1 /* 2 * Copyright (c) 2014 Zubin Mithra <zubin.mithra (at) gmail.com> 3 * Copyright (c) 2014-2016 Dmitry V. Levin <ldv (at) altlinux.org> 4 * Copyright (c) 2014-2018 The strace developers. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote products 16 * derived from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30 #include "defs.h" 31 #include <netinet/in.h> 32 #include <sys/socket.h> 33 #include <arpa/inet.h> 34 #include "netlink.h" 35 #include <linux/sock_diag.h> 36 #include <linux/inet_diag.h> 37 #include <linux/unix_diag.h> 38 #include <linux/netlink_diag.h> 39 #include <linux/rtnetlink.h> 40 #if HAVE_LINUX_GENETLINK_H 41 #include <linux/genetlink.h> 42 #endif 43 44 #include <sys/un.h> 45 #ifndef UNIX_PATH_MAX 46 # define UNIX_PATH_MAX sizeof(((struct sockaddr_un *) 0)->sun_path) 47 #endif 48 49 #include "xstring.h" 50 51 typedef struct { 52 unsigned long inode; 53 char *details; 54 } cache_entry; 55 56 #define CACHE_SIZE 1024U 57 static cache_entry cache[CACHE_SIZE]; 58 #define CACHE_MASK (CACHE_SIZE - 1) 59 60 static int 61 cache_inode_details(const unsigned long inode, char *const details) 62 { 63 cache_entry *e = &cache[inode & CACHE_MASK]; 64 free(e->details); 65 e->inode = inode; 66 e->details = details; 67 68 return 1; 69 } 70 71 static const char * 72 get_sockaddr_by_inode_cached(const unsigned long inode) 73 { 74 const cache_entry *const e = &cache[inode & CACHE_MASK]; 75 return (e && inode == e->inode) ? e->details : NULL; 76 } 77 78 static bool 79 print_sockaddr_by_inode_cached(const unsigned long inode) 80 { 81 const char *const details = get_sockaddr_by_inode_cached(inode); 82 if (details) { 83 tprints(details); 84 return true; 85 } 86 return false; 87 } 88 89 static bool 90 send_query(struct tcb *tcp, const int fd, void *req, size_t req_size) 91 { 92 struct sockaddr_nl nladdr = { 93 .nl_family = AF_NETLINK 94 }; 95 struct iovec iov = { 96 .iov_base = req, 97 .iov_len = req_size 98 }; 99 const struct msghdr msg = { 100 .msg_name = &nladdr, 101 .msg_namelen = sizeof(nladdr), 102 .msg_iov = &iov, 103 .msg_iovlen = 1 104 }; 105 106 for (;;) { 107 if (sendmsg(fd, &msg, 0) < 0) { 108 if (errno == EINTR) 109 continue; 110 return false; 111 } 112 return true; 113 } 114 } 115 116 static bool 117 inet_send_query(struct tcb *tcp, const int fd, const int family, 118 const int proto) 119 { 120 struct { 121 const struct nlmsghdr nlh; 122 const struct inet_diag_req_v2 idr; 123 } req = { 124 .nlh = { 125 .nlmsg_len = sizeof(req), 126 .nlmsg_type = SOCK_DIAG_BY_FAMILY, 127 .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST 128 }, 129 .idr = { 130 .sdiag_family = family, 131 .sdiag_protocol = proto, 132 .idiag_states = -1 133 } 134 }; 135 return send_query(tcp, fd, &req, sizeof(req)); 136 } 137 138 static int 139 inet_parse_response(const void *const data, const int data_len, 140 const unsigned long inode, void *opaque_data) 141 { 142 const char *const proto_name = opaque_data; 143 const struct inet_diag_msg *const diag_msg = data; 144 static const char zero_addr[sizeof(struct in6_addr)]; 145 socklen_t addr_size, text_size; 146 147 if (data_len < (int) NLMSG_LENGTH(sizeof(*diag_msg))) 148 return -1; 149 if (diag_msg->idiag_inode != inode) 150 return 0; 151 152 switch (diag_msg->idiag_family) { 153 case AF_INET: 154 addr_size = sizeof(struct in_addr); 155 text_size = INET_ADDRSTRLEN; 156 break; 157 case AF_INET6: 158 addr_size = sizeof(struct in6_addr); 159 text_size = INET6_ADDRSTRLEN; 160 break; 161 default: 162 return -1; 163 } 164 165 char src_buf[text_size]; 166 char *details; 167 168 if (!inet_ntop(diag_msg->idiag_family, diag_msg->id.idiag_src, 169 src_buf, text_size)) 170 return -1; 171 172 if (diag_msg->id.idiag_dport || 173 memcmp(zero_addr, diag_msg->id.idiag_dst, addr_size)) { 174 char dst_buf[text_size]; 175 176 if (!inet_ntop(diag_msg->idiag_family, diag_msg->id.idiag_dst, 177 dst_buf, text_size)) 178 return -1; 179 180 if (asprintf(&details, "%s:[%s:%u->%s:%u]", proto_name, 181 src_buf, ntohs(diag_msg->id.idiag_sport), 182 dst_buf, ntohs(diag_msg->id.idiag_dport)) < 0) 183 return false; 184 } else { 185 if (asprintf(&details, "%s:[%s:%u]", proto_name, src_buf, 186 ntohs(diag_msg->id.idiag_sport)) < 0) 187 return false; 188 } 189 190 return cache_inode_details(inode, details); 191 } 192 193 static bool 194 receive_responses(struct tcb *tcp, const int fd, const unsigned long inode, 195 const unsigned long expected_msg_type, 196 int (*parser)(const void *, int, 197 unsigned long, void *), 198 void *opaque_data) 199 { 200 static union { 201 struct nlmsghdr hdr; 202 long buf[8192 / sizeof(long)]; 203 } hdr_buf; 204 205 struct sockaddr_nl nladdr = { 206 .nl_family = AF_NETLINK 207 }; 208 struct iovec iov = { 209 .iov_base = hdr_buf.buf, 210 .iov_len = sizeof(hdr_buf.buf) 211 }; 212 int flags = 0; 213 214 for (;;) { 215 struct msghdr msg = { 216 .msg_name = &nladdr, 217 .msg_namelen = sizeof(nladdr), 218 .msg_iov = &iov, 219 .msg_iovlen = 1 220 }; 221 222 ssize_t ret = recvmsg(fd, &msg, flags); 223 if (ret < 0) { 224 if (errno == EINTR) 225 continue; 226 return false; 227 } 228 229 const struct nlmsghdr *h = &hdr_buf.hdr; 230 if (!NLMSG_OK(h, ret)) 231 return false; 232 for (; NLMSG_OK(h, ret); h = NLMSG_NEXT(h, ret)) { 233 if (h->nlmsg_type != expected_msg_type) 234 return false; 235 const int rc = parser(NLMSG_DATA(h), 236 h->nlmsg_len, inode, opaque_data); 237 if (rc > 0) 238 return true; 239 if (rc < 0) 240 return false; 241 } 242 flags = MSG_DONTWAIT; 243 } 244 } 245 246 static bool 247 unix_send_query(struct tcb *tcp, const int fd, const unsigned long inode) 248 { 249 struct { 250 const struct nlmsghdr nlh; 251 const struct unix_diag_req udr; 252 } req = { 253 .nlh = { 254 .nlmsg_len = sizeof(req), 255 .nlmsg_type = SOCK_DIAG_BY_FAMILY, 256 .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST 257 }, 258 .udr = { 259 .sdiag_family = AF_UNIX, 260 .udiag_ino = inode, 261 .udiag_states = -1, 262 .udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER 263 } 264 }; 265 return send_query(tcp, fd, &req, sizeof(req)); 266 } 267 268 static int 269 unix_parse_response(const void *data, const int data_len, 270 const unsigned long inode, void *opaque_data) 271 { 272 const char *proto_name = opaque_data; 273 const struct unix_diag_msg *diag_msg = data; 274 struct rtattr *attr; 275 int rta_len = data_len - NLMSG_LENGTH(sizeof(*diag_msg)); 276 uint32_t peer = 0; 277 size_t path_len = 0; 278 char path[UNIX_PATH_MAX + 1]; 279 280 if (rta_len < 0) 281 return -1; 282 if (diag_msg->udiag_ino != inode) 283 return 0; 284 if (diag_msg->udiag_family != AF_UNIX) 285 return -1; 286 287 for (attr = (struct rtattr *) (diag_msg + 1); 288 RTA_OK(attr, rta_len); 289 attr = RTA_NEXT(attr, rta_len)) { 290 switch (attr->rta_type) { 291 case UNIX_DIAG_NAME: 292 if (!path_len) { 293 path_len = RTA_PAYLOAD(attr); 294 if (path_len > UNIX_PATH_MAX) 295 path_len = UNIX_PATH_MAX; 296 memcpy(path, RTA_DATA(attr), path_len); 297 path[path_len] = '\0'; 298 } 299 break; 300 case UNIX_DIAG_PEER: 301 if (RTA_PAYLOAD(attr) >= 4) 302 peer = *(uint32_t *) RTA_DATA(attr); 303 break; 304 } 305 } 306 307 /* 308 * print obtained information in the following format: 309 * "UNIX:[" SELF_INODE [ "->" PEER_INODE ][ "," SOCKET_FILE ] "]" 310 */ 311 if (!peer && !path_len) 312 return -1; 313 314 char peer_str[3 + sizeof(peer) * 3]; 315 if (peer) 316 xsprintf(peer_str, "->%u", peer); 317 else 318 peer_str[0] = '\0'; 319 320 const char *path_str; 321 if (path_len) { 322 char *outstr = alloca(4 * path_len + 4); 323 324 outstr[0] = ','; 325 if (path[0] == '\0') { 326 outstr[1] = '@'; 327 string_quote(path + 1, outstr + 2, 328 path_len - 1, QUOTE_0_TERMINATED); 329 } else { 330 string_quote(path, outstr + 1, 331 path_len, QUOTE_0_TERMINATED); 332 } 333 path_str = outstr; 334 } else { 335 path_str = ""; 336 } 337 338 char *details; 339 if (asprintf(&details, "%s:[%lu%s%s]", proto_name, inode, 340 peer_str, path_str) < 0) 341 return -1; 342 343 return cache_inode_details(inode, details); 344 } 345 346 static bool 347 netlink_send_query(struct tcb *tcp, const int fd, const unsigned long inode) 348 { 349 struct { 350 const struct nlmsghdr nlh; 351 const struct netlink_diag_req ndr; 352 } req = { 353 .nlh = { 354 .nlmsg_len = sizeof(req), 355 .nlmsg_type = SOCK_DIAG_BY_FAMILY, 356 .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST 357 }, 358 .ndr = { 359 .sdiag_family = AF_NETLINK, 360 .sdiag_protocol = NDIAG_PROTO_ALL, 361 .ndiag_show = NDIAG_SHOW_MEMINFO 362 } 363 }; 364 return send_query(tcp, fd, &req, sizeof(req)); 365 } 366 367 static int 368 netlink_parse_response(const void *data, const int data_len, 369 const unsigned long inode, void *opaque_data) 370 { 371 const char *proto_name = opaque_data; 372 const struct netlink_diag_msg *const diag_msg = data; 373 const char *netlink_proto; 374 char *details; 375 376 if (data_len < (int) NLMSG_LENGTH(sizeof(*diag_msg))) 377 return -1; 378 if (diag_msg->ndiag_ino != inode) 379 return 0; 380 381 if (diag_msg->ndiag_family != AF_NETLINK) 382 return -1; 383 384 netlink_proto = xlookup(netlink_protocols, 385 diag_msg->ndiag_protocol); 386 387 if (netlink_proto) { 388 netlink_proto = STR_STRIP_PREFIX(netlink_proto, "NETLINK_"); 389 if (asprintf(&details, "%s:[%s:%u]", proto_name, 390 netlink_proto, diag_msg->ndiag_portid) < 0) 391 return -1; 392 } else { 393 if (asprintf(&details, "%s:[%u]", proto_name, 394 (unsigned) diag_msg->ndiag_protocol) < 0) 395 return -1; 396 } 397 398 return cache_inode_details(inode, details); 399 } 400 401 static const char * 402 unix_get(struct tcb *tcp, const int fd, const unsigned long inode) 403 { 404 return unix_send_query(tcp, fd, inode) 405 && receive_responses(tcp, fd, inode, SOCK_DIAG_BY_FAMILY, 406 unix_parse_response, (void *) "UNIX") 407 ? get_sockaddr_by_inode_cached(inode) : NULL; 408 } 409 410 static const char * 411 inet_get(struct tcb *tcp, const int fd, const int family, const int protocol, 412 const unsigned long inode, const char *proto_name) 413 { 414 return inet_send_query(tcp, fd, family, protocol) 415 && receive_responses(tcp, fd, inode, SOCK_DIAG_BY_FAMILY, 416 inet_parse_response, (void *) proto_name) 417 ? get_sockaddr_by_inode_cached(inode) : NULL; 418 } 419 420 static const char * 421 tcp_v4_get(struct tcb *tcp, const int fd, const unsigned long inode) 422 { 423 return inet_get(tcp, fd, AF_INET, IPPROTO_TCP, inode, "TCP"); 424 } 425 426 static const char * 427 udp_v4_get(struct tcb *tcp, const int fd, const unsigned long inode) 428 { 429 return inet_get(tcp, fd, AF_INET, IPPROTO_UDP, inode, "UDP"); 430 } 431 432 static const char * 433 tcp_v6_get(struct tcb *tcp, const int fd, const unsigned long inode) 434 { 435 return inet_get(tcp, fd, AF_INET6, IPPROTO_TCP, inode, "TCPv6"); 436 } 437 438 static const char * 439 udp_v6_get(struct tcb *tcp, const int fd, const unsigned long inode) 440 { 441 return inet_get(tcp, fd, AF_INET6, IPPROTO_UDP, inode, "UDPv6"); 442 } 443 444 static const char * 445 netlink_get(struct tcb *tcp, const int fd, const unsigned long inode) 446 { 447 return netlink_send_query(tcp, fd, inode) 448 && receive_responses(tcp, fd, inode, SOCK_DIAG_BY_FAMILY, 449 netlink_parse_response, (void *) "NETLINK") 450 ? get_sockaddr_by_inode_cached(inode) : NULL; 451 } 452 453 static const struct { 454 const char *const name; 455 const char * (*const get)(struct tcb *, int, unsigned long); 456 } protocols[] = { 457 [SOCK_PROTO_UNIX] = { "UNIX", unix_get }, 458 [SOCK_PROTO_TCP] = { "TCP", tcp_v4_get }, 459 [SOCK_PROTO_UDP] = { "UDP", udp_v4_get }, 460 [SOCK_PROTO_TCPv6] = { "TCPv6", tcp_v6_get }, 461 [SOCK_PROTO_UDPv6] = { "UDPv6", udp_v6_get }, 462 [SOCK_PROTO_NETLINK] = { "NETLINK", netlink_get } 463 }; 464 465 enum sock_proto 466 get_proto_by_name(const char *const name) 467 { 468 unsigned int i; 469 for (i = (unsigned int) SOCK_PROTO_UNKNOWN + 1; 470 i < ARRAY_SIZE(protocols); ++i) { 471 if (protocols[i].name && !strcmp(name, protocols[i].name)) 472 return (enum sock_proto) i; 473 } 474 return SOCK_PROTO_UNKNOWN; 475 } 476 477 static const char * 478 get_sockaddr_by_inode_uncached(struct tcb *tcp, const unsigned long inode, 479 const enum sock_proto proto) 480 { 481 if ((unsigned int) proto >= ARRAY_SIZE(protocols) || 482 (proto != SOCK_PROTO_UNKNOWN && !protocols[proto].get)) 483 return NULL; 484 485 const int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG); 486 if (fd < 0) 487 return NULL; 488 const char *details = NULL; 489 490 if (proto != SOCK_PROTO_UNKNOWN) { 491 details = protocols[proto].get(tcp, fd, inode); 492 } else { 493 unsigned int i; 494 for (i = (unsigned int) SOCK_PROTO_UNKNOWN + 1; 495 i < ARRAY_SIZE(protocols); ++i) { 496 if (!protocols[i].get) 497 continue; 498 details = protocols[i].get(tcp, fd, inode); 499 if (details) 500 break; 501 } 502 } 503 504 close(fd); 505 return details; 506 } 507 508 static bool 509 print_sockaddr_by_inode_uncached(struct tcb *tcp, const unsigned long inode, 510 const enum sock_proto proto) 511 { 512 const char *details = get_sockaddr_by_inode_uncached(tcp, inode, proto); 513 514 if (details) { 515 tprints(details); 516 return true; 517 } 518 519 if ((unsigned int) proto < ARRAY_SIZE(protocols) && 520 protocols[proto].name) { 521 tprintf("%s:[%lu]", protocols[proto].name, inode); 522 return true; 523 } 524 525 return false; 526 } 527 528 /* Given an inode number of a socket, return its protocol details. */ 529 const char * 530 get_sockaddr_by_inode(struct tcb *const tcp, const int fd, 531 const unsigned long inode) 532 { 533 const char *details = get_sockaddr_by_inode_cached(inode); 534 return details ? details : 535 get_sockaddr_by_inode_uncached(tcp, inode, getfdproto(tcp, fd)); 536 } 537 538 /* Given an inode number of a socket, print out its protocol details. */ 539 bool 540 print_sockaddr_by_inode(struct tcb *const tcp, const int fd, 541 const unsigned long inode) 542 { 543 return print_sockaddr_by_inode_cached(inode) ? true : 544 print_sockaddr_by_inode_uncached(tcp, inode, 545 getfdproto(tcp, fd)); 546 } 547 548 #ifdef HAVE_LINUX_GENETLINK_H 549 /* 550 * Managing the cache for decoding communications of Netlink GENERIC protocol 551 * 552 * As name shown Netlink GENERIC protocol is generic protocol. The 553 * numbers of msg types used in the protocol are not defined 554 * statically. Kernel defines them on demand. So the xlat converted 555 * from header files doesn't help for decoding the protocol. Following 556 * codes are building xlat(dyxlat) at runtime. 557 */ 558 static bool 559 genl_send_dump_families(struct tcb *tcp, const int fd) 560 { 561 struct { 562 const struct nlmsghdr nlh; 563 struct genlmsghdr gnlh; 564 } req = { 565 .nlh = { 566 .nlmsg_len = sizeof(req), 567 .nlmsg_type = GENL_ID_CTRL, 568 .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST, 569 }, 570 .gnlh = { 571 .cmd = CTRL_CMD_GETFAMILY, 572 } 573 }; 574 return send_query(tcp, fd, &req, sizeof(req)); 575 } 576 577 static int 578 genl_parse_families_response(const void *const data, 579 const int data_len, const unsigned long inode, 580 void *opaque_data) 581 { 582 struct dyxlat *const dyxlat = opaque_data; 583 const struct genlmsghdr *const gnlh = data; 584 struct rtattr *attr; 585 int rta_len = data_len - NLMSG_LENGTH(sizeof(*gnlh)); 586 587 char *name = NULL; 588 unsigned int name_len = 0; 589 uint16_t *id = NULL; 590 591 if (rta_len < 0) 592 return -1; 593 if (gnlh->cmd != CTRL_CMD_NEWFAMILY) 594 return -1; 595 if (gnlh->version != 2) 596 return -1; 597 598 for (attr = (struct rtattr *) (gnlh + 1); 599 RTA_OK(attr, rta_len); 600 attr = RTA_NEXT(attr, rta_len)) { 601 switch (attr->rta_type) { 602 case CTRL_ATTR_FAMILY_NAME: 603 if (!name) { 604 name = RTA_DATA(attr); 605 name_len = RTA_PAYLOAD(attr); 606 } 607 break; 608 case CTRL_ATTR_FAMILY_ID: 609 if (!id && RTA_PAYLOAD(attr) == sizeof(*id)) 610 id = RTA_DATA(attr); 611 break; 612 } 613 614 if (name && id) { 615 dyxlat_add_pair(dyxlat, *id, name, name_len); 616 name = NULL; 617 id = NULL; 618 } 619 } 620 621 return 0; 622 } 623 624 const struct xlat * 625 genl_families_xlat(struct tcb *tcp) 626 { 627 static struct dyxlat *dyxlat; 628 629 if (!dyxlat) { 630 dyxlat = dyxlat_alloc(32); 631 632 int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); 633 if (fd < 0) 634 goto out; 635 636 if (genl_send_dump_families(tcp, fd)) 637 receive_responses(tcp, fd, 0, GENL_ID_CTRL, 638 genl_parse_families_response, dyxlat); 639 close(fd); 640 } 641 642 out: 643 return dyxlat_get(dyxlat); 644 } 645 646 #else /* !HAVE_LINUX_GENETLINK_H */ 647 648 const struct xlat * 649 genl_families_xlat(struct tcb *tcp) 650 { 651 return NULL; 652 } 653 #endif 654