rtattr *) (gnlh + 1);
647 RTA_OK(attr, rta_len);
648 attr = RTA_NEXT(attr, rta_len)) {
649 switch (attr->rta_type) {
650 case CTRL_ATTR_FAMILY_NAME:
652 name = RTA_DATA(attr);
653 name_len = RTA_PAYLOAD(attr);
656 case CTRL_ATTR_FAMILY_ID:
657 if (!id && RTA_PAYLOAD(attr) == sizeof(*id))
663 dyxlat_add_pair(dyxlat, *id, name, name_len);
673 genl_families_xlat(struct tcb *tcp)
675 static struct dyxlat *dyxlat;
678 dyxlat = dyxlat_alloc(32);
680 int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC);
684 if (genl_send_dump_families(tcp, fd))
685 receive_responses(tcp, fd, 0, GENL_ID_CTRL,
686 genl_parse_families_response, dyxlat);
691 return dyxlat_get(dyxlat);
694 #else /* !HAVE_LINUX_GENETLINK_H */
697 genl_families_xlat(struct tcb *tcp)