1
2
3
4
5
6
7
8
9
10
11
12#include <stdio.h>
13#include <stdlib.h>
14#include <unistd.h>
15#include <fcntl.h>
16#include <sys/ioctl.h>
17#include <sys/socket.h>
18#include <sys/uio.h>
19#include <sys/sysmacros.h>
20#include <netinet/in.h>
21#include <string.h>
22#include <errno.h>
23#include <netdb.h>
24#include <arpa/inet.h>
25#include <dirent.h>
26#include <fnmatch.h>
27#include <getopt.h>
28#include <stdbool.h>
29#include <limits.h>
30#include <stdarg.h>
31
32#include "ss_util.h"
33#include "utils.h"
34#include "rt_names.h"
35#include "ll_map.h"
36#include "libnetlink.h"
37#include "namespace.h"
38#include "version.h"
39#include "rt_names.h"
40#include "cg_map.h"
41
42#include <linux/tcp.h>
43#include <linux/unix_diag.h>
44#include <linux/netdevice.h>
45#include <linux/filter.h>
46#include <linux/xdp_diag.h>
47#include <linux/packet_diag.h>
48#include <linux/netlink_diag.h>
49#include <linux/sctp.h>
50#include <linux/vm_sockets_diag.h>
51#include <linux/net.h>
52#include <linux/tipc.h>
53#include <linux/tipc_netlink.h>
54#include <linux/tipc_sockets_diag.h>
55#include <linux/tls.h>
56#include <linux/mptcp.h>
57
58
59#ifndef PF_VSOCK
60#define PF_VSOCK 40
61#endif
62#ifndef AF_VSOCK
63#define AF_VSOCK PF_VSOCK
64#endif
65
66#ifndef IPPROTO_MPTCP
67#define IPPROTO_MPTCP 262
68#endif
69
70#define BUF_CHUNK (1024 * 1024)
71#define BUF_CHUNKS_MAX 5
72#define LEN_ALIGN(x) (((x) + 1) & ~1)
73
74#if HAVE_SELINUX
75#include <selinux/selinux.h>
76#else
77
78static int is_selinux_enabled(void)
79{
80 return -1;
81}
82
83static int getpidcon(pid_t pid, char **context)
84{
85 *context = NULL;
86 return -1;
87}
88
89static int getfilecon(char *path, char **context)
90{
91 *context = NULL;
92 return -1;
93}
94
95static int security_get_initial_context(char *name, char **context)
96{
97 *context = NULL;
98 return -1;
99}
100#endif
101
102int preferred_family = AF_UNSPEC;
103static int show_options;
104int show_details;
105static int show_users;
106static int show_mem;
107static int show_tcpinfo;
108static int show_bpf;
109static int show_proc_ctx;
110static int show_sock_ctx;
111static int show_header = 1;
112static int follow_events;
113static int sctp_ino;
114static int show_tipcinfo;
115static int show_tos;
116static int show_cgroup;
117static int show_inet_sockopt;
118int oneline;
119
120enum col_id {
121 COL_NETID,
122 COL_STATE,
123 COL_RECVQ,
124 COL_SENDQ,
125 COL_ADDR,
126 COL_SERV,
127 COL_RADDR,
128 COL_RSERV,
129 COL_EXT,
130 COL_PROC,
131 COL_MAX
132};
133
134enum col_align {
135 ALIGN_LEFT,
136 ALIGN_CENTER,
137 ALIGN_RIGHT
138};
139
140struct column {
141 const enum col_align align;
142 const char *header;
143 const char *ldelim;
144 int disabled;
145 int width;
146 int max_len;
147};
148
149static struct column columns[] = {
150 { ALIGN_LEFT, "Netid", "", 0, 0, 0 },
151 { ALIGN_LEFT, "State", " ", 0, 0, 0 },
152 { ALIGN_LEFT, "Recv-Q", " ", 0, 0, 0 },
153 { ALIGN_LEFT, "Send-Q", " ", 0, 0, 0 },
154 { ALIGN_RIGHT, "Local Address:", " ", 0, 0, 0 },
155 { ALIGN_LEFT, "Port", "", 0, 0, 0 },
156 { ALIGN_RIGHT, "Peer Address:", " ", 0, 0, 0 },
157 { ALIGN_LEFT, "Port", "", 0, 0, 0 },
158 { ALIGN_LEFT, "Process", "", 0, 0, 0 },
159 { ALIGN_LEFT, "", "", 0, 0, 0 },
160};
161
162static struct column *current_field = columns;
163
164
165
166
167
168
169
170
171struct buf_chunk {
172 struct buf_chunk *next;
173 char *end;
174 char data[0];
175};
176
177struct buf_token {
178 uint16_t len;
179 char data[0];
180};
181
182static struct {
183 struct buf_token *cur;
184 struct buf_chunk *head;
185 struct buf_chunk *tail;
186 int chunks;
187} buffer;
188
189static const char *TCP_PROTO = "tcp";
190static const char *SCTP_PROTO = "sctp";
191static const char *UDP_PROTO = "udp";
192static const char *RAW_PROTO = "raw";
193static const char *dg_proto;
194
195enum {
196 TCP_DB,
197 MPTCP_DB,
198 DCCP_DB,
199 UDP_DB,
200 RAW_DB,
201 UNIX_DG_DB,
202 UNIX_ST_DB,
203 UNIX_SQ_DB,
204 PACKET_DG_DB,
205 PACKET_R_DB,
206 NETLINK_DB,
207 SCTP_DB,
208 VSOCK_ST_DB,
209 VSOCK_DG_DB,
210 TIPC_DB,
211 XDP_DB,
212 MAX_DB
213};
214
215#define PACKET_DBM ((1<<PACKET_DG_DB)|(1<<PACKET_R_DB))
216#define UNIX_DBM ((1<<UNIX_DG_DB)|(1<<UNIX_ST_DB)|(1<<UNIX_SQ_DB))
217#define ALL_DB ((1<<MAX_DB)-1)
218#define INET_L4_DBM ((1<<TCP_DB)|(1<<MPTCP_DB)|(1<<UDP_DB)|(1<<DCCP_DB)|(1<<SCTP_DB))
219#define INET_DBM (INET_L4_DBM | (1<<RAW_DB))
220#define VSOCK_DBM ((1<<VSOCK_ST_DB)|(1<<VSOCK_DG_DB))
221
222enum {
223 SS_UNKNOWN,
224 SS_ESTABLISHED,
225 SS_SYN_SENT,
226 SS_SYN_RECV,
227 SS_FIN_WAIT1,
228 SS_FIN_WAIT2,
229 SS_TIME_WAIT,
230 SS_CLOSE,
231 SS_CLOSE_WAIT,
232 SS_LAST_ACK,
233 SS_LISTEN,
234 SS_CLOSING,
235 SS_MAX
236};
237
238enum {
239 SCTP_STATE_CLOSED = 0,
240 SCTP_STATE_COOKIE_WAIT = 1,
241 SCTP_STATE_COOKIE_ECHOED = 2,
242 SCTP_STATE_ESTABLISHED = 3,
243 SCTP_STATE_SHUTDOWN_PENDING = 4,
244 SCTP_STATE_SHUTDOWN_SENT = 5,
245 SCTP_STATE_SHUTDOWN_RECEIVED = 6,
246 SCTP_STATE_SHUTDOWN_ACK_SENT = 7,
247};
248
249#define SS_ALL ((1 << SS_MAX) - 1)
250#define SS_CONN (SS_ALL & ~((1<<SS_LISTEN)|(1<<SS_CLOSE)|(1<<SS_TIME_WAIT)|(1<<SS_SYN_RECV)))
251#define TIPC_SS_CONN ((1<<SS_ESTABLISHED)|(1<<SS_LISTEN)|(1<<SS_CLOSE))
252
253#include "ssfilter.h"
254
255struct filter {
256 int dbs;
257 int states;
258 uint64_t families;
259 struct ssfilter *f;
260 bool kill;
261 struct rtnl_handle *rth_for_killing;
262};
263
264#define FAMILY_MASK(family) ((uint64_t)1 << (family))
265
266static const struct filter default_dbs[MAX_DB] = {
267 [TCP_DB] = {
268 .states = SS_CONN,
269 .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
270 },
271 [MPTCP_DB] = {
272 .states = SS_CONN,
273 .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
274 },
275 [DCCP_DB] = {
276 .states = SS_CONN,
277 .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
278 },
279 [UDP_DB] = {
280 .states = (1 << SS_ESTABLISHED),
281 .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
282 },
283 [RAW_DB] = {
284 .states = (1 << SS_ESTABLISHED),
285 .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
286 },
287 [UNIX_DG_DB] = {
288 .states = (1 << SS_CLOSE),
289 .families = FAMILY_MASK(AF_UNIX),
290 },
291 [UNIX_ST_DB] = {
292 .states = SS_CONN,
293 .families = FAMILY_MASK(AF_UNIX),
294 },
295 [UNIX_SQ_DB] = {
296 .states = SS_CONN,
297 .families = FAMILY_MASK(AF_UNIX),
298 },
299 [PACKET_DG_DB] = {
300 .states = (1 << SS_CLOSE),
301 .families = FAMILY_MASK(AF_PACKET),
302 },
303 [PACKET_R_DB] = {
304 .states = (1 << SS_CLOSE),
305 .families = FAMILY_MASK(AF_PACKET),
306 },
307 [NETLINK_DB] = {
308 .states = (1 << SS_CLOSE),
309 .families = FAMILY_MASK(AF_NETLINK),
310 },
311 [SCTP_DB] = {
312 .states = SS_CONN,
313 .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
314 },
315 [VSOCK_ST_DB] = {
316 .states = SS_CONN,
317 .families = FAMILY_MASK(AF_VSOCK),
318 },
319 [VSOCK_DG_DB] = {
320 .states = SS_CONN,
321 .families = FAMILY_MASK(AF_VSOCK),
322 },
323 [TIPC_DB] = {
324 .states = TIPC_SS_CONN,
325 .families = FAMILY_MASK(AF_TIPC),
326 },
327 [XDP_DB] = {
328 .states = (1 << SS_CLOSE),
329 .families = FAMILY_MASK(AF_XDP),
330 },
331};
332
333static const struct filter default_afs[AF_MAX] = {
334 [AF_INET] = {
335 .dbs = INET_DBM,
336 .states = SS_CONN,
337 },
338 [AF_INET6] = {
339 .dbs = INET_DBM,
340 .states = SS_CONN,
341 },
342 [AF_UNIX] = {
343 .dbs = UNIX_DBM,
344 .states = SS_CONN,
345 },
346 [AF_PACKET] = {
347 .dbs = PACKET_DBM,
348 .states = (1 << SS_CLOSE),
349 },
350 [AF_NETLINK] = {
351 .dbs = (1 << NETLINK_DB),
352 .states = (1 << SS_CLOSE),
353 },
354 [AF_VSOCK] = {
355 .dbs = VSOCK_DBM,
356 .states = SS_CONN,
357 },
358 [AF_TIPC] = {
359 .dbs = (1 << TIPC_DB),
360 .states = TIPC_SS_CONN,
361 },
362 [AF_XDP] = {
363 .dbs = (1 << XDP_DB),
364 .states = (1 << SS_CLOSE),
365 },
366};
367
368static int do_default = 1;
369static struct filter current_filter;
370
371static void filter_db_set(struct filter *f, int db, bool enable)
372{
373 if (enable) {
374 f->states |= default_dbs[db].states;
375 f->dbs |= 1 << db;
376 } else {
377 f->dbs &= ~(1 << db);
378 }
379 do_default = 0;
380}
381
382static int filter_db_parse(struct filter *f, const char *s)
383{
384 const struct {
385 const char *name;
386 int dbs[MAX_DB + 1];
387 } db_name_tbl[] = {
388#define ENTRY(name, ...) { #name, { __VA_ARGS__, MAX_DB } }
389 ENTRY(all, UDP_DB, DCCP_DB, TCP_DB, MPTCP_DB, RAW_DB,
390 UNIX_ST_DB, UNIX_DG_DB, UNIX_SQ_DB,
391 PACKET_R_DB, PACKET_DG_DB, NETLINK_DB,
392 SCTP_DB, VSOCK_ST_DB, VSOCK_DG_DB, XDP_DB),
393 ENTRY(inet, UDP_DB, DCCP_DB, TCP_DB, MPTCP_DB, SCTP_DB, RAW_DB),
394 ENTRY(udp, UDP_DB),
395 ENTRY(dccp, DCCP_DB),
396 ENTRY(tcp, TCP_DB),
397 ENTRY(mptcp, MPTCP_DB),
398 ENTRY(sctp, SCTP_DB),
399 ENTRY(raw, RAW_DB),
400 ENTRY(unix, UNIX_ST_DB, UNIX_DG_DB, UNIX_SQ_DB),
401 ENTRY(unix_stream, UNIX_ST_DB),
402 ENTRY(u_str, UNIX_ST_DB),
403 ENTRY(unix_dgram, UNIX_DG_DB),
404 ENTRY(u_dgr, UNIX_DG_DB),
405 ENTRY(unix_seqpacket, UNIX_SQ_DB),
406 ENTRY(u_seq, UNIX_SQ_DB),
407 ENTRY(packet, PACKET_R_DB, PACKET_DG_DB),
408 ENTRY(packet_raw, PACKET_R_DB),
409 ENTRY(p_raw, PACKET_R_DB),
410 ENTRY(packet_dgram, PACKET_DG_DB),
411 ENTRY(p_dgr, PACKET_DG_DB),
412 ENTRY(netlink, NETLINK_DB),
413 ENTRY(vsock, VSOCK_ST_DB, VSOCK_DG_DB),
414 ENTRY(vsock_stream, VSOCK_ST_DB),
415 ENTRY(v_str, VSOCK_ST_DB),
416 ENTRY(vsock_dgram, VSOCK_DG_DB),
417 ENTRY(v_dgr, VSOCK_DG_DB),
418 ENTRY(xdp, XDP_DB),
419#undef ENTRY
420 };
421 bool enable = true;
422 unsigned int i;
423 const int *dbp;
424
425 if (s[0] == '!') {
426 enable = false;
427 s++;
428 }
429 for (i = 0; i < ARRAY_SIZE(db_name_tbl); i++) {
430 if (strcmp(s, db_name_tbl[i].name))
431 continue;
432 for (dbp = db_name_tbl[i].dbs; *dbp != MAX_DB; dbp++)
433 filter_db_set(f, *dbp, enable);
434 return 0;
435 }
436 return -1;
437}
438
439static void filter_af_set(struct filter *f, int af)
440{
441 f->states |= default_afs[af].states;
442 f->families |= FAMILY_MASK(af);
443 do_default = 0;
444 preferred_family = af;
445}
446
447static int filter_af_get(struct filter *f, int af)
448{
449 return !!(f->families & FAMILY_MASK(af));
450}
451
452static void filter_states_set(struct filter *f, int states)
453{
454 if (states)
455 f->states = states;
456}
457
458static void filter_merge_defaults(struct filter *f)
459{
460 int db;
461 int af;
462
463 for (db = 0; db < MAX_DB; db++) {
464 if (!(f->dbs & (1 << db)))
465 continue;
466
467 if (!(default_dbs[db].families & f->families))
468 f->families |= default_dbs[db].families;
469 }
470 for (af = 0; af < AF_MAX; af++) {
471 if (!(f->families & FAMILY_MASK(af)))
472 continue;
473
474 if (!(default_afs[af].dbs & f->dbs))
475 f->dbs |= default_afs[af].dbs;
476 }
477}
478
479static FILE *generic_proc_open(const char *env, const char *name)
480{
481 const char *p = getenv(env);
482 char store[128];
483
484 if (!p) {
485 p = getenv("PROC_ROOT") ? : "/proc";
486 snprintf(store, sizeof(store)-1, "%s/%s", p, name);
487 p = store;
488 }
489
490 return fopen(p, "r");
491}
492#define net_tcp_open() generic_proc_open("PROC_NET_TCP", "net/tcp")
493#define net_tcp6_open() generic_proc_open("PROC_NET_TCP6", "net/tcp6")
494#define net_udp_open() generic_proc_open("PROC_NET_UDP", "net/udp")
495#define net_udp6_open() generic_proc_open("PROC_NET_UDP6", "net/udp6")
496#define net_raw_open() generic_proc_open("PROC_NET_RAW", "net/raw")
497#define net_raw6_open() generic_proc_open("PROC_NET_RAW6", "net/raw6")
498#define net_unix_open() generic_proc_open("PROC_NET_UNIX", "net/unix")
499#define net_packet_open() generic_proc_open("PROC_NET_PACKET", \
500 "net/packet")
501#define net_netlink_open() generic_proc_open("PROC_NET_NETLINK", \
502 "net/netlink")
503#define net_sockstat_open() generic_proc_open("PROC_NET_SOCKSTAT", \
504 "net/sockstat")
505#define net_sockstat6_open() generic_proc_open("PROC_NET_SOCKSTAT6", \
506 "net/sockstat6")
507#define net_snmp_open() generic_proc_open("PROC_NET_SNMP", "net/snmp")
508#define ephemeral_ports_open() generic_proc_open("PROC_IP_LOCAL_PORT_RANGE", \
509 "sys/net/ipv4/ip_local_port_range")
510
511struct user_ent {
512 struct user_ent *next;
513 unsigned int ino;
514 int pid;
515 int fd;
516 char *process;
517 char *process_ctx;
518 char *socket_ctx;
519};
520
521#define USER_ENT_HASH_SIZE 256
522static struct user_ent *user_ent_hash[USER_ENT_HASH_SIZE];
523
524static int user_ent_hashfn(unsigned int ino)
525{
526 int val = (ino >> 24) ^ (ino >> 16) ^ (ino >> 8) ^ ino;
527
528 return val & (USER_ENT_HASH_SIZE - 1);
529}
530
531static void user_ent_add(unsigned int ino, char *process,
532 int pid, int fd,
533 char *proc_ctx,
534 char *sock_ctx)
535{
536 struct user_ent *p, **pp;
537
538 p = malloc(sizeof(struct user_ent));
539 if (!p) {
540 fprintf(stderr, "ss: failed to malloc buffer\n");
541 abort();
542 }
543 p->next = NULL;
544 p->ino = ino;
545 p->pid = pid;
546 p->fd = fd;
547 p->process = strdup(process);
548 p->process_ctx = strdup(proc_ctx);
549 p->socket_ctx = strdup(sock_ctx);
550
551 pp = &user_ent_hash[user_ent_hashfn(ino)];
552 p->next = *pp;
553 *pp = p;
554}
555
556static void user_ent_destroy(void)
557{
558 struct user_ent *p, *p_next;
559 int cnt = 0;
560
561 while (cnt != USER_ENT_HASH_SIZE) {
562 p = user_ent_hash[cnt];
563 while (p) {
564 free(p->process);
565 free(p->process_ctx);
566 free(p->socket_ctx);
567 p_next = p->next;
568 free(p);
569 p = p_next;
570 }
571 cnt++;
572 }
573}
574
575static void user_ent_hash_build(void)
576{
577 const char *root = getenv("PROC_ROOT") ? : "/proc/";
578 struct dirent *d;
579 char name[1024];
580 int nameoff;
581 DIR *dir;
582 char *pid_context;
583 char *sock_context;
584 const char *no_ctx = "unavailable";
585 static int user_ent_hash_build_init;
586
587
588 if (user_ent_hash_build_init != 0)
589 return;
590
591 user_ent_hash_build_init = 1;
592
593 strlcpy(name, root, sizeof(name));
594
595 if (strlen(name) == 0 || name[strlen(name)-1] != '/')
596 strcat(name, "/");
597
598 nameoff = strlen(name);
599
600 dir = opendir(name);
601 if (!dir)
602 return;
603
604 while ((d = readdir(dir)) != NULL) {
605 struct dirent *d1;
606 char process[16];
607 char *p;
608 int pid, pos;
609 DIR *dir1;
610 char crap;
611
612 if (sscanf(d->d_name, "%d%c", &pid, &crap) != 1)
613 continue;
614
615 if (getpidcon(pid, &pid_context) != 0)
616 pid_context = strdup(no_ctx);
617
618 snprintf(name + nameoff, sizeof(name) - nameoff, "%d/fd/", pid);
619 pos = strlen(name);
620 if ((dir1 = opendir(name)) == NULL) {
621 free(pid_context);
622 continue;
623 }
624
625 process[0] = '\0';
626 p = process;
627
628 while ((d1 = readdir(dir1)) != NULL) {
629 const char *pattern = "socket:[";
630 unsigned int ino;
631 char lnk[64];
632 int fd;
633 ssize_t link_len;
634 char tmp[1024];
635
636 if (sscanf(d1->d_name, "%d%c", &fd, &crap) != 1)
637 continue;
638
639 snprintf(name+pos, sizeof(name) - pos, "%d", fd);
640
641 link_len = readlink(name, lnk, sizeof(lnk)-1);
642 if (link_len == -1)
643 continue;
644 lnk[link_len] = '\0';
645
646 if (strncmp(lnk, pattern, strlen(pattern)))
647 continue;
648
649 sscanf(lnk, "socket:[%u]", &ino);
650
651 snprintf(tmp, sizeof(tmp), "%s/%d/fd/%s",
652 root, pid, d1->d_name);
653
654 if (getfilecon(tmp, &sock_context) <= 0)
655 sock_context = strdup(no_ctx);
656
657 if (*p == '\0') {
658 FILE *fp;
659
660 snprintf(tmp, sizeof(tmp), "%s/%d/stat",
661 root, pid);
662 if ((fp = fopen(tmp, "r")) != NULL) {
663 if (fscanf(fp, "%*d (%[^)])", p) < 1)
664 ;
665 fclose(fp);
666 }
667 }
668 user_ent_add(ino, p, pid, fd,
669 pid_context, sock_context);
670 free(sock_context);
671 }
672 free(pid_context);
673 closedir(dir1);
674 }
675 closedir(dir);
676}
677
678enum entry_types {
679 USERS,
680 PROC_CTX,
681 PROC_SOCK_CTX
682};
683
684#define ENTRY_BUF_SIZE 512
685static int find_entry(unsigned int ino, char **buf, int type)
686{
687 struct user_ent *p;
688 int cnt = 0;
689 char *ptr;
690 char *new_buf;
691 int len, new_buf_len;
692 int buf_used = 0;
693 int buf_len = 0;
694
695 if (!ino)
696 return 0;
697
698 p = user_ent_hash[user_ent_hashfn(ino)];
699 ptr = *buf = NULL;
700 while (p) {
701 if (p->ino != ino)
702 goto next;
703
704 while (1) {
705 ptr = *buf + buf_used;
706 switch (type) {
707 case USERS:
708 len = snprintf(ptr, buf_len - buf_used,
709 "(\"%s\",pid=%d,fd=%d),",
710 p->process, p->pid, p->fd);
711 break;
712 case PROC_CTX:
713 len = snprintf(ptr, buf_len - buf_used,
714 "(\"%s\",pid=%d,proc_ctx=%s,fd=%d),",
715 p->process, p->pid,
716 p->process_ctx, p->fd);
717 break;
718 case PROC_SOCK_CTX:
719 len = snprintf(ptr, buf_len - buf_used,
720 "(\"%s\",pid=%d,proc_ctx=%s,fd=%d,sock_ctx=%s),",
721 p->process, p->pid,
722 p->process_ctx, p->fd,
723 p->socket_ctx);
724 break;
725 default:
726 fprintf(stderr, "ss: invalid type: %d\n", type);
727 abort();
728 }
729
730 if (len < 0 || len >= buf_len - buf_used) {
731 new_buf_len = buf_len + ENTRY_BUF_SIZE;
732 new_buf = realloc(*buf, new_buf_len);
733 if (!new_buf) {
734 fprintf(stderr, "ss: failed to malloc buffer\n");
735 abort();
736 }
737 *buf = new_buf;
738 buf_len = new_buf_len;
739 continue;
740 } else {
741 buf_used += len;
742 break;
743 }
744 }
745 cnt++;
746next:
747 p = p->next;
748 }
749 if (buf_used) {
750 ptr = *buf + buf_used;
751 ptr[-1] = '\0';
752 }
753 return cnt;
754}
755
756static unsigned long long cookie_sk_get(const uint32_t *cookie)
757{
758 return (((unsigned long long)cookie[1] << 31) << 1) | cookie[0];
759}
760
761static const char *sctp_sstate_name[] = {
762 [SCTP_STATE_CLOSED] = "CLOSED",
763 [SCTP_STATE_COOKIE_WAIT] = "COOKIE_WAIT",
764 [SCTP_STATE_COOKIE_ECHOED] = "COOKIE_ECHOED",
765 [SCTP_STATE_ESTABLISHED] = "ESTAB",
766 [SCTP_STATE_SHUTDOWN_PENDING] = "SHUTDOWN_PENDING",
767 [SCTP_STATE_SHUTDOWN_SENT] = "SHUTDOWN_SENT",
768 [SCTP_STATE_SHUTDOWN_RECEIVED] = "SHUTDOWN_RECEIVED",
769 [SCTP_STATE_SHUTDOWN_ACK_SENT] = "ACK_SENT",
770};
771
772static const char * const stype_nameg[] = {
773 "UNKNOWN",
774 [SOCK_STREAM] = "STREAM",
775 [SOCK_DGRAM] = "DGRAM",
776 [SOCK_RDM] = "RDM",
777 [SOCK_SEQPACKET] = "SEQPACKET",
778};
779
780struct sockstat {
781 struct sockstat *next;
782 unsigned int type;
783 uint16_t prot;
784 uint16_t raw_prot;
785 inet_prefix local;
786 inet_prefix remote;
787 int lport;
788 int rport;
789 int state;
790 int rq, wq;
791 unsigned int ino;
792 unsigned int uid;
793 int refcnt;
794 unsigned int iface;
795 unsigned long long sk;
796 char *name;
797 char *peer_name;
798 __u32 mark;
799 __u64 cgroup_id;
800};
801
802struct dctcpstat {
803 unsigned int ce_state;
804 unsigned int alpha;
805 unsigned int ab_ecn;
806 unsigned int ab_tot;
807 bool enabled;
808};
809
810struct tcpstat {
811 struct sockstat ss;
812 unsigned int timer;
813 unsigned int timeout;
814 int probes;
815 char cong_alg[16];
816 double rto, ato, rtt, rttvar;
817 int qack, ssthresh, backoff;
818 double send_bps;
819 int snd_wscale;
820 int rcv_wscale;
821 int mss;
822 int rcv_mss;
823 int advmss;
824 unsigned int pmtu;
825 unsigned int cwnd;
826 unsigned int lastsnd;
827 unsigned int lastrcv;
828 unsigned int lastack;
829 double pacing_rate;
830 double pacing_rate_max;
831 double delivery_rate;
832 unsigned long long bytes_acked;
833 unsigned long long bytes_received;
834 unsigned int segs_out;
835 unsigned int segs_in;
836 unsigned int data_segs_out;
837 unsigned int data_segs_in;
838 unsigned int unacked;
839 unsigned int retrans;
840 unsigned int retrans_total;
841 unsigned int lost;
842 unsigned int sacked;
843 unsigned int fackets;
844 unsigned int reordering;
845 unsigned int not_sent;
846 unsigned int delivered;
847 unsigned int delivered_ce;
848 unsigned int dsack_dups;
849 unsigned int reord_seen;
850 double rcv_rtt;
851 double min_rtt;
852 int rcv_space;
853 unsigned int rcv_ssthresh;
854 unsigned long long busy_time;
855 unsigned long long rwnd_limited;
856 unsigned long long sndbuf_limited;
857 unsigned long long bytes_sent;
858 unsigned long long bytes_retrans;
859 bool has_ts_opt;
860 bool has_sack_opt;
861 bool has_ecn_opt;
862 bool has_ecnseen_opt;
863 bool has_fastopen_opt;
864 bool has_wscale_opt;
865 bool app_limited;
866 struct dctcpstat *dctcp;
867 struct tcp_bbr_info *bbr_info;
868};
869
870
871
872
873static bool is_sctp_assoc(struct sockstat *s, const char *sock_name)
874{
875 if (strcmp(sock_name, "sctp"))
876 return false;
877 if (!sctp_ino || sctp_ino != s->ino)
878 return false;
879 return true;
880}
881
882static const char *unix_netid_name(int type)
883{
884 switch (type) {
885 case SOCK_STREAM:
886 return "u_str";
887 case SOCK_SEQPACKET:
888 return "u_seq";
889 case SOCK_DGRAM:
890 default:
891 return "u_dgr";
892 }
893}
894
895static const char *proto_name(int protocol)
896{
897 switch (protocol) {
898 case 0:
899 return "raw";
900 case IPPROTO_UDP:
901 return "udp";
902 case IPPROTO_TCP:
903 return "tcp";
904 case IPPROTO_MPTCP:
905 return "mptcp";
906 case IPPROTO_SCTP:
907 return "sctp";
908 case IPPROTO_DCCP:
909 return "dccp";
910 case IPPROTO_ICMPV6:
911 return "icmp6";
912 }
913
914 return "???";
915}
916
917static const char *vsock_netid_name(int type)
918{
919 switch (type) {
920 case SOCK_STREAM:
921 return "v_str";
922 case SOCK_DGRAM:
923 return "v_dgr";
924 default:
925 return "???";
926 }
927}
928
929static const char *tipc_netid_name(int type)
930{
931 switch (type) {
932 case SOCK_STREAM:
933 return "ti_st";
934 case SOCK_DGRAM:
935 return "ti_dg";
936 case SOCK_RDM:
937 return "ti_rd";
938 case SOCK_SEQPACKET:
939 return "ti_sq";
940 default:
941 return "???";
942 }
943}
944
945
946static struct buf_chunk *buf_chunk_new(void)
947{
948 struct buf_chunk *new = malloc(BUF_CHUNK);
949
950 if (!new)
951 abort();
952
953 new->next = NULL;
954
955
956 buffer.tail = new;
957
958
959
960
961 buffer.cur = (struct buf_token *)new->data;
962 buffer.cur->len = 0;
963
964 new->end = buffer.cur->data;
965
966 buffer.chunks++;
967
968 return new;
969}
970
971
972static int buf_chunk_avail(struct buf_chunk *chunk)
973{
974 return BUF_CHUNK - offsetof(struct buf_chunk, data) -
975 (chunk->end - chunk->data);
976}
977
978
979
980
981static int buf_update(int len)
982{
983 struct buf_chunk *chunk = buffer.tail;
984 struct buf_token *t = buffer.cur;
985
986
987
988
989
990 if ((len < buf_chunk_avail(chunk) && len != -1 ) ||
991 t == (struct buf_token *)chunk->data) {
992 len = min(len, buf_chunk_avail(chunk));
993
994
995 len = min(len, USHRT_MAX - t->len);
996
997 chunk->end += len;
998 t->len += len;
999 return 0;
1000 }
1001
1002
1003 chunk->next = buf_chunk_new();
1004
1005
1006 memcpy(chunk->next->data, t, sizeof(t->len) + t->len);
1007 chunk->next->end += t->len;
1008
1009
1010 chunk->end -= t->len + sizeof(t->len);
1011
1012 return -EAGAIN;
1013}
1014
1015
1016__attribute__((format(printf, 1, 2)))
1017static void out(const char *fmt, ...)
1018{
1019 struct column *f = current_field;
1020 va_list args;
1021 char *pos;
1022 int len;
1023
1024 if (f->disabled)
1025 return;
1026
1027 if (!buffer.head)
1028 buffer.head = buf_chunk_new();
1029
1030again:
1031
1032 pos = buffer.cur->data + buffer.cur->len;
1033 va_start(args, fmt);
1034
1035
1036 len = vsnprintf(pos, buf_chunk_avail(buffer.tail), fmt, args);
1037 va_end(args);
1038
1039 if (buf_update(len))
1040 goto again;
1041}
1042
1043static int print_left_spacing(struct column *f, int stored, int printed)
1044{
1045 int s;
1046
1047 if (!f->width || f->align == ALIGN_LEFT)
1048 return 0;
1049
1050 s = f->width - stored - printed;
1051 if (f->align == ALIGN_CENTER)
1052
1053 s = (s + 1) / 2;
1054
1055 if (s > 0)
1056 return printf("%*c", s, ' ');
1057
1058 return 0;
1059}
1060
1061static void print_right_spacing(struct column *f, int printed)
1062{
1063 int s;
1064
1065 if (!f->width || f->align == ALIGN_RIGHT)
1066 return;
1067
1068 s = f->width - printed;
1069 if (f->align == ALIGN_CENTER)
1070 s /= 2;
1071
1072 if (s > 0)
1073 printf("%*c", s, ' ');
1074}
1075
1076
1077static void field_flush(struct column *f)
1078{
1079 struct buf_chunk *chunk;
1080 unsigned int pad;
1081
1082 if (f->disabled)
1083 return;
1084
1085 chunk = buffer.tail;
1086 pad = buffer.cur->len % 2;
1087
1088 if (buffer.cur->len > f->max_len)
1089 f->max_len = buffer.cur->len;
1090
1091
1092
1093
1094
1095 if (buf_chunk_avail(chunk) - pad < sizeof(buffer.cur->len)) {
1096 chunk->end += pad;
1097 chunk->next = buf_chunk_new();
1098 return;
1099 }
1100
1101 buffer.cur = (struct buf_token *)(buffer.cur->data +
1102 LEN_ALIGN(buffer.cur->len));
1103 buffer.cur->len = 0;
1104 buffer.tail->end = buffer.cur->data;
1105}
1106
1107static int field_is_last(struct column *f)
1108{
1109 return f - columns == COL_MAX - 1;
1110}
1111
1112
1113static struct buf_token *buf_token_next(struct buf_token *cur)
1114{
1115 struct buf_chunk *chunk = buffer.tail;
1116
1117
1118 if (cur->data + LEN_ALIGN(cur->len) == chunk->end) {
1119 buffer.tail = chunk = chunk->next;
1120 return chunk ? (struct buf_token *)chunk->data : NULL;
1121 }
1122
1123 return (struct buf_token *)(cur->data + LEN_ALIGN(cur->len));
1124}
1125
1126
1127static void buf_free_all(void)
1128{
1129 struct buf_chunk *tmp;
1130
1131 for (buffer.tail = buffer.head; buffer.tail; ) {
1132 tmp = buffer.tail;
1133 buffer.tail = buffer.tail->next;
1134 free(tmp);
1135 }
1136 buffer.head = NULL;
1137 buffer.chunks = 0;
1138}
1139
1140
1141static int render_screen_width(void)
1142{
1143 int width = -1;
1144
1145 if (isatty(STDOUT_FILENO)) {
1146 struct winsize w;
1147
1148 if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &w) != -1) {
1149 if (w.ws_col > 0)
1150 width = w.ws_col;
1151 }
1152 }
1153
1154 return width;
1155}
1156
1157
1158
1159
1160
1161
1162static void render_calc_width(void)
1163{
1164 int screen_width, first, len = 0, linecols = 0;
1165 struct column *c, *eol = columns - 1;
1166 bool compact_output = false;
1167
1168 screen_width = render_screen_width();
1169 if (screen_width == -1) {
1170 screen_width = INT_MAX;
1171 compact_output = true;
1172 }
1173
1174
1175 for (first = 1, c = columns; c - columns < COL_MAX; c++) {
1176 if (c->disabled)
1177 continue;
1178
1179 if (!first && c->max_len)
1180 c->width = c->max_len + strlen(c->ldelim);
1181 else
1182 c->width = c->max_len;
1183
1184
1185
1186
1187
1188 c->width = min(c->width, screen_width);
1189
1190 if (c->width)
1191 first = 0;
1192 }
1193
1194 if (compact_output) {
1195
1196 return;
1197 }
1198
1199
1200 for (c = columns; c - columns < COL_MAX; c++) {
1201 int pad, spacing, rem, last;
1202 struct column *tmp;
1203
1204 if (!c->width)
1205 continue;
1206
1207 linecols++;
1208 len += c->width;
1209
1210 for (last = 1, tmp = c + 1; tmp - columns < COL_MAX; tmp++) {
1211 if (tmp->width) {
1212 last = 0;
1213 break;
1214 }
1215 }
1216
1217 if (!last && len < screen_width) {
1218
1219 continue;
1220 }
1221
1222 if (len == screen_width) {
1223
1224 goto newline;
1225 }
1226
1227 if (len > screen_width) {
1228
1229 len -= c->width;
1230 c--;
1231 linecols--;
1232 }
1233
1234
1235 pad = screen_width - len;
1236 spacing = pad / linecols;
1237 rem = pad % linecols;
1238 for (tmp = c; tmp > eol; tmp--) {
1239 if (!tmp->width)
1240 continue;
1241
1242 tmp->width += spacing;
1243 if (rem) {
1244 tmp->width++;
1245 rem--;
1246 }
1247 }
1248
1249newline:
1250
1251 eol = c;
1252 len = 0;
1253 linecols = 0;
1254 }
1255}
1256
1257
1258static void render(void)
1259{
1260 struct buf_token *token;
1261 int printed, line_started = 0;
1262 struct column *f;
1263
1264 if (!buffer.head)
1265 return;
1266
1267 token = (struct buf_token *)buffer.head->data;
1268
1269
1270 buffer.tail->end += buffer.cur->len % 2;
1271
1272 render_calc_width();
1273
1274
1275 buffer.tail = buffer.head;
1276
1277 f = columns;
1278 while (!f->width)
1279 f++;
1280
1281 while (token) {
1282
1283 if (line_started++)
1284 printed = printf("%s", f->ldelim);
1285 else
1286 printed = 0;
1287
1288
1289 printed += print_left_spacing(f, token->len, printed);
1290 printed += fwrite(token->data, 1, token->len, stdout);
1291 print_right_spacing(f, printed);
1292
1293
1294 do {
1295 if (field_is_last(f)) {
1296 printf("\n");
1297 f = columns;
1298 line_started = 0;
1299 } else {
1300 f++;
1301 }
1302 } while (f->disabled);
1303
1304 token = buf_token_next(token);
1305 }
1306
1307
1308
1309 if (line_started)
1310 printf("\n");
1311
1312 buf_free_all();
1313 current_field = columns;
1314}
1315
1316
1317
1318
1319static void field_next(void)
1320{
1321 if (field_is_last(current_field) && buffer.chunks >= BUF_CHUNKS_MAX) {
1322 render();
1323 return;
1324 }
1325
1326 field_flush(current_field);
1327 if (field_is_last(current_field))
1328 current_field = columns;
1329 else
1330 current_field++;
1331}
1332
1333
1334static void field_set(enum col_id id)
1335{
1336 while (id != current_field - columns)
1337 field_next();
1338}
1339
1340
1341static void print_header(void)
1342{
1343 while (!field_is_last(current_field)) {
1344 if (!current_field->disabled)
1345 out("%s", current_field->header);
1346 field_next();
1347 }
1348}
1349
1350static void sock_state_print(struct sockstat *s)
1351{
1352 const char *sock_name;
1353 static const char * const sstate_name[] = {
1354 "UNKNOWN",
1355 [SS_ESTABLISHED] = "ESTAB",
1356 [SS_SYN_SENT] = "SYN-SENT",
1357 [SS_SYN_RECV] = "SYN-RECV",
1358 [SS_FIN_WAIT1] = "FIN-WAIT-1",
1359 [SS_FIN_WAIT2] = "FIN-WAIT-2",
1360 [SS_TIME_WAIT] = "TIME-WAIT",
1361 [SS_CLOSE] = "UNCONN",
1362 [SS_CLOSE_WAIT] = "CLOSE-WAIT",
1363 [SS_LAST_ACK] = "LAST-ACK",
1364 [SS_LISTEN] = "LISTEN",
1365 [SS_CLOSING] = "CLOSING",
1366 };
1367
1368 switch (s->local.family) {
1369 case AF_UNIX:
1370 sock_name = unix_netid_name(s->type);
1371 break;
1372 case AF_INET:
1373 case AF_INET6:
1374 sock_name = proto_name(s->type);
1375 break;
1376 case AF_PACKET:
1377 sock_name = s->type == SOCK_RAW ? "p_raw" : "p_dgr";
1378 break;
1379 case AF_NETLINK:
1380 sock_name = "nl";
1381 break;
1382 case AF_TIPC:
1383 sock_name = tipc_netid_name(s->type);
1384 break;
1385 case AF_VSOCK:
1386 sock_name = vsock_netid_name(s->type);
1387 break;
1388 case AF_XDP:
1389 sock_name = "xdp";
1390 break;
1391 default:
1392 sock_name = "unknown";
1393 }
1394
1395 if (is_sctp_assoc(s, sock_name)) {
1396 field_set(COL_STATE);
1397 out("`- %s", sctp_sstate_name[s->state]);
1398 } else {
1399 field_set(COL_NETID);
1400 out("%s", sock_name);
1401 field_set(COL_STATE);
1402 out("%s", sstate_name[s->state]);
1403 }
1404
1405 field_set(COL_RECVQ);
1406 out("%-6d", s->rq);
1407 field_set(COL_SENDQ);
1408 out("%-6d", s->wq);
1409 field_set(COL_ADDR);
1410}
1411
1412static void sock_details_print(struct sockstat *s)
1413{
1414 if (s->uid)
1415 out(" uid:%u", s->uid);
1416
1417 out(" ino:%u", s->ino);
1418 out(" sk:%llx", s->sk);
1419
1420 if (s->mark)
1421 out(" fwmark:0x%x", s->mark);
1422
1423 if (s->cgroup_id)
1424 out(" cgroup:%s", cg_id_to_path(s->cgroup_id));
1425}
1426
1427static void sock_addr_print(const char *addr, char *delim, const char *port,
1428 const char *ifname)
1429{
1430 if (ifname)
1431 out("%s" "%%" "%s%s", addr, ifname, delim);
1432 else
1433 out("%s%s", addr, delim);
1434
1435 field_next();
1436 out("%s", port);
1437 field_next();
1438}
1439
1440static const char *print_ms_timer(unsigned int timeout)
1441{
1442 static char buf[64];
1443 int secs, msecs, minutes;
1444
1445 secs = timeout/1000;
1446 minutes = secs/60;
1447 secs = secs%60;
1448 msecs = timeout%1000;
1449 buf[0] = 0;
1450 if (minutes) {
1451 msecs = 0;
1452 snprintf(buf, sizeof(buf)-16, "%dmin", minutes);
1453 if (minutes > 9)
1454 secs = 0;
1455 }
1456 if (secs) {
1457 if (secs > 9)
1458 msecs = 0;
1459 sprintf(buf+strlen(buf), "%d%s", secs, msecs ? "." : "sec");
1460 }
1461 if (msecs)
1462 sprintf(buf+strlen(buf), "%03dms", msecs);
1463 return buf;
1464}
1465
1466struct scache {
1467 struct scache *next;
1468 int port;
1469 char *name;
1470 const char *proto;
1471};
1472
1473static struct scache *rlist;
1474
1475static void init_service_resolver(void)
1476{
1477 char buf[128];
1478 FILE *fp = popen("/usr/sbin/rpcinfo -p 2>/dev/null", "r");
1479
1480 if (!fp)
1481 return;
1482
1483 if (!fgets(buf, sizeof(buf), fp)) {
1484 pclose(fp);
1485 return;
1486 }
1487 while (fgets(buf, sizeof(buf), fp) != NULL) {
1488 unsigned int progn, port;
1489 char proto[128], prog[128] = "rpc.";
1490 struct scache *c;
1491
1492 if (sscanf(buf, "%u %*d %s %u %s",
1493 &progn, proto, &port, prog+4) != 4)
1494 continue;
1495
1496 if (!(c = malloc(sizeof(*c))))
1497 continue;
1498
1499 c->port = port;
1500 c->name = strdup(prog);
1501 if (strcmp(proto, TCP_PROTO) == 0)
1502 c->proto = TCP_PROTO;
1503 else if (strcmp(proto, UDP_PROTO) == 0)
1504 c->proto = UDP_PROTO;
1505 else if (strcmp(proto, SCTP_PROTO) == 0)
1506 c->proto = SCTP_PROTO;
1507 else
1508 c->proto = NULL;
1509 c->next = rlist;
1510 rlist = c;
1511 }
1512 pclose(fp);
1513}
1514
1515
1516
1517
1518
1519
1520
1521static int is_ephemeral(int port)
1522{
1523 static int min = 0, max;
1524
1525 if (!min) {
1526 FILE *f = ephemeral_ports_open();
1527
1528 if (!f || fscanf(f, "%d %d", &min, &max) < 2) {
1529 min = 1024;
1530 max = 4999;
1531 }
1532 if (f)
1533 fclose(f);
1534 }
1535 return port >= min && port <= max;
1536}
1537
1538
1539static const char *__resolve_service(int port)
1540{
1541 struct scache *c;
1542
1543 for (c = rlist; c; c = c->next) {
1544 if (c->port == port && c->proto == dg_proto)
1545 return c->name;
1546 }
1547
1548 if (!is_ephemeral(port)) {
1549 static int notfirst;
1550 struct servent *se;
1551
1552 if (!notfirst) {
1553 setservent(1);
1554 notfirst = 1;
1555 }
1556 se = getservbyport(htons(port), dg_proto);
1557 if (se)
1558 return se->s_name;
1559 }
1560
1561 return NULL;
1562}
1563
1564#define SCACHE_BUCKETS 1024
1565static struct scache *cache_htab[SCACHE_BUCKETS];
1566
1567static const char *resolve_service(int port)
1568{
1569 static char buf[128];
1570 struct scache *c;
1571 const char *res;
1572 int hash;
1573
1574 if (port == 0) {
1575 buf[0] = '*';
1576 buf[1] = 0;
1577 return buf;
1578 }
1579
1580 if (numeric)
1581 goto do_numeric;
1582
1583 if (dg_proto == RAW_PROTO)
1584 return inet_proto_n2a(port, buf, sizeof(buf));
1585
1586
1587 hash = (port^(((unsigned long)dg_proto)>>2)) % SCACHE_BUCKETS;
1588
1589 for (c = cache_htab[hash]; c; c = c->next) {
1590 if (c->port == port && c->proto == dg_proto)
1591 goto do_cache;
1592 }
1593
1594 c = malloc(sizeof(*c));
1595 if (!c)
1596 goto do_numeric;
1597 res = __resolve_service(port);
1598 c->port = port;
1599 c->name = res ? strdup(res) : NULL;
1600 c->proto = dg_proto;
1601 c->next = cache_htab[hash];
1602 cache_htab[hash] = c;
1603
1604do_cache:
1605 if (c->name)
1606 return c->name;
1607
1608do_numeric:
1609 sprintf(buf, "%u", port);
1610 return buf;
1611}
1612
1613static void inet_addr_print(const inet_prefix *a, int port,
1614 unsigned int ifindex, bool v6only)
1615{
1616 char buf[1024];
1617 const char *ap = buf;
1618 const char *ifname = NULL;
1619
1620 if (a->family == AF_INET) {
1621 ap = format_host(AF_INET, 4, a->data);
1622 } else {
1623 if (!v6only &&
1624 !memcmp(a->data, &in6addr_any, sizeof(in6addr_any))) {
1625 buf[0] = '*';
1626 buf[1] = 0;
1627 } else {
1628 ap = format_host(a->family, 16, a->data);
1629
1630
1631 if (strchr(ap, ':')) {
1632 snprintf(buf, sizeof(buf),
1633 "[%s]", ap);
1634 ap = buf;
1635 }
1636 }
1637 }
1638
1639 if (ifindex)
1640 ifname = ll_index_to_name(ifindex);
1641
1642 sock_addr_print(ap, ":", resolve_service(port), ifname);
1643}
1644
1645struct aafilter {
1646 inet_prefix addr;
1647 int port;
1648 unsigned int iface;
1649 __u32 mark;
1650 __u32 mask;
1651 __u64 cgroup_id;
1652 struct aafilter *next;
1653};
1654
1655static int inet2_addr_match(const inet_prefix *a, const inet_prefix *p,
1656 int plen)
1657{
1658 if (!inet_addr_match(a, p, plen))
1659 return 0;
1660
1661
1662
1663
1664 if (p->family == AF_INET && a->family == AF_INET6) {
1665 if (a->data[0] == 0 && a->data[1] == 0 &&
1666 a->data[2] == htonl(0xffff)) {
1667 inet_prefix tmp = *a;
1668
1669 tmp.data[0] = a->data[3];
1670 return inet_addr_match(&tmp, p, plen);
1671 }
1672 }
1673 return 1;
1674}
1675
1676static int unix_match(const inet_prefix *a, const inet_prefix *p)
1677{
1678 char *addr, *pattern;
1679
1680 memcpy(&addr, a->data, sizeof(addr));
1681 memcpy(&pattern, p->data, sizeof(pattern));
1682 if (pattern == NULL)
1683 return 1;
1684 if (addr == NULL)
1685 addr = "";
1686 return !fnmatch(pattern, addr, FNM_CASEFOLD);
1687}
1688
1689static int run_ssfilter(struct ssfilter *f, struct sockstat *s)
1690{
1691 switch (f->type) {
1692 case SSF_S_AUTO:
1693 {
1694 if (s->local.family == AF_UNIX) {
1695 char *p;
1696
1697 memcpy(&p, s->local.data, sizeof(p));
1698 return p == NULL || (p[0] == '@' && strlen(p) == 6 &&
1699 strspn(p+1, "0123456789abcdef") == 5);
1700 }
1701 if (s->local.family == AF_PACKET)
1702 return s->lport == 0 && s->local.data[0] == 0;
1703 if (s->local.family == AF_NETLINK)
1704 return s->lport < 0;
1705 if (s->local.family == AF_VSOCK)
1706 return s->lport > 1023;
1707
1708 return is_ephemeral(s->lport);
1709 }
1710 case SSF_DCOND:
1711 {
1712 struct aafilter *a = (void *)f->pred;
1713
1714 if (a->addr.family == AF_UNIX)
1715 return unix_match(&s->remote, &a->addr);
1716 if (a->port != -1 && a->port != s->rport)
1717 return 0;
1718 if (a->addr.bitlen) {
1719 do {
1720 if (!inet2_addr_match(&s->remote, &a->addr, a->addr.bitlen))
1721 return 1;
1722 } while ((a = a->next) != NULL);
1723 return 0;
1724 }
1725 return 1;
1726 }
1727 case SSF_SCOND:
1728 {
1729 struct aafilter *a = (void *)f->pred;
1730
1731 if (a->addr.family == AF_UNIX)
1732 return unix_match(&s->local, &a->addr);
1733 if (a->port != -1 && a->port != s->lport)
1734 return 0;
1735 if (a->addr.bitlen) {
1736 do {
1737 if (!inet2_addr_match(&s->local, &a->addr, a->addr.bitlen))
1738 return 1;
1739 } while ((a = a->next) != NULL);
1740 return 0;
1741 }
1742 return 1;
1743 }
1744 case SSF_D_GE:
1745 {
1746 struct aafilter *a = (void *)f->pred;
1747
1748 return s->rport >= a->port;
1749 }
1750 case SSF_D_LE:
1751 {
1752 struct aafilter *a = (void *)f->pred;
1753
1754 return s->rport <= a->port;
1755 }
1756 case SSF_S_GE:
1757 {
1758 struct aafilter *a = (void *)f->pred;
1759
1760 return s->lport >= a->port;
1761 }
1762 case SSF_S_LE:
1763 {
1764 struct aafilter *a = (void *)f->pred;
1765
1766 return s->lport <= a->port;
1767 }
1768 case SSF_DEVCOND:
1769 {
1770 struct aafilter *a = (void *)f->pred;
1771
1772 return s->iface == a->iface;
1773 }
1774 case SSF_MARKMASK:
1775 {
1776 struct aafilter *a = (void *)f->pred;
1777
1778 return (s->mark & a->mask) == a->mark;
1779 }
1780 case SSF_CGROUPCOND:
1781 {
1782 struct aafilter *a = (void *)f->pred;
1783
1784 return s->cgroup_id == a->cgroup_id;
1785 }
1786
1787 case SSF_AND:
1788 return run_ssfilter(f->pred, s) && run_ssfilter(f->post, s);
1789 case SSF_OR:
1790 return run_ssfilter(f->pred, s) || run_ssfilter(f->post, s);
1791 case SSF_NOT:
1792 return !run_ssfilter(f->pred, s);
1793 default:
1794 abort();
1795 }
1796}
1797
1798
1799static void ssfilter_patch(char *a, int len, int reloc)
1800{
1801 while (len > 0) {
1802 struct inet_diag_bc_op *op = (struct inet_diag_bc_op *)a;
1803
1804 if (op->no == len+4)
1805 op->no += reloc;
1806 len -= op->yes;
1807 a += op->yes;
1808 }
1809 if (len < 0)
1810 abort();
1811}
1812
1813static int ssfilter_bytecompile(struct ssfilter *f, char **bytecode)
1814{
1815 switch (f->type) {
1816 case SSF_S_AUTO:
1817 {
1818 if (!(*bytecode = malloc(4))) abort();
1819 ((struct inet_diag_bc_op *)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_AUTO, 4, 8 };
1820 return 4;
1821 }
1822 case SSF_DCOND:
1823 case SSF_SCOND:
1824 {
1825 struct aafilter *a = (void *)f->pred;
1826 struct aafilter *b;
1827 char *ptr;
1828 int code = (f->type == SSF_DCOND ? INET_DIAG_BC_D_COND : INET_DIAG_BC_S_COND);
1829 int len = 0;
1830
1831 for (b = a; b; b = b->next) {
1832 len += 4 + sizeof(struct inet_diag_hostcond);
1833 if (a->addr.family == AF_INET6)
1834 len += 16;
1835 else
1836 len += 4;
1837 if (b->next)
1838 len += 4;
1839 }
1840 if (!(ptr = malloc(len))) abort();
1841 *bytecode = ptr;
1842 for (b = a; b; b = b->next) {
1843 struct inet_diag_bc_op *op = (struct inet_diag_bc_op *)ptr;
1844 int alen = (a->addr.family == AF_INET6 ? 16 : 4);
1845 int oplen = alen + 4 + sizeof(struct inet_diag_hostcond);
1846 struct inet_diag_hostcond *cond = (struct inet_diag_hostcond *)(ptr+4);
1847
1848 *op = (struct inet_diag_bc_op){ code, oplen, oplen+4 };
1849 cond->family = a->addr.family;
1850 cond->port = a->port;
1851 cond->prefix_len = a->addr.bitlen;
1852 memcpy(cond->addr, a->addr.data, alen);
1853 ptr += oplen;
1854 if (b->next) {
1855 op = (struct inet_diag_bc_op *)ptr;
1856 *op = (struct inet_diag_bc_op){ INET_DIAG_BC_JMP, 4, len - (ptr-*bytecode)};
1857 ptr += 4;
1858 }
1859 }
1860 return ptr - *bytecode;
1861 }
1862 case SSF_D_GE:
1863 {
1864 struct aafilter *x = (void *)f->pred;
1865
1866 if (!(*bytecode = malloc(8))) abort();
1867 ((struct inet_diag_bc_op *)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_D_GE, 8, 12 };
1868 ((struct inet_diag_bc_op *)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
1869 return 8;
1870 }
1871 case SSF_D_LE:
1872 {
1873 struct aafilter *x = (void *)f->pred;
1874
1875 if (!(*bytecode = malloc(8))) abort();
1876 ((struct inet_diag_bc_op *)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_D_LE, 8, 12 };
1877 ((struct inet_diag_bc_op *)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
1878 return 8;
1879 }
1880 case SSF_S_GE:
1881 {
1882 struct aafilter *x = (void *)f->pred;
1883
1884 if (!(*bytecode = malloc(8))) abort();
1885 ((struct inet_diag_bc_op *)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_S_GE, 8, 12 };
1886 ((struct inet_diag_bc_op *)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
1887 return 8;
1888 }
1889 case SSF_S_LE:
1890 {
1891 struct aafilter *x = (void *)f->pred;
1892
1893 if (!(*bytecode = malloc(8))) abort();
1894 ((struct inet_diag_bc_op *)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_S_LE, 8, 12 };
1895 ((struct inet_diag_bc_op *)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
1896 return 8;
1897 }
1898
1899 case SSF_AND:
1900 {
1901 char *a1 = NULL, *a2 = NULL, *a;
1902 int l1, l2;
1903
1904 l1 = ssfilter_bytecompile(f->pred, &a1);
1905 l2 = ssfilter_bytecompile(f->post, &a2);
1906 if (!l1 || !l2) {
1907 free(a1);
1908 free(a2);
1909 return 0;
1910 }
1911 if (!(a = malloc(l1+l2))) abort();
1912 memcpy(a, a1, l1);
1913 memcpy(a+l1, a2, l2);
1914 free(a1); free(a2);
1915 ssfilter_patch(a, l1, l2);
1916 *bytecode = a;
1917 return l1+l2;
1918 }
1919 case SSF_OR:
1920 {
1921 char *a1 = NULL, *a2 = NULL, *a;
1922 int l1, l2;
1923
1924 l1 = ssfilter_bytecompile(f->pred, &a1);
1925 l2 = ssfilter_bytecompile(f->post, &a2);
1926 if (!l1 || !l2) {
1927 free(a1);
1928 free(a2);
1929 return 0;
1930 }
1931 if (!(a = malloc(l1+l2+4))) abort();
1932 memcpy(a, a1, l1);
1933 memcpy(a+l1+4, a2, l2);
1934 free(a1); free(a2);
1935 *(struct inet_diag_bc_op *)(a+l1) = (struct inet_diag_bc_op){ INET_DIAG_BC_JMP, 4, l2+4 };
1936 *bytecode = a;
1937 return l1+l2+4;
1938 }
1939 case SSF_NOT:
1940 {
1941 char *a1 = NULL, *a;
1942 int l1;
1943
1944 l1 = ssfilter_bytecompile(f->pred, &a1);
1945 if (!l1) {
1946 free(a1);
1947 return 0;
1948 }
1949 if (!(a = malloc(l1+4))) abort();
1950 memcpy(a, a1, l1);
1951 free(a1);
1952 *(struct inet_diag_bc_op *)(a+l1) = (struct inet_diag_bc_op){ INET_DIAG_BC_JMP, 4, 8 };
1953 *bytecode = a;
1954 return l1+4;
1955 }
1956 case SSF_DEVCOND:
1957 {
1958
1959 return 0;
1960 }
1961 case SSF_MARKMASK:
1962 {
1963 struct aafilter *a = (void *)f->pred;
1964 struct instr {
1965 struct inet_diag_bc_op op;
1966 struct inet_diag_markcond cond;
1967 };
1968 int inslen = sizeof(struct instr);
1969
1970 if (!(*bytecode = malloc(inslen))) abort();
1971 ((struct instr *)*bytecode)[0] = (struct instr) {
1972 { INET_DIAG_BC_MARK_COND, inslen, inslen + 4 },
1973 { a->mark, a->mask},
1974 };
1975
1976 return inslen;
1977 }
1978 case SSF_CGROUPCOND:
1979 {
1980 struct aafilter *a = (void *)f->pred;
1981 struct instr {
1982 struct inet_diag_bc_op op;
1983 __u64 cgroup_id;
1984 } __attribute__((packed));
1985 int inslen = sizeof(struct instr);
1986
1987 if (!(*bytecode = malloc(inslen))) abort();
1988 ((struct instr *)*bytecode)[0] = (struct instr) {
1989 { INET_DIAG_BC_CGROUP_COND, inslen, inslen + 4 },
1990 a->cgroup_id,
1991 };
1992
1993 return inslen;
1994 }
1995 default:
1996 abort();
1997 }
1998}
1999
2000static int remember_he(struct aafilter *a, struct hostent *he)
2001{
2002 char **ptr = he->h_addr_list;
2003 int cnt = 0;
2004 int len;
2005
2006 if (he->h_addrtype == AF_INET)
2007 len = 4;
2008 else if (he->h_addrtype == AF_INET6)
2009 len = 16;
2010 else
2011 return 0;
2012
2013 while (*ptr) {
2014 struct aafilter *b = a;
2015
2016 if (a->addr.bitlen) {
2017 if ((b = malloc(sizeof(*b))) == NULL)
2018 return cnt;
2019 *b = *a;
2020 a->next = b;
2021 }
2022 memcpy(b->addr.data, *ptr, len);
2023 b->addr.bytelen = len;
2024 b->addr.bitlen = len*8;
2025 b->addr.family = he->h_addrtype;
2026 ptr++;
2027 cnt++;
2028 }
2029 return cnt;
2030}
2031
2032static int get_dns_host(struct aafilter *a, const char *addr, int fam)
2033{
2034 static int notfirst;
2035 int cnt = 0;
2036 struct hostent *he;
2037
2038 a->addr.bitlen = 0;
2039 if (!notfirst) {
2040 sethostent(1);
2041 notfirst = 1;
2042 }
2043 he = gethostbyname2(addr, fam == AF_UNSPEC ? AF_INET : fam);
2044 if (he)
2045 cnt = remember_he(a, he);
2046 if (fam == AF_UNSPEC) {
2047 he = gethostbyname2(addr, AF_INET6);
2048 if (he)
2049 cnt += remember_he(a, he);
2050 }
2051 return !cnt;
2052}
2053
2054static int xll_initted;
2055
2056static void xll_init(void)
2057{
2058 struct rtnl_handle rth;
2059
2060 if (rtnl_open(&rth, 0) < 0)
2061 exit(1);
2062
2063 ll_init_map(&rth);
2064 rtnl_close(&rth);
2065 xll_initted = 1;
2066}
2067
2068static const char *xll_index_to_name(int index)
2069{
2070 if (!xll_initted)
2071 xll_init();
2072 return ll_index_to_name(index);
2073}
2074
2075static int xll_name_to_index(const char *dev)
2076{
2077 if (!xll_initted)
2078 xll_init();
2079 return ll_name_to_index(dev);
2080}
2081
2082void *parse_devcond(char *name)
2083{
2084 struct aafilter a = { .iface = 0 };
2085 struct aafilter *res;
2086
2087 a.iface = xll_name_to_index(name);
2088 if (a.iface == 0) {
2089 char *end;
2090 unsigned long n;
2091
2092 n = strtoul(name, &end, 0);
2093 if (!end || end == name || *end || n > UINT_MAX)
2094 return NULL;
2095
2096 a.iface = n;
2097 }
2098
2099 res = malloc(sizeof(*res));
2100 *res = a;
2101
2102 return res;
2103}
2104
2105static void vsock_set_inet_prefix(inet_prefix *a, __u32 cid)
2106{
2107 *a = (inet_prefix){
2108 .bytelen = sizeof(cid),
2109 .family = AF_VSOCK,
2110 };
2111 memcpy(a->data, &cid, sizeof(cid));
2112}
2113
2114static char* find_port(char *addr, bool is_port)
2115{
2116 char *port = NULL;
2117 if (is_port)
2118 port = addr;
2119 else
2120 port = strchr(addr, ':');
2121 if (port && *port == ':')
2122 *port++ = '\0';
2123 return port;
2124}
2125
2126void *parse_hostcond(char *addr, bool is_port)
2127{
2128 char *port = NULL;
2129 struct aafilter a = { .port = -1 };
2130 struct aafilter *res;
2131 int fam = preferred_family;
2132 struct filter *f = ¤t_filter;
2133
2134 if (strncmp(addr, "unix:", 5) == 0) {
2135 fam = AF_UNIX;
2136 addr += 5;
2137 } else if (strncmp(addr, "link:", 5) == 0) {
2138 fam = AF_PACKET;
2139 addr += 5;
2140 } else if (strncmp(addr, "netlink:", 8) == 0) {
2141 fam = AF_NETLINK;
2142 addr += 8;
2143 } else if (strncmp(addr, "vsock:", 6) == 0) {
2144 fam = AF_VSOCK;
2145 addr += 6;
2146 } else if (strncmp(addr, "inet:", 5) == 0) {
2147 fam = AF_INET;
2148 addr += 5;
2149 } else if (strncmp(addr, "inet6:", 6) == 0) {
2150 fam = AF_INET6;
2151 addr += 6;
2152 }
2153
2154 if (fam == AF_UNIX) {
2155 char *p;
2156
2157 a.addr.family = AF_UNIX;
2158 p = strdup(addr);
2159 a.addr.bitlen = 8*strlen(p);
2160 memcpy(a.addr.data, &p, sizeof(p));
2161 goto out;
2162 }
2163
2164 if (fam == AF_PACKET) {
2165 a.addr.family = AF_PACKET;
2166 a.addr.bitlen = 0;
2167 port = find_port(addr, is_port);
2168 if (port) {
2169 if (*port && strcmp(port, "*")) {
2170 if (get_integer(&a.port, port, 0)) {
2171 if ((a.port = xll_name_to_index(port)) <= 0)
2172 return NULL;
2173 }
2174 }
2175 }
2176 if (!is_port && addr[0] && strcmp(addr, "*")) {
2177 unsigned short tmp;
2178
2179 a.addr.bitlen = 32;
2180 if (ll_proto_a2n(&tmp, addr))
2181 return NULL;
2182 a.addr.data[0] = ntohs(tmp);
2183 }
2184 goto out;
2185 }
2186
2187 if (fam == AF_NETLINK) {
2188 a.addr.family = AF_NETLINK;
2189 a.addr.bitlen = 0;
2190 port = find_port(addr, is_port);
2191 if (port) {
2192 if (*port && strcmp(port, "*")) {
2193 if (get_integer(&a.port, port, 0)) {
2194 if (strcmp(port, "kernel") == 0)
2195 a.port = 0;
2196 else
2197 return NULL;
2198 }
2199 }
2200 }
2201 if (!is_port && addr[0] && strcmp(addr, "*")) {
2202 a.addr.bitlen = 32;
2203 if (nl_proto_a2n(&a.addr.data[0], addr) == -1)
2204 return NULL;
2205 }
2206 goto out;
2207 }
2208
2209 if (fam == AF_VSOCK) {
2210 __u32 cid = ~(__u32)0;
2211
2212 a.addr.family = AF_VSOCK;
2213
2214 port = find_port(addr, is_port);
2215
2216 if (port && strcmp(port, "*") &&
2217 get_u32((__u32 *)&a.port, port, 0))
2218 return NULL;
2219
2220 if (!is_port && addr[0] && strcmp(addr, "*")) {
2221 a.addr.bitlen = 32;
2222 if (get_u32(&cid, addr, 0))
2223 return NULL;
2224 }
2225 vsock_set_inet_prefix(&a.addr, cid);
2226 goto out;
2227 }
2228
2229
2230 if (addr[0] == '[') {
2231 addr++;
2232 if ((port = strchr(addr, ']')) == NULL)
2233 return NULL;
2234 *port++ = 0;
2235 } else if (addr[0] == '*') {
2236 port = addr+1;
2237 } else {
2238 port = strrchr(strchr(addr, '/') ? : addr, ':');
2239 }
2240
2241 if (is_port)
2242 port = addr;
2243
2244 if (port && *port) {
2245 if (*port == ':')
2246 *port++ = 0;
2247
2248 if (*port && *port != '*') {
2249 if (get_integer(&a.port, port, 0)) {
2250 struct servent *se1 = NULL;
2251 struct servent *se2 = NULL;
2252
2253 if (current_filter.dbs&(1<<UDP_DB))
2254 se1 = getservbyname(port, UDP_PROTO);
2255 if (current_filter.dbs&(1<<TCP_DB))
2256 se2 = getservbyname(port, TCP_PROTO);
2257 if (se1 && se2 && se1->s_port != se2->s_port) {
2258 fprintf(stderr, "Error: ambiguous port \"%s\".\n", port);
2259 return NULL;
2260 }
2261 if (!se1)
2262 se1 = se2;
2263 if (se1) {
2264 a.port = ntohs(se1->s_port);
2265 } else {
2266 struct scache *s;
2267
2268 for (s = rlist; s; s = s->next) {
2269 if ((s->proto == UDP_PROTO &&
2270 (current_filter.dbs&(1<<UDP_DB))) ||
2271 (s->proto == TCP_PROTO &&
2272 (current_filter.dbs&(1<<TCP_DB)))) {
2273 if (s->name && strcmp(s->name, port) == 0) {
2274 if (a.port > 0 && a.port != s->port) {
2275 fprintf(stderr, "Error: ambiguous port \"%s\".\n", port);
2276 return NULL;
2277 }
2278 a.port = s->port;
2279 }
2280 }
2281 }
2282 if (a.port <= 0) {
2283 fprintf(stderr, "Error: \"%s\" does not look like a port.\n", port);
2284 return NULL;
2285 }
2286 }
2287 }
2288 }
2289 }
2290 if (!is_port && *addr && *addr != '*') {
2291 if (get_prefix_1(&a.addr, addr, fam)) {
2292 if (get_dns_host(&a, addr, fam)) {
2293 fprintf(stderr, "Error: an inet prefix is expected rather than \"%s\".\n", addr);
2294 return NULL;
2295 }
2296 }
2297 }
2298
2299out:
2300 if (fam != AF_UNSPEC) {
2301 int states = f->states;
2302 f->families = 0;
2303 filter_af_set(f, fam);
2304 filter_states_set(f, states);
2305 }
2306
2307 res = malloc(sizeof(*res));
2308 if (res)
2309 memcpy(res, &a, sizeof(a));
2310 return res;
2311}
2312
2313void *parse_markmask(const char *markmask)
2314{
2315 struct aafilter a, *res;
2316
2317 if (strchr(markmask, '/')) {
2318 if (sscanf(markmask, "%i/%i", &a.mark, &a.mask) != 2)
2319 return NULL;
2320 } else {
2321 a.mask = 0xffffffff;
2322 if (sscanf(markmask, "%i", &a.mark) != 1)
2323 return NULL;
2324 }
2325
2326 res = malloc(sizeof(*res));
2327 if (res)
2328 memcpy(res, &a, sizeof(a));
2329 return res;
2330}
2331
2332void *parse_cgroupcond(const char *path)
2333{
2334 struct aafilter *res;
2335 __u64 id;
2336
2337 id = get_cgroup2_id(path);
2338 if (!id)
2339 return NULL;
2340
2341 res = malloc(sizeof(*res));
2342 if (res)
2343 res->cgroup_id = id;
2344
2345 return res;
2346}
2347
2348static void proc_ctx_print(struct sockstat *s)
2349{
2350 char *buf;
2351
2352 if (show_proc_ctx || show_sock_ctx) {
2353 if (find_entry(s->ino, &buf,
2354 (show_proc_ctx & show_sock_ctx) ?
2355 PROC_SOCK_CTX : PROC_CTX) > 0) {
2356 out(" users:(%s)", buf);
2357 free(buf);
2358 }
2359 } else if (show_users) {
2360 if (find_entry(s->ino, &buf, USERS) > 0) {
2361 out(" users:(%s)", buf);
2362 free(buf);
2363 }
2364 }
2365}
2366
2367static void inet_stats_print(struct sockstat *s, bool v6only)
2368{
2369 sock_state_print(s);
2370
2371 inet_addr_print(&s->local, s->lport, s->iface, v6only);
2372 inet_addr_print(&s->remote, s->rport, 0, v6only);
2373
2374 proc_ctx_print(s);
2375}
2376
2377static int proc_parse_inet_addr(char *loc, char *rem, int family, struct
2378 sockstat * s)
2379{
2380 s->local.family = s->remote.family = family;
2381 if (family == AF_INET) {
2382 sscanf(loc, "%x:%x", s->local.data, (unsigned *)&s->lport);
2383 sscanf(rem, "%x:%x", s->remote.data, (unsigned *)&s->rport);
2384 s->local.bytelen = s->remote.bytelen = 4;
2385 return 0;
2386 } else {
2387 sscanf(loc, "%08x%08x%08x%08x:%x",
2388 s->local.data,
2389 s->local.data + 1,
2390 s->local.data + 2,
2391 s->local.data + 3,
2392 &s->lport);
2393 sscanf(rem, "%08x%08x%08x%08x:%x",
2394 s->remote.data,
2395 s->remote.data + 1,
2396 s->remote.data + 2,
2397 s->remote.data + 3,
2398 &s->rport);
2399 s->local.bytelen = s->remote.bytelen = 16;
2400 return 0;
2401 }
2402 return -1;
2403}
2404
2405static int proc_inet_split_line(char *line, char **loc, char **rem, char **data)
2406{
2407 char *p;
2408
2409 if ((p = strchr(line, ':')) == NULL)
2410 return -1;
2411
2412 *loc = p+2;
2413 if ((p = strchr(*loc, ':')) == NULL)
2414 return -1;
2415
2416 p[5] = 0;
2417 *rem = p+6;
2418 if ((p = strchr(*rem, ':')) == NULL)
2419 return -1;
2420
2421 p[5] = 0;
2422 *data = p+6;
2423 return 0;
2424}
2425
2426
2427
2428
2429
2430
2431static char *sprint_bw(char *buf, double bw)
2432{
2433 if (numeric)
2434 sprintf(buf, "%.0f", bw);
2435 else if (bw >= 1e12)
2436 sprintf(buf, "%.3gT", bw / 1e12);
2437 else if (bw >= 1e9)
2438 sprintf(buf, "%.3gG", bw / 1e9);
2439 else if (bw >= 1e6)
2440 sprintf(buf, "%.3gM", bw / 1e6);
2441 else if (bw >= 1e3)
2442 sprintf(buf, "%.3gk", bw / 1e3);
2443 else
2444 sprintf(buf, "%g", bw);
2445
2446 return buf;
2447}
2448
2449static void sctp_stats_print(struct sctp_info *s)
2450{
2451 if (s->sctpi_tag)
2452 out(" tag:%x", s->sctpi_tag);
2453 if (s->sctpi_state)
2454 out(" state:%s", sctp_sstate_name[s->sctpi_state]);
2455 if (s->sctpi_rwnd)
2456 out(" rwnd:%d", s->sctpi_rwnd);
2457 if (s->sctpi_unackdata)
2458 out(" unackdata:%d", s->sctpi_unackdata);
2459 if (s->sctpi_penddata)
2460 out(" penddata:%d", s->sctpi_penddata);
2461 if (s->sctpi_instrms)
2462 out(" instrms:%d", s->sctpi_instrms);
2463 if (s->sctpi_outstrms)
2464 out(" outstrms:%d", s->sctpi_outstrms);
2465 if (s->sctpi_inqueue)
2466 out(" inqueue:%d", s->sctpi_inqueue);
2467 if (s->sctpi_outqueue)
2468 out(" outqueue:%d", s->sctpi_outqueue);
2469 if (s->sctpi_overall_error)
2470 out(" overerr:%d", s->sctpi_overall_error);
2471 if (s->sctpi_max_burst)
2472 out(" maxburst:%d", s->sctpi_max_burst);
2473 if (s->sctpi_maxseg)
2474 out(" maxseg:%d", s->sctpi_maxseg);
2475 if (s->sctpi_peer_rwnd)
2476 out(" prwnd:%d", s->sctpi_peer_rwnd);
2477 if (s->sctpi_peer_tag)
2478 out(" ptag:%x", s->sctpi_peer_tag);
2479 if (s->sctpi_peer_capable)
2480 out(" pcapable:%d", s->sctpi_peer_capable);
2481 if (s->sctpi_peer_sack)
2482 out(" psack:%d", s->sctpi_peer_sack);
2483 if (s->sctpi_s_autoclose)
2484 out(" autoclose:%d", s->sctpi_s_autoclose);
2485 if (s->sctpi_s_adaptation_ind)
2486 out(" adapind:%d", s->sctpi_s_adaptation_ind);
2487 if (s->sctpi_s_pd_point)
2488 out(" pdpoint:%d", s->sctpi_s_pd_point);
2489 if (s->sctpi_s_nodelay)
2490 out(" nodelay:%d", s->sctpi_s_nodelay);
2491 if (s->sctpi_s_disable_fragments)
2492 out(" nofrag:%d", s->sctpi_s_disable_fragments);
2493 if (s->sctpi_s_v4mapped)
2494 out(" v4mapped:%d", s->sctpi_s_v4mapped);
2495 if (s->sctpi_s_frag_interleave)
2496 out(" fraginl:%d", s->sctpi_s_frag_interleave);
2497}
2498
2499static void tcp_stats_print(struct tcpstat *s)
2500{
2501 char b1[64];
2502
2503 if (s->has_ts_opt)
2504 out(" ts");
2505 if (s->has_sack_opt)
2506 out(" sack");
2507 if (s->has_ecn_opt)
2508 out(" ecn");
2509 if (s->has_ecnseen_opt)
2510 out(" ecnseen");
2511 if (s->has_fastopen_opt)
2512 out(" fastopen");
2513 if (s->cong_alg[0])
2514 out(" %s", s->cong_alg);
2515 if (s->has_wscale_opt)
2516 out(" wscale:%d,%d", s->snd_wscale, s->rcv_wscale);
2517 if (s->rto)
2518 out(" rto:%g", s->rto);
2519 if (s->backoff)
2520 out(" backoff:%u", s->backoff);
2521 if (s->rtt)
2522 out(" rtt:%g/%g", s->rtt, s->rttvar);
2523 if (s->ato)
2524 out(" ato:%g", s->ato);
2525
2526 if (s->qack)
2527 out(" qack:%d", s->qack);
2528 if (s->qack & 1)
2529 out(" bidir");
2530
2531 if (s->mss)
2532 out(" mss:%d", s->mss);
2533 if (s->pmtu)
2534 out(" pmtu:%u", s->pmtu);
2535 if (s->rcv_mss)
2536 out(" rcvmss:%d", s->rcv_mss);
2537 if (s->advmss)
2538 out(" advmss:%d", s->advmss);
2539 if (s->cwnd)
2540 out(" cwnd:%u", s->cwnd);
2541 if (s->ssthresh)
2542 out(" ssthresh:%d", s->ssthresh);
2543
2544 if (s->bytes_sent)
2545 out(" bytes_sent:%llu", s->bytes_sent);
2546 if (s->bytes_retrans)
2547 out(" bytes_retrans:%llu", s->bytes_retrans);
2548 if (s->bytes_acked)
2549 out(" bytes_acked:%llu", s->bytes_acked);
2550 if (s->bytes_received)
2551 out(" bytes_received:%llu", s->bytes_received);
2552 if (s->segs_out)
2553 out(" segs_out:%u", s->segs_out);
2554 if (s->segs_in)
2555 out(" segs_in:%u", s->segs_in);
2556 if (s->data_segs_out)
2557 out(" data_segs_out:%u", s->data_segs_out);
2558 if (s->data_segs_in)
2559 out(" data_segs_in:%u", s->data_segs_in);
2560
2561 if (s->dctcp && s->dctcp->enabled) {
2562 struct dctcpstat *dctcp = s->dctcp;
2563
2564 out(" dctcp:(ce_state:%u,alpha:%u,ab_ecn:%u,ab_tot:%u)",
2565 dctcp->ce_state, dctcp->alpha, dctcp->ab_ecn,
2566 dctcp->ab_tot);
2567 } else if (s->dctcp) {
2568 out(" dctcp:fallback_mode");
2569 }
2570
2571 if (s->bbr_info) {
2572 __u64 bw;
2573
2574 bw = s->bbr_info->bbr_bw_hi;
2575 bw <<= 32;
2576 bw |= s->bbr_info->bbr_bw_lo;
2577
2578 out(" bbr:(bw:%sbps,mrtt:%g",
2579 sprint_bw(b1, bw * 8.0),
2580 (double)s->bbr_info->bbr_min_rtt / 1000.0);
2581 if (s->bbr_info->bbr_pacing_gain)
2582 out(",pacing_gain:%g",
2583 (double)s->bbr_info->bbr_pacing_gain / 256.0);
2584 if (s->bbr_info->bbr_cwnd_gain)
2585 out(",cwnd_gain:%g",
2586 (double)s->bbr_info->bbr_cwnd_gain / 256.0);
2587 out(")");
2588 }
2589
2590 if (s->send_bps)
2591 out(" send %sbps", sprint_bw(b1, s->send_bps));
2592 if (s->lastsnd)
2593 out(" lastsnd:%u", s->lastsnd);
2594 if (s->lastrcv)
2595 out(" lastrcv:%u", s->lastrcv);
2596 if (s->lastack)
2597 out(" lastack:%u", s->lastack);
2598
2599 if (s->pacing_rate) {
2600 out(" pacing_rate %sbps", sprint_bw(b1, s->pacing_rate));
2601 if (s->pacing_rate_max)
2602 out("/%sbps", sprint_bw(b1, s->pacing_rate_max));
2603 }
2604
2605 if (s->delivery_rate)
2606 out(" delivery_rate %sbps", sprint_bw(b1, s->delivery_rate));
2607 if (s->delivered)
2608 out(" delivered:%u", s->delivered);
2609 if (s->delivered_ce)
2610 out(" delivered_ce:%u", s->delivered_ce);
2611 if (s->app_limited)
2612 out(" app_limited");
2613
2614 if (s->busy_time) {
2615 out(" busy:%llums", s->busy_time / 1000);
2616 if (s->rwnd_limited)
2617 out(" rwnd_limited:%llums(%.1f%%)",
2618 s->rwnd_limited / 1000,
2619 100.0 * s->rwnd_limited / s->busy_time);
2620 if (s->sndbuf_limited)
2621 out(" sndbuf_limited:%llums(%.1f%%)",
2622 s->sndbuf_limited / 1000,
2623 100.0 * s->sndbuf_limited / s->busy_time);
2624 }
2625
2626 if (s->unacked)
2627 out(" unacked:%u", s->unacked);
2628 if (s->retrans || s->retrans_total)
2629 out(" retrans:%u/%u", s->retrans, s->retrans_total);
2630 if (s->lost)
2631 out(" lost:%u", s->lost);
2632 if (s->sacked && s->ss.state != SS_LISTEN)
2633 out(" sacked:%u", s->sacked);
2634 if (s->dsack_dups)
2635 out(" dsack_dups:%u", s->dsack_dups);
2636 if (s->fackets)
2637 out(" fackets:%u", s->fackets);
2638 if (s->reordering != 3)
2639 out(" reordering:%d", s->reordering);
2640 if (s->reord_seen)
2641 out(" reord_seen:%d", s->reord_seen);
2642 if (s->rcv_rtt)
2643 out(" rcv_rtt:%g", s->rcv_rtt);
2644 if (s->rcv_space)
2645 out(" rcv_space:%d", s->rcv_space);
2646 if (s->rcv_ssthresh)
2647 out(" rcv_ssthresh:%u", s->rcv_ssthresh);
2648 if (s->not_sent)
2649 out(" notsent:%u", s->not_sent);
2650 if (s->min_rtt)
2651 out(" minrtt:%g", s->min_rtt);
2652}
2653
2654static void tcp_timer_print(struct tcpstat *s)
2655{
2656 static const char * const tmr_name[] = {
2657 "off",
2658 "on",
2659 "keepalive",
2660 "timewait",
2661 "persist",
2662 "unknown"
2663 };
2664
2665 if (s->timer) {
2666 if (s->timer > 4)
2667 s->timer = 5;
2668 out(" timer:(%s,%s,%d)",
2669 tmr_name[s->timer],
2670 print_ms_timer(s->timeout),
2671 s->retrans);
2672 }
2673}
2674
2675static void sctp_timer_print(struct tcpstat *s)
2676{
2677 if (s->timer)
2678 out(" timer:(T3_RTX,%s,%d)",
2679 print_ms_timer(s->timeout), s->retrans);
2680}
2681
2682static int tcp_show_line(char *line, const struct filter *f, int family)
2683{
2684 int rto = 0, ato = 0;
2685 struct tcpstat s = {};
2686 char *loc, *rem, *data;
2687 char opt[256];
2688 int n;
2689 int hz = get_user_hz();
2690
2691 if (proc_inet_split_line(line, &loc, &rem, &data))
2692 return -1;
2693
2694 int state = (data[1] >= 'A') ? (data[1] - 'A' + 10) : (data[1] - '0');
2695
2696 if (!(f->states & (1 << state)))
2697 return 0;
2698
2699 proc_parse_inet_addr(loc, rem, family, &s.ss);
2700
2701 if (f->f && run_ssfilter(f->f, &s.ss) == 0)
2702 return 0;
2703
2704 opt[0] = 0;
2705 n = sscanf(data, "%x %x:%x %x:%x %x %d %d %u %d %llx %d %d %d %u %d %[^\n]\n",
2706 &s.ss.state, &s.ss.wq, &s.ss.rq,
2707 &s.timer, &s.timeout, &s.retrans, &s.ss.uid, &s.probes,
2708 &s.ss.ino, &s.ss.refcnt, &s.ss.sk, &rto, &ato, &s.qack, &s.cwnd,
2709 &s.ssthresh, opt);
2710
2711 if (n < 17)
2712 opt[0] = 0;
2713
2714 if (n < 12) {
2715 rto = 0;
2716 s.cwnd = 2;
2717 s.ssthresh = -1;
2718 ato = s.qack = 0;
2719 }
2720
2721 s.retrans = s.timer != 1 ? s.probes : s.retrans;
2722 s.timeout = (s.timeout * 1000 + hz - 1) / hz;
2723 s.ato = (double)ato / hz;
2724 s.qack /= 2;
2725 s.rto = (double)rto;
2726 s.ssthresh = s.ssthresh == -1 ? 0 : s.ssthresh;
2727 s.rto = s.rto != 3 * hz ? s.rto / hz : 0;
2728 s.ss.type = IPPROTO_TCP;
2729
2730 inet_stats_print(&s.ss, false);
2731
2732 if (show_options)
2733 tcp_timer_print(&s);
2734
2735 if (show_details) {
2736 sock_details_print(&s.ss);
2737 if (opt[0])
2738 out(" opt:\"%s\"", opt);
2739 }
2740
2741 if (show_tcpinfo)
2742 tcp_stats_print(&s);
2743
2744 return 0;
2745}
2746
2747static int generic_record_read(FILE *fp,
2748 int (*worker)(char*, const struct filter *, int),
2749 const struct filter *f, int fam)
2750{
2751 char line[256];
2752
2753
2754 if (fgets(line, sizeof(line), fp) == NULL)
2755 goto outerr;
2756
2757 while (fgets(line, sizeof(line), fp) != NULL) {
2758 int n = strlen(line);
2759
2760 if (n == 0 || line[n-1] != '\n') {
2761 errno = -EINVAL;
2762 return -1;
2763 }
2764 line[n-1] = 0;
2765
2766 if (worker(line, f, fam) < 0)
2767 return 0;
2768 }
2769outerr:
2770
2771 return ferror(fp) ? -1 : 0;
2772}
2773
2774static void print_skmeminfo(struct rtattr *tb[], int attrtype)
2775{
2776 const __u32 *skmeminfo;
2777
2778 if (!tb[attrtype]) {
2779 if (attrtype == INET_DIAG_SKMEMINFO) {
2780 if (!tb[INET_DIAG_MEMINFO])
2781 return;
2782
2783 const struct inet_diag_meminfo *minfo =
2784 RTA_DATA(tb[INET_DIAG_MEMINFO]);
2785
2786 out(" mem:(r%u,w%u,f%u,t%u)",
2787 minfo->idiag_rmem,
2788 minfo->idiag_wmem,
2789 minfo->idiag_fmem,
2790 minfo->idiag_tmem);
2791 }
2792 return;
2793 }
2794
2795 skmeminfo = RTA_DATA(tb[attrtype]);
2796
2797 out(" skmem:(r%u,rb%u,t%u,tb%u,f%u,w%u,o%u",
2798 skmeminfo[SK_MEMINFO_RMEM_ALLOC],
2799 skmeminfo[SK_MEMINFO_RCVBUF],
2800 skmeminfo[SK_MEMINFO_WMEM_ALLOC],
2801 skmeminfo[SK_MEMINFO_SNDBUF],
2802 skmeminfo[SK_MEMINFO_FWD_ALLOC],
2803 skmeminfo[SK_MEMINFO_WMEM_QUEUED],
2804 skmeminfo[SK_MEMINFO_OPTMEM]);
2805
2806 if (RTA_PAYLOAD(tb[attrtype]) >=
2807 (SK_MEMINFO_BACKLOG + 1) * sizeof(__u32))
2808 out(",bl%u", skmeminfo[SK_MEMINFO_BACKLOG]);
2809
2810 if (RTA_PAYLOAD(tb[attrtype]) >=
2811 (SK_MEMINFO_DROPS + 1) * sizeof(__u32))
2812 out(",d%u", skmeminfo[SK_MEMINFO_DROPS]);
2813
2814 out(")");
2815}
2816
2817static void print_md5sig(struct tcp_diag_md5sig *sig)
2818{
2819 out("%s/%d=",
2820 format_host(sig->tcpm_family,
2821 sig->tcpm_family == AF_INET6 ? 16 : 4,
2822 &sig->tcpm_addr),
2823 sig->tcpm_prefixlen);
2824 print_escape_buf(sig->tcpm_key, sig->tcpm_keylen, " ,");
2825}
2826
2827static void tcp_tls_version(struct rtattr *attr)
2828{
2829 u_int16_t val;
2830
2831 if (!attr)
2832 return;
2833 val = rta_getattr_u16(attr);
2834
2835 switch (val) {
2836 case TLS_1_2_VERSION:
2837 out(" version: 1.2");
2838 break;
2839 case TLS_1_3_VERSION:
2840 out(" version: 1.3");
2841 break;
2842 default:
2843 out(" version: unknown(%hu)", val);
2844 break;
2845 }
2846}
2847
2848static void tcp_tls_cipher(struct rtattr *attr)
2849{
2850 u_int16_t val;
2851
2852 if (!attr)
2853 return;
2854 val = rta_getattr_u16(attr);
2855
2856 switch (val) {
2857 case TLS_CIPHER_AES_GCM_128:
2858 out(" cipher: aes-gcm-128");
2859 break;
2860 case TLS_CIPHER_AES_GCM_256:
2861 out(" cipher: aes-gcm-256");
2862 break;
2863 }
2864}
2865
2866static void tcp_tls_conf(const char *name, struct rtattr *attr)
2867{
2868 u_int16_t val;
2869
2870 if (!attr)
2871 return;
2872 val = rta_getattr_u16(attr);
2873
2874 switch (val) {
2875 case TLS_CONF_BASE:
2876 out(" %s: none", name);
2877 break;
2878 case TLS_CONF_SW:
2879 out(" %s: sw", name);
2880 break;
2881 case TLS_CONF_HW:
2882 out(" %s: hw", name);
2883 break;
2884 case TLS_CONF_HW_RECORD:
2885 out(" %s: hw-record", name);
2886 break;
2887 default:
2888 out(" %s: unknown(%hu)", name, val);
2889 break;
2890 }
2891}
2892
2893static void mptcp_subflow_info(struct rtattr *tb[])
2894{
2895 u_int32_t flags = 0;
2896
2897 if (tb[MPTCP_SUBFLOW_ATTR_FLAGS]) {
2898 char caps[32 + 1] = { 0 }, *cap = &caps[0];
2899
2900 flags = rta_getattr_u32(tb[MPTCP_SUBFLOW_ATTR_FLAGS]);
2901
2902 if (flags & MPTCP_SUBFLOW_FLAG_MCAP_REM)
2903 *cap++ = 'M';
2904 if (flags & MPTCP_SUBFLOW_FLAG_MCAP_LOC)
2905 *cap++ = 'm';
2906 if (flags & MPTCP_SUBFLOW_FLAG_JOIN_REM)
2907 *cap++ = 'J';
2908 if (flags & MPTCP_SUBFLOW_FLAG_JOIN_LOC)
2909 *cap++ = 'j';
2910 if (flags & MPTCP_SUBFLOW_FLAG_BKUP_REM)
2911 *cap++ = 'B';
2912 if (flags & MPTCP_SUBFLOW_FLAG_BKUP_LOC)
2913 *cap++ = 'b';
2914 if (flags & MPTCP_SUBFLOW_FLAG_FULLY_ESTABLISHED)
2915 *cap++ = 'e';
2916 if (flags & MPTCP_SUBFLOW_FLAG_CONNECTED)
2917 *cap++ = 'c';
2918 if (flags & MPTCP_SUBFLOW_FLAG_MAPVALID)
2919 *cap++ = 'v';
2920 if (flags)
2921 out(" flags:%s", caps);
2922 }
2923 if (tb[MPTCP_SUBFLOW_ATTR_TOKEN_REM] &&
2924 tb[MPTCP_SUBFLOW_ATTR_TOKEN_LOC] &&
2925 tb[MPTCP_SUBFLOW_ATTR_ID_REM] &&
2926 tb[MPTCP_SUBFLOW_ATTR_ID_LOC])
2927 out(" token:%04x(id:%hhu)/%04x(id:%hhu)",
2928 rta_getattr_u32(tb[MPTCP_SUBFLOW_ATTR_TOKEN_REM]),
2929 rta_getattr_u8(tb[MPTCP_SUBFLOW_ATTR_ID_REM]),
2930 rta_getattr_u32(tb[MPTCP_SUBFLOW_ATTR_TOKEN_LOC]),
2931 rta_getattr_u8(tb[MPTCP_SUBFLOW_ATTR_ID_LOC]));
2932 if (tb[MPTCP_SUBFLOW_ATTR_MAP_SEQ])
2933 out(" seq:%llx",
2934 rta_getattr_u64(tb[MPTCP_SUBFLOW_ATTR_MAP_SEQ]));
2935 if (tb[MPTCP_SUBFLOW_ATTR_MAP_SFSEQ])
2936 out(" sfseq:%x",
2937 rta_getattr_u32(tb[MPTCP_SUBFLOW_ATTR_MAP_SFSEQ]));
2938 if (tb[MPTCP_SUBFLOW_ATTR_SSN_OFFSET])
2939 out(" ssnoff:%x",
2940 rta_getattr_u32(tb[MPTCP_SUBFLOW_ATTR_SSN_OFFSET]));
2941 if (tb[MPTCP_SUBFLOW_ATTR_MAP_DATALEN])
2942 out(" maplen:%x",
2943 rta_getattr_u32(tb[MPTCP_SUBFLOW_ATTR_MAP_DATALEN]));
2944}
2945
2946#define TCPI_HAS_OPT(info, opt) !!(info->tcpi_options & (opt))
2947
2948static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r,
2949 struct rtattr *tb[])
2950{
2951 double rtt = 0;
2952 struct tcpstat s = {};
2953
2954 s.ss.state = r->idiag_state;
2955
2956 print_skmeminfo(tb, INET_DIAG_SKMEMINFO);
2957
2958 if (tb[INET_DIAG_INFO]) {
2959 struct tcp_info *info;
2960 int len = RTA_PAYLOAD(tb[INET_DIAG_INFO]);
2961
2962
2963 if (len < sizeof(*info)) {
2964 info = alloca(sizeof(*info));
2965 memcpy(info, RTA_DATA(tb[INET_DIAG_INFO]), len);
2966 memset((char *)info + len, 0, sizeof(*info) - len);
2967 } else
2968 info = RTA_DATA(tb[INET_DIAG_INFO]);
2969
2970 if (show_options) {
2971 s.has_ts_opt = TCPI_HAS_OPT(info, TCPI_OPT_TIMESTAMPS);
2972 s.has_sack_opt = TCPI_HAS_OPT(info, TCPI_OPT_SACK);
2973 s.has_ecn_opt = TCPI_HAS_OPT(info, TCPI_OPT_ECN);
2974 s.has_ecnseen_opt = TCPI_HAS_OPT(info, TCPI_OPT_ECN_SEEN);
2975 s.has_fastopen_opt = TCPI_HAS_OPT(info, TCPI_OPT_SYN_DATA);
2976 }
2977
2978 if (tb[INET_DIAG_CONG])
2979 strncpy(s.cong_alg,
2980 rta_getattr_str(tb[INET_DIAG_CONG]),
2981 sizeof(s.cong_alg) - 1);
2982
2983 if (TCPI_HAS_OPT(info, TCPI_OPT_WSCALE)) {
2984 s.has_wscale_opt = true;
2985 s.snd_wscale = info->tcpi_snd_wscale;
2986 s.rcv_wscale = info->tcpi_rcv_wscale;
2987 }
2988
2989 if (info->tcpi_rto && info->tcpi_rto != 3000000)
2990 s.rto = (double)info->tcpi_rto / 1000;
2991
2992 s.backoff = info->tcpi_backoff;
2993 s.rtt = (double)info->tcpi_rtt / 1000;
2994 s.rttvar = (double)info->tcpi_rttvar / 1000;
2995 s.ato = (double)info->tcpi_ato / 1000;
2996 s.mss = info->tcpi_snd_mss;
2997 s.rcv_mss = info->tcpi_rcv_mss;
2998 s.advmss = info->tcpi_advmss;
2999 s.rcv_space = info->tcpi_rcv_space;
3000 s.rcv_rtt = (double)info->tcpi_rcv_rtt / 1000;
3001 s.lastsnd = info->tcpi_last_data_sent;
3002 s.lastrcv = info->tcpi_last_data_recv;
3003 s.lastack = info->tcpi_last_ack_recv;
3004 s.unacked = info->tcpi_unacked;
3005 s.retrans = info->tcpi_retrans;
3006 s.retrans_total = info->tcpi_total_retrans;
3007 s.lost = info->tcpi_lost;
3008 s.sacked = info->tcpi_sacked;
3009 s.fackets = info->tcpi_fackets;
3010 s.reordering = info->tcpi_reordering;
3011 s.rcv_ssthresh = info->tcpi_rcv_ssthresh;
3012 s.cwnd = info->tcpi_snd_cwnd;
3013 s.pmtu = info->tcpi_pmtu;
3014
3015 if (info->tcpi_snd_ssthresh < 0xFFFF)
3016 s.ssthresh = info->tcpi_snd_ssthresh;
3017
3018 rtt = (double) info->tcpi_rtt;
3019 if (tb[INET_DIAG_VEGASINFO]) {
3020 const struct tcpvegas_info *vinfo
3021 = RTA_DATA(tb[INET_DIAG_VEGASINFO]);
3022
3023 if (vinfo->tcpv_enabled &&
3024 vinfo->tcpv_rtt && vinfo->tcpv_rtt != 0x7fffffff)
3025 rtt = vinfo->tcpv_rtt;
3026 }
3027
3028 if (tb[INET_DIAG_DCTCPINFO]) {
3029 struct dctcpstat *dctcp = malloc(sizeof(struct
3030 dctcpstat));
3031
3032 const struct tcp_dctcp_info *dinfo
3033 = RTA_DATA(tb[INET_DIAG_DCTCPINFO]);
3034
3035 dctcp->enabled = !!dinfo->dctcp_enabled;
3036 dctcp->ce_state = dinfo->dctcp_ce_state;
3037 dctcp->alpha = dinfo->dctcp_alpha;
3038 dctcp->ab_ecn = dinfo->dctcp_ab_ecn;
3039 dctcp->ab_tot = dinfo->dctcp_ab_tot;
3040 s.dctcp = dctcp;
3041 }
3042
3043 if (tb[INET_DIAG_BBRINFO]) {
3044 const void *bbr_info = RTA_DATA(tb[INET_DIAG_BBRINFO]);
3045 int len = min(RTA_PAYLOAD(tb[INET_DIAG_BBRINFO]),
3046 sizeof(*s.bbr_info));
3047
3048 s.bbr_info = calloc(1, sizeof(*s.bbr_info));
3049 if (s.bbr_info && bbr_info)
3050 memcpy(s.bbr_info, bbr_info, len);
3051 }
3052
3053 if (rtt > 0 && info->tcpi_snd_mss && info->tcpi_snd_cwnd) {
3054 s.send_bps = (double) info->tcpi_snd_cwnd *
3055 (double)info->tcpi_snd_mss * 8000000. / rtt;
3056 }
3057
3058 if (info->tcpi_pacing_rate &&
3059 info->tcpi_pacing_rate != ~0ULL) {
3060 s.pacing_rate = info->tcpi_pacing_rate * 8.;
3061
3062 if (info->tcpi_max_pacing_rate &&
3063 info->tcpi_max_pacing_rate != ~0ULL)
3064 s.pacing_rate_max = info->tcpi_max_pacing_rate * 8.;
3065 }
3066 s.bytes_acked = info->tcpi_bytes_acked;
3067 s.bytes_received = info->tcpi_bytes_received;
3068 s.segs_out = info->tcpi_segs_out;
3069 s.segs_in = info->tcpi_segs_in;
3070 s.data_segs_out = info->tcpi_data_segs_out;
3071 s.data_segs_in = info->tcpi_data_segs_in;
3072 s.not_sent = info->tcpi_notsent_bytes;
3073 if (info->tcpi_min_rtt && info->tcpi_min_rtt != ~0U)
3074 s.min_rtt = (double) info->tcpi_min_rtt / 1000;
3075 s.delivery_rate = info->tcpi_delivery_rate * 8.;
3076 s.app_limited = info->tcpi_delivery_rate_app_limited;
3077 s.busy_time = info->tcpi_busy_time;
3078 s.rwnd_limited = info->tcpi_rwnd_limited;
3079 s.sndbuf_limited = info->tcpi_sndbuf_limited;
3080 s.delivered = info->tcpi_delivered;
3081 s.delivered_ce = info->tcpi_delivered_ce;
3082 s.dsack_dups = info->tcpi_dsack_dups;
3083 s.reord_seen = info->tcpi_reord_seen;
3084 s.bytes_sent = info->tcpi_bytes_sent;
3085 s.bytes_retrans = info->tcpi_bytes_retrans;
3086 tcp_stats_print(&s);
3087 free(s.dctcp);
3088 free(s.bbr_info);
3089 }
3090 if (tb[INET_DIAG_MD5SIG]) {
3091 struct tcp_diag_md5sig *sig = RTA_DATA(tb[INET_DIAG_MD5SIG]);
3092 int len = RTA_PAYLOAD(tb[INET_DIAG_MD5SIG]);
3093
3094 out(" md5keys:");
3095 print_md5sig(sig++);
3096 for (len -= sizeof(*sig); len > 0; len -= sizeof(*sig)) {
3097 out(",");
3098 print_md5sig(sig++);
3099 }
3100 }
3101 if (tb[INET_DIAG_ULP_INFO]) {
3102 struct rtattr *ulpinfo[INET_ULP_INFO_MAX + 1] = { 0 };
3103
3104 parse_rtattr_nested(ulpinfo, INET_ULP_INFO_MAX,
3105 tb[INET_DIAG_ULP_INFO]);
3106
3107 if (ulpinfo[INET_ULP_INFO_NAME])
3108 out(" tcp-ulp-%s",
3109 rta_getattr_str(ulpinfo[INET_ULP_INFO_NAME]));
3110
3111 if (ulpinfo[INET_ULP_INFO_TLS]) {
3112 struct rtattr *tlsinfo[TLS_INFO_MAX + 1] = { 0 };
3113
3114 parse_rtattr_nested(tlsinfo, TLS_INFO_MAX,
3115 ulpinfo[INET_ULP_INFO_TLS]);
3116
3117 tcp_tls_version(tlsinfo[TLS_INFO_VERSION]);
3118 tcp_tls_cipher(tlsinfo[TLS_INFO_CIPHER]);
3119 tcp_tls_conf("rxconf", tlsinfo[TLS_INFO_RXCONF]);
3120 tcp_tls_conf("txconf", tlsinfo[TLS_INFO_TXCONF]);
3121 }
3122 if (ulpinfo[INET_ULP_INFO_MPTCP]) {
3123 struct rtattr *sfinfo[MPTCP_SUBFLOW_ATTR_MAX + 1] =
3124 { 0 };
3125
3126 parse_rtattr_nested(sfinfo, MPTCP_SUBFLOW_ATTR_MAX,
3127 ulpinfo[INET_ULP_INFO_MPTCP]);
3128 mptcp_subflow_info(sfinfo);
3129 }
3130 }
3131}
3132
3133static void mptcp_stats_print(struct mptcp_info *s)
3134{
3135 if (s->mptcpi_subflows)
3136 out(" subflows:%d", s->mptcpi_subflows);
3137 if (s->mptcpi_add_addr_signal)
3138 out(" add_addr_signal:%d", s->mptcpi_add_addr_signal);
3139 if (s->mptcpi_add_addr_accepted)
3140 out(" add_addr_accepted:%d", s->mptcpi_add_addr_accepted);
3141 if (s->mptcpi_subflows_max)
3142 out(" subflows_max:%d", s->mptcpi_subflows_max);
3143 if (s->mptcpi_add_addr_signal_max)
3144 out(" add_addr_signal_max:%d", s->mptcpi_add_addr_signal_max);
3145 if (s->mptcpi_add_addr_accepted_max)
3146 out(" add_addr_accepted_max:%d", s->mptcpi_add_addr_accepted_max);
3147 if (s->mptcpi_flags & MPTCP_INFO_FLAG_FALLBACK)
3148 out(" fallback");
3149 if (s->mptcpi_flags & MPTCP_INFO_FLAG_REMOTE_KEY_RECEIVED)
3150 out(" remote_key");
3151 if (s->mptcpi_token)
3152 out(" token:%x", s->mptcpi_token);
3153 if (s->mptcpi_write_seq)
3154 out(" write_seq:%llx", s->mptcpi_write_seq);
3155 if (s->mptcpi_snd_una)
3156 out(" snd_una:%llx", s->mptcpi_snd_una);
3157 if (s->mptcpi_rcv_nxt)
3158 out(" rcv_nxt:%llx", s->mptcpi_rcv_nxt);
3159}
3160
3161static void mptcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r,
3162 struct rtattr *tb[])
3163{
3164 print_skmeminfo(tb, INET_DIAG_SKMEMINFO);
3165
3166 if (tb[INET_DIAG_INFO]) {
3167 struct mptcp_info *info;
3168 int len = RTA_PAYLOAD(tb[INET_DIAG_INFO]);
3169
3170
3171 if (len < sizeof(*info)) {
3172 info = alloca(sizeof(*info));
3173 memcpy(info, RTA_DATA(tb[INET_DIAG_INFO]), len);
3174 memset((char *)info + len, 0, sizeof(*info) - len);
3175 } else
3176 info = RTA_DATA(tb[INET_DIAG_INFO]);
3177
3178 mptcp_stats_print(info);
3179 }
3180}
3181
3182static const char *format_host_sa(struct sockaddr_storage *sa)
3183{
3184 union {
3185 struct sockaddr_in sin;
3186 struct sockaddr_in6 sin6;
3187 } *saddr = (void *)sa;
3188
3189 switch (sa->ss_family) {
3190 case AF_INET:
3191 return format_host(AF_INET, 4, &saddr->sin.sin_addr);
3192 case AF_INET6:
3193 return format_host(AF_INET6, 16, &saddr->sin6.sin6_addr);
3194 default:
3195 return "";
3196 }
3197}
3198
3199static void sctp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r,
3200 struct rtattr *tb[])
3201{
3202 struct sockaddr_storage *sa;
3203 int len;
3204
3205 print_skmeminfo(tb, INET_DIAG_SKMEMINFO);
3206
3207 if (tb[INET_DIAG_LOCALS]) {
3208 len = RTA_PAYLOAD(tb[INET_DIAG_LOCALS]);
3209 sa = RTA_DATA(tb[INET_DIAG_LOCALS]);
3210
3211 out(" locals:%s", format_host_sa(sa));
3212 for (sa++, len -= sizeof(*sa); len > 0; sa++, len -= sizeof(*sa))
3213 out(",%s", format_host_sa(sa));
3214
3215 }
3216 if (tb[INET_DIAG_PEERS]) {
3217 len = RTA_PAYLOAD(tb[INET_DIAG_PEERS]);
3218 sa = RTA_DATA(tb[INET_DIAG_PEERS]);
3219
3220 out(" peers:%s", format_host_sa(sa));
3221 for (sa++, len -= sizeof(*sa); len > 0; sa++, len -= sizeof(*sa))
3222 out(",%s", format_host_sa(sa));
3223 }
3224 if (tb[INET_DIAG_INFO]) {
3225 struct sctp_info *info;
3226 len = RTA_PAYLOAD(tb[INET_DIAG_INFO]);
3227
3228
3229 if (len < sizeof(*info)) {
3230 info = alloca(sizeof(*info));
3231 memcpy(info, RTA_DATA(tb[INET_DIAG_INFO]), len);
3232 memset((char *)info + len, 0, sizeof(*info) - len);
3233 } else
3234 info = RTA_DATA(tb[INET_DIAG_INFO]);
3235
3236 sctp_stats_print(info);
3237 }
3238}
3239
3240static void parse_diag_msg(struct nlmsghdr *nlh, struct sockstat *s)
3241{
3242 struct rtattr *tb[INET_DIAG_MAX+1];
3243 struct inet_diag_msg *r = NLMSG_DATA(nlh);
3244
3245 parse_rtattr(tb, INET_DIAG_MAX, (struct rtattr *)(r+1),
3246 nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
3247
3248 s->state = r->idiag_state;
3249 s->local.family = s->remote.family = r->idiag_family;
3250 s->lport = ntohs(r->id.idiag_sport);
3251 s->rport = ntohs(r->id.idiag_dport);
3252 s->wq = r->idiag_wqueue;
3253 s->rq = r->idiag_rqueue;
3254 s->ino = r->idiag_inode;
3255 s->uid = r->idiag_uid;
3256 s->iface = r->id.idiag_if;
3257 s->sk = cookie_sk_get(&r->id.idiag_cookie[0]);
3258
3259 s->mark = 0;
3260 if (tb[INET_DIAG_MARK])
3261 s->mark = rta_getattr_u32(tb[INET_DIAG_MARK]);
3262 s->cgroup_id = 0;
3263 if (tb[INET_DIAG_CGROUP_ID])
3264 s->cgroup_id = rta_getattr_u64(tb[INET_DIAG_CGROUP_ID]);
3265 if (tb[INET_DIAG_PROTOCOL])
3266 s->raw_prot = rta_getattr_u8(tb[INET_DIAG_PROTOCOL]);
3267 else
3268 s->raw_prot = 0;
3269
3270 if (s->local.family == AF_INET)
3271 s->local.bytelen = s->remote.bytelen = 4;
3272 else
3273 s->local.bytelen = s->remote.bytelen = 16;
3274
3275 memcpy(s->local.data, r->id.idiag_src, s->local.bytelen);
3276 memcpy(s->remote.data, r->id.idiag_dst, s->local.bytelen);
3277}
3278
3279static int inet_show_sock(struct nlmsghdr *nlh,
3280 struct sockstat *s)
3281{
3282 struct rtattr *tb[INET_DIAG_MAX+1];
3283 struct inet_diag_msg *r = NLMSG_DATA(nlh);
3284 unsigned char v6only = 0;
3285
3286 parse_rtattr(tb, INET_DIAG_MAX, (struct rtattr *)(r+1),
3287 nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
3288
3289 if (tb[INET_DIAG_PROTOCOL])
3290 s->type = rta_getattr_u8(tb[INET_DIAG_PROTOCOL]);
3291
3292 if (s->local.family == AF_INET6 && tb[INET_DIAG_SKV6ONLY])
3293 v6only = rta_getattr_u8(tb[INET_DIAG_SKV6ONLY]);
3294
3295 inet_stats_print(s, v6only);
3296
3297 if (show_options) {
3298 struct tcpstat t = {};
3299
3300 t.timer = r->idiag_timer;
3301 t.timeout = r->idiag_expires;
3302 t.retrans = r->idiag_retrans;
3303 if (s->type == IPPROTO_SCTP)
3304 sctp_timer_print(&t);
3305 else
3306 tcp_timer_print(&t);
3307 }
3308
3309 if (show_details) {
3310 sock_details_print(s);
3311 if (s->local.family == AF_INET6 && tb[INET_DIAG_SKV6ONLY])
3312 out(" v6only:%u", v6only);
3313
3314 if (tb[INET_DIAG_SHUTDOWN]) {
3315 unsigned char mask;
3316
3317 mask = rta_getattr_u8(tb[INET_DIAG_SHUTDOWN]);
3318 out(" %c-%c",
3319 mask & 1 ? '-' : '<', mask & 2 ? '-' : '>');
3320 }
3321 }
3322
3323 if (show_tos) {
3324 if (tb[INET_DIAG_TOS])
3325 out(" tos:%#x", rta_getattr_u8(tb[INET_DIAG_TOS]));
3326 if (tb[INET_DIAG_TCLASS])
3327 out(" tclass:%#x", rta_getattr_u8(tb[INET_DIAG_TCLASS]));
3328 if (tb[INET_DIAG_CLASS_ID])
3329 out(" class_id:%#x", rta_getattr_u32(tb[INET_DIAG_CLASS_ID]));
3330 }
3331
3332 if (show_cgroup) {
3333 if (tb[INET_DIAG_CGROUP_ID])
3334 out(" cgroup:%s", cg_id_to_path(rta_getattr_u64(tb[INET_DIAG_CGROUP_ID])));
3335 }
3336
3337 if (show_inet_sockopt) {
3338 if (tb[INET_DIAG_SOCKOPT] && RTA_PAYLOAD(tb[INET_DIAG_SOCKOPT]) >=
3339 sizeof(struct inet_diag_sockopt)) {
3340 const struct inet_diag_sockopt *sockopt =
3341 RTA_DATA(tb[INET_DIAG_SOCKOPT]);
3342 if (!oneline)
3343 out("\n\tinet-sockopt: (");
3344 else
3345 out(" inet-sockopt: (");
3346 if (sockopt->recverr)
3347 out(" recverr");
3348 if (sockopt->is_icsk)
3349 out(" is_icsk");
3350 if (sockopt->freebind)
3351 out(" freebind");
3352 if (sockopt->hdrincl)
3353 out(" hdrincl");
3354 if (sockopt->mc_loop)
3355 out(" mc_loop");
3356 if (sockopt->transparent)
3357 out(" transparent");
3358 if (sockopt->mc_all)
3359 out(" mc_all");
3360 if (sockopt->nodefrag)
3361 out(" nodefrag");
3362 if (sockopt->bind_address_no_port)
3363 out(" bind_addr_no_port");
3364 if (sockopt->recverr_rfc4884)
3365 out(" recverr_rfc4884");
3366 if (sockopt->defer_connect)
3367 out(" defer_connect");
3368 out(")");
3369 }
3370 }
3371
3372 if (show_mem || (show_tcpinfo && s->type != IPPROTO_UDP)) {
3373 if (!oneline)
3374 out("\n\t");
3375 if (s->type == IPPROTO_SCTP)
3376 sctp_show_info(nlh, r, tb);
3377 else if (s->type == IPPROTO_MPTCP)
3378 mptcp_show_info(nlh, r, tb);
3379 else
3380 tcp_show_info(nlh, r, tb);
3381 }
3382 sctp_ino = s->ino;
3383
3384 return 0;
3385}
3386
3387static int tcpdiag_send(int fd, int protocol, struct filter *f)
3388{
3389 struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
3390 struct {
3391 struct nlmsghdr nlh;
3392 struct inet_diag_req r;
3393 } req = {
3394 .nlh.nlmsg_len = sizeof(req),
3395 .nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST,
3396 .nlh.nlmsg_seq = MAGIC_SEQ,
3397 .r.idiag_family = AF_INET,
3398 .r.idiag_states = f->states,
3399 };
3400 char *bc = NULL;
3401 int bclen;
3402 struct msghdr msg;
3403 struct rtattr rta;
3404 struct iovec iov[3];
3405 int iovlen = 1;
3406
3407 if (protocol == IPPROTO_TCP)
3408 req.nlh.nlmsg_type = TCPDIAG_GETSOCK;
3409 else if (protocol == IPPROTO_DCCP)
3410 req.nlh.nlmsg_type = DCCPDIAG_GETSOCK;
3411 else
3412 return -1;
3413
3414 if (show_mem) {
3415 req.r.idiag_ext |= (1<<(INET_DIAG_MEMINFO-1));
3416 req.r.idiag_ext |= (1<<(INET_DIAG_SKMEMINFO-1));
3417 }
3418
3419 if (show_tcpinfo) {
3420 req.r.idiag_ext |= (1<<(INET_DIAG_INFO-1));
3421 req.r.idiag_ext |= (1<<(INET_DIAG_VEGASINFO-1));
3422 req.r.idiag_ext |= (1<<(INET_DIAG_CONG-1));
3423 }
3424
3425 if (show_tos) {
3426 req.r.idiag_ext |= (1<<(INET_DIAG_TOS-1));
3427 req.r.idiag_ext |= (1<<(INET_DIAG_TCLASS-1));
3428 }
3429
3430 iov[0] = (struct iovec){
3431 .iov_base = &req,
3432 .iov_len = sizeof(req)
3433 };
3434 if (f->f) {
3435 bclen = ssfilter_bytecompile(f->f, &bc);
3436 if (bclen) {
3437 rta.rta_type = INET_DIAG_REQ_BYTECODE;
3438 rta.rta_len = RTA_LENGTH(bclen);
3439 iov[1] = (struct iovec){ &rta, sizeof(rta) };
3440 iov[2] = (struct iovec){ bc, bclen };
3441 req.nlh.nlmsg_len += RTA_LENGTH(bclen);
3442 iovlen = 3;
3443 }
3444 }
3445
3446 msg = (struct msghdr) {
3447 .msg_name = (void *)&nladdr,
3448 .msg_namelen = sizeof(nladdr),
3449 .msg_iov = iov,
3450 .msg_iovlen = iovlen,
3451 };
3452
3453 if (sendmsg(fd, &msg, 0) < 0) {
3454 close(fd);
3455 return -1;
3456 }
3457
3458 return 0;
3459}
3460
3461static int sockdiag_send(int family, int fd, int protocol, struct filter *f)
3462{
3463 struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
3464 DIAG_REQUEST(req, struct inet_diag_req_v2 r);
3465 char *bc = NULL;
3466 int bclen;
3467 __u32 proto;
3468 struct msghdr msg;
3469 struct rtattr rta_bc;
3470 struct rtattr rta_proto;
3471 struct iovec iov[5];
3472 int iovlen = 1;
3473
3474 if (family == PF_UNSPEC)
3475 return tcpdiag_send(fd, protocol, f);
3476
3477 memset(&req.r, 0, sizeof(req.r));
3478 req.r.sdiag_family = family;
3479 req.r.sdiag_protocol = protocol;
3480 req.r.idiag_states = f->states;
3481 if (show_mem) {
3482 req.r.idiag_ext |= (1<<(INET_DIAG_MEMINFO-1));
3483 req.r.idiag_ext |= (1<<(INET_DIAG_SKMEMINFO-1));
3484 }
3485
3486 if (show_tcpinfo) {
3487 req.r.idiag_ext |= (1<<(INET_DIAG_INFO-1));
3488 req.r.idiag_ext |= (1<<(INET_DIAG_VEGASINFO-1));
3489 req.r.idiag_ext |= (1<<(INET_DIAG_CONG-1));
3490 }
3491
3492 if (show_tos) {
3493 req.r.idiag_ext |= (1<<(INET_DIAG_TOS-1));
3494 req.r.idiag_ext |= (1<<(INET_DIAG_TCLASS-1));
3495 }
3496
3497 iov[0] = (struct iovec){
3498 .iov_base = &req,
3499 .iov_len = sizeof(req)
3500 };
3501 if (f->f) {
3502 bclen = ssfilter_bytecompile(f->f, &bc);
3503 if (bclen) {
3504 rta_bc.rta_type = INET_DIAG_REQ_BYTECODE;
3505 rta_bc.rta_len = RTA_LENGTH(bclen);
3506 iov[1] = (struct iovec){ &rta_bc, sizeof(rta_bc) };
3507 iov[2] = (struct iovec){ bc, bclen };
3508 req.nlh.nlmsg_len += RTA_LENGTH(bclen);
3509 iovlen = 3;
3510 }
3511 }
3512
3513
3514 if (protocol > 255) {
3515 rta_proto.rta_type = INET_DIAG_REQ_PROTOCOL;
3516 rta_proto.rta_len = RTA_LENGTH(sizeof(proto));
3517 proto = protocol;
3518 iov[iovlen] = (struct iovec){ &rta_proto, sizeof(rta_proto) };
3519 iov[iovlen + 1] = (struct iovec){ &proto, sizeof(proto) };
3520 req.nlh.nlmsg_len += RTA_LENGTH(sizeof(proto));
3521 iovlen += 2;
3522 }
3523
3524 msg = (struct msghdr) {
3525 .msg_name = (void *)&nladdr,
3526 .msg_namelen = sizeof(nladdr),
3527 .msg_iov = iov,
3528 .msg_iovlen = iovlen,
3529 };
3530
3531 if (sendmsg(fd, &msg, 0) < 0) {
3532 close(fd);
3533 return -1;
3534 }
3535
3536 return 0;
3537}
3538
3539struct inet_diag_arg {
3540 struct filter *f;
3541 int protocol;
3542 struct rtnl_handle *rth;
3543};
3544
3545static int kill_inet_sock(struct nlmsghdr *h, void *arg, struct sockstat *s)
3546{
3547 struct inet_diag_msg *d = NLMSG_DATA(h);
3548 struct inet_diag_arg *diag_arg = arg;
3549 struct rtnl_handle *rth = diag_arg->rth;
3550
3551 DIAG_REQUEST(req, struct inet_diag_req_v2 r);
3552
3553 req.nlh.nlmsg_type = SOCK_DESTROY;
3554 req.nlh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
3555 req.nlh.nlmsg_seq = ++rth->seq;
3556 req.r.sdiag_family = d->idiag_family;
3557 req.r.sdiag_protocol = diag_arg->protocol;
3558 req.r.id = d->id;
3559
3560 if (diag_arg->protocol == IPPROTO_RAW) {
3561 struct inet_diag_req_raw *raw = (void *)&req.r;
3562
3563 BUILD_BUG_ON(sizeof(req.r) != sizeof(*raw));
3564 raw->sdiag_raw_protocol = s->raw_prot;
3565 }
3566
3567 return rtnl_talk(rth, &req.nlh, NULL);
3568}
3569
3570static int show_one_inet_sock(struct nlmsghdr *h, void *arg)
3571{
3572 int err;
3573 struct inet_diag_arg *diag_arg = arg;
3574 struct inet_diag_msg *r = NLMSG_DATA(h);
3575 struct sockstat s = {};
3576
3577 if (!(diag_arg->f->families & FAMILY_MASK(r->idiag_family)))
3578 return 0;
3579
3580 parse_diag_msg(h, &s);
3581 s.type = diag_arg->protocol;
3582
3583 if (diag_arg->f->f && run_ssfilter(diag_arg->f->f, &s) == 0)
3584 return 0;
3585
3586 if (diag_arg->f->kill && kill_inet_sock(h, arg, &s) != 0) {
3587 if (errno == EOPNOTSUPP || errno == ENOENT) {
3588
3589 return 0;
3590 } else {
3591 perror("SOCK_DESTROY answers");
3592 return -1;
3593 }
3594 }
3595
3596 err = inet_show_sock(h, &s);
3597 if (err < 0)
3598 return err;
3599
3600 return 0;
3601}
3602
3603static int inet_show_netlink(struct filter *f, FILE *dump_fp, int protocol)
3604{
3605 int err = 0;
3606 struct rtnl_handle rth, rth2;
3607 int family = PF_INET;
3608 struct inet_diag_arg arg = { .f = f, .protocol = protocol };
3609
3610 if (rtnl_open_byproto(&rth, 0, NETLINK_SOCK_DIAG))
3611 return -1;
3612
3613 if (f->kill) {
3614 if (rtnl_open_byproto(&rth2, 0, NETLINK_SOCK_DIAG)) {
3615 rtnl_close(&rth);
3616 return -1;
3617 }
3618 arg.rth = &rth2;
3619 }
3620
3621 rth.dump = MAGIC_SEQ;
3622 rth.dump_fp = dump_fp;
3623 if (preferred_family == PF_INET6)
3624 family = PF_INET6;
3625
3626
3627
3628
3629
3630
3631 if (protocol > 255)
3632 rth.flags |= RTNL_HANDLE_F_SUPPRESS_NLERR;
3633
3634again:
3635 if ((err = sockdiag_send(family, rth.fd, protocol, f)))
3636 goto Exit;
3637
3638 if ((err = rtnl_dump_filter(&rth, show_one_inet_sock, &arg))) {
3639 if (family != PF_UNSPEC) {
3640 family = PF_UNSPEC;
3641 goto again;
3642 }
3643 goto Exit;
3644 }
3645 if (family == PF_INET && preferred_family != PF_INET) {
3646 family = PF_INET6;
3647 goto again;
3648 }
3649
3650Exit:
3651 rtnl_close(&rth);
3652 if (arg.rth)
3653 rtnl_close(arg.rth);
3654 return err;
3655}
3656
3657static int tcp_show_netlink_file(struct filter *f)
3658{
3659 FILE *fp;
3660 char buf[16384];
3661 int err = -1;
3662
3663 if ((fp = fopen(getenv("TCPDIAG_FILE"), "r")) == NULL) {
3664 perror("fopen($TCPDIAG_FILE)");
3665 return err;
3666 }
3667
3668 while (1) {
3669 int err2;
3670 size_t status, nitems;
3671 struct nlmsghdr *h = (struct nlmsghdr *)buf;
3672 struct sockstat s = {};
3673
3674 status = fread(buf, 1, sizeof(*h), fp);
3675 if (status != sizeof(*h)) {
3676 if (ferror(fp))
3677 perror("Reading header from $TCPDIAG_FILE");
3678 if (feof(fp))
3679 fprintf(stderr, "Unexpected EOF reading $TCPDIAG_FILE");
3680 break;
3681 }
3682
3683 nitems = NLMSG_ALIGN(h->nlmsg_len - sizeof(*h));
3684 status = fread(h+1, 1, nitems, fp);
3685
3686 if (status != nitems) {
3687 if (ferror(fp))
3688 perror("Reading $TCPDIAG_FILE");
3689 if (feof(fp))
3690 fprintf(stderr, "Unexpected EOF reading $TCPDIAG_FILE");
3691 break;
3692 }
3693
3694
3695 if (h->nlmsg_type == NLMSG_DONE) {
3696 err = 0;
3697 break;
3698 }
3699
3700 if (h->nlmsg_type == NLMSG_ERROR) {
3701 struct nlmsgerr *err = (struct nlmsgerr *)NLMSG_DATA(h);
3702
3703 if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) {
3704 fprintf(stderr, "ERROR truncated\n");
3705 } else {
3706 errno = -err->error;
3707 perror("TCPDIAG answered");
3708 }
3709 break;
3710 }
3711
3712 parse_diag_msg(h, &s);
3713 s.type = IPPROTO_TCP;
3714
3715 if (f && f->f && run_ssfilter(f->f, &s) == 0)
3716 continue;
3717
3718 err2 = inet_show_sock(h, &s);
3719 if (err2 < 0) {
3720 err = err2;
3721 break;
3722 }
3723 }
3724
3725 fclose(fp);
3726 return err;
3727}
3728
3729static int tcp_show(struct filter *f)
3730{
3731 FILE *fp = NULL;
3732 char *buf = NULL;
3733 int bufsize = 1024*1024;
3734
3735 if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
3736 return 0;
3737
3738 dg_proto = TCP_PROTO;
3739
3740 if (getenv("TCPDIAG_FILE"))
3741 return tcp_show_netlink_file(f);
3742
3743 if (!getenv("PROC_NET_TCP") && !getenv("PROC_ROOT")
3744 && inet_show_netlink(f, NULL, IPPROTO_TCP) == 0)
3745 return 0;
3746
3747
3748 while (bufsize >= 64*1024) {
3749 if ((buf = malloc(bufsize)) != NULL)
3750 break;
3751 bufsize /= 2;
3752 }
3753 if (buf == NULL) {
3754 errno = ENOMEM;
3755 return -1;
3756 }
3757
3758 if (f->families & FAMILY_MASK(AF_INET)) {
3759 if ((fp = net_tcp_open()) == NULL)
3760 goto outerr;
3761
3762 setbuffer(fp, buf, bufsize);
3763 if (generic_record_read(fp, tcp_show_line, f, AF_INET))
3764 goto outerr;
3765 fclose(fp);
3766 }
3767
3768 if ((f->families & FAMILY_MASK(AF_INET6)) &&
3769 (fp = net_tcp6_open()) != NULL) {
3770 setbuffer(fp, buf, bufsize);
3771 if (generic_record_read(fp, tcp_show_line, f, AF_INET6))
3772 goto outerr;
3773 fclose(fp);
3774 }
3775
3776 free(buf);
3777 return 0;
3778
3779outerr:
3780 do {
3781 int saved_errno = errno;
3782
3783 free(buf);
3784 if (fp)
3785 fclose(fp);
3786 errno = saved_errno;
3787 return -1;
3788 } while (0);
3789}
3790
3791static int mptcp_show(struct filter *f)
3792{
3793 if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
3794 return 0;
3795
3796 if (!getenv("PROC_NET_MPTCP") && !getenv("PROC_ROOT")
3797 && inet_show_netlink(f, NULL, IPPROTO_MPTCP) == 0)
3798 return 0;
3799
3800 return 0;
3801}
3802
3803static int dccp_show(struct filter *f)
3804{
3805 if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
3806 return 0;
3807
3808 if (!getenv("PROC_NET_DCCP") && !getenv("PROC_ROOT")
3809 && inet_show_netlink(f, NULL, IPPROTO_DCCP) == 0)
3810 return 0;
3811
3812 return 0;
3813}
3814
3815static int sctp_show(struct filter *f)
3816{
3817 if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
3818 return 0;
3819
3820 if (!getenv("PROC_NET_SCTP") && !getenv("PROC_ROOT")
3821 && inet_show_netlink(f, NULL, IPPROTO_SCTP) == 0)
3822 return 0;
3823
3824 return 0;
3825}
3826
3827static int dgram_show_line(char *line, const struct filter *f, int family)
3828{
3829 struct sockstat s = {};
3830 char *loc, *rem, *data;
3831 char opt[256];
3832 int n;
3833
3834 if (proc_inet_split_line(line, &loc, &rem, &data))
3835 return -1;
3836
3837 int state = (data[1] >= 'A') ? (data[1] - 'A' + 10) : (data[1] - '0');
3838
3839 if (!(f->states & (1 << state)))
3840 return 0;
3841
3842 proc_parse_inet_addr(loc, rem, family, &s);
3843
3844 if (f->f && run_ssfilter(f->f, &s) == 0)
3845 return 0;
3846
3847 opt[0] = 0;
3848 n = sscanf(data, "%x %x:%x %*x:%*x %*x %d %*d %u %d %llx %[^\n]\n",
3849 &s.state, &s.wq, &s.rq,
3850 &s.uid, &s.ino,
3851 &s.refcnt, &s.sk, opt);
3852
3853 if (n < 9)
3854 opt[0] = 0;
3855
3856 s.type = dg_proto == UDP_PROTO ? IPPROTO_UDP : 0;
3857 inet_stats_print(&s, false);
3858
3859 if (show_details && opt[0])
3860 out(" opt:\"%s\"", opt);
3861
3862 return 0;
3863}
3864
3865static int udp_show(struct filter *f)
3866{
3867 FILE *fp = NULL;
3868
3869 if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
3870 return 0;
3871
3872 dg_proto = UDP_PROTO;
3873
3874 if (!getenv("PROC_NET_UDP") && !getenv("PROC_ROOT")
3875 && inet_show_netlink(f, NULL, IPPROTO_UDP) == 0)
3876 return 0;
3877
3878 if (f->families&FAMILY_MASK(AF_INET)) {
3879 if ((fp = net_udp_open()) == NULL)
3880 goto outerr;
3881 if (generic_record_read(fp, dgram_show_line, f, AF_INET))
3882 goto outerr;
3883 fclose(fp);
3884 }
3885
3886 if ((f->families&FAMILY_MASK(AF_INET6)) &&
3887 (fp = net_udp6_open()) != NULL) {
3888 if (generic_record_read(fp, dgram_show_line, f, AF_INET6))
3889 goto outerr;
3890 fclose(fp);
3891 }
3892 return 0;
3893
3894outerr:
3895 do {
3896 int saved_errno = errno;
3897
3898 if (fp)
3899 fclose(fp);
3900 errno = saved_errno;
3901 return -1;
3902 } while (0);
3903}
3904
3905static int raw_show(struct filter *f)
3906{
3907 FILE *fp = NULL;
3908
3909 if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
3910 return 0;
3911
3912 dg_proto = RAW_PROTO;
3913
3914 if (!getenv("PROC_NET_RAW") && !getenv("PROC_ROOT") &&
3915 inet_show_netlink(f, NULL, IPPROTO_RAW) == 0)
3916 return 0;
3917
3918 if (f->families&FAMILY_MASK(AF_INET)) {
3919 if ((fp = net_raw_open()) == NULL)
3920 goto outerr;
3921 if (generic_record_read(fp, dgram_show_line, f, AF_INET))
3922 goto outerr;
3923 fclose(fp);
3924 }
3925
3926 if ((f->families&FAMILY_MASK(AF_INET6)) &&
3927 (fp = net_raw6_open()) != NULL) {
3928 if (generic_record_read(fp, dgram_show_line, f, AF_INET6))
3929 goto outerr;
3930 fclose(fp);
3931 }
3932 return 0;
3933
3934outerr:
3935 do {
3936 int saved_errno = errno;
3937
3938 if (fp)
3939 fclose(fp);
3940 errno = saved_errno;
3941 return -1;
3942 } while (0);
3943}
3944
3945#define MAX_UNIX_REMEMBER (1024*1024/sizeof(struct sockstat))
3946
3947static void unix_list_drop_first(struct sockstat **list)
3948{
3949 struct sockstat *s = *list;
3950
3951 (*list) = (*list)->next;
3952 free(s->name);
3953 free(s);
3954}
3955
3956static bool unix_type_skip(struct sockstat *s, struct filter *f)
3957{
3958 if (s->type == SOCK_STREAM && !(f->dbs&(1<<UNIX_ST_DB)))
3959 return true;
3960 if (s->type == SOCK_DGRAM && !(f->dbs&(1<<UNIX_DG_DB)))
3961 return true;
3962 if (s->type == SOCK_SEQPACKET && !(f->dbs&(1<<UNIX_SQ_DB)))
3963 return true;
3964 return false;
3965}
3966
3967static void unix_stats_print(struct sockstat *s, struct filter *f)
3968{
3969 char port_name[30] = {};
3970
3971 sock_state_print(s);
3972
3973 sock_addr_print(s->name ?: "*", " ",
3974 int_to_str(s->lport, port_name), NULL);
3975 sock_addr_print(s->peer_name ?: "*", " ",
3976 int_to_str(s->rport, port_name), NULL);
3977
3978 proc_ctx_print(s);
3979}
3980
3981static int unix_show_sock(struct nlmsghdr *nlh, void *arg)
3982{
3983 struct filter *f = (struct filter *)arg;
3984 struct unix_diag_msg *r = NLMSG_DATA(nlh);
3985 struct rtattr *tb[UNIX_DIAG_MAX+1];
3986 char name[128];
3987 struct sockstat stat = { .name = "*", .peer_name = "*" };
3988
3989 parse_rtattr(tb, UNIX_DIAG_MAX, (struct rtattr *)(r+1),
3990 nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
3991
3992 stat.type = r->udiag_type;
3993 stat.state = r->udiag_state;
3994 stat.ino = stat.lport = r->udiag_ino;
3995 stat.local.family = stat.remote.family = AF_UNIX;
3996
3997 if (unix_type_skip(&stat, f))
3998 return 0;
3999
4000 if (tb[UNIX_DIAG_RQLEN]) {
4001 struct unix_diag_rqlen *rql = RTA_DATA(tb[UNIX_DIAG_RQLEN]);
4002
4003 stat.rq = rql->udiag_rqueue;
4004 stat.wq = rql->udiag_wqueue;
4005 }
4006 if (tb[UNIX_DIAG_NAME]) {
4007 int len = RTA_PAYLOAD(tb[UNIX_DIAG_NAME]);
4008
4009 memcpy(name, RTA_DATA(tb[UNIX_DIAG_NAME]), len);
4010 name[len] = '\0';
4011 if (name[0] == '\0') {
4012 int i;
4013 for (i = 0; i < len; i++)
4014 if (name[i] == '\0')
4015 name[i] = '@';
4016 }
4017 stat.name = &name[0];
4018 memcpy(stat.local.data, &stat.name, sizeof(stat.name));
4019 }
4020 if (tb[UNIX_DIAG_PEER])
4021 stat.rport = rta_getattr_u32(tb[UNIX_DIAG_PEER]);
4022
4023 if (f->f && run_ssfilter(f->f, &stat) == 0)
4024 return 0;
4025
4026 unix_stats_print(&stat, f);
4027
4028 if (show_mem)
4029 print_skmeminfo(tb, UNIX_DIAG_MEMINFO);
4030 if (show_details) {
4031 if (tb[UNIX_DIAG_SHUTDOWN]) {
4032 unsigned char mask;
4033
4034 mask = rta_getattr_u8(tb[UNIX_DIAG_SHUTDOWN]);
4035 out(" %c-%c",
4036 mask & 1 ? '-' : '<', mask & 2 ? '-' : '>');
4037 }
4038 if (tb[UNIX_DIAG_VFS]) {
4039 struct unix_diag_vfs *uv = RTA_DATA(tb[UNIX_DIAG_VFS]);
4040
4041 out(" ino:%u dev:%u/%u", uv->udiag_vfs_ino, major(uv->udiag_vfs_dev),
4042 minor(uv->udiag_vfs_dev));
4043 }
4044 if (tb[UNIX_DIAG_ICONS]) {
4045 int len = RTA_PAYLOAD(tb[UNIX_DIAG_ICONS]);
4046 __u32 *peers = RTA_DATA(tb[UNIX_DIAG_ICONS]);
4047 int i;
4048
4049 out(" peers:");
4050 for (i = 0; i < len / sizeof(__u32); i++)
4051 out(" %u", peers[i]);
4052 }
4053 }
4054
4055 return 0;
4056}
4057
4058static int handle_netlink_request(struct filter *f, struct nlmsghdr *req,
4059 size_t size, rtnl_filter_t show_one_sock)
4060{
4061 int ret = -1;
4062 struct rtnl_handle rth;
4063
4064 if (rtnl_open_byproto(&rth, 0, NETLINK_SOCK_DIAG))
4065 return -1;
4066
4067 rth.dump = MAGIC_SEQ;
4068
4069 if (rtnl_send(&rth, req, size) < 0)
4070 goto Exit;
4071
4072 if (rtnl_dump_filter(&rth, show_one_sock, f))
4073 goto Exit;
4074
4075 ret = 0;
4076Exit:
4077 rtnl_close(&rth);
4078 return ret;
4079}
4080
4081static int unix_show_netlink(struct filter *f)
4082{
4083 DIAG_REQUEST(req, struct unix_diag_req r);
4084
4085 req.r.sdiag_family = AF_UNIX;
4086 req.r.udiag_states = f->states;
4087 req.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN;
4088 if (show_mem)
4089 req.r.udiag_show |= UDIAG_SHOW_MEMINFO;
4090 if (show_details)
4091 req.r.udiag_show |= UDIAG_SHOW_VFS | UDIAG_SHOW_ICONS;
4092
4093 return handle_netlink_request(f, &req.nlh, sizeof(req), unix_show_sock);
4094}
4095
4096static int unix_show(struct filter *f)
4097{
4098 FILE *fp;
4099 char buf[256];
4100 char name[128];
4101 int newformat = 0;
4102 int cnt;
4103 struct sockstat *list = NULL;
4104 const int unix_state_map[] = { SS_CLOSE, SS_SYN_SENT,
4105 SS_ESTABLISHED, SS_CLOSING };
4106
4107 if (!filter_af_get(f, AF_UNIX))
4108 return 0;
4109
4110 if (!getenv("PROC_NET_UNIX") && !getenv("PROC_ROOT")
4111 && unix_show_netlink(f) == 0)
4112 return 0;
4113
4114 if ((fp = net_unix_open()) == NULL)
4115 return -1;
4116 if (!fgets(buf, sizeof(buf), fp)) {
4117 fclose(fp);
4118 return -1;
4119 }
4120
4121 if (memcmp(buf, "Peer", 4) == 0)
4122 newformat = 1;
4123 cnt = 0;
4124
4125 while (fgets(buf, sizeof(buf), fp)) {
4126 struct sockstat *u, **insp;
4127 int flags;
4128
4129 if (!(u = calloc(1, sizeof(*u))))
4130 break;
4131
4132 if (sscanf(buf, "%x: %x %x %x %x %x %d %s",
4133 &u->rport, &u->rq, &u->wq, &flags, &u->type,
4134 &u->state, &u->ino, name) < 8)
4135 name[0] = 0;
4136
4137 u->lport = u->ino;
4138 u->local.family = u->remote.family = AF_UNIX;
4139
4140 if (flags & (1 << 16)) {
4141 u->state = SS_LISTEN;
4142 } else if (u->state > 0 &&
4143 u->state <= ARRAY_SIZE(unix_state_map)) {
4144 u->state = unix_state_map[u->state-1];
4145 if (u->type == SOCK_DGRAM && u->state == SS_CLOSE && u->rport)
4146 u->state = SS_ESTABLISHED;
4147 }
4148 if (unix_type_skip(u, f) ||
4149 !(f->states & (1 << u->state))) {
4150 free(u);
4151 continue;
4152 }
4153
4154 if (!newformat) {
4155 u->rport = 0;
4156 u->rq = 0;
4157 u->wq = 0;
4158 }
4159
4160 if (name[0]) {
4161 u->name = strdup(name);
4162 if (!u->name) {
4163 free(u);
4164 break;
4165 }
4166 }
4167
4168 if (u->rport) {
4169 struct sockstat *p;
4170
4171 for (p = list; p; p = p->next) {
4172 if (u->rport == p->lport)
4173 break;
4174 }
4175 if (!p)
4176 u->peer_name = "?";
4177 else
4178 u->peer_name = p->name ? : "*";
4179 }
4180
4181 if (f->f) {
4182 struct sockstat st = {
4183 .local.family = AF_UNIX,
4184 .remote.family = AF_UNIX,
4185 };
4186
4187 memcpy(st.local.data, &u->name, sizeof(u->name));
4188
4189
4190
4191 if (u->peer_name && strcmp(u->peer_name, "*"))
4192 memcpy(st.remote.data, &u->peer_name,
4193 sizeof(u->peer_name));
4194 if (run_ssfilter(f->f, &st) == 0) {
4195 free(u->name);
4196 free(u);
4197 continue;
4198 }
4199 }
4200
4201 insp = &list;
4202 while (*insp) {
4203 if (u->type < (*insp)->type ||
4204 (u->type == (*insp)->type &&
4205 u->ino < (*insp)->ino))
4206 break;
4207 insp = &(*insp)->next;
4208 }
4209 u->next = *insp;
4210 *insp = u;
4211
4212 if (++cnt > MAX_UNIX_REMEMBER) {
4213 while (list) {
4214 unix_stats_print(list, f);
4215 unix_list_drop_first(&list);
4216 }
4217 cnt = 0;
4218 }
4219 }
4220 fclose(fp);
4221 while (list) {
4222 unix_stats_print(list, f);
4223 unix_list_drop_first(&list);
4224 }
4225
4226 return 0;
4227}
4228
4229static int packet_stats_print(struct sockstat *s, const struct filter *f)
4230{
4231 const char *addr, *port;
4232 char ll_name[16];
4233
4234 s->local.family = s->remote.family = AF_PACKET;
4235
4236 if (f->f) {
4237 s->local.data[0] = s->prot;
4238 if (run_ssfilter(f->f, s) == 0)
4239 return 1;
4240 }
4241
4242 sock_state_print(s);
4243
4244 if (s->prot == 3)
4245 addr = "*";
4246 else
4247 addr = ll_proto_n2a(htons(s->prot), ll_name, sizeof(ll_name));
4248
4249 if (s->iface == 0)
4250 port = "*";
4251 else
4252 port = xll_index_to_name(s->iface);
4253
4254 sock_addr_print(addr, ":", port, NULL);
4255 sock_addr_print("", "*", "", NULL);
4256
4257 proc_ctx_print(s);
4258
4259 if (show_details)
4260 sock_details_print(s);
4261
4262 return 0;
4263}
4264
4265static void packet_show_ring(struct packet_diag_ring *ring)
4266{
4267 out("blk_size:%d", ring->pdr_block_size);
4268 out(",blk_nr:%d", ring->pdr_block_nr);
4269 out(",frm_size:%d", ring->pdr_frame_size);
4270 out(",frm_nr:%d", ring->pdr_frame_nr);
4271 out(",tmo:%d", ring->pdr_retire_tmo);
4272 out(",features:0x%x", ring->pdr_features);
4273}
4274
4275static int packet_show_sock(struct nlmsghdr *nlh, void *arg)
4276{
4277 const struct filter *f = arg;
4278 struct packet_diag_msg *r = NLMSG_DATA(nlh);
4279 struct packet_diag_info *pinfo = NULL;
4280 struct packet_diag_ring *ring_rx = NULL, *ring_tx = NULL;
4281 struct rtattr *tb[PACKET_DIAG_MAX+1];
4282 struct sockstat stat = {};
4283 uint32_t fanout = 0;
4284 bool has_fanout = false;
4285
4286 parse_rtattr(tb, PACKET_DIAG_MAX, (struct rtattr *)(r+1),
4287 nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
4288
4289
4290 if (!tb[PACKET_DIAG_MEMINFO])
4291 return -1;
4292
4293 stat.type = r->pdiag_type;
4294 stat.prot = r->pdiag_num;
4295 stat.ino = r->pdiag_ino;
4296 stat.state = SS_CLOSE;
4297 stat.sk = cookie_sk_get(&r->pdiag_cookie[0]);
4298
4299 if (tb[PACKET_DIAG_MEMINFO]) {
4300 __u32 *skmeminfo = RTA_DATA(tb[PACKET_DIAG_MEMINFO]);
4301
4302 stat.rq = skmeminfo[SK_MEMINFO_RMEM_ALLOC];
4303 }
4304
4305 if (tb[PACKET_DIAG_INFO]) {
4306 pinfo = RTA_DATA(tb[PACKET_DIAG_INFO]);
4307 stat.lport = stat.iface = pinfo->pdi_index;
4308 }
4309
4310 if (tb[PACKET_DIAG_UID])
4311 stat.uid = rta_getattr_u32(tb[PACKET_DIAG_UID]);
4312
4313 if (tb[PACKET_DIAG_RX_RING])
4314 ring_rx = RTA_DATA(tb[PACKET_DIAG_RX_RING]);
4315
4316 if (tb[PACKET_DIAG_TX_RING])
4317 ring_tx = RTA_DATA(tb[PACKET_DIAG_TX_RING]);
4318
4319 if (tb[PACKET_DIAG_FANOUT]) {
4320 has_fanout = true;
4321 fanout = rta_getattr_u32(tb[PACKET_DIAG_FANOUT]);
4322 }
4323
4324 if (packet_stats_print(&stat, f))
4325 return 0;
4326
4327 if (show_details) {
4328 if (pinfo) {
4329 if (oneline)
4330 out(" ver:%d", pinfo->pdi_version);
4331 else
4332 out("\n\tver:%d", pinfo->pdi_version);
4333 out(" cpy_thresh:%d", pinfo->pdi_copy_thresh);
4334 out(" flags( ");
4335 if (pinfo->pdi_flags & PDI_RUNNING)
4336 out("running");
4337 if (pinfo->pdi_flags & PDI_AUXDATA)
4338 out(" auxdata");
4339 if (pinfo->pdi_flags & PDI_ORIGDEV)
4340 out(" origdev");
4341 if (pinfo->pdi_flags & PDI_VNETHDR)
4342 out(" vnethdr");
4343 if (pinfo->pdi_flags & PDI_LOSS)
4344 out(" loss");
4345 if (!pinfo->pdi_flags)
4346 out("0");
4347 out(" )");
4348 }
4349 if (ring_rx) {
4350 if (oneline)
4351 out(" ring_rx(");
4352 else
4353 out("\n\tring_rx(");
4354 packet_show_ring(ring_rx);
4355 out(")");
4356 }
4357 if (ring_tx) {
4358 if (oneline)
4359 out(" ring_tx(");
4360 else
4361 out("\n\tring_tx(");
4362 packet_show_ring(ring_tx);
4363 out(")");
4364 }
4365 if (has_fanout) {
4366 uint16_t type = (fanout >> 16) & 0xffff;
4367
4368 if (oneline)
4369 out(" fanout(");
4370 else
4371 out("\n\tfanout(");
4372 out("id:%d,", fanout & 0xffff);
4373 out("type:");
4374
4375 if (type == 0)
4376 out("hash");
4377 else if (type == 1)
4378 out("lb");
4379 else if (type == 2)
4380 out("cpu");
4381 else if (type == 3)
4382 out("roll");
4383 else if (type == 4)
4384 out("random");
4385 else if (type == 5)
4386 out("qm");
4387 else
4388 out("0x%x", type);
4389
4390 out(")");
4391 }
4392 }
4393
4394 if (show_bpf && tb[PACKET_DIAG_FILTER]) {
4395 struct sock_filter *fil =
4396 RTA_DATA(tb[PACKET_DIAG_FILTER]);
4397 int num = RTA_PAYLOAD(tb[PACKET_DIAG_FILTER]) /
4398 sizeof(struct sock_filter);
4399
4400 if (oneline)
4401 out(" bpf filter (%d): ", num);
4402 else
4403 out("\n\tbpf filter (%d): ", num);
4404 while (num) {
4405 out(" 0x%02x %u %u %u,",
4406 fil->code, fil->jt, fil->jf, fil->k);
4407 num--;
4408 fil++;
4409 }
4410 }
4411
4412 if (show_mem)
4413 print_skmeminfo(tb, PACKET_DIAG_MEMINFO);
4414 return 0;
4415}
4416
4417static int packet_show_netlink(struct filter *f)
4418{
4419 DIAG_REQUEST(req, struct packet_diag_req r);
4420
4421 req.r.sdiag_family = AF_PACKET;
4422 req.r.pdiag_show = PACKET_SHOW_INFO | PACKET_SHOW_MEMINFO |
4423 PACKET_SHOW_FILTER | PACKET_SHOW_RING_CFG | PACKET_SHOW_FANOUT;
4424
4425 return handle_netlink_request(f, &req.nlh, sizeof(req), packet_show_sock);
4426}
4427
4428static int packet_show_line(char *buf, const struct filter *f, int fam)
4429{
4430 unsigned long long sk;
4431 struct sockstat stat = {};
4432 int type, prot, iface, state, rq, uid, ino;
4433
4434 sscanf(buf, "%llx %*d %d %x %d %d %u %u %u",
4435 &sk,
4436 &type, &prot, &iface, &state,
4437 &rq, &uid, &ino);
4438
4439 if (stat.type == SOCK_RAW && !(f->dbs&(1<<PACKET_R_DB)))
4440 return 0;
4441 if (stat.type == SOCK_DGRAM && !(f->dbs&(1<<PACKET_DG_DB)))
4442 return 0;
4443
4444 stat.type = type;
4445 stat.prot = prot;
4446 stat.lport = stat.iface = iface;
4447 stat.state = state;
4448 stat.rq = rq;
4449 stat.uid = uid;
4450 stat.ino = ino;
4451 stat.state = SS_CLOSE;
4452
4453 if (packet_stats_print(&stat, f))
4454 return 0;
4455
4456 return 0;
4457}
4458
4459static int packet_show(struct filter *f)
4460{
4461 FILE *fp;
4462 int rc = 0;
4463
4464 if (!filter_af_get(f, AF_PACKET) || !(f->states & (1 << SS_CLOSE)))
4465 return 0;
4466
4467 if (!getenv("PROC_NET_PACKET") && !getenv("PROC_ROOT") &&
4468 packet_show_netlink(f) == 0)
4469 return 0;
4470
4471 if ((fp = net_packet_open()) == NULL)
4472 return -1;
4473 if (generic_record_read(fp, packet_show_line, f, AF_PACKET))
4474 rc = -1;
4475
4476 fclose(fp);
4477 return rc;
4478}
4479
4480static int xdp_stats_print(struct sockstat *s, const struct filter *f)
4481{
4482 const char *addr, *port;
4483 char q_str[16];
4484
4485 s->local.family = s->remote.family = AF_XDP;
4486
4487 if (f->f) {
4488 if (run_ssfilter(f->f, s) == 0)
4489 return 1;
4490 }
4491
4492 sock_state_print(s);
4493
4494 if (s->iface) {
4495 addr = xll_index_to_name(s->iface);
4496 snprintf(q_str, sizeof(q_str), "q%d", s->lport);
4497 port = q_str;
4498 sock_addr_print(addr, ":", port, NULL);
4499 } else {
4500 sock_addr_print("", "*", "", NULL);
4501 }
4502
4503 sock_addr_print("", "*", "", NULL);
4504
4505 proc_ctx_print(s);
4506
4507 if (show_details)
4508 sock_details_print(s);
4509
4510 return 0;
4511}
4512
4513static void xdp_show_ring(const char *name, struct xdp_diag_ring *ring)
4514{
4515 if (oneline)
4516 out(" %s(", name);
4517 else
4518 out("\n\t%s(", name);
4519 out("entries:%u", ring->entries);
4520 out(")");
4521}
4522
4523static void xdp_show_umem(struct xdp_diag_umem *umem, struct xdp_diag_ring *fr,
4524 struct xdp_diag_ring *cr)
4525{
4526 if (oneline)
4527 out(" tumem(");
4528 else
4529 out("\n\tumem(");
4530 out("id:%u", umem->id);
4531 out(",size:%llu", umem->size);
4532 out(",num_pages:%u", umem->num_pages);
4533 out(",chunk_size:%u", umem->chunk_size);
4534 out(",headroom:%u", umem->headroom);
4535 out(",ifindex:%u", umem->ifindex);
4536 out(",qid:%u", umem->queue_id);
4537 out(",zc:%u", umem->flags & XDP_DU_F_ZEROCOPY);
4538 out(",refs:%u", umem->refs);
4539 out(")");
4540
4541 if (fr)
4542 xdp_show_ring("fr", fr);
4543 if (cr)
4544 xdp_show_ring("cr", cr);
4545}
4546
4547static void xdp_show_stats(struct xdp_diag_stats *stats)
4548{
4549 if (oneline)
4550 out(" stats(");
4551 else
4552 out("\n\tstats(");
4553 out("rx dropped:%llu", stats->n_rx_dropped);
4554 out(",rx invalid:%llu", stats->n_rx_invalid);
4555 out(",rx queue full:%llu", stats->n_rx_full);
4556 out(",rx fill ring empty:%llu", stats->n_fill_ring_empty);
4557 out(",tx invalid:%llu", stats->n_tx_invalid);
4558 out(",tx ring empty:%llu", stats->n_tx_ring_empty);
4559 out(")");
4560}
4561
4562static int xdp_show_sock(struct nlmsghdr *nlh, void *arg)
4563{
4564 struct xdp_diag_ring *rx = NULL, *tx = NULL, *fr = NULL, *cr = NULL;
4565 struct xdp_diag_msg *msg = NLMSG_DATA(nlh);
4566 struct rtattr *tb[XDP_DIAG_MAX + 1];
4567 struct xdp_diag_info *info = NULL;
4568 struct xdp_diag_umem *umem = NULL;
4569 struct xdp_diag_stats *stats = NULL;
4570 const struct filter *f = arg;
4571 struct sockstat stat = {};
4572
4573 parse_rtattr(tb, XDP_DIAG_MAX, (struct rtattr *)(msg + 1),
4574 nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*msg)));
4575
4576 stat.type = msg->xdiag_type;
4577 stat.ino = msg->xdiag_ino;
4578 stat.state = SS_CLOSE;
4579 stat.sk = cookie_sk_get(&msg->xdiag_cookie[0]);
4580
4581 if (tb[XDP_DIAG_INFO]) {
4582 info = RTA_DATA(tb[XDP_DIAG_INFO]);
4583 stat.iface = info->ifindex;
4584 stat.lport = info->queue_id;
4585 }
4586
4587 if (tb[XDP_DIAG_UID])
4588 stat.uid = rta_getattr_u32(tb[XDP_DIAG_UID]);
4589 if (tb[XDP_DIAG_RX_RING])
4590 rx = RTA_DATA(tb[XDP_DIAG_RX_RING]);
4591 if (tb[XDP_DIAG_TX_RING])
4592 tx = RTA_DATA(tb[XDP_DIAG_TX_RING]);
4593 if (tb[XDP_DIAG_UMEM])
4594 umem = RTA_DATA(tb[XDP_DIAG_UMEM]);
4595 if (tb[XDP_DIAG_UMEM_FILL_RING])
4596 fr = RTA_DATA(tb[XDP_DIAG_UMEM_FILL_RING]);
4597 if (tb[XDP_DIAG_UMEM_COMPLETION_RING])
4598 cr = RTA_DATA(tb[XDP_DIAG_UMEM_COMPLETION_RING]);
4599 if (tb[XDP_DIAG_MEMINFO]) {
4600 __u32 *skmeminfo = RTA_DATA(tb[XDP_DIAG_MEMINFO]);
4601
4602 stat.rq = skmeminfo[SK_MEMINFO_RMEM_ALLOC];
4603 }
4604 if (tb[XDP_DIAG_STATS])
4605 stats = RTA_DATA(tb[XDP_DIAG_STATS]);
4606
4607 if (xdp_stats_print(&stat, f))
4608 return 0;
4609
4610 if (show_details) {
4611 if (rx)
4612 xdp_show_ring("rx", rx);
4613 if (tx)
4614 xdp_show_ring("tx", tx);
4615 if (umem)
4616 xdp_show_umem(umem, fr, cr);
4617 if (stats)
4618 xdp_show_stats(stats);
4619 }
4620
4621 if (show_mem)
4622 print_skmeminfo(tb, XDP_DIAG_MEMINFO);
4623
4624
4625 return 0;
4626}
4627
4628static int xdp_show(struct filter *f)
4629{
4630 DIAG_REQUEST(req, struct xdp_diag_req r);
4631
4632 if (!filter_af_get(f, AF_XDP) || !(f->states & (1 << SS_CLOSE)))
4633 return 0;
4634
4635 req.r.sdiag_family = AF_XDP;
4636 req.r.xdiag_show = XDP_SHOW_INFO | XDP_SHOW_RING_CFG | XDP_SHOW_UMEM |
4637 XDP_SHOW_MEMINFO | XDP_SHOW_STATS;
4638
4639 return handle_netlink_request(f, &req.nlh, sizeof(req), xdp_show_sock);
4640}
4641
4642static int netlink_show_one(struct filter *f,
4643 int prot, int pid, unsigned int groups,
4644 int state, int dst_pid, unsigned int dst_group,
4645 int rq, int wq,
4646 unsigned long long sk, unsigned long long cb)
4647{
4648 struct sockstat st = {
4649 .state = SS_CLOSE,
4650 .rq = rq,
4651 .wq = wq,
4652 .local.family = AF_NETLINK,
4653 .remote.family = AF_NETLINK,
4654 };
4655
4656 SPRINT_BUF(prot_buf) = {};
4657 const char *prot_name;
4658 char procname[64] = {};
4659
4660 if (f->f) {
4661 st.rport = -1;
4662 st.lport = pid;
4663 st.local.data[0] = prot;
4664 if (run_ssfilter(f->f, &st) == 0)
4665 return 1;
4666 }
4667
4668 sock_state_print(&st);
4669
4670 prot_name = nl_proto_n2a(prot, prot_buf, sizeof(prot_buf));
4671
4672 if (pid == -1) {
4673 procname[0] = '*';
4674 } else if (!numeric) {
4675 int done = 0;
4676
4677 if (!pid) {
4678 done = 1;
4679 strncpy(procname, "kernel", 7);
4680 } else if (pid > 0) {
4681 FILE *fp;
4682
4683 snprintf(procname, sizeof(procname), "%s/%d/stat",
4684 getenv("PROC_ROOT") ? : "/proc", pid);
4685 if ((fp = fopen(procname, "r")) != NULL) {
4686 if (fscanf(fp, "%*d (%[^)])", procname) == 1) {
4687 snprintf(procname+strlen(procname),
4688 sizeof(procname)-strlen(procname),
4689 "/%d", pid);
4690 done = 1;
4691 }
4692 fclose(fp);
4693 }
4694 }
4695 if (!done)
4696 int_to_str(pid, procname);
4697 } else {
4698 int_to_str(pid, procname);
4699 }
4700
4701 sock_addr_print(prot_name, ":", procname, NULL);
4702
4703 if (state == NETLINK_CONNECTED) {
4704 char dst_group_buf[30];
4705 char dst_pid_buf[30];
4706
4707 sock_addr_print(int_to_str(dst_group, dst_group_buf), ":",
4708 int_to_str(dst_pid, dst_pid_buf), NULL);
4709 } else {
4710 sock_addr_print("", "*", "", NULL);
4711 }
4712
4713 char *pid_context = NULL;
4714
4715 if (show_proc_ctx) {
4716
4717
4718
4719
4720
4721
4722 if (!pid)
4723 security_get_initial_context("kernel", &pid_context);
4724 else if (pid > 0)
4725 getpidcon(pid, &pid_context);
4726
4727 out(" proc_ctx=%s", pid_context ? : "unavailable");
4728 free(pid_context);
4729 }
4730
4731 if (show_details) {
4732 out(" sk=%llx cb=%llx groups=0x%08x", sk, cb, groups);
4733 }
4734
4735 return 0;
4736}
4737
4738static int netlink_show_sock(struct nlmsghdr *nlh, void *arg)
4739{
4740 struct filter *f = (struct filter *)arg;
4741 struct netlink_diag_msg *r = NLMSG_DATA(nlh);
4742 struct rtattr *tb[NETLINK_DIAG_MAX+1];
4743 int rq = 0, wq = 0;
4744 unsigned long groups = 0;
4745
4746 parse_rtattr(tb, NETLINK_DIAG_MAX, (struct rtattr *)(r+1),
4747 nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
4748
4749 if (tb[NETLINK_DIAG_GROUPS] && RTA_PAYLOAD(tb[NETLINK_DIAG_GROUPS]))
4750 groups = *(unsigned long *) RTA_DATA(tb[NETLINK_DIAG_GROUPS]);
4751
4752 if (tb[NETLINK_DIAG_MEMINFO]) {
4753 const __u32 *skmeminfo;
4754
4755 skmeminfo = RTA_DATA(tb[NETLINK_DIAG_MEMINFO]);
4756
4757 rq = skmeminfo[SK_MEMINFO_RMEM_ALLOC];
4758 wq = skmeminfo[SK_MEMINFO_WMEM_ALLOC];
4759 }
4760
4761 if (netlink_show_one(f, r->ndiag_protocol, r->ndiag_portid, groups,
4762 r->ndiag_state, r->ndiag_dst_portid, r->ndiag_dst_group,
4763 rq, wq, 0, 0)) {
4764 return 0;
4765 }
4766
4767 if (show_mem) {
4768 out("\t");
4769 print_skmeminfo(tb, NETLINK_DIAG_MEMINFO);
4770 }
4771
4772 return 0;
4773}
4774
4775static int netlink_show_netlink(struct filter *f)
4776{
4777 DIAG_REQUEST(req, struct netlink_diag_req r);
4778
4779 req.r.sdiag_family = AF_NETLINK;
4780 req.r.sdiag_protocol = NDIAG_PROTO_ALL;
4781 req.r.ndiag_show = NDIAG_SHOW_GROUPS | NDIAG_SHOW_MEMINFO;
4782
4783 return handle_netlink_request(f, &req.nlh, sizeof(req), netlink_show_sock);
4784}
4785
4786static int netlink_show(struct filter *f)
4787{
4788 FILE *fp;
4789 char buf[256];
4790 int prot, pid;
4791 unsigned int groups;
4792 int rq, wq, rc;
4793 unsigned long long sk, cb;
4794
4795 if (!filter_af_get(f, AF_NETLINK) || !(f->states & (1 << SS_CLOSE)))
4796 return 0;
4797
4798 if (!getenv("PROC_NET_NETLINK") && !getenv("PROC_ROOT") &&
4799 netlink_show_netlink(f) == 0)
4800 return 0;
4801
4802 if ((fp = net_netlink_open()) == NULL)
4803 return -1;
4804 if (!fgets(buf, sizeof(buf), fp)) {
4805 fclose(fp);
4806 return -1;
4807 }
4808
4809 while (fgets(buf, sizeof(buf), fp)) {
4810 sscanf(buf, "%llx %d %d %x %d %d %llx %d",
4811 &sk,
4812 &prot, &pid, &groups, &rq, &wq, &cb, &rc);
4813
4814 netlink_show_one(f, prot, pid, groups, 0, 0, 0, rq, wq, sk, cb);
4815 }
4816
4817 fclose(fp);
4818 return 0;
4819}
4820
4821static bool vsock_type_skip(struct sockstat *s, struct filter *f)
4822{
4823 if (s->type == SOCK_STREAM && !(f->dbs & (1 << VSOCK_ST_DB)))
4824 return true;
4825 if (s->type == SOCK_DGRAM && !(f->dbs & (1 << VSOCK_DG_DB)))
4826 return true;
4827 return false;
4828}
4829
4830static void vsock_addr_print(inet_prefix *a, __u32 port)
4831{
4832 char cid_str[sizeof("4294967295")];
4833 char port_str[sizeof("4294967295")];
4834 __u32 cid;
4835
4836 memcpy(&cid, a->data, sizeof(cid));
4837
4838 if (cid == ~(__u32)0)
4839 snprintf(cid_str, sizeof(cid_str), "*");
4840 else
4841 snprintf(cid_str, sizeof(cid_str), "%u", cid);
4842
4843 if (port == ~(__u32)0)
4844 snprintf(port_str, sizeof(port_str), "*");
4845 else
4846 snprintf(port_str, sizeof(port_str), "%u", port);
4847
4848 sock_addr_print(cid_str, ":", port_str, NULL);
4849}
4850
4851static void vsock_stats_print(struct sockstat *s, struct filter *f)
4852{
4853 sock_state_print(s);
4854
4855 vsock_addr_print(&s->local, s->lport);
4856 vsock_addr_print(&s->remote, s->rport);
4857
4858 proc_ctx_print(s);
4859}
4860
4861static int vsock_show_sock(struct nlmsghdr *nlh, void *arg)
4862{
4863 struct filter *f = (struct filter *)arg;
4864 struct vsock_diag_msg *r = NLMSG_DATA(nlh);
4865 struct sockstat stat = {
4866 .type = r->vdiag_type,
4867 .lport = r->vdiag_src_port,
4868 .rport = r->vdiag_dst_port,
4869 .state = r->vdiag_state,
4870 .ino = r->vdiag_ino,
4871 };
4872
4873 vsock_set_inet_prefix(&stat.local, r->vdiag_src_cid);
4874 vsock_set_inet_prefix(&stat.remote, r->vdiag_dst_cid);
4875
4876 if (vsock_type_skip(&stat, f))
4877 return 0;
4878
4879 if (f->f && run_ssfilter(f->f, &stat) == 0)
4880 return 0;
4881
4882 vsock_stats_print(&stat, f);
4883
4884 return 0;
4885}
4886
4887static int vsock_show(struct filter *f)
4888{
4889 DIAG_REQUEST(req, struct vsock_diag_req r);
4890
4891 if (!filter_af_get(f, AF_VSOCK))
4892 return 0;
4893
4894 req.r.sdiag_family = AF_VSOCK;
4895 req.r.vdiag_states = f->states;
4896
4897 return handle_netlink_request(f, &req.nlh, sizeof(req), vsock_show_sock);
4898}
4899
4900static void tipc_sock_addr_print(struct rtattr *net_addr, struct rtattr *id)
4901{
4902 uint32_t node = rta_getattr_u32(net_addr);
4903 uint32_t identity = rta_getattr_u32(id);
4904
4905 SPRINT_BUF(addr) = {};
4906 SPRINT_BUF(port) = {};
4907
4908 sprintf(addr, "%u", node);
4909 sprintf(port, "%u", identity);
4910 sock_addr_print(addr, ":", port, NULL);
4911
4912}
4913
4914static int tipc_show_sock(struct nlmsghdr *nlh, void *arg)
4915{
4916 struct rtattr *stat[TIPC_NLA_SOCK_STAT_MAX + 1] = {};
4917 struct rtattr *attrs[TIPC_NLA_SOCK_MAX + 1] = {};
4918 struct rtattr *con[TIPC_NLA_CON_MAX + 1] = {};
4919 struct rtattr *info[TIPC_NLA_MAX + 1] = {};
4920 struct rtattr *msg_ref;
4921 struct sockstat ss = {};
4922
4923 parse_rtattr(info, TIPC_NLA_MAX, NLMSG_DATA(nlh),
4924 NLMSG_PAYLOAD(nlh, 0));
4925
4926 if (!info[TIPC_NLA_SOCK])
4927 return 0;
4928
4929 msg_ref = info[TIPC_NLA_SOCK];
4930 parse_rtattr(attrs, TIPC_NLA_SOCK_MAX, RTA_DATA(msg_ref),
4931 RTA_PAYLOAD(msg_ref));
4932
4933 msg_ref = attrs[TIPC_NLA_SOCK_STAT];
4934 parse_rtattr(stat, TIPC_NLA_SOCK_STAT_MAX,
4935 RTA_DATA(msg_ref), RTA_PAYLOAD(msg_ref));
4936
4937
4938 ss.local.family = AF_TIPC;
4939 ss.type = rta_getattr_u32(attrs[TIPC_NLA_SOCK_TYPE]);
4940 ss.state = rta_getattr_u32(attrs[TIPC_NLA_SOCK_TIPC_STATE]);
4941 ss.uid = rta_getattr_u32(attrs[TIPC_NLA_SOCK_UID]);
4942 ss.ino = rta_getattr_u32(attrs[TIPC_NLA_SOCK_INO]);
4943 ss.rq = rta_getattr_u32(stat[TIPC_NLA_SOCK_STAT_RCVQ]);
4944 ss.wq = rta_getattr_u32(stat[TIPC_NLA_SOCK_STAT_SENDQ]);
4945 ss.sk = rta_getattr_u64(attrs[TIPC_NLA_SOCK_COOKIE]);
4946
4947 sock_state_print (&ss);
4948
4949 tipc_sock_addr_print(attrs[TIPC_NLA_SOCK_ADDR],
4950 attrs[TIPC_NLA_SOCK_REF]);
4951
4952 msg_ref = attrs[TIPC_NLA_SOCK_CON];
4953 if (msg_ref) {
4954 parse_rtattr(con, TIPC_NLA_CON_MAX,
4955 RTA_DATA(msg_ref), RTA_PAYLOAD(msg_ref));
4956
4957 tipc_sock_addr_print(con[TIPC_NLA_CON_NODE],
4958 con[TIPC_NLA_CON_SOCK]);
4959 } else
4960 sock_addr_print("", "-", "", NULL);
4961
4962 if (show_details)
4963 sock_details_print(&ss);
4964
4965 proc_ctx_print(&ss);
4966
4967 if (show_tipcinfo) {
4968 if (oneline)
4969 out(" type:%s", stype_nameg[ss.type]);
4970 else
4971 out("\n type:%s", stype_nameg[ss.type]);
4972 out(" cong:%s ",
4973 stat[TIPC_NLA_SOCK_STAT_LINK_CONG] ? "link" :
4974 stat[TIPC_NLA_SOCK_STAT_CONN_CONG] ? "conn" : "none");
4975 out(" drop:%d ",
4976 rta_getattr_u32(stat[TIPC_NLA_SOCK_STAT_DROP]));
4977
4978 if (attrs[TIPC_NLA_SOCK_HAS_PUBL])
4979 out(" publ");
4980
4981 if (con[TIPC_NLA_CON_FLAG])
4982 out(" via {%u,%u} ",
4983 rta_getattr_u32(con[TIPC_NLA_CON_TYPE]),
4984 rta_getattr_u32(con[TIPC_NLA_CON_INST]));
4985 }
4986
4987 return 0;
4988}
4989
4990static int tipc_show(struct filter *f)
4991{
4992 DIAG_REQUEST(req, struct tipc_sock_diag_req r);
4993
4994 memset(&req.r, 0, sizeof(req.r));
4995 req.r.sdiag_family = AF_TIPC;
4996 req.r.tidiag_states = f->states;
4997
4998 return handle_netlink_request(f, &req.nlh, sizeof(req), tipc_show_sock);
4999}
5000
5001struct sock_diag_msg {
5002 __u8 sdiag_family;
5003};
5004
5005static int generic_show_sock(struct nlmsghdr *nlh, void *arg)
5006{
5007 struct sock_diag_msg *r = NLMSG_DATA(nlh);
5008 struct inet_diag_arg inet_arg = { .f = arg, .protocol = IPPROTO_MAX };
5009 int ret;
5010
5011 switch (r->sdiag_family) {
5012 case AF_INET:
5013 case AF_INET6:
5014 inet_arg.rth = inet_arg.f->rth_for_killing;
5015 ret = show_one_inet_sock(nlh, &inet_arg);
5016 break;
5017 case AF_UNIX:
5018 ret = unix_show_sock(nlh, arg);
5019 break;
5020 case AF_PACKET:
5021 ret = packet_show_sock(nlh, arg);
5022 break;
5023 case AF_NETLINK:
5024 ret = netlink_show_sock(nlh, arg);
5025 break;
5026 case AF_VSOCK:
5027 ret = vsock_show_sock(nlh, arg);
5028 break;
5029 case AF_XDP:
5030 ret = xdp_show_sock(nlh, arg);
5031 break;
5032 default:
5033 ret = -1;
5034 }
5035
5036 render();
5037
5038 return ret;
5039}
5040
5041static int handle_follow_request(struct filter *f)
5042{
5043 int ret = 0;
5044 int groups = 0;
5045 struct rtnl_handle rth, rth2;
5046
5047 if (f->families & FAMILY_MASK(AF_INET) && f->dbs & (1 << TCP_DB))
5048 groups |= 1 << (SKNLGRP_INET_TCP_DESTROY - 1);
5049 if (f->families & FAMILY_MASK(AF_INET) && f->dbs & (1 << UDP_DB))
5050 groups |= 1 << (SKNLGRP_INET_UDP_DESTROY - 1);
5051 if (f->families & FAMILY_MASK(AF_INET6) && f->dbs & (1 << TCP_DB))
5052 groups |= 1 << (SKNLGRP_INET6_TCP_DESTROY - 1);
5053 if (f->families & FAMILY_MASK(AF_INET6) && f->dbs & (1 << UDP_DB))
5054 groups |= 1 << (SKNLGRP_INET6_UDP_DESTROY - 1);
5055
5056 if (groups == 0)
5057 return -1;
5058
5059 if (rtnl_open_byproto(&rth, groups, NETLINK_SOCK_DIAG))
5060 return -1;
5061
5062 rth.dump = 0;
5063 rth.local.nl_pid = 0;
5064
5065 if (f->kill) {
5066 if (rtnl_open_byproto(&rth2, groups, NETLINK_SOCK_DIAG)) {
5067 rtnl_close(&rth);
5068 return -1;
5069 }
5070 f->rth_for_killing = &rth2;
5071 }
5072
5073 if (rtnl_dump_filter(&rth, generic_show_sock, f))
5074 ret = -1;
5075
5076 rtnl_close(&rth);
5077 if (f->rth_for_killing)
5078 rtnl_close(f->rth_for_killing);
5079 return ret;
5080}
5081
5082static int get_snmp_int(char *proto, char *key, int *result)
5083{
5084 char buf[1024];
5085 FILE *fp;
5086 int protolen = strlen(proto);
5087 int keylen = strlen(key);
5088
5089 *result = 0;
5090
5091 if ((fp = net_snmp_open()) == NULL)
5092 return -1;
5093
5094 while (fgets(buf, sizeof(buf), fp) != NULL) {
5095 char *p = buf;
5096 int pos = 0;
5097
5098 if (memcmp(buf, proto, protolen))
5099 continue;
5100 while ((p = strchr(p, ' ')) != NULL) {
5101 pos++;
5102 p++;
5103 if (memcmp(p, key, keylen) == 0 &&
5104 (p[keylen] == ' ' || p[keylen] == '\n'))
5105 break;
5106 }
5107 if (fgets(buf, sizeof(buf), fp) == NULL)
5108 break;
5109 if (memcmp(buf, proto, protolen))
5110 break;
5111 p = buf;
5112 while ((p = strchr(p, ' ')) != NULL) {
5113 p++;
5114 if (--pos == 0) {
5115 sscanf(p, "%d", result);
5116 fclose(fp);
5117 return 0;
5118 }
5119 }
5120 }
5121
5122 fclose(fp);
5123 errno = ESRCH;
5124 return -1;
5125}
5126
5127
5128
5129
5130struct ssummary {
5131 int socks;
5132 int tcp_mem;
5133 int tcp_total;
5134 int tcp_orphans;
5135 int tcp_tws;
5136 int tcp4_hashed;
5137 int udp4;
5138 int raw4;
5139 int frag4;
5140 int frag4_mem;
5141 int tcp6_hashed;
5142 int udp6;
5143 int raw6;
5144 int frag6;
5145 int frag6_mem;
5146};
5147
5148static void get_sockstat_line(char *line, struct ssummary *s)
5149{
5150 char id[256], rem[256];
5151
5152 if (sscanf(line, "%[^ ] %[^\n]\n", id, rem) != 2)
5153 return;
5154
5155 if (strcmp(id, "sockets:") == 0)
5156 sscanf(rem, "%*s%d", &s->socks);
5157 else if (strcmp(id, "UDP:") == 0)
5158 sscanf(rem, "%*s%d", &s->udp4);
5159 else if (strcmp(id, "UDP6:") == 0)
5160 sscanf(rem, "%*s%d", &s->udp6);
5161 else if (strcmp(id, "RAW:") == 0)
5162 sscanf(rem, "%*s%d", &s->raw4);
5163 else if (strcmp(id, "RAW6:") == 0)
5164 sscanf(rem, "%*s%d", &s->raw6);
5165 else if (strcmp(id, "TCP6:") == 0)
5166 sscanf(rem, "%*s%d", &s->tcp6_hashed);
5167 else if (strcmp(id, "FRAG:") == 0)
5168 sscanf(rem, "%*s%d%*s%d", &s->frag4, &s->frag4_mem);
5169 else if (strcmp(id, "FRAG6:") == 0)
5170 sscanf(rem, "%*s%d%*s%d", &s->frag6, &s->frag6_mem);
5171 else if (strcmp(id, "TCP:") == 0)
5172 sscanf(rem, "%*s%d%*s%d%*s%d%*s%d%*s%d",
5173 &s->tcp4_hashed,
5174 &s->tcp_orphans, &s->tcp_tws, &s->tcp_total, &s->tcp_mem);
5175}
5176
5177static int get_sockstat(struct ssummary *s)
5178{
5179 char buf[256];
5180 FILE *fp;
5181
5182 memset(s, 0, sizeof(*s));
5183
5184 if ((fp = net_sockstat_open()) == NULL)
5185 return -1;
5186 while (fgets(buf, sizeof(buf), fp) != NULL)
5187 get_sockstat_line(buf, s);
5188 fclose(fp);
5189
5190 if ((fp = net_sockstat6_open()) == NULL)
5191 return 0;
5192 while (fgets(buf, sizeof(buf), fp) != NULL)
5193 get_sockstat_line(buf, s);
5194 fclose(fp);
5195
5196 return 0;
5197}
5198
5199static int print_summary(void)
5200{
5201 struct ssummary s;
5202 int tcp_estab;
5203
5204 if (get_sockstat(&s) < 0)
5205 perror("ss: get_sockstat");
5206 if (get_snmp_int("Tcp:", "CurrEstab", &tcp_estab) < 0)
5207 perror("ss: get_snmpstat");
5208
5209 printf("Total: %d\n", s.socks);
5210
5211 printf("TCP: %d (estab %d, closed %d, orphaned %d, timewait %d)\n",
5212 s.tcp_total + s.tcp_tws, tcp_estab,
5213 s.tcp_total - (s.tcp4_hashed + s.tcp6_hashed - s.tcp_tws),
5214 s.tcp_orphans, s.tcp_tws);
5215
5216 printf("\n");
5217 printf("Transport Total IP IPv6\n");
5218 printf("RAW %-9d %-9d %-9d\n", s.raw4+s.raw6, s.raw4, s.raw6);
5219 printf("UDP %-9d %-9d %-9d\n", s.udp4+s.udp6, s.udp4, s.udp6);
5220 printf("TCP %-9d %-9d %-9d\n", s.tcp4_hashed+s.tcp6_hashed, s.tcp4_hashed, s.tcp6_hashed);
5221 printf("INET %-9d %-9d %-9d\n",
5222 s.raw4+s.udp4+s.tcp4_hashed+
5223 s.raw6+s.udp6+s.tcp6_hashed,
5224 s.raw4+s.udp4+s.tcp4_hashed,
5225 s.raw6+s.udp6+s.tcp6_hashed);
5226 printf("FRAG %-9d %-9d %-9d\n", s.frag4+s.frag6, s.frag4, s.frag6);
5227
5228 printf("\n");
5229
5230 return 0;
5231}
5232
5233static void _usage(FILE *dest)
5234{
5235 fprintf(dest,
5236"Usage: ss [ OPTIONS ]\n"
5237" ss [ OPTIONS ] [ FILTER ]\n"
5238" -h, --help this message\n"
5239" -V, --version output version information\n"
5240" -n, --numeric don't resolve service names\n"
5241" -r, --resolve resolve host names\n"
5242" -a, --all display all sockets\n"
5243" -l, --listening display listening sockets\n"
5244" -o, --options show timer information\n"
5245" -e, --extended show detailed socket information\n"
5246" -m, --memory show socket memory usage\n"
5247" -p, --processes show process using socket\n"
5248" -i, --info show internal TCP information\n"
5249" --tipcinfo show internal tipc socket information\n"
5250" -s, --summary show socket usage summary\n"
5251" --tos show tos and priority information\n"
5252" --cgroup show cgroup information\n"
5253" -b, --bpf show bpf filter socket information\n"
5254" -E, --events continually display sockets as they are destroyed\n"
5255" -Z, --context display process SELinux security contexts\n"
5256" -z, --contexts display process and socket SELinux security contexts\n"
5257" -N, --net switch to the specified network namespace name\n"
5258"\n"
5259" -4, --ipv4 display only IP version 4 sockets\n"
5260" -6, --ipv6 display only IP version 6 sockets\n"
5261" -0, --packet display PACKET sockets\n"
5262" -t, --tcp display only TCP sockets\n"
5263" -M, --mptcp display only MPTCP sockets\n"
5264" -S, --sctp display only SCTP sockets\n"
5265" -u, --udp display only UDP sockets\n"
5266" -d, --dccp display only DCCP sockets\n"
5267" -w, --raw display only RAW sockets\n"
5268" -x, --unix display only Unix domain sockets\n"
5269" --tipc display only TIPC sockets\n"
5270" --vsock display only vsock sockets\n"
5271" -f, --family=FAMILY display sockets of type FAMILY\n"
5272" FAMILY := {inet|inet6|link|unix|netlink|vsock|tipc|xdp|help}\n"
5273"\n"
5274" -K, --kill forcibly close sockets, display what was closed\n"
5275" -H, --no-header Suppress header line\n"
5276" -O, --oneline socket's data printed on a single line\n"
5277" --inet-sockopt show various inet socket options\n"
5278"\n"
5279" -A, --query=QUERY, --socket=QUERY\n"
5280" QUERY := {all|inet|tcp|mptcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram|tipc}[,QUERY]\n"
5281"\n"
5282" -D, --diag=FILE Dump raw information about TCP sockets to FILE\n"
5283" -F, --filter=FILE read filter information from FILE\n"
5284" FILTER := [ state STATE-FILTER ] [ EXPRESSION ]\n"
5285" STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES}\n"
5286" TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listening|closing}\n"
5287" connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}\n"
5288" synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}\n"
5289" bucket := {syn-recv|time-wait}\n"
5290" big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listening|closing}\n"
5291 );
5292}
5293
5294static void help(void) __attribute__((noreturn));
5295static void help(void)
5296{
5297 _usage(stdout);
5298 exit(0);
5299}
5300
5301static void usage(void) __attribute__((noreturn));
5302static void usage(void)
5303{
5304 _usage(stderr);
5305 exit(-1);
5306}
5307
5308
5309static int scan_state(const char *state)
5310{
5311 static const char * const sstate_namel[] = {
5312 "UNKNOWN",
5313 [SS_ESTABLISHED] = "established",
5314 [SS_SYN_SENT] = "syn-sent",
5315 [SS_SYN_RECV] = "syn-recv",
5316 [SS_FIN_WAIT1] = "fin-wait-1",
5317 [SS_FIN_WAIT2] = "fin-wait-2",
5318 [SS_TIME_WAIT] = "time-wait",
5319 [SS_CLOSE] = "unconnected",
5320 [SS_CLOSE_WAIT] = "close-wait",
5321 [SS_LAST_ACK] = "last-ack",
5322 [SS_LISTEN] = "listening",
5323 [SS_CLOSING] = "closing",
5324 };
5325 int i;
5326
5327 if (strcasecmp(state, "close") == 0 ||
5328 strcasecmp(state, "closed") == 0)
5329 return (1<<SS_CLOSE);
5330 if (strcasecmp(state, "syn-rcv") == 0)
5331 return (1<<SS_SYN_RECV);
5332 if (strcasecmp(state, "established") == 0)
5333 return (1<<SS_ESTABLISHED);
5334 if (strcasecmp(state, "all") == 0)
5335 return SS_ALL;
5336 if (strcasecmp(state, "connected") == 0)
5337 return SS_ALL & ~((1<<SS_CLOSE)|(1<<SS_LISTEN));
5338 if (strcasecmp(state, "synchronized") == 0)
5339 return SS_ALL & ~((1<<SS_CLOSE)|(1<<SS_LISTEN)|(1<<SS_SYN_SENT));
5340 if (strcasecmp(state, "bucket") == 0)
5341 return (1<<SS_SYN_RECV)|(1<<SS_TIME_WAIT);
5342 if (strcasecmp(state, "big") == 0)
5343 return SS_ALL & ~((1<<SS_SYN_RECV)|(1<<SS_TIME_WAIT));
5344 for (i = 0; i < SS_MAX; i++) {
5345 if (strcasecmp(state, sstate_namel[i]) == 0)
5346 return (1<<i);
5347 }
5348
5349 fprintf(stderr, "ss: wrong state name: %s\n", state);
5350 exit(-1);
5351}
5352
5353
5354#define OPT_VSOCK 256
5355
5356
5357#define OPT_TIPCSOCK 257
5358#define OPT_TIPCINFO 258
5359
5360#define OPT_TOS 259
5361
5362
5363#define OPT_XDPSOCK 260
5364
5365#define OPT_CGROUP 261
5366
5367#define OPT_INET_SOCKOPT 262
5368
5369static const struct option long_opts[] = {
5370 { "numeric", 0, 0, 'n' },
5371 { "resolve", 0, 0, 'r' },
5372 { "options", 0, 0, 'o' },
5373 { "extended", 0, 0, 'e' },
5374 { "memory", 0, 0, 'm' },
5375 { "info", 0, 0, 'i' },
5376 { "processes", 0, 0, 'p' },
5377 { "bpf", 0, 0, 'b' },
5378 { "events", 0, 0, 'E' },
5379 { "dccp", 0, 0, 'd' },
5380 { "tcp", 0, 0, 't' },
5381 { "sctp", 0, 0, 'S' },
5382 { "udp", 0, 0, 'u' },
5383 { "raw", 0, 0, 'w' },
5384 { "unix", 0, 0, 'x' },
5385 { "tipc", 0, 0, OPT_TIPCSOCK},
5386 { "vsock", 0, 0, OPT_VSOCK },
5387 { "all", 0, 0, 'a' },
5388 { "listening", 0, 0, 'l' },
5389 { "ipv4", 0, 0, '4' },
5390 { "ipv6", 0, 0, '6' },
5391 { "packet", 0, 0, '0' },
5392 { "family", 1, 0, 'f' },
5393 { "socket", 1, 0, 'A' },
5394 { "query", 1, 0, 'A' },
5395 { "summary", 0, 0, 's' },
5396 { "diag", 1, 0, 'D' },
5397 { "filter", 1, 0, 'F' },
5398 { "version", 0, 0, 'V' },
5399 { "help", 0, 0, 'h' },
5400 { "context", 0, 0, 'Z' },
5401 { "contexts", 0, 0, 'z' },
5402 { "net", 1, 0, 'N' },
5403 { "tipcinfo", 0, 0, OPT_TIPCINFO},
5404 { "tos", 0, 0, OPT_TOS },
5405 { "cgroup", 0, 0, OPT_CGROUP },
5406 { "kill", 0, 0, 'K' },
5407 { "no-header", 0, 0, 'H' },
5408 { "xdp", 0, 0, OPT_XDPSOCK},
5409 { "mptcp", 0, 0, 'M' },
5410 { "oneline", 0, 0, 'O' },
5411 { "inet-sockopt", 0, 0, OPT_INET_SOCKOPT },
5412 { 0 }
5413
5414};
5415
5416int main(int argc, char *argv[])
5417{
5418 int saw_states = 0;
5419 int saw_query = 0;
5420 int do_summary = 0;
5421 const char *dump_tcpdiag = NULL;
5422 FILE *filter_fp = NULL;
5423 int ch;
5424 int state_filter = 0;
5425
5426 while ((ch = getopt_long(argc, argv,
5427 "dhaletuwxnro460spbEf:mMiA:D:F:vVzZN:KHSO",
5428 long_opts, NULL)) != EOF) {
5429 switch (ch) {
5430 case 'n':
5431 numeric = 1;
5432 break;
5433 case 'r':
5434 resolve_hosts = 1;
5435 break;
5436 case 'o':
5437 show_options = 1;
5438 break;
5439 case 'e':
5440 show_options = 1;
5441 show_details++;
5442 break;
5443 case 'm':
5444 show_mem = 1;
5445 break;
5446 case 'i':
5447 show_tcpinfo = 1;
5448 break;
5449 case 'p':
5450 show_users++;
5451 user_ent_hash_build();
5452 break;
5453 case 'b':
5454 show_options = 1;
5455 show_bpf++;
5456 break;
5457 case 'E':
5458 follow_events = 1;
5459 break;
5460 case 'd':
5461 filter_db_set(¤t_filter, DCCP_DB, true);
5462 break;
5463 case 't':
5464 filter_db_set(¤t_filter, TCP_DB, true);
5465 break;
5466 case 'S':
5467 filter_db_set(¤t_filter, SCTP_DB, true);
5468 break;
5469 case 'u':
5470 filter_db_set(¤t_filter, UDP_DB, true);
5471 break;
5472 case 'w':
5473 filter_db_set(¤t_filter, RAW_DB, true);
5474 break;
5475 case 'x':
5476 filter_af_set(¤t_filter, AF_UNIX);
5477 break;
5478 case OPT_VSOCK:
5479 filter_af_set(¤t_filter, AF_VSOCK);
5480 break;
5481 case OPT_TIPCSOCK:
5482 filter_af_set(¤t_filter, AF_TIPC);
5483 break;
5484 case 'a':
5485 state_filter = SS_ALL;
5486 break;
5487 case 'l':
5488 state_filter = (1 << SS_LISTEN) | (1 << SS_CLOSE);
5489 break;
5490 case '4':
5491 filter_af_set(¤t_filter, AF_INET);
5492 break;
5493 case '6':
5494 filter_af_set(¤t_filter, AF_INET6);
5495 break;
5496 case '0':
5497 filter_af_set(¤t_filter, AF_PACKET);
5498 break;
5499 case OPT_XDPSOCK:
5500 filter_af_set(¤t_filter, AF_XDP);
5501 break;
5502 case 'M':
5503 filter_db_set(¤t_filter, MPTCP_DB, true);
5504 break;
5505 case 'f':
5506 if (strcmp(optarg, "inet") == 0)
5507 filter_af_set(¤t_filter, AF_INET);
5508 else if (strcmp(optarg, "inet6") == 0)
5509 filter_af_set(¤t_filter, AF_INET6);
5510 else if (strcmp(optarg, "link") == 0)
5511 filter_af_set(¤t_filter, AF_PACKET);
5512 else if (strcmp(optarg, "unix") == 0)
5513 filter_af_set(¤t_filter, AF_UNIX);
5514 else if (strcmp(optarg, "netlink") == 0)
5515 filter_af_set(¤t_filter, AF_NETLINK);
5516 else if (strcmp(optarg, "tipc") == 0)
5517 filter_af_set(¤t_filter, AF_TIPC);
5518 else if (strcmp(optarg, "vsock") == 0)
5519 filter_af_set(¤t_filter, AF_VSOCK);
5520 else if (strcmp(optarg, "xdp") == 0)
5521 filter_af_set(¤t_filter, AF_XDP);
5522 else if (strcmp(optarg, "help") == 0)
5523 help();
5524 else {
5525 fprintf(stderr, "ss: \"%s\" is invalid family\n",
5526 optarg);
5527 usage();
5528 }
5529 break;
5530 case 'A':
5531 {
5532 char *p, *p1;
5533
5534 if (!saw_query) {
5535 current_filter.dbs = 0;
5536 state_filter = state_filter ?
5537 state_filter : SS_CONN;
5538 saw_query = 1;
5539 do_default = 0;
5540 }
5541 p = p1 = optarg;
5542 do {
5543 if ((p1 = strchr(p, ',')) != NULL)
5544 *p1 = 0;
5545 if (filter_db_parse(¤t_filter, p)) {
5546 fprintf(stderr, "ss: \"%s\" is illegal socket table id\n", p);
5547 usage();
5548 }
5549 p = p1 + 1;
5550 } while (p1);
5551 break;
5552 }
5553 case 's':
5554 do_summary = 1;
5555 break;
5556 case 'D':
5557 dump_tcpdiag = optarg;
5558 break;
5559 case 'F':
5560 if (filter_fp) {
5561 fprintf(stderr, "More than one filter file\n");
5562 exit(-1);
5563 }
5564 if (optarg[0] == '-')
5565 filter_fp = stdin;
5566 else
5567 filter_fp = fopen(optarg, "r");
5568 if (!filter_fp) {
5569 perror("fopen filter file");
5570 exit(-1);
5571 }
5572 break;
5573 case 'v':
5574 case 'V':
5575 printf("ss utility, iproute2-%s\n", version);
5576 exit(0);
5577 case 'z':
5578 show_sock_ctx++;
5579
5580 case 'Z':
5581 if (is_selinux_enabled() <= 0) {
5582 fprintf(stderr, "ss: SELinux is not enabled.\n");
5583 exit(1);
5584 }
5585 show_proc_ctx++;
5586 user_ent_hash_build();
5587 break;
5588 case 'N':
5589 if (netns_switch(optarg))
5590 exit(1);
5591 break;
5592 case OPT_TIPCINFO:
5593 show_tipcinfo = 1;
5594 break;
5595 case OPT_TOS:
5596 show_tos = 1;
5597 break;
5598 case OPT_CGROUP:
5599 show_cgroup = 1;
5600 break;
5601 case 'K':
5602 current_filter.kill = 1;
5603 break;
5604 case 'H':
5605 show_header = 0;
5606 break;
5607 case 'O':
5608 oneline = 1;
5609 break;
5610 case OPT_INET_SOCKOPT:
5611 show_inet_sockopt = 1;
5612 break;
5613 case 'h':
5614 help();
5615 case '?':
5616 default:
5617 usage();
5618 }
5619 }
5620
5621 argc -= optind;
5622 argv += optind;
5623
5624 if (do_summary) {
5625 print_summary();
5626 if (do_default && argc == 0)
5627 exit(0);
5628 }
5629
5630 while (argc > 0) {
5631 if (strcmp(*argv, "state") == 0) {
5632 NEXT_ARG();
5633 if (!saw_states)
5634 state_filter = 0;
5635 state_filter |= scan_state(*argv);
5636 saw_states = 1;
5637 } else if (strcmp(*argv, "exclude") == 0 ||
5638 strcmp(*argv, "excl") == 0) {
5639 NEXT_ARG();
5640 if (!saw_states)
5641 state_filter = SS_ALL;
5642 state_filter &= ~scan_state(*argv);
5643 saw_states = 1;
5644 } else {
5645 break;
5646 }
5647 argc--; argv++;
5648 }
5649
5650 if (do_default) {
5651 state_filter = state_filter ? state_filter : SS_CONN;
5652 filter_db_parse(¤t_filter, "all");
5653 }
5654
5655 filter_states_set(¤t_filter, state_filter);
5656 filter_merge_defaults(¤t_filter);
5657
5658 if (!numeric && resolve_hosts &&
5659 (current_filter.dbs & (UNIX_DBM|INET_L4_DBM)))
5660 init_service_resolver();
5661
5662 if (current_filter.dbs == 0) {
5663 fprintf(stderr, "ss: no socket tables to show with such filter.\n");
5664 exit(0);
5665 }
5666 if (current_filter.families == 0) {
5667 fprintf(stderr, "ss: no families to show with such filter.\n");
5668 exit(0);
5669 }
5670 if (current_filter.states == 0) {
5671 fprintf(stderr, "ss: no socket states to show with such filter.\n");
5672 exit(0);
5673 }
5674
5675 if (dump_tcpdiag) {
5676 FILE *dump_fp = stdout;
5677
5678 if (!(current_filter.dbs & (1<<TCP_DB))) {
5679 fprintf(stderr, "ss: tcpdiag dump requested and no tcp in filter.\n");
5680 exit(0);
5681 }
5682 if (dump_tcpdiag[0] != '-') {
5683 dump_fp = fopen(dump_tcpdiag, "w");
5684 if (!dump_tcpdiag) {
5685 perror("fopen dump file");
5686 exit(-1);
5687 }
5688 }
5689 inet_show_netlink(¤t_filter, dump_fp, IPPROTO_TCP);
5690 fflush(dump_fp);
5691 exit(0);
5692 }
5693
5694 if (ssfilter_parse(¤t_filter.f, argc, argv, filter_fp))
5695 usage();
5696
5697 if (!(current_filter.dbs & (current_filter.dbs - 1)))
5698 columns[COL_NETID].disabled = 1;
5699
5700 if (!(current_filter.states & (current_filter.states - 1)))
5701 columns[COL_STATE].disabled = 1;
5702
5703 if (show_header)
5704 print_header();
5705
5706 fflush(stdout);
5707
5708 if (follow_events)
5709 exit(handle_follow_request(¤t_filter));
5710
5711 if (current_filter.dbs & (1<<NETLINK_DB))
5712 netlink_show(¤t_filter);
5713 if (current_filter.dbs & PACKET_DBM)
5714 packet_show(¤t_filter);
5715 if (current_filter.dbs & UNIX_DBM)
5716 unix_show(¤t_filter);
5717 if (current_filter.dbs & (1<<RAW_DB))
5718 raw_show(¤t_filter);
5719 if (current_filter.dbs & (1<<UDP_DB))
5720 udp_show(¤t_filter);
5721 if (current_filter.dbs & (1<<TCP_DB))
5722 tcp_show(¤t_filter);
5723 if (current_filter.dbs & (1<<DCCP_DB))
5724 dccp_show(¤t_filter);
5725 if (current_filter.dbs & (1<<SCTP_DB))
5726 sctp_show(¤t_filter);
5727 if (current_filter.dbs & VSOCK_DBM)
5728 vsock_show(¤t_filter);
5729 if (current_filter.dbs & (1<<TIPC_DB))
5730 tipc_show(¤t_filter);
5731 if (current_filter.dbs & (1<<XDP_DB))
5732 xdp_show(¤t_filter);
5733 if (current_filter.dbs & (1<<MPTCP_DB))
5734 mptcp_show(¤t_filter);
5735
5736 if (show_users || show_proc_ctx || show_sock_ctx)
5737 user_ent_destroy();
5738
5739 render();
5740
5741 return 0;
5742}
5743
