1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2002 Dag-Erling Smørgrav
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer
12 * in this position and unchanged.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include <sys/param.h>
32 #include <sys/file.h>
33 #include <sys/socket.h>
34 #include <sys/socketvar.h>
35 #include <sys/sysctl.h>
36 #include <sys/jail.h>
37 #include <sys/user.h>
38 #include <sys/queue.h>
39 #include <sys/tree.h>
40
41 #include <sys/un.h>
42 #include <sys/unpcb.h>
43
44 #include <net/route.h>
45
46 #include <netinet/in.h>
47 #include <netinet/in_pcb.h>
48 #include <netinet/sctp.h>
49 #include <netinet/tcp.h>
50 #define TCPSTATES /* load state names */
51 #include <netinet/tcp_fsm.h>
52 #include <netinet/tcp_seq.h>
53 #include <netinet/tcp_var.h>
54 #include <netinet/tcp_log_buf.h>
55 #include <arpa/inet.h>
56
57 #include <capsicum_helpers.h>
58 #include <errno.h>
59 #include <inttypes.h>
60 #include <jail.h>
61 #include <pwd.h>
62 #include <stdarg.h>
63 #include <stdbool.h>
64 #include <stdio.h>
65 #include <stdlib.h>
66 #include <string.h>
67 #include <unistd.h>
68 #include <libxo/xo.h>
69
70 #include <libcasper.h>
71 #include <casper/cap_net.h>
72 #include <casper/cap_netdb.h>
73 #include <casper/cap_pwd.h>
74 #include <casper/cap_sysctl.h>
75
76 #include "sockstat.h"
77
78 #define SOCKSTAT_XO_VERSION "1"
79 #define sstosin(ss) ((struct sockaddr_in *)(ss))
80 #define sstosin6(ss) ((struct sockaddr_in6 *)(ss))
81 #define sstosun(ss) ((struct sockaddr_un *)(ss))
82 #define sstosa(ss) ((struct sockaddr *)(ss))
83
84 static bool opt_4; /* Show IPv4 sockets */
85 static bool opt_6; /* Show IPv6 sockets */
86 static bool opt_A; /* Show kernel address of pcb */
87 static bool opt_b; /* Show BBLog state */
88 static bool opt_C; /* Show congestion control */
89 static bool opt_c; /* Show connected sockets */
90 static bool opt_F; /* Show sockets for selected user only */
91 static bool opt_f; /* Show FIB numbers */
92 static bool opt_I; /* Show spliced socket addresses */
93 static bool opt_i; /* Show inp_gencnt */
94 static int opt_j; /* Show specified jail */
95 static bool opt_L; /* Don't show IPv4 or IPv6 loopback sockets */
96 static bool opt_l; /* Show listening sockets */
97 static bool opt_n; /* Don't resolve UIDs to user names */
98 static bool opt_q; /* Don't show header */
99 static bool opt_S; /* Show protocol stack if applicable */
100 static bool opt_s; /* Show protocol state if applicable */
101 static bool opt_U; /* Show remote UDP encapsulation port number */
102 static bool opt_u; /* Show Unix domain sockets */
103 static u_int opt_v; /* Verbose mode */
104 static bool opt_w; /* Automatically size the columns */
105 static bool is_xo_style_encoding;
106 static bool show_path_state = false;
107
108 /*
109 * Protocols that we support.
110 */
111 enum sockstatproto {
112 SCTP = 0, TCP, UDP, UDPLITE, DIVERT, STREAM, DGRAM, SEQPACK
113 };
114 struct proto;
115 typedef void gather_func_t(struct proto *);
116 static gather_func_t gather_sctp, gather_inet, gather_unix;
117 static struct proto {
118 gather_func_t *gather;
119 const char *name;
120 const char *pcblist;
121 bool disabled;
122 } protos[] = {
123 [SCTP] = {
124 .name = "sctp",
125 .gather = gather_sctp,
126 .pcblist = "net.inet.sctp.assoclist",
127 },
128 [TCP] = {
129 .name = "tcp",
130 .gather = gather_inet,
131 .pcblist = "net.inet.tcp.pcblist",
132 },
133 [UDP] = {
134 .name = "udp",
135 .gather = gather_inet,
136 .pcblist = "net.inet.udp.pcblist",
137 },
138 [UDPLITE] = {
139 .name = "udplite",
140 .gather = gather_inet,
141 .pcblist = "net.inet.udplite.pcblist",
142 },
143 [DIVERT] = {
144 .name = "divert",
145 .gather = gather_inet,
146 .pcblist = "net.inet.divert.pcblist",
147 },
148 [STREAM] = {
149 .name = "unix/stream",
150 .gather = gather_unix,
151 .pcblist = "net.local.stream.pcblist",
152 },
153 [DGRAM] = {
154 .name = "unix/dgram",
155 .gather = gather_unix,
156 .pcblist = "net.local.dgram.pcblist",
157 },
158 [SEQPACK] = {
159 .name = "unix/seqpack",
160 .gather = gather_unix,
161 .pcblist = "net.local.seqpacket.pcblist",
162 },
163 };
164
165 /*
166 * Show sockets for user username or UID specified
167 */
168 static char *filter_user_optarg = NULL; /* saved optarg for username/UID resolving */
169 static uid_t filter_user_uid; /* UID to show sockets for */
170
171 struct addr {
172 union {
173 struct sockaddr_storage address;
174 struct { /* unix(4) faddr */
175 kvaddr_t conn;
176 kvaddr_t firstref;
177 kvaddr_t nextref;
178 };
179 };
180 unsigned int encaps_port;
181 int state;
182 struct addr *next;
183 };
184
185 struct sock {
186 union {
187 RB_ENTRY(sock) socket_tree; /* tree of pcbs with socket */
188 SLIST_ENTRY(sock) socket_list; /* list of pcbs w/o socket */
189 };
190 RB_ENTRY(sock) pcb_tree;
191 kvaddr_t socket;
192 kvaddr_t pcb;
193 kvaddr_t splice_socket;
194 uint64_t inp_gencnt;
195 int shown;
196 int vflag;
197 int family;
198 int state;
199 int fibnum;
200 int bblog_state;
201 const struct proto *proto;
202 const char *protoname;
203 char stack[TCP_FUNCTION_NAME_LEN_MAX];
204 char cc[TCP_CA_NAME_MAX];
205 struct addr *laddr;
206 struct addr *faddr;
207 };
208
209 static RB_HEAD(socks_t, sock) socks = RB_INITIALIZER(&socks);
210 static int64_t
socket_compare(const struct sock * a,const struct sock * b)211 socket_compare(const struct sock *a, const struct sock *b)
212 {
213 return ((int64_t)(a->socket/2 - b->socket/2));
214 }
215 RB_GENERATE_STATIC(socks_t, sock, socket_tree, socket_compare);
216
217 static RB_HEAD(pcbs_t, sock) pcbs = RB_INITIALIZER(&pcbs);
218 static int64_t
pcb_compare(const struct sock * a,const struct sock * b)219 pcb_compare(const struct sock *a, const struct sock *b)
220 {
221 return ((int64_t)(a->pcb/2 - b->pcb/2));
222 }
223 RB_GENERATE_STATIC(pcbs_t, sock, pcb_tree, pcb_compare);
224
225 static SLIST_HEAD(, sock) nosocks = SLIST_HEAD_INITIALIZER(&nosocks);
226
227 struct file {
228 RB_ENTRY(file) file_tree;
229 kvaddr_t xf_data;
230 pid_t xf_pid;
231 uid_t xf_uid;
232 int xf_fd;
233 };
234
235 static RB_HEAD(files_t, file) ftree = RB_INITIALIZER(&ftree);
236 static int64_t
file_compare(const struct file * a,const struct file * b)237 file_compare(const struct file *a, const struct file *b)
238 {
239 return ((int64_t)(a->xf_data/2 - b->xf_data/2));
240 }
241 RB_GENERATE_STATIC(files_t, file, file_tree, file_compare);
242
243 static struct file *files;
244 static int nfiles;
245
246 static cap_channel_t *capnet;
247 static cap_channel_t *capnetdb;
248 static cap_channel_t *capsysctl;
249 static cap_channel_t *cappwd;
250
251 static bool
_check_ksize(size_t received_size,size_t expected_size,const char * struct_name)252 _check_ksize(size_t received_size, size_t expected_size, const char *struct_name)
253 {
254 if (received_size != expected_size) {
255 xo_warnx("%s size mismatch: expected %zd, received %zd",
256 struct_name, expected_size, received_size);
257 return false;
258 }
259 return true;
260 }
261 #define check_ksize(_sz, _struct) (_check_ksize(_sz, sizeof(_struct), #_struct))
262
263 static void
_enforce_ksize(size_t received_size,size_t expected_size,const char * struct_name)264 _enforce_ksize(size_t received_size, size_t expected_size, const char *struct_name)
265 {
266 if (received_size != expected_size) {
267 xo_errx(1, "fatal: struct %s size mismatch: expected %zd, received %zd",
268 struct_name, expected_size, received_size);
269 }
270 }
271 #define enforce_ksize(_sz, _struct) (_enforce_ksize(_sz, sizeof(_struct), #_struct))
272
273 static inline bool
filtered_uid(uid_t i_uid)274 filtered_uid(uid_t i_uid)
275 {
276 return ((i_uid) == filter_user_uid);
277 }
278
279 static inline bool
need_nosocks(void)280 need_nosocks(void)
281 {
282 return !(opt_F || (opt_j >= 0));
283 }
284
285 static void
parse_protos(char * protospec)286 parse_protos(char *protospec)
287 {
288 char *prot;
289 u_int i;
290
291 for (i = 0; i < nitems(protos); i++)
292 protos[i].disabled = true;
293
294 while ((prot = strsep(&protospec, ",")) != NULL) {
295 if (strlen(prot) == 0)
296 continue;
297 for (i = 0; i < nitems(protos); i++)
298 if (strcmp(prot, protos[i].name) == 0) {
299 protos[i].disabled = false;
300 break;
301 }
302 if (i == nitems(protos))
303 xo_errx(1, "protocol %s not supported", prot);
304 }
305 }
306
307 static void
sockaddr(struct sockaddr_storage * ss,int af,void * addr,int port)308 sockaddr(struct sockaddr_storage *ss, int af, void *addr, int port)
309 {
310 struct sockaddr_in *sin4;
311 struct sockaddr_in6 *sin6;
312
313 bzero(ss, sizeof(*ss));
314 switch (af) {
315 case AF_INET:
316 sin4 = sstosin(ss);
317 sin4->sin_len = sizeof(*sin4);
318 sin4->sin_family = af;
319 sin4->sin_port = port;
320 sin4->sin_addr = *(struct in_addr *)addr;
321 break;
322 case AF_INET6:
323 sin6 = sstosin6(ss);
324 sin6->sin6_len = sizeof(*sin6);
325 sin6->sin6_family = af;
326 sin6->sin6_port = port;
327 sin6->sin6_addr = *(struct in6_addr *)addr;
328 #define s6_addr16 __u6_addr.__u6_addr16
329 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
330 sin6->sin6_scope_id =
331 ntohs(sin6->sin6_addr.s6_addr16[1]);
332 sin6->sin6_addr.s6_addr16[1] = 0;
333 }
334 break;
335 default:
336 abort();
337 }
338 }
339
340 static void
free_socket(struct sock * sock)341 free_socket(struct sock *sock)
342 {
343 struct addr *cur, *next;
344
345 cur = sock->laddr;
346 while (cur != NULL) {
347 next = cur->next;
348 free(cur);
349 cur = next;
350 }
351 cur = sock->faddr;
352 while (cur != NULL) {
353 next = cur->next;
354 free(cur);
355 cur = next;
356 }
357 free(sock);
358 }
359
360 static void
gather_sctp(struct proto * proto)361 gather_sctp(struct proto *proto)
362 {
363 struct sock *sock;
364 struct addr *laddr, *prev_laddr, *faddr, *prev_faddr;
365 struct xsctp_inpcb *xinpcb;
366 struct xsctp_tcb *xstcb;
367 struct xsctp_raddr *xraddr;
368 struct xsctp_laddr *xladdr;
369 size_t len, offset;
370 char *buf;
371 int vflag;
372 int no_stcb, local_all_loopback, foreign_all_loopback;
373
374 vflag = 0;
375 if (opt_4)
376 vflag |= INP_IPV4;
377 if (opt_6)
378 vflag |= INP_IPV6;
379
380 if (cap_sysctlbyname(capsysctl, proto->pcblist, 0, &len, 0, 0) < 0) {
381 if (errno != ENOENT)
382 xo_err(1, "cap_sysctlbyname()");
383 return;
384 }
385 if ((buf = (char *)malloc(len)) == NULL) {
386 xo_err(1, "malloc()");
387 return;
388 }
389 if (cap_sysctlbyname(capsysctl, proto->pcblist, buf, &len, 0, 0) < 0) {
390 xo_err(1, "cap_sysctlbyname()");
391 free(buf);
392 return;
393 }
394 xinpcb = (struct xsctp_inpcb *)(void *)buf;
395 offset = sizeof(struct xsctp_inpcb);
396 while ((offset < len) && (xinpcb->last == 0)) {
397 if ((sock = calloc(1, sizeof *sock)) == NULL)
398 xo_err(1, "malloc()");
399 sock->socket = xinpcb->socket;
400 sock->proto = proto;
401 if (xinpcb->maxqlen == 0)
402 sock->state = SCTP_CLOSED;
403 else
404 sock->state = SCTP_LISTEN;
405 if (xinpcb->flags & SCTP_PCB_FLAGS_BOUND_V6) {
406 sock->family = AF_INET6;
407 /*
408 * Currently there is no way to distinguish between
409 * IPv6 only sockets or dual family sockets.
410 * So mark it as dual socket.
411 */
412 sock->vflag = INP_IPV6 | INP_IPV4;
413 } else {
414 sock->family = AF_INET;
415 sock->vflag = INP_IPV4;
416 }
417 prev_laddr = NULL;
418 local_all_loopback = 1;
419 while (offset < len) {
420 xladdr = (struct xsctp_laddr *)(void *)(buf + offset);
421 offset += sizeof(struct xsctp_laddr);
422 if (xladdr->last == 1)
423 break;
424 if ((laddr = calloc(1, sizeof(struct addr))) == NULL)
425 xo_err(1, "malloc()");
426 switch (xladdr->address.sa.sa_family) {
427 case AF_INET:
428 #define __IN_IS_ADDR_LOOPBACK(pina) \
429 ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
430 if (!__IN_IS_ADDR_LOOPBACK(
431 &xladdr->address.sin.sin_addr))
432 local_all_loopback = 0;
433 #undef __IN_IS_ADDR_LOOPBACK
434 sockaddr(&laddr->address, AF_INET,
435 &xladdr->address.sin.sin_addr,
436 htons(xinpcb->local_port));
437 break;
438 case AF_INET6:
439 if (!IN6_IS_ADDR_LOOPBACK(
440 &xladdr->address.sin6.sin6_addr))
441 local_all_loopback = 0;
442 sockaddr(&laddr->address, AF_INET6,
443 &xladdr->address.sin6.sin6_addr,
444 htons(xinpcb->local_port));
445 break;
446 default:
447 xo_errx(1, "address family %d not supported",
448 xladdr->address.sa.sa_family);
449 }
450 laddr->next = NULL;
451 if (prev_laddr == NULL)
452 sock->laddr = laddr;
453 else
454 prev_laddr->next = laddr;
455 prev_laddr = laddr;
456 }
457 if (sock->laddr == NULL) {
458 if ((sock->laddr =
459 calloc(1, sizeof(struct addr))) == NULL)
460 xo_err(1, "malloc()");
461 sock->laddr->address.ss_family = sock->family;
462 if (sock->family == AF_INET)
463 sock->laddr->address.ss_len =
464 sizeof(struct sockaddr_in);
465 else
466 sock->laddr->address.ss_len =
467 sizeof(struct sockaddr_in6);
468 local_all_loopback = 0;
469 }
470 if ((sock->faddr = calloc(1, sizeof(struct addr))) == NULL)
471 xo_err(1, "malloc()");
472 sock->faddr->address.ss_family = sock->family;
473 if (sock->family == AF_INET)
474 sock->faddr->address.ss_len =
475 sizeof(struct sockaddr_in);
476 else
477 sock->faddr->address.ss_len =
478 sizeof(struct sockaddr_in6);
479 no_stcb = 1;
480 while (offset < len) {
481 xstcb = (struct xsctp_tcb *)(void *)(buf + offset);
482 offset += sizeof(struct xsctp_tcb);
483 if (no_stcb) {
484 if (opt_l && (sock->vflag & vflag) &&
485 (!opt_L || !local_all_loopback) &&
486 ((xinpcb->flags & SCTP_PCB_FLAGS_UDPTYPE) ||
487 (xstcb->last == 1))) {
488 RB_INSERT(socks_t, &socks, sock);
489 } else {
490 free_socket(sock);
491 }
492 }
493 if (xstcb->last == 1)
494 break;
495 no_stcb = 0;
496 if (opt_c) {
497 if ((sock = calloc(1, sizeof *sock)) == NULL)
498 xo_err(1, "malloc()");
499 sock->socket = xinpcb->socket;
500 sock->proto = proto;
501 sock->state = (int)xstcb->state;
502 if (xinpcb->flags & SCTP_PCB_FLAGS_BOUND_V6) {
503 sock->family = AF_INET6;
504 /*
505 * Currently there is no way to distinguish
506 * between IPv6 only sockets or dual family
507 * sockets. So mark it as dual socket.
508 */
509 sock->vflag = INP_IPV6 | INP_IPV4;
510 } else {
511 sock->family = AF_INET;
512 sock->vflag = INP_IPV4;
513 }
514 }
515 prev_laddr = NULL;
516 local_all_loopback = 1;
517 while (offset < len) {
518 xladdr = (struct xsctp_laddr *)(void *)(buf +
519 offset);
520 offset += sizeof(struct xsctp_laddr);
521 if (xladdr->last == 1)
522 break;
523 if (!opt_c)
524 continue;
525 laddr = calloc(1, sizeof(struct addr));
526 if (laddr == NULL)
527 xo_err(1, "malloc()");
528 switch (xladdr->address.sa.sa_family) {
529 case AF_INET:
530 #define __IN_IS_ADDR_LOOPBACK(pina) \
531 ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
532 if (!__IN_IS_ADDR_LOOPBACK(
533 &xladdr->address.sin.sin_addr))
534 local_all_loopback = 0;
535 #undef __IN_IS_ADDR_LOOPBACK
536 sockaddr(&laddr->address, AF_INET,
537 &xladdr->address.sin.sin_addr,
538 htons(xstcb->local_port));
539 break;
540 case AF_INET6:
541 if (!IN6_IS_ADDR_LOOPBACK(
542 &xladdr->address.sin6.sin6_addr))
543 local_all_loopback = 0;
544 sockaddr(&laddr->address, AF_INET6,
545 &xladdr->address.sin6.sin6_addr,
546 htons(xstcb->local_port));
547 break;
548 default:
549 xo_errx(1,
550 "address family %d not supported",
551 xladdr->address.sa.sa_family);
552 }
553 laddr->next = NULL;
554 if (prev_laddr == NULL)
555 sock->laddr = laddr;
556 else
557 prev_laddr->next = laddr;
558 prev_laddr = laddr;
559 }
560 prev_faddr = NULL;
561 foreign_all_loopback = 1;
562 while (offset < len) {
563 xraddr = (struct xsctp_raddr *)(void *)(buf +
564 offset);
565 offset += sizeof(struct xsctp_raddr);
566 if (xraddr->last == 1)
567 break;
568 if (!opt_c)
569 continue;
570 faddr = calloc(1, sizeof(struct addr));
571 if (faddr == NULL)
572 xo_err(1, "malloc()");
573 switch (xraddr->address.sa.sa_family) {
574 case AF_INET:
575 #define __IN_IS_ADDR_LOOPBACK(pina) \
576 ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
577 if (!__IN_IS_ADDR_LOOPBACK(
578 &xraddr->address.sin.sin_addr))
579 foreign_all_loopback = 0;
580 #undef __IN_IS_ADDR_LOOPBACK
581 sockaddr(&faddr->address, AF_INET,
582 &xraddr->address.sin.sin_addr,
583 htons(xstcb->remote_port));
584 break;
585 case AF_INET6:
586 if (!IN6_IS_ADDR_LOOPBACK(
587 &xraddr->address.sin6.sin6_addr))
588 foreign_all_loopback = 0;
589 sockaddr(&faddr->address, AF_INET6,
590 &xraddr->address.sin6.sin6_addr,
591 htons(xstcb->remote_port));
592 break;
593 default:
594 xo_errx(1,
595 "address family %d not supported",
596 xraddr->address.sa.sa_family);
597 }
598 faddr->encaps_port = xraddr->encaps_port;
599 faddr->state = xraddr->state;
600 faddr->next = NULL;
601 if (prev_faddr == NULL)
602 sock->faddr = faddr;
603 else
604 prev_faddr->next = faddr;
605 prev_faddr = faddr;
606 }
607 if (opt_c) {
608 if ((sock->vflag & vflag) &&
609 (!opt_L ||
610 !(local_all_loopback ||
611 foreign_all_loopback))) {
612 RB_INSERT(socks_t, &socks, sock);
613 show_path_state = true;
614 } else {
615 free_socket(sock);
616 }
617 }
618 }
619 xinpcb = (struct xsctp_inpcb *)(void *)(buf + offset);
620 offset += sizeof(struct xsctp_inpcb);
621 }
622 free(buf);
623 }
624
625 static void
gather_inet(struct proto * proto)626 gather_inet(struct proto *proto)
627 {
628 struct xinpgen *xig, *exig;
629 struct xinpcb *xip;
630 struct xtcpcb *xtp = NULL;
631 struct xsocket *so;
632 struct sock *sock;
633 struct addr *laddr, *faddr;
634 const char *protoname = proto->name;
635 size_t len, bufsize;
636 void *buf;
637 int retry, vflag;
638
639 vflag = 0;
640 if (opt_4)
641 vflag |= INP_IPV4;
642 if (opt_6)
643 vflag |= INP_IPV6;
644
645 buf = NULL;
646 bufsize = 8192;
647 retry = 5;
648 do {
649 for (;;) {
650 if ((buf = realloc(buf, bufsize)) == NULL)
651 xo_err(1, "realloc()");
652 len = bufsize;
653 if (cap_sysctlbyname(capsysctl, proto->pcblist, buf,
654 &len, NULL, 0) == 0)
655 break;
656 if (errno == ENOENT)
657 goto out;
658 if (errno != ENOMEM || len != bufsize)
659 xo_err(1, "cap_sysctlbyname()");
660 bufsize *= 2;
661 }
662 xig = (struct xinpgen *)buf;
663 exig = (struct xinpgen *)(void *)
664 ((char *)buf + len - sizeof *exig);
665 enforce_ksize(xig->xig_len, struct xinpgen);
666 enforce_ksize(exig->xig_len, struct xinpgen);
667 } while (xig->xig_gen != exig->xig_gen && retry--);
668
669 if (xig->xig_gen != exig->xig_gen && opt_v)
670 xo_warnx("warning: data may be inconsistent");
671
672 for (;;) {
673 xig = (struct xinpgen *)(void *)((char *)xig + xig->xig_len);
674 if (xig >= exig)
675 break;
676 if (proto == &protos[TCP]) {
677 xtp = (struct xtcpcb *)xig;
678 xip = &xtp->xt_inp;
679 if (!check_ksize(xtp->xt_len, struct xtcpcb))
680 goto out;
681 if (xtp->t_flags & TF_TOE)
682 protoname = "toe";
683 } else {
684 xip = (struct xinpcb *)xig;
685 if (!check_ksize(xip->xi_len, struct xinpcb))
686 goto out;
687 }
688 so = &xip->xi_socket;
689 if ((xip->inp_vflag & vflag) == 0)
690 continue;
691 if (xip->inp_vflag & INP_IPV4) {
692 if ((xip->inp_fport == 0 && !opt_l) ||
693 (xip->inp_fport != 0 && !opt_c))
694 continue;
695 #define __IN_IS_ADDR_LOOPBACK(pina) \
696 ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
697 if (opt_L &&
698 (__IN_IS_ADDR_LOOPBACK(&xip->inp_faddr) ||
699 __IN_IS_ADDR_LOOPBACK(&xip->inp_laddr)))
700 continue;
701 #undef __IN_IS_ADDR_LOOPBACK
702 } else if (xip->inp_vflag & INP_IPV6) {
703 if ((xip->inp_fport == 0 && !opt_l) ||
704 (xip->inp_fport != 0 && !opt_c))
705 continue;
706 if (opt_L &&
707 (IN6_IS_ADDR_LOOPBACK(&xip->in6p_faddr) ||
708 IN6_IS_ADDR_LOOPBACK(&xip->in6p_laddr)))
709 continue;
710 } else {
711 if (opt_v)
712 xo_warnx("invalid vflag 0x%x", xip->inp_vflag);
713 continue;
714 }
715 if ((sock = calloc(1, sizeof(*sock))) == NULL)
716 xo_err(1, "malloc()");
717 if ((laddr = calloc(1, sizeof *laddr)) == NULL)
718 xo_err(1, "malloc()");
719 if ((faddr = calloc(1, sizeof *faddr)) == NULL)
720 xo_err(1, "malloc()");
721 sock->socket = so->xso_so;
722 sock->pcb = so->so_pcb;
723 sock->splice_socket = so->so_splice_so;
724 sock->proto = proto;
725 sock->inp_gencnt = xip->inp_gencnt;
726 sock->fibnum = so->so_fibnum;
727 if (xip->inp_vflag & INP_IPV4) {
728 sock->family = AF_INET;
729 sockaddr(&laddr->address, sock->family,
730 &xip->inp_laddr, xip->inp_lport);
731 sockaddr(&faddr->address, sock->family,
732 &xip->inp_faddr, xip->inp_fport);
733 } else if (xip->inp_vflag & INP_IPV6) {
734 sock->family = AF_INET6;
735 sockaddr(&laddr->address, sock->family,
736 &xip->in6p_laddr, xip->inp_lport);
737 sockaddr(&faddr->address, sock->family,
738 &xip->in6p_faddr, xip->inp_fport);
739 }
740 if (proto == &protos[TCP])
741 faddr->encaps_port = xtp->xt_encaps_port;
742 laddr->next = NULL;
743 faddr->next = NULL;
744 sock->laddr = laddr;
745 sock->faddr = faddr;
746 sock->vflag = xip->inp_vflag;
747 if (proto == &protos[TCP]) {
748 sock->state = xtp->t_state;
749 sock->bblog_state = xtp->t_logstate;
750 memcpy(sock->stack, xtp->xt_stack,
751 TCP_FUNCTION_NAME_LEN_MAX);
752 memcpy(sock->cc, xtp->xt_cc, TCP_CA_NAME_MAX);
753 }
754 sock->protoname = protoname;
755 if (sock->socket != 0)
756 RB_INSERT(socks_t, &socks, sock);
757 else
758 if (need_nosocks())
759 SLIST_INSERT_HEAD(&nosocks, sock, socket_list);
760 }
761 out:
762 free(buf);
763 }
764
765 static void
gather_unix(struct proto * proto)766 gather_unix(struct proto *proto)
767 {
768 struct xunpgen *xug, *exug;
769 struct xunpcb *xup;
770 struct sock *sock;
771 struct addr *laddr, *faddr;
772 const char *protoname;
773 size_t len, bufsize;
774 void *buf;
775 int retry;
776
777 if (proto == &protos[SEQPACK] && is_xo_style_encoding)
778 protoname = "seqpacket";
779 else
780 protoname = strchr(proto->name, '/') + 1;
781
782 buf = NULL;
783 bufsize = 8192;
784 retry = 5;
785 do {
786 for (;;) {
787 if ((buf = realloc(buf, bufsize)) == NULL)
788 xo_err(1, "realloc()");
789 len = bufsize;
790 if (cap_sysctlbyname(capsysctl, proto->pcblist, buf,
791 &len, NULL, 0) == 0)
792 break;
793 if (errno != ENOMEM || len != bufsize)
794 xo_err(1, "cap_sysctlbyname()");
795 bufsize *= 2;
796 }
797 xug = (struct xunpgen *)buf;
798 exug = (struct xunpgen *)(void *)
799 ((char *)buf + len - sizeof(*exug));
800 if (!check_ksize(xug->xug_len, struct xunpgen) ||
801 !check_ksize(exug->xug_len, struct xunpgen))
802 goto out;
803 } while (xug->xug_gen != exug->xug_gen && retry--);
804
805 if (xug->xug_gen != exug->xug_gen && opt_v)
806 xo_warnx("warning: data may be inconsistent");
807
808 for (;;) {
809 xug = (struct xunpgen *)(void *)((char *)xug + xug->xug_len);
810 if (xug >= exug)
811 break;
812 xup = (struct xunpcb *)xug;
813 if (!check_ksize(xup->xu_len, struct xunpcb))
814 goto out;
815 if ((xup->unp_conn == 0 && !opt_l) ||
816 (xup->unp_conn != 0 && !opt_c))
817 continue;
818 if ((sock = calloc(1, sizeof(*sock))) == NULL)
819 xo_err(1, "malloc()");
820 if ((laddr = calloc(1, sizeof *laddr)) == NULL)
821 xo_err(1, "malloc()");
822 if ((faddr = calloc(1, sizeof *faddr)) == NULL)
823 xo_err(1, "malloc()");
824 sock->socket = xup->xu_socket.xso_so;
825 sock->pcb = xup->xu_unpp;
826 sock->proto = proto;
827 sock->family = AF_UNIX;
828 sock->protoname = protoname;
829 if (xup->xu_addr.sun_family == AF_UNIX)
830 laddr->address =
831 *(struct sockaddr_storage *)(void *)&xup->xu_addr;
832 faddr->conn = xup->unp_conn;
833 faddr->firstref = xup->xu_firstref;
834 faddr->nextref = xup->xu_nextref;
835 laddr->next = NULL;
836 faddr->next = NULL;
837 sock->laddr = laddr;
838 sock->faddr = faddr;
839 RB_INSERT(socks_t, &socks, sock);
840 RB_INSERT(pcbs_t, &pcbs, sock);
841 }
842 out:
843 free(buf);
844 }
845
846 static void
getfiles(void)847 getfiles(void)
848 {
849 struct xfile *xfiles;
850 size_t len, olen;
851
852 int filenum = 0;
853
854 olen = len = sizeof(*xfiles);
855 if ((xfiles = malloc(len)) == NULL)
856 xo_err(1, "malloc()");
857 while (cap_sysctlbyname(capsysctl, "kern.file", xfiles, &len, 0, 0)
858 == -1) {
859 if (errno != ENOMEM || len != olen)
860 xo_err(1, "cap_sysctlbyname()");
861 olen = len *= 2;
862 if ((xfiles = realloc(xfiles, len)) == NULL)
863 xo_err(1, "realloc()");
864 }
865 if (len > 0)
866 enforce_ksize(xfiles->xf_size, struct xfile);
867 nfiles = len / sizeof(*xfiles);
868
869 if ((files = malloc(nfiles * sizeof(struct file))) == NULL)
870 xo_err(1, "malloc()");
871
872 /* Fill files structure, optionally for specified user */
873 for (int i = 0; i < nfiles; i++) {
874 if (opt_F && !filtered_uid(xfiles[i].xf_uid))
875 continue;
876 files[filenum].xf_data = xfiles[i].xf_data;
877 files[filenum].xf_pid = xfiles[i].xf_pid;
878 files[filenum].xf_uid = xfiles[i].xf_uid;
879 files[filenum].xf_fd = xfiles[i].xf_fd;
880 RB_INSERT(files_t, &ftree, &files[filenum]);
881 filenum++;
882 }
883
884 /* Adjust global nfiles to match the number of files we
885 * actually filled into files[] array
886 */
887 nfiles = filenum;
888
889 free(xfiles);
890 }
891
892 static int
formataddr(struct sockaddr_storage * ss,char * buf,size_t bufsize)893 formataddr(struct sockaddr_storage *ss, char *buf, size_t bufsize)
894 {
895 struct sockaddr_un *sun;
896 int error, off, port = 0;
897 char addrstr[NI_MAXHOST] = "";
898 bool needs_ipv6_brackets = false;
899
900 switch (ss->ss_family) {
901 case AF_INET:
902 if (sstosin(ss)->sin_addr.s_addr == INADDR_ANY)
903 addrstr[0] = '*';
904 port = ntohs(sstosin(ss)->sin_port);
905 break;
906 case AF_INET6:
907 if (IN6_IS_ADDR_UNSPECIFIED(&sstosin6(ss)->sin6_addr))
908 addrstr[0] = '*';
909 else
910 needs_ipv6_brackets = true;
911 port = ntohs(sstosin6(ss)->sin6_port);
912 break;
913 case AF_UNIX:
914 sun = sstosun(ss);
915 off = (int)((char *)&sun->sun_path - (char *)sun);
916 if (is_xo_style_encoding) {
917 xo_emit("{:path/%.*s}", sun->sun_len - off,
918 sun->sun_path);
919 return (0);
920 }
921 return snprintf(buf, bufsize, "%.*s",
922 sun->sun_len - off, sun->sun_path);
923 }
924 if (addrstr[0] == '\0') {
925 error = cap_getnameinfo(capnet, sstosa(ss), ss->ss_len,
926 addrstr, sizeof(addrstr), NULL, 0, NI_NUMERICHOST);
927 if (error)
928 xo_errx(1, "cap_getnameinfo()");
929 }
930 if (is_xo_style_encoding) {
931 xo_emit("{:address/%s}", addrstr);
932 xo_emit("{:port/%d}", port);
933 return (0);
934 }
935 if (needs_ipv6_brackets) {
936 if (port == 0)
937 return (snprintf(buf, bufsize, "[%s]:*", addrstr));
938 return (snprintf(buf, bufsize, "[%s]:%d", addrstr, port));
939 }
940 if (port == 0)
941 return (snprintf(buf, bufsize, "%s:*", addrstr));
942 return (snprintf(buf, bufsize, "%s:%d", addrstr, port));
943 }
944
945 static const char *
getprocname(pid_t pid)946 getprocname(pid_t pid)
947 {
948 static struct kinfo_proc proc;
949 size_t len;
950 int mib[4];
951
952 mib[0] = CTL_KERN;
953 mib[1] = KERN_PROC;
954 mib[2] = KERN_PROC_PID;
955 mib[3] = (int)pid;
956 len = sizeof(proc);
957 if (cap_sysctl(capsysctl, mib, nitems(mib), &proc, &len, NULL, 0)
958 == -1) {
959 /* Do not warn if the process exits before we get its name. */
960 if (errno != ESRCH)
961 xo_warn("cap_sysctl()");
962 return ("??");
963 }
964 return (proc.ki_comm);
965 }
966
967 static int
getprocjid(pid_t pid)968 getprocjid(pid_t pid)
969 {
970 static struct kinfo_proc proc;
971 size_t len;
972 int mib[4];
973
974 mib[0] = CTL_KERN;
975 mib[1] = KERN_PROC;
976 mib[2] = KERN_PROC_PID;
977 mib[3] = (int)pid;
978 len = sizeof(proc);
979 if (cap_sysctl(capsysctl, mib, nitems(mib), &proc, &len, NULL, 0)
980 == -1) {
981 /* Do not warn if the process exits before we get its jid. */
982 if (errno != ESRCH)
983 xo_warn("cap_sysctl()");
984 return (-1);
985 }
986 return (proc.ki_jid);
987 }
988
989 static int
check_ports(struct sock * s)990 check_ports(struct sock *s)
991 {
992 int port;
993 struct addr *addr;
994
995 if (ports == NULL)
996 return (1);
997 if ((s->family != AF_INET) && (s->family != AF_INET6))
998 return (1);
999 for (addr = s->laddr; addr != NULL; addr = addr->next) {
1000 if (s->family == AF_INET)
1001 port = ntohs(sstosin(&addr->address)->sin_port);
1002 else
1003 port = ntohs(sstosin6(&addr->address)->sin6_port);
1004 if (CHK_PORT(port))
1005 return (1);
1006 }
1007 for (addr = s->faddr; addr != NULL; addr = addr->next) {
1008 if (s->family == AF_INET)
1009 port = ntohs(sstosin(&addr->address)->sin_port);
1010 else
1011 port = ntohs(sstosin6(&addr->address)->sin6_port);
1012 if (CHK_PORT(port))
1013 return (1);
1014 }
1015 return (0);
1016 }
1017
1018 static const char *
sctp_conn_state(int state)1019 sctp_conn_state(int state)
1020 {
1021 switch (state) {
1022 case SCTP_CLOSED:
1023 return "CLOSED";
1024 break;
1025 case SCTP_BOUND:
1026 return "BOUND";
1027 break;
1028 case SCTP_LISTEN:
1029 return "LISTEN";
1030 break;
1031 case SCTP_COOKIE_WAIT:
1032 return "COOKIE_WAIT";
1033 break;
1034 case SCTP_COOKIE_ECHOED:
1035 return "COOKIE_ECHOED";
1036 break;
1037 case SCTP_ESTABLISHED:
1038 return "ESTABLISHED";
1039 break;
1040 case SCTP_SHUTDOWN_SENT:
1041 return "SHUTDOWN_SENT";
1042 break;
1043 case SCTP_SHUTDOWN_RECEIVED:
1044 return "SHUTDOWN_RECEIVED";
1045 break;
1046 case SCTP_SHUTDOWN_ACK_SENT:
1047 return "SHUTDOWN_ACK_SENT";
1048 break;
1049 case SCTP_SHUTDOWN_PENDING:
1050 return "SHUTDOWN_PENDING";
1051 break;
1052 default:
1053 return "UNKNOWN";
1054 break;
1055 }
1056 }
1057
1058 static const char *
sctp_path_state(int state)1059 sctp_path_state(int state)
1060 {
1061 switch (state) {
1062 case SCTP_UNCONFIRMED:
1063 return "UNCONFIRMED";
1064 break;
1065 case SCTP_ACTIVE:
1066 return "ACTIVE";
1067 break;
1068 case SCTP_INACTIVE:
1069 return "INACTIVE";
1070 break;
1071 default:
1072 return "UNKNOWN";
1073 break;
1074 }
1075 }
1076
1077 static const char *
bblog_state(int state)1078 bblog_state(int state)
1079 {
1080 switch (state) {
1081 case TCP_LOG_STATE_OFF:
1082 return "OFF";
1083 break;
1084 case TCP_LOG_STATE_TAIL:
1085 return "TAIL";
1086 break;
1087 case TCP_LOG_STATE_HEAD:
1088 return "HEAD";
1089 break;
1090 case TCP_LOG_STATE_HEAD_AUTO:
1091 return "HEAD_AUTO";
1092 break;
1093 case TCP_LOG_STATE_CONTINUAL:
1094 return "CONTINUAL";
1095 break;
1096 case TCP_LOG_STATE_TAIL_AUTO:
1097 return "TAIL_AUTO";
1098 break;
1099 case TCP_LOG_VIA_BBPOINTS:
1100 return "BBPOINTS";
1101 break;
1102 default:
1103 return "UNKNOWN";
1104 break;
1105 }
1106 }
1107
1108 static int
format_unix_faddr(struct addr * faddr,char * buf,size_t bufsize)1109 format_unix_faddr(struct addr *faddr, char *buf, size_t bufsize) {
1110 #define SAFEBUF (buf == NULL ? NULL : buf + pos)
1111 #define SAFESIZE (buf == NULL ? 0 : bufsize - pos)
1112
1113 size_t pos = 0;
1114 if (faddr->conn != 0) {
1115 /* Remote peer we connect(2) to, if any. */
1116 struct sock *p;
1117 if (!is_xo_style_encoding)
1118 pos += strlcpy(SAFEBUF, "-> ", SAFESIZE);
1119 p = RB_FIND(pcbs_t, &pcbs,
1120 &(struct sock){ .pcb = faddr->conn });
1121 if (__predict_false(p == NULL) && !is_xo_style_encoding) {
1122 /* XXGL: can this happen at all? */
1123 pos += snprintf(SAFEBUF, SAFESIZE, "??");
1124 } else if (p->laddr->address.ss_len == 0) {
1125 struct file *f;
1126 f = RB_FIND(files_t, &ftree,
1127 &(struct file){ .xf_data =
1128 p->socket });
1129 if (f != NULL) {
1130 if (!is_xo_style_encoding) {
1131 pos += snprintf(SAFEBUF, SAFESIZE,
1132 "[%lu %d]", (u_long)f->xf_pid,
1133 f->xf_fd);
1134 } else {
1135 xo_open_list("connections");
1136 xo_open_instance("connections");
1137 xo_emit("{:pid/%lu}", (u_long)f->xf_pid);
1138 xo_emit("{:fd/%d}", f->xf_fd);
1139 xo_close_instance("connections");
1140 xo_close_list("connections");
1141 }
1142 }
1143 } else
1144 pos += formataddr(&p->laddr->address,
1145 SAFEBUF, SAFESIZE);
1146 } else if (faddr->firstref != 0) {
1147 /* Remote peer(s) connect(2)ed to us, if any. */
1148 struct sock *p;
1149 struct file *f;
1150 kvaddr_t ref = faddr->firstref;
1151 bool fref = true;
1152
1153 if (!is_xo_style_encoding)
1154 pos += snprintf(SAFEBUF, SAFESIZE, " <- ");
1155 xo_open_list("connections");
1156 while ((p = RB_FIND(pcbs_t, &pcbs,
1157 &(struct sock){ .pcb = ref })) != 0) {
1158 f = RB_FIND(files_t, &ftree,
1159 &(struct file){ .xf_data = p->socket });
1160 if (f != NULL) {
1161 if (!is_xo_style_encoding) {
1162 pos += snprintf(SAFEBUF, SAFESIZE,
1163 "%s[%lu %d]", fref ? "" : ",",
1164 (u_long)f->xf_pid, f->xf_fd);
1165 } else {
1166 xo_open_instance("connections");
1167 xo_emit("{:pid/%lu}", (u_long)f->xf_pid);
1168 xo_emit("{:fd/%d}", f->xf_fd);
1169 xo_close_instance("connections");
1170 }
1171 }
1172 ref = p->faddr->nextref;
1173 fref = false;
1174 }
1175 xo_close_list("connections");
1176 }
1177 return pos;
1178 }
1179
1180 struct col_widths {
1181 int user;
1182 int command;
1183 int pid;
1184 int fd;
1185 int proto;
1186 int local_addr;
1187 int foreign_addr;
1188 int pcb_kva;
1189 int fib;
1190 int splice_address;
1191 int inp_gencnt;
1192 int encaps;
1193 int path_state;
1194 int conn_state;
1195 int bblog_state;
1196 int stack;
1197 int cc;
1198 };
1199
1200 static void
calculate_sock_column_widths(struct col_widths * cw,struct sock * s)1201 calculate_sock_column_widths(struct col_widths *cw, struct sock *s)
1202 {
1203 struct addr *laddr, *faddr;
1204 bool first = true;
1205 int len = 0;
1206 laddr = s->laddr;
1207 faddr = s->faddr;
1208 first = true;
1209
1210 len = strlen(s->protoname);
1211 if (s->vflag & INP_IPV4)
1212 len += 1;
1213 if (s->vflag & INP_IPV6)
1214 len += 1;
1215 cw->proto = MAX(cw->proto, len);
1216
1217 while (laddr != NULL || faddr != NULL) {
1218 if (opt_w && s->family == AF_UNIX) {
1219 if ((laddr == NULL) || (faddr == NULL))
1220 xo_errx(1, "laddr = %p or faddr = %p is NULL",
1221 (void *)laddr, (void *)faddr);
1222 if (laddr->address.ss_len > 0)
1223 len = formataddr(&laddr->address, NULL, 0);
1224 cw->local_addr = MAX(cw->local_addr, len);
1225 len = format_unix_faddr(faddr, NULL, 0);
1226 cw->foreign_addr = MAX(cw->foreign_addr, len);
1227 } else if (opt_w) {
1228 if (laddr != NULL) {
1229 len = formataddr(&laddr->address, NULL, 0);
1230 cw->local_addr = MAX(cw->local_addr, len);
1231 }
1232 if (faddr != NULL) {
1233 len = formataddr(&faddr->address, NULL, 0);
1234 cw->foreign_addr = MAX(cw->foreign_addr, len);
1235 }
1236 }
1237 if (opt_f) {
1238 len = snprintf(NULL, 0, "%d", s->fibnum);
1239 cw->fib = MAX(cw->fib, len);
1240 }
1241 if (opt_I) {
1242 if (s->splice_socket != 0) {
1243 struct sock *sp;
1244
1245 sp = RB_FIND(socks_t, &socks, &(struct sock)
1246 { .socket = s->splice_socket });
1247 if (sp != NULL) {
1248 len = formataddr(&sp->laddr->address,
1249 NULL, 0);
1250 cw->splice_address = MAX(
1251 cw->splice_address, len);
1252 }
1253 }
1254 }
1255 if (opt_i) {
1256 if (s->proto == &protos[TCP] ||
1257 s->proto == &protos[UDP]) {
1258 len = snprintf(NULL, 0,
1259 "%" PRIu64, s->inp_gencnt);
1260 cw->inp_gencnt = MAX(cw->inp_gencnt, len);
1261 }
1262 }
1263 if (opt_U) {
1264 if (faddr != NULL &&
1265 ((s->proto == &protos[SCTP] &&
1266 s->state != SCTP_CLOSED &&
1267 s->state != SCTP_BOUND &&
1268 s->state != SCTP_LISTEN) ||
1269 (s->proto == &protos[TCP] &&
1270 s->state != TCPS_CLOSED &&
1271 s->state != TCPS_LISTEN))) {
1272 len = snprintf(NULL, 0, "%u",
1273 ntohs(faddr->encaps_port));
1274 cw->encaps = MAX(cw->encaps, len);
1275 }
1276 }
1277 if (opt_s) {
1278 if (faddr != NULL &&
1279 s->proto == &protos[SCTP] &&
1280 s->state != SCTP_CLOSED &&
1281 s->state != SCTP_BOUND &&
1282 s->state != SCTP_LISTEN) {
1283 len = strlen(sctp_path_state(faddr->state));
1284 cw->path_state = MAX(cw->path_state, len);
1285 }
1286 }
1287 if (first) {
1288 if (opt_s) {
1289 if (s->proto == &protos[SCTP]) {
1290 len = strlen(sctp_conn_state(s->state));
1291 cw->conn_state = MAX(cw->conn_state,
1292 len);
1293 }
1294 if (s->proto == &protos[TCP]) {
1295 if (s->state >= 0 &&
1296 s->state < TCP_NSTATES) {
1297 len = strlen(
1298 tcpstates[s->state]);
1299 cw->conn_state = MAX(
1300 cw->conn_state,
1301 len);
1302 }
1303 }
1304 }
1305 if (opt_S && s->proto == &protos[TCP]) {
1306 len = strlen(s->stack);
1307 cw->stack = MAX(cw->stack, len);
1308 }
1309 if (opt_C && s->proto == &protos[TCP]) {
1310 len = strlen(s->cc);
1311 cw->cc = MAX(cw->cc, len);
1312 }
1313 }
1314 if (laddr != NULL)
1315 laddr = laddr->next;
1316 if (faddr != NULL)
1317 faddr = faddr->next;
1318 first = false;
1319 }
1320 }
1321
1322 static void
calculate_column_widths(struct col_widths * cw)1323 calculate_column_widths(struct col_widths *cw)
1324 {
1325 int n, len;
1326 struct file *xf;
1327 struct sock *s;
1328 struct passwd *pwd;
1329
1330 cap_setpassent(cappwd, 1);
1331 for (xf = files, n = 0; n < nfiles; ++n, ++xf) {
1332 if (xf->xf_data == 0)
1333 continue;
1334 if (opt_j >= 0 && opt_j != getprocjid(xf->xf_pid))
1335 continue;
1336 s = RB_FIND(socks_t, &socks,
1337 &(struct sock){ .socket = xf->xf_data});
1338 if (s == NULL || (!check_ports(s)))
1339 continue;
1340 s->shown = 1;
1341 if (opt_n ||
1342 (pwd = cap_getpwuid(cappwd, xf->xf_uid)) == NULL)
1343 len = snprintf(NULL, 0, "%lu", (u_long)xf->xf_uid);
1344 else
1345 len = snprintf(NULL, 0, "%s", pwd->pw_name);
1346 cw->user = MAX(cw->user, len);
1347 len = snprintf(NULL, 0, "%lu", (u_long)xf->xf_pid);
1348 cw->pid = MAX(cw->pid, len);
1349 len = snprintf(NULL, 0, "%d", xf->xf_fd);
1350 cw->fd = MAX(cw->fd, len);
1351
1352 calculate_sock_column_widths(cw, s);
1353 }
1354 if (opt_j >= 0)
1355 return;
1356 SLIST_FOREACH(s, &nosocks, socket_list) {
1357 if (!check_ports(s))
1358 continue;
1359 calculate_sock_column_widths(cw, s);
1360 }
1361 RB_FOREACH(s, socks_t, &socks) {
1362 if (s->shown)
1363 continue;
1364 if (!check_ports(s))
1365 continue;
1366 calculate_sock_column_widths(cw, s);
1367 }
1368 }
1369
1370 static void
display_sock(struct sock * s,struct col_widths * cw,char * buf,size_t bufsize)1371 display_sock(struct sock *s, struct col_widths *cw, char *buf, size_t bufsize)
1372 {
1373 struct addr *laddr, *faddr;
1374 bool first;
1375 laddr = s->laddr;
1376 faddr = s->faddr;
1377 first = true;
1378
1379 snprintf(buf, bufsize, "%s%s%s",
1380 s->protoname,
1381 s->vflag & INP_IPV4 ? "4" : "",
1382 s->vflag & INP_IPV6 ? "6" : "");
1383 xo_emit(" {:proto/%-*s}", cw->proto, buf);
1384 while (laddr != NULL || faddr != NULL) {
1385 if (s->family == AF_UNIX) {
1386 if ((laddr == NULL) || (faddr == NULL))
1387 xo_errx(1, "laddr = %p or faddr = %p is NULL",
1388 (void *)laddr, (void *)faddr);
1389 if (laddr->address.ss_len > 0) {
1390 xo_open_container("local");
1391 formataddr(&laddr->address, buf, bufsize);
1392 if (!is_xo_style_encoding) {
1393 xo_emit(" {:local-address/%-*.*s}",
1394 cw->local_addr, cw->local_addr,
1395 buf);
1396 }
1397 xo_close_container("local");
1398 } else if (laddr->address.ss_len == 0 &&
1399 faddr->conn == 0 && !is_xo_style_encoding) {
1400 xo_emit(" {:local-address/%-*.*s}",
1401 cw->local_addr, cw->local_addr,
1402 "(not connected)");
1403 } else if (!is_xo_style_encoding) {
1404 xo_emit(" {:local-address/%-*.*s}",
1405 cw->local_addr, cw->local_addr, "??");
1406 }
1407 if (faddr->conn != 0 || faddr->firstref != 0) {
1408 xo_open_container("foreign");
1409 int len = format_unix_faddr(faddr, buf,
1410 bufsize);
1411 if (len == 0 && !is_xo_style_encoding)
1412 xo_emit(" {:foreign-address/%-*s}",
1413 cw->foreign_addr, "??");
1414 else if (!is_xo_style_encoding)
1415 xo_emit(" {:foreign-address/%-*.*s}",
1416 cw->foreign_addr,
1417 cw->foreign_addr, buf);
1418 xo_close_container("foreign");
1419 } else if (!is_xo_style_encoding)
1420 xo_emit(" {:foreign-address/%-*s}",
1421 cw->foreign_addr, "??");
1422 } else {
1423 if (laddr != NULL) {
1424 xo_open_container("local");
1425 formataddr(&laddr->address, buf, bufsize);
1426 if (!is_xo_style_encoding) {
1427 xo_emit(" {:local-address/%-*.*s}",
1428 cw->local_addr, cw->local_addr,
1429 buf);
1430 }
1431 xo_close_container("local");
1432 } else if (!is_xo_style_encoding)
1433 xo_emit(" {:local-address/%-*.*s}",
1434 cw->local_addr, cw->local_addr, "??");
1435 if (faddr != NULL) {
1436 xo_open_container("foreign");
1437 formataddr(&faddr->address, buf, bufsize);
1438 if (!is_xo_style_encoding) {
1439 xo_emit(" {:foreign-address/%-*.*s}",
1440 cw->foreign_addr,
1441 cw->foreign_addr, buf);
1442 }
1443 xo_close_container("foreign");
1444 } else if (!is_xo_style_encoding) {
1445 xo_emit(" {:foreign-address/%-*.*s}",
1446 cw->foreign_addr, cw->foreign_addr,
1447 "??");
1448 }
1449 }
1450 if (opt_A) {
1451 snprintf(buf, bufsize, "%#*" PRIx64,
1452 cw->pcb_kva, s->pcb);
1453 xo_emit(" {:pcb-kva/%s}", buf);
1454 }
1455 if (opt_f)
1456 xo_emit(" {:fib/%*d}", cw->fib, s->fibnum);
1457 if (opt_I) {
1458 if (s->splice_socket != 0) {
1459 struct sock *sp;
1460 sp = RB_FIND(socks_t, &socks, &(struct sock)
1461 { .socket = s->splice_socket });
1462 if (sp != NULL) {
1463 xo_open_container("splice");
1464 formataddr(&sp->laddr->address,
1465 buf, bufsize);
1466 xo_close_container("splice");
1467 } else if (!is_xo_style_encoding)
1468 strlcpy(buf, "??", bufsize);
1469 } else if (!is_xo_style_encoding)
1470 strlcpy(buf, "??", bufsize);
1471 if (!is_xo_style_encoding)
1472 xo_emit(" {:splice-address/%-*s}",
1473 cw->splice_address, buf);
1474 }
1475 if (opt_i) {
1476 if (s->proto == &protos[TCP] ||
1477 s->proto == &protos[UDP]) {
1478 snprintf(buf, bufsize, "%" PRIu64,
1479 s->inp_gencnt);
1480 xo_emit(" {:id/%*s}", cw->inp_gencnt, buf);
1481 } else if (!is_xo_style_encoding)
1482 xo_emit(" {:id/%*s}", cw->inp_gencnt, "??");
1483 }
1484 if (opt_U) {
1485 if (faddr != NULL &&
1486 ((s->proto == &protos[SCTP] &&
1487 s->state != SCTP_CLOSED &&
1488 s->state != SCTP_BOUND &&
1489 s->state != SCTP_LISTEN) ||
1490 (s->proto == &protos[TCP] &&
1491 s->state != TCPS_CLOSED &&
1492 s->state != TCPS_LISTEN))) {
1493 xo_emit(" {:encaps/%*u}", cw->encaps,
1494 ntohs(faddr->encaps_port));
1495 } else if (!is_xo_style_encoding)
1496 xo_emit(" {:encaps/%*s}", cw->encaps, "??");
1497 }
1498 if (opt_s && show_path_state) {
1499 if (faddr != NULL &&
1500 s->proto == &protos[SCTP] &&
1501 s->state != SCTP_CLOSED &&
1502 s->state != SCTP_BOUND &&
1503 s->state != SCTP_LISTEN) {
1504 xo_emit(" {:path-state/%-*s}", cw->path_state,
1505 sctp_path_state(faddr->state));
1506 } else if (!is_xo_style_encoding)
1507 xo_emit(" {:path-state/%-*s}", cw->path_state,
1508 "??");
1509 }
1510 if (first) {
1511 if (opt_s) {
1512 if (s->proto == &protos[SCTP]) {
1513 xo_emit(" {:conn-state/%-*s}",
1514 cw->conn_state,
1515 sctp_conn_state(s->state));
1516 } else if (s->proto == &protos[TCP]) {
1517 if (s->state >= 0 &&
1518 s->state < TCP_NSTATES)
1519 xo_emit(" {:conn-state/%-*s}",
1520 cw->conn_state,
1521 tcpstates[s->state]);
1522 else if (!is_xo_style_encoding)
1523 xo_emit(" {:conn-state/%-*s}",
1524 cw->conn_state, "??");
1525 } else if (!is_xo_style_encoding)
1526 xo_emit(" {:conn-state/%-*s}",
1527 cw->conn_state, "??");
1528 }
1529 if (opt_b) {
1530 if (s->proto == &protos[TCP])
1531 xo_emit(" {:bblog-state/%-*s}",
1532 cw->bblog_state,
1533 bblog_state(s->bblog_state));
1534 else if (!is_xo_style_encoding)
1535 xo_emit(" {:bblog-state/%-*s}",
1536 cw->bblog_state, "??");
1537 }
1538 if (opt_S) {
1539 if (s->proto == &protos[TCP])
1540 xo_emit(" {:stack/%-*s}",
1541 cw->stack, s->stack);
1542 else if (!is_xo_style_encoding)
1543 xo_emit(" {:stack/%-*s}",
1544 cw->stack, "??");
1545 }
1546 if (opt_C) {
1547 if (s->proto == &protos[TCP])
1548 xo_emit(" {:cc/%-*s}", cw->cc, s->cc);
1549 else if (!is_xo_style_encoding)
1550 xo_emit(" {:cc/%-*s}", cw->cc, "??");
1551 }
1552 } else if (!is_xo_style_encoding) {
1553 if (opt_s)
1554 xo_emit(" {:conn-state/%-*s}", cw->conn_state,
1555 "??");
1556 if (opt_b)
1557 xo_emit(" {:bblog-state/%-*s}", cw->bblog_state,
1558 "??");
1559 if (opt_S)
1560 xo_emit(" {:stack/%-*s}", cw->stack, "??");
1561 if (opt_C)
1562 xo_emit(" {:cc/%-*s}", cw->cc, "??");
1563 }
1564 if (laddr != NULL)
1565 laddr = laddr->next;
1566 if (faddr != NULL)
1567 faddr = faddr->next;
1568 xo_emit("\n");
1569 if (!is_xo_style_encoding && (laddr != NULL || faddr != NULL))
1570 xo_emit("{:user/%-*s} {:command/%-*s} {:pid/%*s}"
1571 " {:fd/%*s} {:proto/%-*s}", cw->user, "??",
1572 cw->command, "??", cw->pid, "??", cw->fd, "??",
1573 cw->proto, "??");
1574 first = false;
1575 }
1576 }
1577
1578 static void
display(void)1579 display(void)
1580 {
1581 static const char *__HDR_USER="USER",
1582 *__HDR_COMMAND="COMMAND",
1583 *__HDR_PID="PID",
1584 *__HDR_FD="FD",
1585 *__HDR_PROTO="PROTO",
1586 *__HDR_LOCAL_ADDRESS="LOCAL ADDRESS",
1587 *__HDR_FOREIGN_ADDRESS="FOREIGN ADDRESS",
1588 *__HDR_PCB_KVA="PCB KVA",
1589 *__HDR_FIB="FIB",
1590 *__HDR_SPLICE_ADDRESS="SPLICE ADDRESS",
1591 *__HDR_ID="ID",
1592 *__HDR_ENCAPS="ENCAPS",
1593 *__HDR_PATH_STATE="PATH STATE",
1594 *__HDR_CONN_STATE="CONN STATE",
1595 *__HDR_BBLOG_STATE="BBLOG STATE",
1596 *__HDR_STACK="STACK",
1597 *__HDR_CC="CC";
1598
1599 struct passwd *pwd;
1600 struct file *xf;
1601 struct sock *s;
1602 int n;
1603 struct col_widths cw;
1604 const size_t bufsize = 512;
1605 void *buf;
1606 if ((buf = (char *)malloc(bufsize)) == NULL) {
1607 xo_err(1, "malloc()");
1608 return;
1609 }
1610
1611 if (!is_xo_style_encoding) {
1612 cw = (struct col_widths) {
1613 .user = strlen(__HDR_USER),
1614 .command = 10,
1615 .pid = strlen(__HDR_PID),
1616 .fd = strlen(__HDR_FD),
1617 .proto = strlen(__HDR_PROTO),
1618 .local_addr = opt_w ? strlen(__HDR_LOCAL_ADDRESS) : 21,
1619 .foreign_addr = opt_w ? strlen(__HDR_FOREIGN_ADDRESS) : 21,
1620 .pcb_kva = 18,
1621 .fib = strlen(__HDR_FIB),
1622 .splice_address = strlen(__HDR_SPLICE_ADDRESS),
1623 .inp_gencnt = strlen(__HDR_ID),
1624 .encaps = strlen(__HDR_ENCAPS),
1625 .path_state = strlen(__HDR_PATH_STATE),
1626 .conn_state = strlen(__HDR_CONN_STATE),
1627 .bblog_state = strlen(__HDR_BBLOG_STATE),
1628 .stack = strlen(__HDR_STACK),
1629 .cc = strlen(__HDR_CC),
1630 };
1631 calculate_column_widths(&cw);
1632 } else
1633 memset(&cw, 0, sizeof(cw));
1634
1635 xo_set_version(SOCKSTAT_XO_VERSION);
1636 xo_open_container("sockstat");
1637 xo_open_list("socket");
1638 if (!opt_q) {
1639 xo_emit("{T:/%-*s} {T:/%-*s} {T:/%*s} {T:/%*s} {T:/%-*s} "
1640 "{T:/%-*s} {T:/%-*s}", cw.user, __HDR_USER, cw.command,
1641 __HDR_COMMAND, cw.pid, __HDR_PID, cw.fd, __HDR_FD, cw.proto,
1642 __HDR_PROTO, cw.local_addr, __HDR_LOCAL_ADDRESS,
1643 cw.foreign_addr, __HDR_FOREIGN_ADDRESS);
1644 if (opt_A)
1645 xo_emit(" {T:/%-*s}", cw.pcb_kva, __HDR_PCB_KVA);
1646 if (opt_f)
1647 /* RT_MAXFIBS is 65535. */
1648 xo_emit(" {T:/%*s}", cw.fib, __HDR_FIB);
1649 if (opt_I)
1650 xo_emit(" {T:/%-*s}", cw.splice_address,
1651 __HDR_SPLICE_ADDRESS);
1652 if (opt_i)
1653 xo_emit(" {T:/%*s}", cw.inp_gencnt, __HDR_ID);
1654 if (opt_U)
1655 xo_emit(" {T:/%*s}", cw.encaps, __HDR_ENCAPS);
1656 if (opt_s) {
1657 if (show_path_state)
1658 xo_emit(" {T:/%-*s}", cw.path_state,
1659 __HDR_PATH_STATE);
1660 xo_emit(" {T:/%-*s}", cw.conn_state, __HDR_CONN_STATE);
1661 }
1662 if (opt_b)
1663 xo_emit(" {T:/%-*s}", cw.bblog_state, __HDR_BBLOG_STATE);
1664 if (opt_S)
1665 xo_emit(" {T:/%-*s}", cw.stack, __HDR_STACK);
1666 if (opt_C)
1667 xo_emit(" {T:/%-*s}", cw.cc, __HDR_CC);
1668 xo_emit("\n");
1669 }
1670 cap_setpassent(cappwd, 1);
1671 for (xf = files, n = 0; n < nfiles; ++n, ++xf) {
1672 if (xf->xf_data == 0)
1673 continue;
1674 if (opt_j >= 0 && opt_j != getprocjid(xf->xf_pid))
1675 continue;
1676 s = RB_FIND(socks_t, &socks,
1677 &(struct sock){ .socket = xf->xf_data});
1678 if (s != NULL && check_ports(s)) {
1679 xo_open_instance("socket");
1680 s->shown = 1;
1681 if (opt_n ||
1682 (pwd = cap_getpwuid(cappwd, xf->xf_uid)) == NULL)
1683 xo_emit("{:user/%-*lu}", cw.user,
1684 (u_long)xf->xf_uid);
1685 else
1686 xo_emit("{:user/%-*s}", cw.user, pwd->pw_name);
1687 if (!is_xo_style_encoding)
1688 xo_emit(" {:command/%-*.10s}", cw.command,
1689 getprocname(xf->xf_pid));
1690 else
1691 xo_emit(" {:command/%-*s}", cw.command,
1692 getprocname(xf->xf_pid));
1693 xo_emit(" {:pid/%*lu}", cw.pid, (u_long)xf->xf_pid);
1694 xo_emit(" {:fd/%*d}", cw.fd, xf->xf_fd);
1695 display_sock(s, &cw, buf, bufsize);
1696 xo_close_instance("socket");
1697 }
1698 }
1699 if (!need_nosocks())
1700 goto out;
1701 SLIST_FOREACH(s, &nosocks, socket_list) {
1702 if (!check_ports(s))
1703 continue;
1704 xo_open_instance("socket");
1705 if (!is_xo_style_encoding)
1706 xo_emit("{:user/%-*s} {:command/%-*s} {:pid/%*s}"
1707 " {:fd/%*s}", cw.user, "??", cw.command, "??",
1708 cw.pid, "??", cw.fd, "??");
1709 display_sock(s, &cw, buf, bufsize);
1710 xo_close_instance("socket");
1711 }
1712 RB_FOREACH(s, socks_t, &socks) {
1713 if (s->shown)
1714 continue;
1715 if (!check_ports(s))
1716 continue;
1717 xo_open_instance("socket");
1718 if (!is_xo_style_encoding)
1719 xo_emit("{:user/%-*s} {:command/%-*s} {:pid/%*s}"
1720 " {:fd/%*s}", cw.user, "??", cw.command, "??",
1721 cw.pid, "??", cw.fd, "??");
1722 display_sock(s, &cw, buf, bufsize);
1723 xo_close_instance("socket");
1724 }
1725 out:
1726 xo_close_list("socket");
1727 xo_close_container("sockstat");
1728 if (xo_finish() < 0)
1729 xo_err(1, "stdout");
1730 free(buf);
1731 cap_endpwent(cappwd);
1732 }
1733
1734 /*
1735 * Return the vnet property of the jail, or -1 on error.
1736 */
1737 static int
jail_getvnet(int jid)1738 jail_getvnet(int jid)
1739 {
1740 struct iovec jiov[6];
1741 int vnet;
1742 size_t len = sizeof(vnet);
1743
1744 if (sysctlbyname("kern.features.vimage", &vnet, &len, NULL, 0) != 0)
1745 return (0);
1746
1747 vnet = -1;
1748 jiov[0].iov_base = __DECONST(char *, "jid");
1749 jiov[0].iov_len = sizeof("jid");
1750 jiov[1].iov_base = &jid;
1751 jiov[1].iov_len = sizeof(jid);
1752 jiov[2].iov_base = __DECONST(char *, "vnet");
1753 jiov[2].iov_len = sizeof("vnet");
1754 jiov[3].iov_base = &vnet;
1755 jiov[3].iov_len = sizeof(vnet);
1756 jiov[4].iov_base = __DECONST(char *, "errmsg");
1757 jiov[4].iov_len = sizeof("errmsg");
1758 jiov[5].iov_base = jail_errmsg;
1759 jiov[5].iov_len = JAIL_ERRMSGLEN;
1760 jail_errmsg[0] = '\0';
1761 if (jail_get(jiov, nitems(jiov), 0) < 0) {
1762 if (!jail_errmsg[0])
1763 snprintf(jail_errmsg, JAIL_ERRMSGLEN,
1764 "jail_get: %s", strerror(errno));
1765 return (-1);
1766 }
1767 return (vnet);
1768 }
1769
1770 /*
1771 * Parse username and/or UID
1772 */
1773 static bool
parse_filter_user(void)1774 parse_filter_user(void)
1775 {
1776 struct passwd *pwd;
1777 char *ep;
1778 uid_t uid;
1779 bool rv = false;
1780
1781 uid = (uid_t)strtol(filter_user_optarg, &ep, 10);
1782
1783 /* Open and/or rewind capsicumized password file */
1784 cap_setpassent(cappwd, 1);
1785
1786 if (*ep == '\0') {
1787 /* We have an UID specified, check if it's valid */
1788 if ((pwd = cap_getpwuid(cappwd, uid)) == NULL)
1789 goto out;
1790 filter_user_uid = uid;
1791 } else {
1792 /* Check if we have a valid username */
1793 if ((pwd = cap_getpwnam(cappwd, filter_user_optarg)) == NULL)
1794 goto out;
1795 filter_user_uid = pwd->pw_uid;
1796 }
1797
1798 rv = true;
1799 out:
1800 return (rv);
1801 }
1802
1803 static void
usage(void)1804 usage(void)
1805 {
1806 xo_error(
1807 "usage: sockstat [--libxo ...] [-46AbCcfIiLlnqSsUuvw] [-F uid/username] [-j jid] [-p ports]\n"
1808 " [-P protocols]\n");
1809 exit(1);
1810 }
1811
1812 int
main(int argc,char * argv[])1813 main(int argc, char *argv[])
1814 {
1815 cap_channel_t *capcas;
1816 cap_net_limit_t *limit;
1817 const char *pwdcmds[] = { "setpassent", "getpwuid", "getpwnam" };
1818 const char *pwdfields[] = { "pw_name", "pw_uid" };
1819 bool protos_defined = false;
1820 int o, err;
1821
1822 argc = xo_parse_args(argc, argv);
1823 if (argc < 0)
1824 exit(1);
1825 if (xo_get_style(NULL) != XO_STYLE_TEXT) {
1826 show_path_state = true;
1827 if (xo_get_style(NULL) != XO_STYLE_HTML)
1828 is_xo_style_encoding = true;
1829 }
1830 opt_j = -1;
1831 while ((o = getopt(argc, argv, "46AbCcF:fIij:Llnp:P:qSsUuvw")) != -1)
1832 switch (o) {
1833 case '4':
1834 opt_4 = true;
1835 break;
1836 case '6':
1837 opt_6 = true;
1838 break;
1839 case 'A':
1840 opt_A = true;
1841 break;
1842 case 'b':
1843 opt_b = true;
1844 break;
1845 case 'C':
1846 opt_C = true;
1847 break;
1848 case 'c':
1849 opt_c = true;
1850 break;
1851 case 'F':
1852 /* Save optarg for later use when we enter capabilities mode */
1853 filter_user_optarg = optarg;
1854 opt_F = true;
1855 break;
1856 case 'f':
1857 opt_f = true;
1858 break;
1859 case 'I':
1860 opt_I = true;
1861 break;
1862 case 'i':
1863 opt_i = true;
1864 break;
1865 case 'j':
1866 opt_j = jail_getid(optarg);
1867 if (opt_j < 0)
1868 xo_errx(1, "jail_getid: %s", jail_errmsg);
1869 break;
1870 case 'L':
1871 opt_L = true;
1872 break;
1873 case 'l':
1874 opt_l = true;
1875 break;
1876 case 'n':
1877 opt_n = true;
1878 break;
1879 case 'p':
1880 err = parse_ports(optarg);
1881 switch (err) {
1882 case EINVAL:
1883 xo_errx(1, "syntax error in port range");
1884 break;
1885 case ERANGE:
1886 xo_errx(1, "invalid port number");
1887 break;
1888 }
1889 break;
1890 case 'P':
1891 parse_protos(optarg);
1892 protos_defined = true;
1893 break;
1894 case 'q':
1895 opt_q = true;
1896 break;
1897 case 'S':
1898 opt_S = true;
1899 break;
1900 case 's':
1901 opt_s = true;
1902 break;
1903 case 'U':
1904 opt_U = true;
1905 break;
1906 case 'u':
1907 opt_u = true;
1908 break;
1909 case 'v':
1910 ++opt_v;
1911 break;
1912 case 'w':
1913 opt_w = true;
1914 break;
1915 default:
1916 usage();
1917 }
1918
1919 argc -= optind;
1920 argv += optind;
1921
1922 if (argc > 0)
1923 usage();
1924
1925 if (opt_j > 0) {
1926 switch (jail_getvnet(opt_j)) {
1927 case -1:
1928 xo_errx(2, "jail_getvnet: %s", jail_errmsg);
1929 case JAIL_SYS_NEW:
1930 if (jail_attach(opt_j) < 0)
1931 xo_err(3, "jail_attach()");
1932 /* Set back to -1 for normal output in vnet jail. */
1933 opt_j = -1;
1934 break;
1935 default:
1936 break;
1937 }
1938 }
1939
1940 capcas = cap_init();
1941 if (capcas == NULL)
1942 xo_err(1, "Unable to contact Casper");
1943 if (caph_enter_casper() < 0)
1944 xo_err(1, "Unable to enter capability mode");
1945 capnet = cap_service_open(capcas, "system.net");
1946 if (capnet == NULL)
1947 xo_err(1, "Unable to open system.net service");
1948 capnetdb = cap_service_open(capcas, "system.netdb");
1949 if (capnetdb == NULL)
1950 xo_err(1, "Unable to open system.netdb service");
1951 capsysctl = cap_service_open(capcas, "system.sysctl");
1952 if (capsysctl == NULL)
1953 xo_err(1, "Unable to open system.sysctl service");
1954 cappwd = cap_service_open(capcas, "system.pwd");
1955 if (cappwd == NULL)
1956 xo_err(1, "Unable to open system.pwd service");
1957 cap_close(capcas);
1958 limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
1959 if (limit == NULL)
1960 xo_err(1, "Unable to init cap_net limits");
1961 if (cap_net_limit(limit) < 0)
1962 xo_err(1, "Unable to apply limits");
1963 if (cap_pwd_limit_cmds(cappwd, pwdcmds, nitems(pwdcmds)) < 0)
1964 xo_err(1, "Unable to apply pwd commands limits");
1965 if (cap_pwd_limit_fields(cappwd, pwdfields, nitems(pwdfields)) < 0)
1966 xo_err(1, "Unable to apply pwd commands limits");
1967
1968 if (opt_F && !parse_filter_user())
1969 xo_errx(1, "Invalid username or UID specified");
1970
1971 if (!opt_c && !opt_l)
1972 opt_c = opt_l = true;
1973
1974 /*
1975 * By default all protocols are gathered.
1976 *
1977 * With -u and without -[46] disables all but unix(4).
1978 * With -[46] and without -u disables unix(4).
1979 * With -P only specified are gathered and -4 and -6 are ignored,
1980 * however -u is not ignored (historical bug).
1981 *
1982 * divert(4) is controlled by -4 (historical bug).
1983 *
1984 * NB: opt_4 and opt_6 are used outside this function, thus need to
1985 * be set to true if both are false.
1986 */
1987 if (protos_defined) {
1988 if (opt_u)
1989 protos[STREAM].disabled = protos[DGRAM].disabled =
1990 protos[SEQPACK].disabled = false;
1991 } else {
1992 if (!opt_u && (opt_4 || opt_6))
1993 protos[STREAM].disabled = protos[DGRAM].disabled =
1994 protos[SEQPACK].disabled = true;
1995 if (opt_u && !(opt_4 || opt_6))
1996 protos[SCTP].disabled = protos[TCP].disabled =
1997 protos[UDP].disabled = protos[UDPLITE].disabled =
1998 true;
1999 }
2000 if (!opt_4 && !opt_6)
2001 opt_4 = opt_6 = true;
2002
2003 for (u_int i = 0; i < nitems(protos); i++)
2004 if (!protos[i].disabled)
2005 protos[i].gather(&protos[i]);
2006
2007 getfiles();
2008 display();
2009 exit(0);
2010 }
2011