1ca007d91SDag-Erling Smørgrav /*- 24d846d26SWarner Losh * SPDX-License-Identifier: BSD-2-Clause 31de7b4b8SPedro F. Giffuni * 4*e738085bSDag-Erling Smørgrav * Copyright (c) 2002 Dag-Erling Smørgrav 5ca007d91SDag-Erling Smørgrav * All rights reserved. 6ca007d91SDag-Erling Smørgrav * 7ca007d91SDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 8ca007d91SDag-Erling Smørgrav * modification, are permitted provided that the following conditions 9ca007d91SDag-Erling Smørgrav * are met: 10ca007d91SDag-Erling Smørgrav * 1. Redistributions of source code must retain the above copyright 11ca007d91SDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer 12ca007d91SDag-Erling Smørgrav * in this position and unchanged. 13ca007d91SDag-Erling Smørgrav * 2. Redistributions in binary form must reproduce the above copyright 14ca007d91SDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer in the 15ca007d91SDag-Erling Smørgrav * documentation and/or other materials provided with the distribution. 16ca007d91SDag-Erling Smørgrav * 3. The name of the author may not be used to endorse or promote products 17ca007d91SDag-Erling Smørgrav * derived from this software without specific prior written permission. 18ca007d91SDag-Erling Smørgrav * 19ca007d91SDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20ca007d91SDag-Erling Smørgrav * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21ca007d91SDag-Erling Smørgrav * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22ca007d91SDag-Erling Smørgrav * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23ca007d91SDag-Erling Smørgrav * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24ca007d91SDag-Erling Smørgrav * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25ca007d91SDag-Erling Smørgrav * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26ca007d91SDag-Erling Smørgrav * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27ca007d91SDag-Erling Smørgrav * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28ca007d91SDag-Erling Smørgrav * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29ca007d91SDag-Erling Smørgrav */ 30ca007d91SDag-Erling Smørgrav 31ca007d91SDag-Erling Smørgrav #include <sys/cdefs.h> 32ca007d91SDag-Erling Smørgrav #include <sys/param.h> 33f1cd4902SRyan Moeller #include <sys/file.h> 34ca007d91SDag-Erling Smørgrav #include <sys/socket.h> 35ca007d91SDag-Erling Smørgrav #include <sys/socketvar.h> 36ca007d91SDag-Erling Smørgrav #include <sys/sysctl.h> 37f1cd4902SRyan Moeller #include <sys/jail.h> 38ca007d91SDag-Erling Smørgrav #include <sys/user.h> 39a83d596fSGleb Smirnoff #include <sys/queue.h> 40a83d596fSGleb Smirnoff #include <sys/tree.h> 41ca007d91SDag-Erling Smørgrav 42ca007d91SDag-Erling Smørgrav #include <sys/un.h> 43ca007d91SDag-Erling Smørgrav #include <sys/unpcb.h> 44ca007d91SDag-Erling Smørgrav 4502bd9db0SDag-Erling Smørgrav #include <net/route.h> 4602bd9db0SDag-Erling Smørgrav 47ca007d91SDag-Erling Smørgrav #include <netinet/in.h> 48ca007d91SDag-Erling Smørgrav #include <netinet/in_pcb.h> 49d5b4aa90SMichael Tuexen #include <netinet/sctp.h> 50ca007d91SDag-Erling Smørgrav #include <netinet/tcp.h> 517a5642b3SDag-Erling Smørgrav #define TCPSTATES /* load state names */ 527a5642b3SDag-Erling Smørgrav #include <netinet/tcp_fsm.h> 53ca007d91SDag-Erling Smørgrav #include <netinet/tcp_seq.h> 54ca007d91SDag-Erling Smørgrav #include <netinet/tcp_var.h> 55ca007d91SDag-Erling Smørgrav #include <arpa/inet.h> 56ca007d91SDag-Erling Smørgrav 57c5a2d8c5SRyan Moeller #include <capsicum_helpers.h> 58ca007d91SDag-Erling Smørgrav #include <ctype.h> 59ca007d91SDag-Erling Smørgrav #include <err.h> 60ca007d91SDag-Erling Smørgrav #include <errno.h> 615f64777aSMichael Tuexen #include <inttypes.h> 62de68a320SJamie Gritton #include <jail.h> 63ca007d91SDag-Erling Smørgrav #include <netdb.h> 64ca007d91SDag-Erling Smørgrav #include <pwd.h> 65ca007d91SDag-Erling Smørgrav #include <stdarg.h> 66ca007d91SDag-Erling Smørgrav #include <stdio.h> 67ca007d91SDag-Erling Smørgrav #include <stdlib.h> 68ca007d91SDag-Erling Smørgrav #include <string.h> 69ca007d91SDag-Erling Smørgrav #include <unistd.h> 70ca007d91SDag-Erling Smørgrav 71c5a2d8c5SRyan Moeller #include <libcasper.h> 72c5a2d8c5SRyan Moeller #include <casper/cap_net.h> 73c5a2d8c5SRyan Moeller #include <casper/cap_netdb.h> 747ad30f58SMariusz Zaborski #include <casper/cap_pwd.h> 75c5a2d8c5SRyan Moeller #include <casper/cap_sysctl.h> 76c5a2d8c5SRyan Moeller 77b8e20e2dSHiroki Sato #define sstosin(ss) ((struct sockaddr_in *)(ss)) 78b8e20e2dSHiroki Sato #define sstosin6(ss) ((struct sockaddr_in6 *)(ss)) 79b8e20e2dSHiroki Sato #define sstosun(ss) ((struct sockaddr_un *)(ss)) 80b8e20e2dSHiroki Sato #define sstosa(ss) ((struct sockaddr *)(ss)) 81b8e20e2dSHiroki Sato 82ca007d91SDag-Erling Smørgrav static int opt_4; /* Show IPv4 sockets */ 83ca007d91SDag-Erling Smørgrav static int opt_6; /* Show IPv6 sockets */ 842ac089d0SMichael Tuexen static int opt_C; /* Show congestion control */ 85ca007d91SDag-Erling Smørgrav static int opt_c; /* Show connected sockets */ 865f64777aSMichael Tuexen static int opt_i; /* Show inp_gencnt */ 8700feaafdSAndrew Thompson static int opt_j; /* Show specified jail */ 889b6ca892SBruce M Simpson static int opt_L; /* Don't show IPv4 or IPv6 loopback sockets */ 89ca007d91SDag-Erling Smørgrav static int opt_l; /* Show listening sockets */ 90ccdd2b2bSAlexander Motin static int opt_n; /* Don't resolve UIDs to user names */ 91ee0afaa9SEmmanuel Vadot static int opt_q; /* Don't show header */ 92e5cccc35SMichael Tuexen static int opt_S; /* Show protocol stack if applicable */ 937a5642b3SDag-Erling Smørgrav static int opt_s; /* Show protocol state if applicable */ 9449b836f2SMichael Tuexen static int opt_U; /* Show remote UDP encapsulation port number */ 95ca007d91SDag-Erling Smørgrav static int opt_u; /* Show Unix domain sockets */ 96ca007d91SDag-Erling Smørgrav static int opt_v; /* Verbose mode */ 9783f60cb2SMichael Tuexen static int opt_w; /* Wide print area for addresses */ 98ca007d91SDag-Erling Smørgrav 991f3d67aaSGiorgos Keramidas /* 1001f3d67aaSGiorgos Keramidas * Default protocols to use if no -P was defined. 1011f3d67aaSGiorgos Keramidas */ 102d5b4aa90SMichael Tuexen static const char *default_protos[] = {"sctp", "tcp", "udp", "divert" }; 103b8e20e2dSHiroki Sato static size_t default_numprotos = nitems(default_protos); 1041f3d67aaSGiorgos Keramidas 1051f3d67aaSGiorgos Keramidas static int *protos; /* protocols to use */ 1061f3d67aaSGiorgos Keramidas static size_t numprotos; /* allocated size of protos[] */ 1071f3d67aaSGiorgos Keramidas 108ca007d91SDag-Erling Smørgrav static int *ports; 109ca007d91SDag-Erling Smørgrav 110ca007d91SDag-Erling Smørgrav #define INT_BIT (sizeof(int)*CHAR_BIT) 111ca007d91SDag-Erling Smørgrav #define SET_PORT(p) do { ports[p / INT_BIT] |= 1 << (p % INT_BIT); } while (0) 112ca007d91SDag-Erling Smørgrav #define CHK_PORT(p) (ports[p / INT_BIT] & (1 << (p % INT_BIT))) 113ca007d91SDag-Erling Smørgrav 114e6f718c7SMichael Tuexen struct addr { 1152c436d48SGleb Smirnoff union { 116e6f718c7SMichael Tuexen struct sockaddr_storage address; 1172c436d48SGleb Smirnoff struct { /* unix(4) faddr */ 1182c436d48SGleb Smirnoff kvaddr_t conn; 1192c436d48SGleb Smirnoff kvaddr_t firstref; 1202c436d48SGleb Smirnoff kvaddr_t nextref; 1212c436d48SGleb Smirnoff }; 1222c436d48SGleb Smirnoff }; 12349b836f2SMichael Tuexen unsigned int encaps_port; 124e389705eSMichael Tuexen int state; 125e6f718c7SMichael Tuexen struct addr *next; 126e6f718c7SMichael Tuexen }; 127e6f718c7SMichael Tuexen 128ca007d91SDag-Erling Smørgrav struct sock { 129a83d596fSGleb Smirnoff union { 130a83d596fSGleb Smirnoff RB_ENTRY(sock) socket_tree; /* tree of pcbs with socket */ 131a83d596fSGleb Smirnoff SLIST_ENTRY(sock) socket_list; /* list of pcbs w/o socket */ 132a83d596fSGleb Smirnoff }; 133a83d596fSGleb Smirnoff RB_ENTRY(sock) pcb_tree; 134f38b68aeSBrooks Davis kvaddr_t socket; 135f38b68aeSBrooks Davis kvaddr_t pcb; 1365f64777aSMichael Tuexen uint64_t inp_gencnt; 13761149f8dSJilles Tjoelker int shown; 138ca007d91SDag-Erling Smørgrav int vflag; 139ca007d91SDag-Erling Smørgrav int family; 140ca007d91SDag-Erling Smørgrav int proto; 1417a5642b3SDag-Erling Smørgrav int state; 142ca007d91SDag-Erling Smørgrav const char *protoname; 143e5cccc35SMichael Tuexen char stack[TCP_FUNCTION_NAME_LEN_MAX]; 1442ac089d0SMichael Tuexen char cc[TCP_CA_NAME_MAX]; 145e6f718c7SMichael Tuexen struct addr *laddr; 146e6f718c7SMichael Tuexen struct addr *faddr; 147ca007d91SDag-Erling Smørgrav }; 148ca007d91SDag-Erling Smørgrav 149a83d596fSGleb Smirnoff static RB_HEAD(socks_t, sock) socks = RB_INITIALIZER(&socks); 150a83d596fSGleb Smirnoff static int64_t 151a83d596fSGleb Smirnoff socket_compare(const struct sock *a, const struct sock *b) 152a83d596fSGleb Smirnoff { 153a83d596fSGleb Smirnoff return ((int64_t)(a->socket/2 - b->socket/2)); 154a83d596fSGleb Smirnoff } 155a83d596fSGleb Smirnoff RB_GENERATE_STATIC(socks_t, sock, socket_tree, socket_compare); 156a83d596fSGleb Smirnoff 157a83d596fSGleb Smirnoff static RB_HEAD(pcbs_t, sock) pcbs = RB_INITIALIZER(&pcbs); 158a83d596fSGleb Smirnoff static int64_t 159a83d596fSGleb Smirnoff pcb_compare(const struct sock *a, const struct sock *b) 160a83d596fSGleb Smirnoff { 161a83d596fSGleb Smirnoff return ((int64_t)(a->pcb/2 - b->pcb/2)); 162a83d596fSGleb Smirnoff } 163a83d596fSGleb Smirnoff RB_GENERATE_STATIC(pcbs_t, sock, pcb_tree, pcb_compare); 164a83d596fSGleb Smirnoff 165a83d596fSGleb Smirnoff static SLIST_HEAD(, sock) nosocks = SLIST_HEAD_INITIALIZER(&nosocks); 166ca007d91SDag-Erling Smørgrav 1672c436d48SGleb Smirnoff struct file { 1682c436d48SGleb Smirnoff RB_ENTRY(file) file_tree; 1692c436d48SGleb Smirnoff kvaddr_t xf_data; 1702c436d48SGleb Smirnoff pid_t xf_pid; 1712c436d48SGleb Smirnoff uid_t xf_uid; 1722c436d48SGleb Smirnoff int xf_fd; 1732c436d48SGleb Smirnoff }; 1742c436d48SGleb Smirnoff 1752c436d48SGleb Smirnoff static RB_HEAD(files_t, file) ftree = RB_INITIALIZER(&ftree); 1762c436d48SGleb Smirnoff static int64_t 1772c436d48SGleb Smirnoff file_compare(const struct file *a, const struct file *b) 1782c436d48SGleb Smirnoff { 1792c436d48SGleb Smirnoff return ((int64_t)(a->xf_data/2 - b->xf_data/2)); 1802c436d48SGleb Smirnoff } 1812c436d48SGleb Smirnoff RB_GENERATE_STATIC(files_t, file, file_tree, file_compare); 1822c436d48SGleb Smirnoff 1832c436d48SGleb Smirnoff static struct file *files; 1842c436d48SGleb Smirnoff static int nfiles; 185ca007d91SDag-Erling Smørgrav 186c5a2d8c5SRyan Moeller static cap_channel_t *capnet; 187c5a2d8c5SRyan Moeller static cap_channel_t *capnetdb; 188c5a2d8c5SRyan Moeller static cap_channel_t *capsysctl; 1897ad30f58SMariusz Zaborski static cap_channel_t *cappwd; 190c5a2d8c5SRyan Moeller 191ca007d91SDag-Erling Smørgrav static int 192ca007d91SDag-Erling Smørgrav xprintf(const char *fmt, ...) 193ca007d91SDag-Erling Smørgrav { 194ca007d91SDag-Erling Smørgrav va_list ap; 195ca007d91SDag-Erling Smørgrav int len; 196ca007d91SDag-Erling Smørgrav 197ca007d91SDag-Erling Smørgrav va_start(ap, fmt); 198ca007d91SDag-Erling Smørgrav len = vprintf(fmt, ap); 199ca007d91SDag-Erling Smørgrav va_end(ap); 200ca007d91SDag-Erling Smørgrav if (len < 0) 201ca007d91SDag-Erling Smørgrav err(1, "printf()"); 202ca007d91SDag-Erling Smørgrav return (len); 203ca007d91SDag-Erling Smørgrav } 204ca007d91SDag-Erling Smørgrav 20508e77283SAlexander V. Chernikov static bool 20608e77283SAlexander V. Chernikov _check_ksize(size_t received_size, size_t expected_size, const char *struct_name) 20708e77283SAlexander V. Chernikov { 20808e77283SAlexander V. Chernikov if (received_size != expected_size) { 20908e77283SAlexander V. Chernikov warnx("%s size mismatch: expected %zd, received %zd", 21008e77283SAlexander V. Chernikov struct_name, expected_size, received_size); 21108e77283SAlexander V. Chernikov return false; 21208e77283SAlexander V. Chernikov } 21308e77283SAlexander V. Chernikov return true; 21408e77283SAlexander V. Chernikov } 21508e77283SAlexander V. Chernikov #define check_ksize(_sz, _struct) (_check_ksize(_sz, sizeof(_struct), #_struct)) 21608e77283SAlexander V. Chernikov 21708e77283SAlexander V. Chernikov static void 21808e77283SAlexander V. Chernikov _enforce_ksize(size_t received_size, size_t expected_size, const char *struct_name) 21908e77283SAlexander V. Chernikov { 22008e77283SAlexander V. Chernikov if (received_size != expected_size) { 22108e77283SAlexander V. Chernikov errx(1, "fatal: struct %s size mismatch: expected %zd, received %zd", 22208e77283SAlexander V. Chernikov struct_name, expected_size, received_size); 22308e77283SAlexander V. Chernikov } 22408e77283SAlexander V. Chernikov } 22508e77283SAlexander V. Chernikov #define enforce_ksize(_sz, _struct) (_enforce_ksize(_sz, sizeof(_struct), #_struct)) 22608e77283SAlexander V. Chernikov 2271f3d67aaSGiorgos Keramidas static int 2281f3d67aaSGiorgos Keramidas get_proto_type(const char *proto) 2291f3d67aaSGiorgos Keramidas { 2301f3d67aaSGiorgos Keramidas struct protoent *pent; 2311f3d67aaSGiorgos Keramidas 2321f3d67aaSGiorgos Keramidas if (strlen(proto) == 0) 2331f3d67aaSGiorgos Keramidas return (0); 234bfb5947bSMariusz Zaborski if (capnetdb != NULL) 235c5a2d8c5SRyan Moeller pent = cap_getprotobyname(capnetdb, proto); 236bfb5947bSMariusz Zaborski else 237bfb5947bSMariusz Zaborski pent = getprotobyname(proto); 2381f3d67aaSGiorgos Keramidas if (pent == NULL) { 239c5a2d8c5SRyan Moeller warn("cap_getprotobyname"); 2401f3d67aaSGiorgos Keramidas return (-1); 2411f3d67aaSGiorgos Keramidas } 2421f3d67aaSGiorgos Keramidas return (pent->p_proto); 2431f3d67aaSGiorgos Keramidas } 2441f3d67aaSGiorgos Keramidas 245b8e20e2dSHiroki Sato static void 246b8e20e2dSHiroki Sato init_protos(int num) 2471f3d67aaSGiorgos Keramidas { 2481f3d67aaSGiorgos Keramidas int proto_count = 0; 2491f3d67aaSGiorgos Keramidas 2501f3d67aaSGiorgos Keramidas if (num > 0) { 2511f3d67aaSGiorgos Keramidas proto_count = num; 2521f3d67aaSGiorgos Keramidas } else { 2531f3d67aaSGiorgos Keramidas /* Find the maximum number of possible protocols. */ 2541f3d67aaSGiorgos Keramidas while (getprotoent() != NULL) 2551f3d67aaSGiorgos Keramidas proto_count++; 2561f3d67aaSGiorgos Keramidas endprotoent(); 2571f3d67aaSGiorgos Keramidas } 2581f3d67aaSGiorgos Keramidas 2591f3d67aaSGiorgos Keramidas if ((protos = malloc(sizeof(int) * proto_count)) == NULL) 2601f3d67aaSGiorgos Keramidas err(1, "malloc"); 2611f3d67aaSGiorgos Keramidas numprotos = proto_count; 2621f3d67aaSGiorgos Keramidas } 2631f3d67aaSGiorgos Keramidas 2641f3d67aaSGiorgos Keramidas static int 2651f3d67aaSGiorgos Keramidas parse_protos(char *protospec) 2661f3d67aaSGiorgos Keramidas { 2671f3d67aaSGiorgos Keramidas char *prot; 2681f3d67aaSGiorgos Keramidas int proto_type, proto_index; 2691f3d67aaSGiorgos Keramidas 2701f3d67aaSGiorgos Keramidas if (protospec == NULL) 2711f3d67aaSGiorgos Keramidas return (-1); 2721f3d67aaSGiorgos Keramidas 2731f3d67aaSGiorgos Keramidas init_protos(0); 2741f3d67aaSGiorgos Keramidas proto_index = 0; 275b8e20e2dSHiroki Sato while ((prot = strsep(&protospec, ",")) != NULL) { 2761f3d67aaSGiorgos Keramidas if (strlen(prot) == 0) 2771f3d67aaSGiorgos Keramidas continue; 2781f3d67aaSGiorgos Keramidas proto_type = get_proto_type(prot); 2791f3d67aaSGiorgos Keramidas if (proto_type != -1) 2801f3d67aaSGiorgos Keramidas protos[proto_index++] = proto_type; 2811f3d67aaSGiorgos Keramidas } 2821f3d67aaSGiorgos Keramidas numprotos = proto_index; 2831f3d67aaSGiorgos Keramidas return (proto_index); 2841f3d67aaSGiorgos Keramidas } 2851f3d67aaSGiorgos Keramidas 286ca007d91SDag-Erling Smørgrav static void 287ca007d91SDag-Erling Smørgrav parse_ports(const char *portspec) 288ca007d91SDag-Erling Smørgrav { 289ca007d91SDag-Erling Smørgrav const char *p, *q; 290ca007d91SDag-Erling Smørgrav int port, end; 291ca007d91SDag-Erling Smørgrav 292ca007d91SDag-Erling Smørgrav if (ports == NULL) 2939efed1e6SRobert Drehmel if ((ports = calloc(65536 / INT_BIT, sizeof(int))) == NULL) 294ca007d91SDag-Erling Smørgrav err(1, "calloc()"); 295ca007d91SDag-Erling Smørgrav p = portspec; 296ca007d91SDag-Erling Smørgrav while (*p != '\0') { 297ca007d91SDag-Erling Smørgrav if (!isdigit(*p)) 298ca007d91SDag-Erling Smørgrav errx(1, "syntax error in port range"); 299ca007d91SDag-Erling Smørgrav for (q = p; *q != '\0' && isdigit(*q); ++q) 300ca007d91SDag-Erling Smørgrav /* nothing */ ; 301ca007d91SDag-Erling Smørgrav for (port = 0; p < q; ++p) 302ca007d91SDag-Erling Smørgrav port = port * 10 + digittoint(*p); 303ca007d91SDag-Erling Smørgrav if (port < 0 || port > 65535) 304ca007d91SDag-Erling Smørgrav errx(1, "invalid port number"); 305ca007d91SDag-Erling Smørgrav SET_PORT(port); 306ca007d91SDag-Erling Smørgrav switch (*p) { 307ca007d91SDag-Erling Smørgrav case '-': 308ca007d91SDag-Erling Smørgrav ++p; 309ca007d91SDag-Erling Smørgrav break; 310ca007d91SDag-Erling Smørgrav case ',': 311ca007d91SDag-Erling Smørgrav ++p; 312ca007d91SDag-Erling Smørgrav /* fall through */ 313ca007d91SDag-Erling Smørgrav case '\0': 314ca007d91SDag-Erling Smørgrav default: 315ca007d91SDag-Erling Smørgrav continue; 316ca007d91SDag-Erling Smørgrav } 317ca007d91SDag-Erling Smørgrav for (q = p; *q != '\0' && isdigit(*q); ++q) 318ca007d91SDag-Erling Smørgrav /* nothing */ ; 319ca007d91SDag-Erling Smørgrav for (end = 0; p < q; ++p) 320ca007d91SDag-Erling Smørgrav end = end * 10 + digittoint(*p); 321ca007d91SDag-Erling Smørgrav if (end < port || end > 65535) 322ca007d91SDag-Erling Smørgrav errx(1, "invalid port number"); 323ca007d91SDag-Erling Smørgrav while (port++ < end) 324ca007d91SDag-Erling Smørgrav SET_PORT(port); 325ca007d91SDag-Erling Smørgrav if (*p == ',') 326ca007d91SDag-Erling Smørgrav ++p; 327ca007d91SDag-Erling Smørgrav } 328ca007d91SDag-Erling Smørgrav } 329ca007d91SDag-Erling Smørgrav 330ca007d91SDag-Erling Smørgrav static void 331b8e20e2dSHiroki Sato sockaddr(struct sockaddr_storage *ss, int af, void *addr, int port) 332ca007d91SDag-Erling Smørgrav { 333ca007d91SDag-Erling Smørgrav struct sockaddr_in *sin4; 334ca007d91SDag-Erling Smørgrav struct sockaddr_in6 *sin6; 335ca007d91SDag-Erling Smørgrav 336b8e20e2dSHiroki Sato bzero(ss, sizeof(*ss)); 337ca007d91SDag-Erling Smørgrav switch (af) { 338ca007d91SDag-Erling Smørgrav case AF_INET: 339b8e20e2dSHiroki Sato sin4 = sstosin(ss); 340b8e20e2dSHiroki Sato sin4->sin_len = sizeof(*sin4); 341ca007d91SDag-Erling Smørgrav sin4->sin_family = af; 342ca007d91SDag-Erling Smørgrav sin4->sin_port = port; 343ca007d91SDag-Erling Smørgrav sin4->sin_addr = *(struct in_addr *)addr; 344ca007d91SDag-Erling Smørgrav break; 345ca007d91SDag-Erling Smørgrav case AF_INET6: 346b8e20e2dSHiroki Sato sin6 = sstosin6(ss); 347b8e20e2dSHiroki Sato sin6->sin6_len = sizeof(*sin6); 348ca007d91SDag-Erling Smørgrav sin6->sin6_family = af; 349ca007d91SDag-Erling Smørgrav sin6->sin6_port = port; 350ca007d91SDag-Erling Smørgrav sin6->sin6_addr = *(struct in6_addr *)addr; 351b8e20e2dSHiroki Sato #define s6_addr16 __u6_addr.__u6_addr16 352b8e20e2dSHiroki Sato if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 353b8e20e2dSHiroki Sato sin6->sin6_scope_id = 354b8e20e2dSHiroki Sato ntohs(sin6->sin6_addr.s6_addr16[1]); 355b8e20e2dSHiroki Sato sin6->sin6_addr.s6_addr16[1] = 0; 356b8e20e2dSHiroki Sato } 357ca007d91SDag-Erling Smørgrav break; 358ca007d91SDag-Erling Smørgrav default: 359ca007d91SDag-Erling Smørgrav abort(); 360ca007d91SDag-Erling Smørgrav } 361ca007d91SDag-Erling Smørgrav } 362ca007d91SDag-Erling Smørgrav 363ca007d91SDag-Erling Smørgrav static void 364bedcf91dSMichael Tuexen free_socket(struct sock *sock) 365bedcf91dSMichael Tuexen { 366bedcf91dSMichael Tuexen struct addr *cur, *next; 367bedcf91dSMichael Tuexen 368bedcf91dSMichael Tuexen cur = sock->laddr; 369bedcf91dSMichael Tuexen while (cur != NULL) { 370bedcf91dSMichael Tuexen next = cur->next; 371bedcf91dSMichael Tuexen free(cur); 372bedcf91dSMichael Tuexen cur = next; 373bedcf91dSMichael Tuexen } 374bedcf91dSMichael Tuexen cur = sock->faddr; 375bedcf91dSMichael Tuexen while (cur != NULL) { 376bedcf91dSMichael Tuexen next = cur->next; 377bedcf91dSMichael Tuexen free(cur); 378bedcf91dSMichael Tuexen cur = next; 379bedcf91dSMichael Tuexen } 380bedcf91dSMichael Tuexen free(sock); 381bedcf91dSMichael Tuexen } 382bedcf91dSMichael Tuexen 383bedcf91dSMichael Tuexen static void 384d5b4aa90SMichael Tuexen gather_sctp(void) 385d5b4aa90SMichael Tuexen { 386d5b4aa90SMichael Tuexen struct sock *sock; 387d5b4aa90SMichael Tuexen struct addr *laddr, *prev_laddr, *faddr, *prev_faddr; 388d5b4aa90SMichael Tuexen struct xsctp_inpcb *xinpcb; 389d5b4aa90SMichael Tuexen struct xsctp_tcb *xstcb; 390d5b4aa90SMichael Tuexen struct xsctp_raddr *xraddr; 391d5b4aa90SMichael Tuexen struct xsctp_laddr *xladdr; 392d5b4aa90SMichael Tuexen const char *varname; 393d5b4aa90SMichael Tuexen size_t len, offset; 394d5b4aa90SMichael Tuexen char *buf; 395a83d596fSGleb Smirnoff int vflag; 396d5b4aa90SMichael Tuexen int no_stcb, local_all_loopback, foreign_all_loopback; 397d5b4aa90SMichael Tuexen 398d5b4aa90SMichael Tuexen vflag = 0; 399d5b4aa90SMichael Tuexen if (opt_4) 400d5b4aa90SMichael Tuexen vflag |= INP_IPV4; 401d5b4aa90SMichael Tuexen if (opt_6) 402d5b4aa90SMichael Tuexen vflag |= INP_IPV6; 403d5b4aa90SMichael Tuexen 404d5b4aa90SMichael Tuexen varname = "net.inet.sctp.assoclist"; 405c5a2d8c5SRyan Moeller if (cap_sysctlbyname(capsysctl, varname, 0, &len, 0, 0) < 0) { 406d5b4aa90SMichael Tuexen if (errno != ENOENT) 407c5a2d8c5SRyan Moeller err(1, "cap_sysctlbyname()"); 408d5b4aa90SMichael Tuexen return; 409d5b4aa90SMichael Tuexen } 410d5b4aa90SMichael Tuexen if ((buf = (char *)malloc(len)) == NULL) { 411d5b4aa90SMichael Tuexen err(1, "malloc()"); 412d5b4aa90SMichael Tuexen return; 413d5b4aa90SMichael Tuexen } 414c5a2d8c5SRyan Moeller if (cap_sysctlbyname(capsysctl, varname, buf, &len, 0, 0) < 0) { 415c5a2d8c5SRyan Moeller err(1, "cap_sysctlbyname()"); 416d5b4aa90SMichael Tuexen free(buf); 417d5b4aa90SMichael Tuexen return; 418d5b4aa90SMichael Tuexen } 419d5b4aa90SMichael Tuexen xinpcb = (struct xsctp_inpcb *)(void *)buf; 420d5b4aa90SMichael Tuexen offset = sizeof(struct xsctp_inpcb); 421d5b4aa90SMichael Tuexen while ((offset < len) && (xinpcb->last == 0)) { 422d5b4aa90SMichael Tuexen if ((sock = calloc(1, sizeof *sock)) == NULL) 423d5b4aa90SMichael Tuexen err(1, "malloc()"); 424d5b4aa90SMichael Tuexen sock->socket = xinpcb->socket; 425d5b4aa90SMichael Tuexen sock->proto = IPPROTO_SCTP; 426d5b4aa90SMichael Tuexen sock->protoname = "sctp"; 427c1eb13c7SMichael Tuexen if (xinpcb->maxqlen == 0) 4286414db1bSMichael Tuexen sock->state = SCTP_CLOSED; 4296414db1bSMichael Tuexen else 4306414db1bSMichael Tuexen sock->state = SCTP_LISTEN; 431d5b4aa90SMichael Tuexen if (xinpcb->flags & SCTP_PCB_FLAGS_BOUND_V6) { 432d5b4aa90SMichael Tuexen sock->family = AF_INET6; 433edc9c7fcSMichael Tuexen /* 434edc9c7fcSMichael Tuexen * Currently there is no way to distinguish between 435edc9c7fcSMichael Tuexen * IPv6 only sockets or dual family sockets. 436edc9c7fcSMichael Tuexen * So mark it as dual socket. 437edc9c7fcSMichael Tuexen */ 438edc9c7fcSMichael Tuexen sock->vflag = INP_IPV6 | INP_IPV4; 439d5b4aa90SMichael Tuexen } else { 440d5b4aa90SMichael Tuexen sock->family = AF_INET; 441d5b4aa90SMichael Tuexen sock->vflag = INP_IPV4; 442d5b4aa90SMichael Tuexen } 443d5b4aa90SMichael Tuexen prev_laddr = NULL; 444d5b4aa90SMichael Tuexen local_all_loopback = 1; 445d5b4aa90SMichael Tuexen while (offset < len) { 446d5b4aa90SMichael Tuexen xladdr = (struct xsctp_laddr *)(void *)(buf + offset); 447d5b4aa90SMichael Tuexen offset += sizeof(struct xsctp_laddr); 448d5b4aa90SMichael Tuexen if (xladdr->last == 1) 449d5b4aa90SMichael Tuexen break; 450d5b4aa90SMichael Tuexen if ((laddr = calloc(1, sizeof(struct addr))) == NULL) 451d5b4aa90SMichael Tuexen err(1, "malloc()"); 452d5b4aa90SMichael Tuexen switch (xladdr->address.sa.sa_family) { 453d5b4aa90SMichael Tuexen case AF_INET: 454d5b4aa90SMichael Tuexen #define __IN_IS_ADDR_LOOPBACK(pina) \ 455d5b4aa90SMichael Tuexen ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) 45627569d01SRenato Botelho if (!__IN_IS_ADDR_LOOPBACK( 45727569d01SRenato Botelho &xladdr->address.sin.sin_addr)) 458d5b4aa90SMichael Tuexen local_all_loopback = 0; 459d5b4aa90SMichael Tuexen #undef __IN_IS_ADDR_LOOPBACK 46027569d01SRenato Botelho sockaddr(&laddr->address, AF_INET, 461d5b4aa90SMichael Tuexen &xladdr->address.sin.sin_addr, 462d5b4aa90SMichael Tuexen htons(xinpcb->local_port)); 463d5b4aa90SMichael Tuexen break; 464d5b4aa90SMichael Tuexen case AF_INET6: 46527569d01SRenato Botelho if (!IN6_IS_ADDR_LOOPBACK( 46627569d01SRenato Botelho &xladdr->address.sin6.sin6_addr)) 467d5b4aa90SMichael Tuexen local_all_loopback = 0; 46827569d01SRenato Botelho sockaddr(&laddr->address, AF_INET6, 469d5b4aa90SMichael Tuexen &xladdr->address.sin6.sin6_addr, 470d5b4aa90SMichael Tuexen htons(xinpcb->local_port)); 471d5b4aa90SMichael Tuexen break; 472d5b4aa90SMichael Tuexen default: 473463a577bSEitan Adler errx(1, "address family %d not supported", 474d5b4aa90SMichael Tuexen xladdr->address.sa.sa_family); 475d5b4aa90SMichael Tuexen } 476d5b4aa90SMichael Tuexen laddr->next = NULL; 477d5b4aa90SMichael Tuexen if (prev_laddr == NULL) 478d5b4aa90SMichael Tuexen sock->laddr = laddr; 479d5b4aa90SMichael Tuexen else 480d5b4aa90SMichael Tuexen prev_laddr->next = laddr; 481d5b4aa90SMichael Tuexen prev_laddr = laddr; 482d5b4aa90SMichael Tuexen } 483d5b4aa90SMichael Tuexen if (sock->laddr == NULL) { 48427569d01SRenato Botelho if ((sock->laddr = 48527569d01SRenato Botelho calloc(1, sizeof(struct addr))) == NULL) 486d5b4aa90SMichael Tuexen err(1, "malloc()"); 487d5b4aa90SMichael Tuexen sock->laddr->address.ss_family = sock->family; 488d5b4aa90SMichael Tuexen if (sock->family == AF_INET) 48927569d01SRenato Botelho sock->laddr->address.ss_len = 49027569d01SRenato Botelho sizeof(struct sockaddr_in); 491d5b4aa90SMichael Tuexen else 49227569d01SRenato Botelho sock->laddr->address.ss_len = 49327569d01SRenato Botelho sizeof(struct sockaddr_in6); 494d5b4aa90SMichael Tuexen local_all_loopback = 0; 495d5b4aa90SMichael Tuexen } 496d5b4aa90SMichael Tuexen if ((sock->faddr = calloc(1, sizeof(struct addr))) == NULL) 497d5b4aa90SMichael Tuexen err(1, "malloc()"); 498d5b4aa90SMichael Tuexen sock->faddr->address.ss_family = sock->family; 499d5b4aa90SMichael Tuexen if (sock->family == AF_INET) 50027569d01SRenato Botelho sock->faddr->address.ss_len = 50127569d01SRenato Botelho sizeof(struct sockaddr_in); 502d5b4aa90SMichael Tuexen else 50327569d01SRenato Botelho sock->faddr->address.ss_len = 50427569d01SRenato Botelho sizeof(struct sockaddr_in6); 505d5b4aa90SMichael Tuexen no_stcb = 1; 506d5b4aa90SMichael Tuexen while (offset < len) { 507d5b4aa90SMichael Tuexen xstcb = (struct xsctp_tcb *)(void *)(buf + offset); 508d5b4aa90SMichael Tuexen offset += sizeof(struct xsctp_tcb); 509bedcf91dSMichael Tuexen if (no_stcb) { 51027569d01SRenato Botelho if (opt_l && (sock->vflag & vflag) && 511d5b4aa90SMichael Tuexen (!opt_L || !local_all_loopback) && 512d5b4aa90SMichael Tuexen ((xinpcb->flags & SCTP_PCB_FLAGS_UDPTYPE) || 513d5b4aa90SMichael Tuexen (xstcb->last == 1))) { 514a83d596fSGleb Smirnoff RB_INSERT(socks_t, &socks, sock); 515bedcf91dSMichael Tuexen } else { 516bedcf91dSMichael Tuexen free_socket(sock); 517bedcf91dSMichael Tuexen } 518d5b4aa90SMichael Tuexen } 519d5b4aa90SMichael Tuexen if (xstcb->last == 1) 520d5b4aa90SMichael Tuexen break; 521d5b4aa90SMichael Tuexen no_stcb = 0; 522d5b4aa90SMichael Tuexen if (opt_c) { 523d5b4aa90SMichael Tuexen if ((sock = calloc(1, sizeof *sock)) == NULL) 524d5b4aa90SMichael Tuexen err(1, "malloc()"); 525d5b4aa90SMichael Tuexen sock->socket = xinpcb->socket; 526d5b4aa90SMichael Tuexen sock->proto = IPPROTO_SCTP; 527d5b4aa90SMichael Tuexen sock->protoname = "sctp"; 5286414db1bSMichael Tuexen sock->state = (int)xstcb->state; 529d5b4aa90SMichael Tuexen if (xinpcb->flags & SCTP_PCB_FLAGS_BOUND_V6) { 530d5b4aa90SMichael Tuexen sock->family = AF_INET6; 531edc9c7fcSMichael Tuexen /* 532edc9c7fcSMichael Tuexen * Currently there is no way to distinguish 533edc9c7fcSMichael Tuexen * between IPv6 only sockets or dual family 534edc9c7fcSMichael Tuexen * sockets. So mark it as dual socket. 535edc9c7fcSMichael Tuexen */ 536edc9c7fcSMichael Tuexen sock->vflag = INP_IPV6 | INP_IPV4; 537d5b4aa90SMichael Tuexen } else { 538d5b4aa90SMichael Tuexen sock->family = AF_INET; 539d5b4aa90SMichael Tuexen sock->vflag = INP_IPV4; 540d5b4aa90SMichael Tuexen } 541d5b4aa90SMichael Tuexen } 542d5b4aa90SMichael Tuexen prev_laddr = NULL; 543d5b4aa90SMichael Tuexen local_all_loopback = 1; 544d5b4aa90SMichael Tuexen while (offset < len) { 54527569d01SRenato Botelho xladdr = (struct xsctp_laddr *)(void *)(buf + 54627569d01SRenato Botelho offset); 547d5b4aa90SMichael Tuexen offset += sizeof(struct xsctp_laddr); 548d5b4aa90SMichael Tuexen if (xladdr->last == 1) 549d5b4aa90SMichael Tuexen break; 550d5b4aa90SMichael Tuexen if (!opt_c) 551d5b4aa90SMichael Tuexen continue; 55227569d01SRenato Botelho laddr = calloc(1, sizeof(struct addr)); 55327569d01SRenato Botelho if (laddr == NULL) 554d5b4aa90SMichael Tuexen err(1, "malloc()"); 555d5b4aa90SMichael Tuexen switch (xladdr->address.sa.sa_family) { 556d5b4aa90SMichael Tuexen case AF_INET: 557d5b4aa90SMichael Tuexen #define __IN_IS_ADDR_LOOPBACK(pina) \ 558d5b4aa90SMichael Tuexen ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) 55927569d01SRenato Botelho if (!__IN_IS_ADDR_LOOPBACK( 56027569d01SRenato Botelho &xladdr->address.sin.sin_addr)) 561d5b4aa90SMichael Tuexen local_all_loopback = 0; 562d5b4aa90SMichael Tuexen #undef __IN_IS_ADDR_LOOPBACK 56327569d01SRenato Botelho sockaddr(&laddr->address, AF_INET, 564d5b4aa90SMichael Tuexen &xladdr->address.sin.sin_addr, 565d5b4aa90SMichael Tuexen htons(xstcb->local_port)); 566d5b4aa90SMichael Tuexen break; 567d5b4aa90SMichael Tuexen case AF_INET6: 56827569d01SRenato Botelho if (!IN6_IS_ADDR_LOOPBACK( 56927569d01SRenato Botelho &xladdr->address.sin6.sin6_addr)) 570d5b4aa90SMichael Tuexen local_all_loopback = 0; 57127569d01SRenato Botelho sockaddr(&laddr->address, AF_INET6, 572d5b4aa90SMichael Tuexen &xladdr->address.sin6.sin6_addr, 573d5b4aa90SMichael Tuexen htons(xstcb->local_port)); 574d5b4aa90SMichael Tuexen break; 575d5b4aa90SMichael Tuexen default: 57627569d01SRenato Botelho errx(1, 57727569d01SRenato Botelho "address family %d not supported", 578d5b4aa90SMichael Tuexen xladdr->address.sa.sa_family); 579d5b4aa90SMichael Tuexen } 580d5b4aa90SMichael Tuexen laddr->next = NULL; 581d5b4aa90SMichael Tuexen if (prev_laddr == NULL) 582d5b4aa90SMichael Tuexen sock->laddr = laddr; 583d5b4aa90SMichael Tuexen else 584d5b4aa90SMichael Tuexen prev_laddr->next = laddr; 585d5b4aa90SMichael Tuexen prev_laddr = laddr; 586d5b4aa90SMichael Tuexen } 587d5b4aa90SMichael Tuexen prev_faddr = NULL; 588d5b4aa90SMichael Tuexen foreign_all_loopback = 1; 589d5b4aa90SMichael Tuexen while (offset < len) { 59027569d01SRenato Botelho xraddr = (struct xsctp_raddr *)(void *)(buf + 59127569d01SRenato Botelho offset); 592d5b4aa90SMichael Tuexen offset += sizeof(struct xsctp_raddr); 593d5b4aa90SMichael Tuexen if (xraddr->last == 1) 594d5b4aa90SMichael Tuexen break; 595d5b4aa90SMichael Tuexen if (!opt_c) 596d5b4aa90SMichael Tuexen continue; 59727569d01SRenato Botelho faddr = calloc(1, sizeof(struct addr)); 59827569d01SRenato Botelho if (faddr == NULL) 599d5b4aa90SMichael Tuexen err(1, "malloc()"); 600d5b4aa90SMichael Tuexen switch (xraddr->address.sa.sa_family) { 601d5b4aa90SMichael Tuexen case AF_INET: 602d5b4aa90SMichael Tuexen #define __IN_IS_ADDR_LOOPBACK(pina) \ 603d5b4aa90SMichael Tuexen ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) 60427569d01SRenato Botelho if (!__IN_IS_ADDR_LOOPBACK( 60527569d01SRenato Botelho &xraddr->address.sin.sin_addr)) 606d5b4aa90SMichael Tuexen foreign_all_loopback = 0; 607d5b4aa90SMichael Tuexen #undef __IN_IS_ADDR_LOOPBACK 60827569d01SRenato Botelho sockaddr(&faddr->address, AF_INET, 609d5b4aa90SMichael Tuexen &xraddr->address.sin.sin_addr, 610d5b4aa90SMichael Tuexen htons(xstcb->remote_port)); 611d5b4aa90SMichael Tuexen break; 612d5b4aa90SMichael Tuexen case AF_INET6: 61327569d01SRenato Botelho if (!IN6_IS_ADDR_LOOPBACK( 61427569d01SRenato Botelho &xraddr->address.sin6.sin6_addr)) 615d5b4aa90SMichael Tuexen foreign_all_loopback = 0; 61627569d01SRenato Botelho sockaddr(&faddr->address, AF_INET6, 617d5b4aa90SMichael Tuexen &xraddr->address.sin6.sin6_addr, 618d5b4aa90SMichael Tuexen htons(xstcb->remote_port)); 619d5b4aa90SMichael Tuexen break; 620d5b4aa90SMichael Tuexen default: 62127569d01SRenato Botelho errx(1, 62227569d01SRenato Botelho "address family %d not supported", 623d5b4aa90SMichael Tuexen xraddr->address.sa.sa_family); 624d5b4aa90SMichael Tuexen } 62549b836f2SMichael Tuexen faddr->encaps_port = xraddr->encaps_port; 626e389705eSMichael Tuexen faddr->state = xraddr->state; 627d5b4aa90SMichael Tuexen faddr->next = NULL; 628d5b4aa90SMichael Tuexen if (prev_faddr == NULL) 629d5b4aa90SMichael Tuexen sock->faddr = faddr; 630d5b4aa90SMichael Tuexen else 631d5b4aa90SMichael Tuexen prev_faddr->next = faddr; 632d5b4aa90SMichael Tuexen prev_faddr = faddr; 633d5b4aa90SMichael Tuexen } 634bedcf91dSMichael Tuexen if (opt_c) { 635edc9c7fcSMichael Tuexen if ((sock->vflag & vflag) && 636edc9c7fcSMichael Tuexen (!opt_L || 63727569d01SRenato Botelho !(local_all_loopback || 63827569d01SRenato Botelho foreign_all_loopback))) { 639a83d596fSGleb Smirnoff RB_INSERT(socks_t, &socks, sock); 640bedcf91dSMichael Tuexen } else { 641bedcf91dSMichael Tuexen free_socket(sock); 642bedcf91dSMichael Tuexen } 643d5b4aa90SMichael Tuexen } 644d5b4aa90SMichael Tuexen } 645d5b4aa90SMichael Tuexen xinpcb = (struct xsctp_inpcb *)(void *)(buf + offset); 646d5b4aa90SMichael Tuexen offset += sizeof(struct xsctp_inpcb); 647d5b4aa90SMichael Tuexen } 648d5b4aa90SMichael Tuexen free(buf); 649d5b4aa90SMichael Tuexen } 650d5b4aa90SMichael Tuexen 651d5b4aa90SMichael Tuexen static void 652ca007d91SDag-Erling Smørgrav gather_inet(int proto) 653ca007d91SDag-Erling Smørgrav { 654ca007d91SDag-Erling Smørgrav struct xinpgen *xig, *exig; 655ca007d91SDag-Erling Smørgrav struct xinpcb *xip; 656bf40d2caSGleb Smirnoff struct xtcpcb *xtp = NULL; 657ca007d91SDag-Erling Smørgrav struct xsocket *so; 658ca007d91SDag-Erling Smørgrav struct sock *sock; 659e6f718c7SMichael Tuexen struct addr *laddr, *faddr; 660ca007d91SDag-Erling Smørgrav const char *varname, *protoname; 661ca007d91SDag-Erling Smørgrav size_t len, bufsize; 662ca007d91SDag-Erling Smørgrav void *buf; 663a83d596fSGleb Smirnoff int retry, vflag; 664ca007d91SDag-Erling Smørgrav 6656eb1d5baSMichael Tuexen vflag = 0; 666ca007d91SDag-Erling Smørgrav if (opt_4) 667ca007d91SDag-Erling Smørgrav vflag |= INP_IPV4; 668ca007d91SDag-Erling Smørgrav if (opt_6) 669ca007d91SDag-Erling Smørgrav vflag |= INP_IPV6; 670ca007d91SDag-Erling Smørgrav 671ca007d91SDag-Erling Smørgrav switch (proto) { 672ca007d91SDag-Erling Smørgrav case IPPROTO_TCP: 673ca007d91SDag-Erling Smørgrav varname = "net.inet.tcp.pcblist"; 674ca007d91SDag-Erling Smørgrav protoname = "tcp"; 675ca007d91SDag-Erling Smørgrav break; 676ca007d91SDag-Erling Smørgrav case IPPROTO_UDP: 677ca007d91SDag-Erling Smørgrav varname = "net.inet.udp.pcblist"; 678ca007d91SDag-Erling Smørgrav protoname = "udp"; 679ca007d91SDag-Erling Smørgrav break; 6802cfbdf89SRuslan Ermilov case IPPROTO_DIVERT: 6812cfbdf89SRuslan Ermilov varname = "net.inet.divert.pcblist"; 6822cfbdf89SRuslan Ermilov protoname = "div"; 6832cfbdf89SRuslan Ermilov break; 684ca007d91SDag-Erling Smørgrav default: 6851f3d67aaSGiorgos Keramidas errx(1, "protocol %d not supported", proto); 686ca007d91SDag-Erling Smørgrav } 687ca007d91SDag-Erling Smørgrav 688ca007d91SDag-Erling Smørgrav buf = NULL; 689ca007d91SDag-Erling Smørgrav bufsize = 8192; 690ca007d91SDag-Erling Smørgrav retry = 5; 691ca007d91SDag-Erling Smørgrav do { 692ca007d91SDag-Erling Smørgrav for (;;) { 693ca007d91SDag-Erling Smørgrav if ((buf = realloc(buf, bufsize)) == NULL) 694ca007d91SDag-Erling Smørgrav err(1, "realloc()"); 695ca007d91SDag-Erling Smørgrav len = bufsize; 696c5a2d8c5SRyan Moeller if (cap_sysctlbyname(capsysctl, varname, buf, &len, 697c5a2d8c5SRyan Moeller NULL, 0) == 0) 698ca007d91SDag-Erling Smørgrav break; 6994b2a3d41SRuslan Ermilov if (errno == ENOENT) 7004b2a3d41SRuslan Ermilov goto out; 701003e7e49SMikolaj Golub if (errno != ENOMEM || len != bufsize) 702c5a2d8c5SRyan Moeller err(1, "cap_sysctlbyname()"); 703ca007d91SDag-Erling Smørgrav bufsize *= 2; 704ca007d91SDag-Erling Smørgrav } 705ca007d91SDag-Erling Smørgrav xig = (struct xinpgen *)buf; 7066dbe8d53SRobert Drehmel exig = (struct xinpgen *)(void *) 7076dbe8d53SRobert Drehmel ((char *)buf + len - sizeof *exig); 70808e77283SAlexander V. Chernikov enforce_ksize(xig->xig_len, struct xinpgen); 70908e77283SAlexander V. Chernikov enforce_ksize(exig->xig_len, struct xinpgen); 710ca007d91SDag-Erling Smørgrav } while (xig->xig_gen != exig->xig_gen && retry--); 711ca007d91SDag-Erling Smørgrav 712ca007d91SDag-Erling Smørgrav if (xig->xig_gen != exig->xig_gen && opt_v) 713ca007d91SDag-Erling Smørgrav warnx("warning: data may be inconsistent"); 714ca007d91SDag-Erling Smørgrav 715ca007d91SDag-Erling Smørgrav for (;;) { 7166dbe8d53SRobert Drehmel xig = (struct xinpgen *)(void *)((char *)xig + xig->xig_len); 717ca007d91SDag-Erling Smørgrav if (xig >= exig) 718ca007d91SDag-Erling Smørgrav break; 719ca007d91SDag-Erling Smørgrav switch (proto) { 720ca007d91SDag-Erling Smørgrav case IPPROTO_TCP: 721cc65eb4eSGleb Smirnoff xtp = (struct xtcpcb *)xig; 722cc65eb4eSGleb Smirnoff xip = &xtp->xt_inp; 72308e77283SAlexander V. Chernikov if (!check_ksize(xtp->xt_len, struct xtcpcb)) 724ca007d91SDag-Erling Smørgrav goto out; 725cc65eb4eSGleb Smirnoff protoname = xtp->t_flags & TF_TOE ? "toe" : "tcp"; 726ca007d91SDag-Erling Smørgrav break; 727ca007d91SDag-Erling Smørgrav case IPPROTO_UDP: 7282cfbdf89SRuslan Ermilov case IPPROTO_DIVERT: 729cc65eb4eSGleb Smirnoff xip = (struct xinpcb *)xig; 73008e77283SAlexander V. Chernikov if (!check_ksize(xip->xi_len, struct xinpcb)) 731ca007d91SDag-Erling Smørgrav goto out; 732ca007d91SDag-Erling Smørgrav break; 733ca007d91SDag-Erling Smørgrav default: 7341f3d67aaSGiorgos Keramidas errx(1, "protocol %d not supported", proto); 735ca007d91SDag-Erling Smørgrav } 736cc65eb4eSGleb Smirnoff so = &xip->xi_socket; 737cc65eb4eSGleb Smirnoff if ((xip->inp_vflag & vflag) == 0) 738ca007d91SDag-Erling Smørgrav continue; 739cc65eb4eSGleb Smirnoff if (xip->inp_vflag & INP_IPV4) { 740cc65eb4eSGleb Smirnoff if ((xip->inp_fport == 0 && !opt_l) || 741cc65eb4eSGleb Smirnoff (xip->inp_fport != 0 && !opt_c)) 7421e6690e5SDag-Erling Smørgrav continue; 7439b6ca892SBruce M Simpson #define __IN_IS_ADDR_LOOPBACK(pina) \ 7449b6ca892SBruce M Simpson ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) 7459b6ca892SBruce M Simpson if (opt_L && 746cc65eb4eSGleb Smirnoff (__IN_IS_ADDR_LOOPBACK(&xip->inp_faddr) || 747cc65eb4eSGleb Smirnoff __IN_IS_ADDR_LOOPBACK(&xip->inp_laddr))) 7489b6ca892SBruce M Simpson continue; 7499b6ca892SBruce M Simpson #undef __IN_IS_ADDR_LOOPBACK 750cc65eb4eSGleb Smirnoff } else if (xip->inp_vflag & INP_IPV6) { 751cc65eb4eSGleb Smirnoff if ((xip->inp_fport == 0 && !opt_l) || 752cc65eb4eSGleb Smirnoff (xip->inp_fport != 0 && !opt_c)) 7531e6690e5SDag-Erling Smørgrav continue; 7549b6ca892SBruce M Simpson if (opt_L && 755cc65eb4eSGleb Smirnoff (IN6_IS_ADDR_LOOPBACK(&xip->in6p_faddr) || 756cc65eb4eSGleb Smirnoff IN6_IS_ADDR_LOOPBACK(&xip->in6p_laddr))) 7579b6ca892SBruce M Simpson continue; 7581e6690e5SDag-Erling Smørgrav } else { 7591e6690e5SDag-Erling Smørgrav if (opt_v) 760cc65eb4eSGleb Smirnoff warnx("invalid vflag 0x%x", xip->inp_vflag); 7611e6690e5SDag-Erling Smørgrav continue; 7621e6690e5SDag-Erling Smørgrav } 763b8e20e2dSHiroki Sato if ((sock = calloc(1, sizeof(*sock))) == NULL) 764ca007d91SDag-Erling Smørgrav err(1, "malloc()"); 765e6f718c7SMichael Tuexen if ((laddr = calloc(1, sizeof *laddr)) == NULL) 766e6f718c7SMichael Tuexen err(1, "malloc()"); 767e6f718c7SMichael Tuexen if ((faddr = calloc(1, sizeof *faddr)) == NULL) 768e6f718c7SMichael Tuexen err(1, "malloc()"); 769ca007d91SDag-Erling Smørgrav sock->socket = so->xso_so; 770ca007d91SDag-Erling Smørgrav sock->proto = proto; 7715f64777aSMichael Tuexen sock->inp_gencnt = xip->inp_gencnt; 772cc65eb4eSGleb Smirnoff if (xip->inp_vflag & INP_IPV4) { 773ca007d91SDag-Erling Smørgrav sock->family = AF_INET; 774e6f718c7SMichael Tuexen sockaddr(&laddr->address, sock->family, 775cc65eb4eSGleb Smirnoff &xip->inp_laddr, xip->inp_lport); 776e6f718c7SMichael Tuexen sockaddr(&faddr->address, sock->family, 777cc65eb4eSGleb Smirnoff &xip->inp_faddr, xip->inp_fport); 778cc65eb4eSGleb Smirnoff } else if (xip->inp_vflag & INP_IPV6) { 779ca007d91SDag-Erling Smørgrav sock->family = AF_INET6; 780e6f718c7SMichael Tuexen sockaddr(&laddr->address, sock->family, 781cc65eb4eSGleb Smirnoff &xip->in6p_laddr, xip->inp_lport); 782e6f718c7SMichael Tuexen sockaddr(&faddr->address, sock->family, 783cc65eb4eSGleb Smirnoff &xip->in6p_faddr, xip->inp_fport); 784ca007d91SDag-Erling Smørgrav } 7859e644c23SMichael Tuexen if (proto == IPPROTO_TCP) 7869e644c23SMichael Tuexen faddr->encaps_port = xtp->xt_encaps_port; 787e6f718c7SMichael Tuexen laddr->next = NULL; 788e6f718c7SMichael Tuexen faddr->next = NULL; 789e6f718c7SMichael Tuexen sock->laddr = laddr; 790e6f718c7SMichael Tuexen sock->faddr = faddr; 791cc65eb4eSGleb Smirnoff sock->vflag = xip->inp_vflag; 792e5cccc35SMichael Tuexen if (proto == IPPROTO_TCP) { 793cc65eb4eSGleb Smirnoff sock->state = xtp->t_state; 794e5cccc35SMichael Tuexen memcpy(sock->stack, xtp->xt_stack, 795e5cccc35SMichael Tuexen TCP_FUNCTION_NAME_LEN_MAX); 7962ac089d0SMichael Tuexen memcpy(sock->cc, xtp->xt_cc, TCP_CA_NAME_MAX); 797e5cccc35SMichael Tuexen } 798ca007d91SDag-Erling Smørgrav sock->protoname = protoname; 799a83d596fSGleb Smirnoff if (sock->socket != 0) 800a83d596fSGleb Smirnoff RB_INSERT(socks_t, &socks, sock); 801a83d596fSGleb Smirnoff else 802a83d596fSGleb Smirnoff SLIST_INSERT_HEAD(&nosocks, sock, socket_list); 803ca007d91SDag-Erling Smørgrav } 804ca007d91SDag-Erling Smørgrav out: 805ca007d91SDag-Erling Smørgrav free(buf); 806ca007d91SDag-Erling Smørgrav } 807ca007d91SDag-Erling Smørgrav 808ca007d91SDag-Erling Smørgrav static void 809ca007d91SDag-Erling Smørgrav gather_unix(int proto) 810ca007d91SDag-Erling Smørgrav { 811ca007d91SDag-Erling Smørgrav struct xunpgen *xug, *exug; 812ca007d91SDag-Erling Smørgrav struct xunpcb *xup; 813ca007d91SDag-Erling Smørgrav struct sock *sock; 814e6f718c7SMichael Tuexen struct addr *laddr, *faddr; 815ca007d91SDag-Erling Smørgrav const char *varname, *protoname; 816ca007d91SDag-Erling Smørgrav size_t len, bufsize; 817ca007d91SDag-Erling Smørgrav void *buf; 818a83d596fSGleb Smirnoff int retry; 819ca007d91SDag-Erling Smørgrav 820ca007d91SDag-Erling Smørgrav switch (proto) { 821ca007d91SDag-Erling Smørgrav case SOCK_STREAM: 822ca007d91SDag-Erling Smørgrav varname = "net.local.stream.pcblist"; 823ca007d91SDag-Erling Smørgrav protoname = "stream"; 824ca007d91SDag-Erling Smørgrav break; 825ca007d91SDag-Erling Smørgrav case SOCK_DGRAM: 826ca007d91SDag-Erling Smørgrav varname = "net.local.dgram.pcblist"; 827ca007d91SDag-Erling Smørgrav protoname = "dgram"; 828ca007d91SDag-Erling Smørgrav break; 829b8e20e2dSHiroki Sato case SOCK_SEQPACKET: 830b8e20e2dSHiroki Sato varname = "net.local.seqpacket.pcblist"; 831b8e20e2dSHiroki Sato protoname = "seqpac"; 832b8e20e2dSHiroki Sato break; 833ca007d91SDag-Erling Smørgrav default: 834ca007d91SDag-Erling Smørgrav abort(); 835ca007d91SDag-Erling Smørgrav } 836ca007d91SDag-Erling Smørgrav buf = NULL; 837ca007d91SDag-Erling Smørgrav bufsize = 8192; 838ca007d91SDag-Erling Smørgrav retry = 5; 839ca007d91SDag-Erling Smørgrav do { 840ca007d91SDag-Erling Smørgrav for (;;) { 841ca007d91SDag-Erling Smørgrav if ((buf = realloc(buf, bufsize)) == NULL) 842ca007d91SDag-Erling Smørgrav err(1, "realloc()"); 843ca007d91SDag-Erling Smørgrav len = bufsize; 844c5a2d8c5SRyan Moeller if (cap_sysctlbyname(capsysctl, varname, buf, &len, 845c5a2d8c5SRyan Moeller NULL, 0) == 0) 846ca007d91SDag-Erling Smørgrav break; 847003e7e49SMikolaj Golub if (errno != ENOMEM || len != bufsize) 848c5a2d8c5SRyan Moeller err(1, "cap_sysctlbyname()"); 849ca007d91SDag-Erling Smørgrav bufsize *= 2; 850ca007d91SDag-Erling Smørgrav } 851ca007d91SDag-Erling Smørgrav xug = (struct xunpgen *)buf; 8526dbe8d53SRobert Drehmel exug = (struct xunpgen *)(void *) 853b8e20e2dSHiroki Sato ((char *)buf + len - sizeof(*exug)); 85408e77283SAlexander V. Chernikov if (!check_ksize(xug->xug_len, struct xunpgen) || 85508e77283SAlexander V. Chernikov !check_ksize(exug->xug_len, struct xunpgen)) 856ca007d91SDag-Erling Smørgrav goto out; 857ca007d91SDag-Erling Smørgrav } while (xug->xug_gen != exug->xug_gen && retry--); 858ca007d91SDag-Erling Smørgrav 859ca007d91SDag-Erling Smørgrav if (xug->xug_gen != exug->xug_gen && opt_v) 860ca007d91SDag-Erling Smørgrav warnx("warning: data may be inconsistent"); 861ca007d91SDag-Erling Smørgrav 862ca007d91SDag-Erling Smørgrav for (;;) { 8636dbe8d53SRobert Drehmel xug = (struct xunpgen *)(void *)((char *)xug + xug->xug_len); 864ca007d91SDag-Erling Smørgrav if (xug >= exug) 865ca007d91SDag-Erling Smørgrav break; 866ca007d91SDag-Erling Smørgrav xup = (struct xunpcb *)xug; 86708e77283SAlexander V. Chernikov if (!check_ksize(xup->xu_len, struct xunpcb)) 868ca007d91SDag-Erling Smørgrav goto out; 869f38b68aeSBrooks Davis if ((xup->unp_conn == 0 && !opt_l) || 870f38b68aeSBrooks Davis (xup->unp_conn != 0 && !opt_c)) 8711e6690e5SDag-Erling Smørgrav continue; 872b8e20e2dSHiroki Sato if ((sock = calloc(1, sizeof(*sock))) == NULL) 873ca007d91SDag-Erling Smørgrav err(1, "malloc()"); 874e6f718c7SMichael Tuexen if ((laddr = calloc(1, sizeof *laddr)) == NULL) 875e6f718c7SMichael Tuexen err(1, "malloc()"); 876e6f718c7SMichael Tuexen if ((faddr = calloc(1, sizeof *faddr)) == NULL) 877e6f718c7SMichael Tuexen err(1, "malloc()"); 878ca007d91SDag-Erling Smørgrav sock->socket = xup->xu_socket.xso_so; 879ca007d91SDag-Erling Smørgrav sock->pcb = xup->xu_unpp; 880ca007d91SDag-Erling Smørgrav sock->proto = proto; 881ca007d91SDag-Erling Smørgrav sock->family = AF_UNIX; 882ca007d91SDag-Erling Smørgrav sock->protoname = protoname; 8830e229f34SGleb Smirnoff if (xup->xu_addr.sun_family == AF_UNIX) 884e6f718c7SMichael Tuexen laddr->address = 8856dbe8d53SRobert Drehmel *(struct sockaddr_storage *)(void *)&xup->xu_addr; 8862c436d48SGleb Smirnoff faddr->conn = xup->unp_conn; 8872c436d48SGleb Smirnoff faddr->firstref = xup->xu_firstref; 8882c436d48SGleb Smirnoff faddr->nextref = xup->xu_nextref; 889e6f718c7SMichael Tuexen laddr->next = NULL; 890e6f718c7SMichael Tuexen faddr->next = NULL; 891e6f718c7SMichael Tuexen sock->laddr = laddr; 892e6f718c7SMichael Tuexen sock->faddr = faddr; 893a83d596fSGleb Smirnoff RB_INSERT(socks_t, &socks, sock); 894a83d596fSGleb Smirnoff RB_INSERT(pcbs_t, &pcbs, sock); 895ca007d91SDag-Erling Smørgrav } 896ca007d91SDag-Erling Smørgrav out: 897ca007d91SDag-Erling Smørgrav free(buf); 898ca007d91SDag-Erling Smørgrav } 899ca007d91SDag-Erling Smørgrav 900ca007d91SDag-Erling Smørgrav static void 901ca007d91SDag-Erling Smørgrav getfiles(void) 902ca007d91SDag-Erling Smørgrav { 9032c436d48SGleb Smirnoff struct xfile *xfiles; 904003e7e49SMikolaj Golub size_t len, olen; 905ca007d91SDag-Erling Smørgrav 906b8e20e2dSHiroki Sato olen = len = sizeof(*xfiles); 907003e7e49SMikolaj Golub if ((xfiles = malloc(len)) == NULL) 908ca007d91SDag-Erling Smørgrav err(1, "malloc()"); 909c5a2d8c5SRyan Moeller while (cap_sysctlbyname(capsysctl, "kern.file", xfiles, &len, 0, 0) 910c5a2d8c5SRyan Moeller == -1) { 911003e7e49SMikolaj Golub if (errno != ENOMEM || len != olen) 912c5a2d8c5SRyan Moeller err(1, "cap_sysctlbyname()"); 913003e7e49SMikolaj Golub olen = len *= 2; 914ca007d91SDag-Erling Smørgrav if ((xfiles = realloc(xfiles, len)) == NULL) 915ca007d91SDag-Erling Smørgrav err(1, "realloc()"); 916ca007d91SDag-Erling Smørgrav } 91708e77283SAlexander V. Chernikov if (len > 0) 91808e77283SAlexander V. Chernikov enforce_ksize(xfiles->xf_size, struct xfile); 9192c436d48SGleb Smirnoff nfiles = len / sizeof(*xfiles); 9202c436d48SGleb Smirnoff 9212c436d48SGleb Smirnoff if ((files = malloc(nfiles * sizeof(struct file))) == NULL) 9222c436d48SGleb Smirnoff err(1, "malloc()"); 9232c436d48SGleb Smirnoff 9242c436d48SGleb Smirnoff for (int i = 0; i < nfiles; i++) { 9252c436d48SGleb Smirnoff files[i].xf_data = xfiles[i].xf_data; 9262c436d48SGleb Smirnoff files[i].xf_pid = xfiles[i].xf_pid; 9272c436d48SGleb Smirnoff files[i].xf_uid = xfiles[i].xf_uid; 9282c436d48SGleb Smirnoff files[i].xf_fd = xfiles[i].xf_fd; 9292c436d48SGleb Smirnoff RB_INSERT(files_t, &ftree, &files[i]); 9302c436d48SGleb Smirnoff } 9312c436d48SGleb Smirnoff 9322c436d48SGleb Smirnoff free(xfiles); 933ca007d91SDag-Erling Smørgrav } 934ca007d91SDag-Erling Smørgrav 935ca007d91SDag-Erling Smørgrav static int 936baa7f281SMichael Tuexen printaddr(struct sockaddr_storage *ss) 937ca007d91SDag-Erling Smørgrav { 938ca007d91SDag-Erling Smørgrav struct sockaddr_un *sun; 939b8e20e2dSHiroki Sato char addrstr[NI_MAXHOST] = { '\0', '\0' }; 940b8e20e2dSHiroki Sato int error, off, port = 0; 941ca007d91SDag-Erling Smørgrav 942baa7f281SMichael Tuexen switch (ss->ss_family) { 943ca007d91SDag-Erling Smørgrav case AF_INET: 94464acb29bSMike Karels if (sstosin(ss)->sin_addr.s_addr == INADDR_ANY) 945ca007d91SDag-Erling Smørgrav addrstr[0] = '*'; 946b8e20e2dSHiroki Sato port = ntohs(sstosin(ss)->sin_port); 947ca007d91SDag-Erling Smørgrav break; 948ca007d91SDag-Erling Smørgrav case AF_INET6: 949b8e20e2dSHiroki Sato if (IN6_IS_ADDR_UNSPECIFIED(&sstosin6(ss)->sin6_addr)) 950ca007d91SDag-Erling Smørgrav addrstr[0] = '*'; 951b8e20e2dSHiroki Sato port = ntohs(sstosin6(ss)->sin6_port); 952ca007d91SDag-Erling Smørgrav break; 953ca007d91SDag-Erling Smørgrav case AF_UNIX: 954b8e20e2dSHiroki Sato sun = sstosun(ss); 955ca007d91SDag-Erling Smørgrav off = (int)((char *)&sun->sun_path - (char *)sun); 956ca007d91SDag-Erling Smørgrav return (xprintf("%.*s", sun->sun_len - off, sun->sun_path)); 957ca007d91SDag-Erling Smørgrav } 958b8e20e2dSHiroki Sato if (addrstr[0] == '\0') { 959c5a2d8c5SRyan Moeller error = cap_getnameinfo(capnet, sstosa(ss), ss->ss_len, 960c5a2d8c5SRyan Moeller addrstr, sizeof(addrstr), NULL, 0, NI_NUMERICHOST); 961b8e20e2dSHiroki Sato if (error) 962c5a2d8c5SRyan Moeller errx(1, "cap_getnameinfo()"); 963b8e20e2dSHiroki Sato } 964ca007d91SDag-Erling Smørgrav if (port == 0) 965ca007d91SDag-Erling Smørgrav return xprintf("%s:*", addrstr); 966ca007d91SDag-Erling Smørgrav else 967ca007d91SDag-Erling Smørgrav return xprintf("%s:%d", addrstr, port); 968ca007d91SDag-Erling Smørgrav } 969ca007d91SDag-Erling Smørgrav 970ca007d91SDag-Erling Smørgrav static const char * 971ca007d91SDag-Erling Smørgrav getprocname(pid_t pid) 972ca007d91SDag-Erling Smørgrav { 973ca007d91SDag-Erling Smørgrav static struct kinfo_proc proc; 974ca007d91SDag-Erling Smørgrav size_t len; 975ca007d91SDag-Erling Smørgrav int mib[4]; 976ca007d91SDag-Erling Smørgrav 977ca007d91SDag-Erling Smørgrav mib[0] = CTL_KERN; 978ca007d91SDag-Erling Smørgrav mib[1] = KERN_PROC; 979ca007d91SDag-Erling Smørgrav mib[2] = KERN_PROC_PID; 980ca007d91SDag-Erling Smørgrav mib[3] = (int)pid; 981b8e20e2dSHiroki Sato len = sizeof(proc); 982c5a2d8c5SRyan Moeller if (cap_sysctl(capsysctl, mib, nitems(mib), &proc, &len, NULL, 0) 983c5a2d8c5SRyan Moeller == -1) { 98448c513e0SMaxim Konovalov /* Do not warn if the process exits before we get its name. */ 98548c513e0SMaxim Konovalov if (errno != ESRCH) 986c5a2d8c5SRyan Moeller warn("cap_sysctl()"); 987ca007d91SDag-Erling Smørgrav return ("??"); 988ca007d91SDag-Erling Smørgrav } 989f487a6a8SEd Maste return (proc.ki_comm); 990ca007d91SDag-Erling Smørgrav } 991ca007d91SDag-Erling Smørgrav 992ae94787dSMaxime Henrion static int 99300feaafdSAndrew Thompson getprocjid(pid_t pid) 99400feaafdSAndrew Thompson { 99500feaafdSAndrew Thompson static struct kinfo_proc proc; 99600feaafdSAndrew Thompson size_t len; 99700feaafdSAndrew Thompson int mib[4]; 99800feaafdSAndrew Thompson 99900feaafdSAndrew Thompson mib[0] = CTL_KERN; 100000feaafdSAndrew Thompson mib[1] = KERN_PROC; 100100feaafdSAndrew Thompson mib[2] = KERN_PROC_PID; 100200feaafdSAndrew Thompson mib[3] = (int)pid; 1003b8e20e2dSHiroki Sato len = sizeof(proc); 1004c5a2d8c5SRyan Moeller if (cap_sysctl(capsysctl, mib, nitems(mib), &proc, &len, NULL, 0) 1005c5a2d8c5SRyan Moeller == -1) { 100600feaafdSAndrew Thompson /* Do not warn if the process exits before we get its jid. */ 100700feaafdSAndrew Thompson if (errno != ESRCH) 1008c5a2d8c5SRyan Moeller warn("cap_sysctl()"); 100900feaafdSAndrew Thompson return (-1); 101000feaafdSAndrew Thompson } 101100feaafdSAndrew Thompson return (proc.ki_jid); 101200feaafdSAndrew Thompson } 101300feaafdSAndrew Thompson 101400feaafdSAndrew Thompson static int 1015ae94787dSMaxime Henrion check_ports(struct sock *s) 1016ae94787dSMaxime Henrion { 1017ae94787dSMaxime Henrion int port; 1018e6f718c7SMichael Tuexen struct addr *addr; 1019ae94787dSMaxime Henrion 1020ae94787dSMaxime Henrion if (ports == NULL) 1021ae94787dSMaxime Henrion return (1); 1022ae94787dSMaxime Henrion if ((s->family != AF_INET) && (s->family != AF_INET6)) 1023ae94787dSMaxime Henrion return (1); 1024e6f718c7SMichael Tuexen for (addr = s->laddr; addr != NULL; addr = addr->next) { 1025b8e20e2dSHiroki Sato if (s->family == AF_INET) 1026b8e20e2dSHiroki Sato port = ntohs(sstosin(&addr->address)->sin_port); 1027ae94787dSMaxime Henrion else 1028b8e20e2dSHiroki Sato port = ntohs(sstosin6(&addr->address)->sin6_port); 1029ae94787dSMaxime Henrion if (CHK_PORT(port)) 1030ae94787dSMaxime Henrion return (1); 1031e6f718c7SMichael Tuexen } 1032e6f718c7SMichael Tuexen for (addr = s->faddr; addr != NULL; addr = addr->next) { 1033b8e20e2dSHiroki Sato if (s->family == AF_INET) 1034b8e20e2dSHiroki Sato port = ntohs(sstosin(&addr->address)->sin_port); 1035ae94787dSMaxime Henrion else 1036b8e20e2dSHiroki Sato port = ntohs(sstosin6(&addr->address)->sin6_port); 1037ae94787dSMaxime Henrion if (CHK_PORT(port)) 1038ae94787dSMaxime Henrion return (1); 1039e6f718c7SMichael Tuexen } 1040ae94787dSMaxime Henrion return (0); 1041ae94787dSMaxime Henrion } 1042ae94787dSMaxime Henrion 10436414db1bSMichael Tuexen static const char * 1044e389705eSMichael Tuexen sctp_conn_state(int state) 10456414db1bSMichael Tuexen { 10466414db1bSMichael Tuexen switch (state) { 10476414db1bSMichael Tuexen case SCTP_CLOSED: 10486414db1bSMichael Tuexen return "CLOSED"; 10496414db1bSMichael Tuexen break; 10506414db1bSMichael Tuexen case SCTP_BOUND: 10516414db1bSMichael Tuexen return "BOUND"; 10526414db1bSMichael Tuexen break; 10536414db1bSMichael Tuexen case SCTP_LISTEN: 10546414db1bSMichael Tuexen return "LISTEN"; 10556414db1bSMichael Tuexen break; 10566414db1bSMichael Tuexen case SCTP_COOKIE_WAIT: 10576414db1bSMichael Tuexen return "COOKIE_WAIT"; 10586414db1bSMichael Tuexen break; 10596414db1bSMichael Tuexen case SCTP_COOKIE_ECHOED: 10606414db1bSMichael Tuexen return "COOKIE_ECHOED"; 10616414db1bSMichael Tuexen break; 10626414db1bSMichael Tuexen case SCTP_ESTABLISHED: 10636414db1bSMichael Tuexen return "ESTABLISHED"; 10646414db1bSMichael Tuexen break; 10656414db1bSMichael Tuexen case SCTP_SHUTDOWN_SENT: 10666414db1bSMichael Tuexen return "SHUTDOWN_SENT"; 10676414db1bSMichael Tuexen break; 10686414db1bSMichael Tuexen case SCTP_SHUTDOWN_RECEIVED: 10696414db1bSMichael Tuexen return "SHUTDOWN_RECEIVED"; 10706414db1bSMichael Tuexen break; 10716414db1bSMichael Tuexen case SCTP_SHUTDOWN_ACK_SENT: 10726414db1bSMichael Tuexen return "SHUTDOWN_ACK_SENT"; 10736414db1bSMichael Tuexen break; 10746414db1bSMichael Tuexen case SCTP_SHUTDOWN_PENDING: 10756414db1bSMichael Tuexen return "SHUTDOWN_PENDING"; 10766414db1bSMichael Tuexen break; 10776414db1bSMichael Tuexen default: 10786414db1bSMichael Tuexen return "UNKNOWN"; 10796414db1bSMichael Tuexen break; 10806414db1bSMichael Tuexen } 10816414db1bSMichael Tuexen } 10826414db1bSMichael Tuexen 1083e389705eSMichael Tuexen static const char * 1084e389705eSMichael Tuexen sctp_path_state(int state) 1085e389705eSMichael Tuexen { 1086e389705eSMichael Tuexen switch (state) { 1087e389705eSMichael Tuexen case SCTP_UNCONFIRMED: 1088e389705eSMichael Tuexen return "UNCONFIRMED"; 1089e389705eSMichael Tuexen break; 1090e389705eSMichael Tuexen case SCTP_ACTIVE: 1091e389705eSMichael Tuexen return "ACTIVE"; 1092e389705eSMichael Tuexen break; 1093e389705eSMichael Tuexen case SCTP_INACTIVE: 1094e389705eSMichael Tuexen return "INACTIVE"; 1095e389705eSMichael Tuexen break; 1096e389705eSMichael Tuexen default: 1097e389705eSMichael Tuexen return "UNKNOWN"; 1098e389705eSMichael Tuexen break; 1099e389705eSMichael Tuexen } 1100e389705eSMichael Tuexen } 1101e389705eSMichael Tuexen 1102ca007d91SDag-Erling Smørgrav static void 110361149f8dSJilles Tjoelker displaysock(struct sock *s, int pos) 1104ca007d91SDag-Erling Smørgrav { 1105a83d596fSGleb Smirnoff int first, offset; 1106e6f718c7SMichael Tuexen struct addr *laddr, *faddr; 1107ca007d91SDag-Erling Smørgrav 1108c5bdcd1fSGleb Smirnoff while (pos < 30) 1109ca007d91SDag-Erling Smørgrav pos += xprintf(" "); 1110ca007d91SDag-Erling Smørgrav pos += xprintf("%s", s->protoname); 1111ca007d91SDag-Erling Smørgrav if (s->vflag & INP_IPV4) 1112ca007d91SDag-Erling Smørgrav pos += xprintf("4"); 1113ca007d91SDag-Erling Smørgrav if (s->vflag & INP_IPV6) 1114ca007d91SDag-Erling Smørgrav pos += xprintf("6"); 1115edc9c7fcSMichael Tuexen if (s->vflag & (INP_IPV4 | INP_IPV6)) 1116edc9c7fcSMichael Tuexen pos += xprintf(" "); 1117e6f718c7SMichael Tuexen laddr = s->laddr; 1118e6f718c7SMichael Tuexen faddr = s->faddr; 11194e13a5b0SMichael Tuexen first = 1; 1120e6f718c7SMichael Tuexen while (laddr != NULL || faddr != NULL) { 1121c5bdcd1fSGleb Smirnoff offset = 37; 112283f60cb2SMichael Tuexen while (pos < offset) 1123ca007d91SDag-Erling Smørgrav pos += xprintf(" "); 1124ca007d91SDag-Erling Smørgrav switch (s->family) { 1125ca007d91SDag-Erling Smørgrav case AF_INET: 1126ca007d91SDag-Erling Smørgrav case AF_INET6: 1127e6f718c7SMichael Tuexen if (laddr != NULL) { 1128e6f718c7SMichael Tuexen pos += printaddr(&laddr->address); 112909bbda21SMaxim Konovalov if (s->family == AF_INET6 && pos >= 58) 113009bbda21SMaxim Konovalov pos += xprintf(" "); 1131e6f718c7SMichael Tuexen } 113283f60cb2SMichael Tuexen offset += opt_w ? 46 : 22; 113383f60cb2SMichael Tuexen while (pos < offset) 1134ca007d91SDag-Erling Smørgrav pos += xprintf(" "); 1135e6f718c7SMichael Tuexen if (faddr != NULL) 1136e6f718c7SMichael Tuexen pos += printaddr(&faddr->address); 113783f60cb2SMichael Tuexen offset += opt_w ? 46 : 22; 1138ca007d91SDag-Erling Smørgrav break; 1139ca007d91SDag-Erling Smørgrav case AF_UNIX: 1140e6f718c7SMichael Tuexen if ((laddr == NULL) || (faddr == NULL)) 1141e6f718c7SMichael Tuexen errx(1, "laddr = %p or faddr = %p is NULL", 1142e6f718c7SMichael Tuexen (void *)laddr, (void *)faddr); 11432c436d48SGleb Smirnoff if (laddr->address.ss_len == 0 && faddr->conn == 0) { 1144b4eb37c6SJohn-Mark Gurney pos += xprintf("(not connected)"); 114583f60cb2SMichael Tuexen offset += opt_w ? 92 : 44; 1146b4eb37c6SJohn-Mark Gurney break; 1147b4eb37c6SJohn-Mark Gurney } 11482c436d48SGleb Smirnoff /* Local bind(2) address, if any. */ 11492c436d48SGleb Smirnoff if (laddr->address.ss_len > 0) 11502c436d48SGleb Smirnoff pos += printaddr(&laddr->address); 11512c436d48SGleb Smirnoff /* Remote peer we connect(2) to, if any. */ 11522c436d48SGleb Smirnoff if (faddr->conn != 0) { 11532c436d48SGleb Smirnoff struct sock *p; 11542c436d48SGleb Smirnoff 11552c436d48SGleb Smirnoff pos += xprintf("%s-> ", 11562c436d48SGleb Smirnoff laddr->address.ss_len > 0 ? " " : ""); 11572c436d48SGleb Smirnoff p = RB_FIND(pcbs_t, &pcbs, 11582c436d48SGleb Smirnoff &(struct sock){ .pcb = faddr->conn }); 11592c436d48SGleb Smirnoff if (__predict_false(p == NULL)) { 11602c436d48SGleb Smirnoff /* XXGL: can this happen at all? */ 1161ca007d91SDag-Erling Smørgrav pos += xprintf("??"); 11622c436d48SGleb Smirnoff } else if (p->laddr->address.ss_len == 0) { 11632c436d48SGleb Smirnoff struct file *f; 11642c436d48SGleb Smirnoff 11652c436d48SGleb Smirnoff f = RB_FIND(files_t, &ftree, 11662c436d48SGleb Smirnoff &(struct file){ .xf_data = 11672c436d48SGleb Smirnoff p->socket }); 11682c436d48SGleb Smirnoff pos += xprintf("[%lu %d]", 11692c436d48SGleb Smirnoff (u_long)f->xf_pid, f->xf_fd); 11702c436d48SGleb Smirnoff } else 11712c436d48SGleb Smirnoff pos += printaddr(&p->laddr->address); 11722c436d48SGleb Smirnoff } 11732c436d48SGleb Smirnoff /* Remote peer(s) connect(2)ed to us, if any. */ 11742c436d48SGleb Smirnoff if (faddr->firstref != 0) { 11752c436d48SGleb Smirnoff struct sock *p; 11762c436d48SGleb Smirnoff struct file *f; 11772c436d48SGleb Smirnoff kvaddr_t ref = faddr->firstref; 11782c436d48SGleb Smirnoff bool fref = true; 11792c436d48SGleb Smirnoff 11802c436d48SGleb Smirnoff pos += xprintf(" <- "); 11812c436d48SGleb Smirnoff 11822c436d48SGleb Smirnoff while ((p = RB_FIND(pcbs_t, &pcbs, 11832c436d48SGleb Smirnoff &(struct sock){ .pcb = ref })) != 0) { 11842c436d48SGleb Smirnoff f = RB_FIND(files_t, &ftree, 11852c436d48SGleb Smirnoff &(struct file){ .xf_data = 11862c436d48SGleb Smirnoff p->socket }); 11872c436d48SGleb Smirnoff pos += xprintf("%s[%lu %d]", 11882c436d48SGleb Smirnoff fref ? "" : ",", 11892c436d48SGleb Smirnoff (u_long)f->xf_pid, f->xf_fd); 11902c436d48SGleb Smirnoff ref = p->faddr->nextref; 11912c436d48SGleb Smirnoff fref = false; 11922c436d48SGleb Smirnoff } 11932c436d48SGleb Smirnoff } 119483f60cb2SMichael Tuexen offset += opt_w ? 92 : 44; 1195ca007d91SDag-Erling Smørgrav break; 1196ca007d91SDag-Erling Smørgrav default: 1197ca007d91SDag-Erling Smørgrav abort(); 1198ca007d91SDag-Erling Smørgrav } 11995f64777aSMichael Tuexen if (opt_i) { 12005f64777aSMichael Tuexen if (s->proto == IPPROTO_TCP || 12015f64777aSMichael Tuexen s->proto == IPPROTO_UDP) { 12025f64777aSMichael Tuexen while (pos < offset) 12035f64777aSMichael Tuexen pos += xprintf(" "); 12045f64777aSMichael Tuexen pos += xprintf("%" PRIu64, s->inp_gencnt); 12055f64777aSMichael Tuexen } 12065f64777aSMichael Tuexen offset += 9; 12075f64777aSMichael Tuexen } 120849b836f2SMichael Tuexen if (opt_U) { 120949b836f2SMichael Tuexen if (faddr != NULL && 12109e644c23SMichael Tuexen ((s->proto == IPPROTO_SCTP && 121149b836f2SMichael Tuexen s->state != SCTP_CLOSED && 121249b836f2SMichael Tuexen s->state != SCTP_BOUND && 12139e644c23SMichael Tuexen s->state != SCTP_LISTEN) || 12149e644c23SMichael Tuexen (s->proto == IPPROTO_TCP && 12159e644c23SMichael Tuexen s->state != TCPS_CLOSED && 12169e644c23SMichael Tuexen s->state != TCPS_LISTEN))) { 121749b836f2SMichael Tuexen while (pos < offset) 121849b836f2SMichael Tuexen pos += xprintf(" "); 121949b836f2SMichael Tuexen pos += xprintf("%u", 122049b836f2SMichael Tuexen ntohs(faddr->encaps_port)); 122149b836f2SMichael Tuexen } 122249b836f2SMichael Tuexen offset += 7; 122349b836f2SMichael Tuexen } 1224e389705eSMichael Tuexen if (opt_s) { 1225e389705eSMichael Tuexen if (faddr != NULL && 1226e389705eSMichael Tuexen s->proto == IPPROTO_SCTP && 1227e389705eSMichael Tuexen s->state != SCTP_CLOSED && 1228e389705eSMichael Tuexen s->state != SCTP_BOUND && 1229e389705eSMichael Tuexen s->state != SCTP_LISTEN) { 1230e389705eSMichael Tuexen while (pos < offset) 1231e389705eSMichael Tuexen pos += xprintf(" "); 1232e389705eSMichael Tuexen pos += xprintf("%s", 1233e389705eSMichael Tuexen sctp_path_state(faddr->state)); 1234e389705eSMichael Tuexen } 1235e389705eSMichael Tuexen offset += 13; 1236e389705eSMichael Tuexen } 1237e5cccc35SMichael Tuexen if (first) { 123849b836f2SMichael Tuexen if (opt_s) { 123949b836f2SMichael Tuexen if (s->proto == IPPROTO_SCTP || 124049b836f2SMichael Tuexen s->proto == IPPROTO_TCP) { 124149b836f2SMichael Tuexen while (pos < offset) 12424e13a5b0SMichael Tuexen pos += xprintf(" "); 12436414db1bSMichael Tuexen switch (s->proto) { 12446414db1bSMichael Tuexen case IPPROTO_SCTP: 1245e5cccc35SMichael Tuexen pos += xprintf("%s", 1246e389705eSMichael Tuexen sctp_conn_state(s->state)); 12476414db1bSMichael Tuexen break; 12486414db1bSMichael Tuexen case IPPROTO_TCP: 1249e5cccc35SMichael Tuexen if (s->state >= 0 && 1250e5cccc35SMichael Tuexen s->state < TCP_NSTATES) 125149b836f2SMichael Tuexen pos += xprintf("%s", 1252e5cccc35SMichael Tuexen tcpstates[s->state]); 12534e13a5b0SMichael Tuexen else 12544e13a5b0SMichael Tuexen pos += xprintf("?"); 12556414db1bSMichael Tuexen break; 12566414db1bSMichael Tuexen } 12574e13a5b0SMichael Tuexen } 125849b836f2SMichael Tuexen offset += 13; 125949b836f2SMichael Tuexen } 12602ac089d0SMichael Tuexen if (opt_S) { 12612ac089d0SMichael Tuexen if (s->proto == IPPROTO_TCP) { 126249b836f2SMichael Tuexen while (pos < offset) 1263e5cccc35SMichael Tuexen pos += xprintf(" "); 12642ac089d0SMichael Tuexen pos += xprintf("%.*s", 12652ac089d0SMichael Tuexen TCP_FUNCTION_NAME_LEN_MAX, 1266e5cccc35SMichael Tuexen s->stack); 1267e5cccc35SMichael Tuexen } 12682ac089d0SMichael Tuexen offset += TCP_FUNCTION_NAME_LEN_MAX + 1; 12692ac089d0SMichael Tuexen } 12702ac089d0SMichael Tuexen if (opt_C) { 12712ac089d0SMichael Tuexen if (s->proto == IPPROTO_TCP) { 12722ac089d0SMichael Tuexen while (pos < offset) 12732ac089d0SMichael Tuexen pos += xprintf(" "); 12742ac089d0SMichael Tuexen xprintf("%.*s", TCP_CA_NAME_MAX, s->cc); 12752ac089d0SMichael Tuexen } 12762ac089d0SMichael Tuexen offset += TCP_CA_NAME_MAX + 1; 12772ac089d0SMichael Tuexen } 1278e5cccc35SMichael Tuexen } 1279e6f718c7SMichael Tuexen if (laddr != NULL) 1280e6f718c7SMichael Tuexen laddr = laddr->next; 1281e6f718c7SMichael Tuexen if (faddr != NULL) 1282e6f718c7SMichael Tuexen faddr = faddr->next; 1283e6f718c7SMichael Tuexen if ((laddr != NULL) || (faddr != NULL)) { 1284e6f718c7SMichael Tuexen xprintf("\n"); 1285e6f718c7SMichael Tuexen pos = 0; 1286e6f718c7SMichael Tuexen } 12874e13a5b0SMichael Tuexen first = 0; 1288e6f718c7SMichael Tuexen } 12894e13a5b0SMichael Tuexen xprintf("\n"); 1290ca007d91SDag-Erling Smørgrav } 129161149f8dSJilles Tjoelker 129261149f8dSJilles Tjoelker static void 129361149f8dSJilles Tjoelker display(void) 129461149f8dSJilles Tjoelker { 129561149f8dSJilles Tjoelker struct passwd *pwd; 12962c436d48SGleb Smirnoff struct file *xf; 129761149f8dSJilles Tjoelker struct sock *s; 1298a83d596fSGleb Smirnoff int n, pos; 129961149f8dSJilles Tjoelker 1300ee0afaa9SEmmanuel Vadot if (opt_q != 1) { 1301c5bdcd1fSGleb Smirnoff printf("%-8s %-10s %-5s %-3s %-6s %-*s %-*s", 130261149f8dSJilles Tjoelker "USER", "COMMAND", "PID", "FD", "PROTO", 130383f60cb2SMichael Tuexen opt_w ? 45 : 21, "LOCAL ADDRESS", 130483f60cb2SMichael Tuexen opt_w ? 45 : 21, "FOREIGN ADDRESS"); 13055f64777aSMichael Tuexen if (opt_i) 13065f64777aSMichael Tuexen printf(" %-8s", "ID"); 130749b836f2SMichael Tuexen if (opt_U) 130849b836f2SMichael Tuexen printf(" %-6s", "ENCAPS"); 1309e389705eSMichael Tuexen if (opt_s) { 1310e389705eSMichael Tuexen printf(" %-12s", "PATH STATE"); 1311e389705eSMichael Tuexen printf(" %-12s", "CONN STATE"); 1312e389705eSMichael Tuexen } 1313e5cccc35SMichael Tuexen if (opt_S) 13142ac089d0SMichael Tuexen printf(" %-*.*s", TCP_FUNCTION_NAME_LEN_MAX, 13152ac089d0SMichael Tuexen TCP_FUNCTION_NAME_LEN_MAX, "STACK"); 13162ac089d0SMichael Tuexen if (opt_C) 13172ac089d0SMichael Tuexen printf(" %-.*s", TCP_CA_NAME_MAX, "CC"); 13187a5642b3SDag-Erling Smørgrav printf("\n"); 1319ee0afaa9SEmmanuel Vadot } 13207ad30f58SMariusz Zaborski cap_setpassent(cappwd, 1); 13212c436d48SGleb Smirnoff for (xf = files, n = 0; n < nfiles; ++n, ++xf) { 1322f38b68aeSBrooks Davis if (xf->xf_data == 0) 132361149f8dSJilles Tjoelker continue; 132400feaafdSAndrew Thompson if (opt_j >= 0 && opt_j != getprocjid(xf->xf_pid)) 132500feaafdSAndrew Thompson continue; 1326a83d596fSGleb Smirnoff s = RB_FIND(socks_t, &socks, 1327a83d596fSGleb Smirnoff &(struct sock){ .socket = xf->xf_data}); 1328a83d596fSGleb Smirnoff if (s != NULL && check_ports(s)) { 132961149f8dSJilles Tjoelker s->shown = 1; 133061149f8dSJilles Tjoelker pos = 0; 13317ad30f58SMariusz Zaborski if (opt_n || 13327ad30f58SMariusz Zaborski (pwd = cap_getpwuid(cappwd, xf->xf_uid)) == NULL) 133361149f8dSJilles Tjoelker pos += xprintf("%lu ", (u_long)xf->xf_uid); 133461149f8dSJilles Tjoelker else 133561149f8dSJilles Tjoelker pos += xprintf("%s ", pwd->pw_name); 133661149f8dSJilles Tjoelker while (pos < 9) 133761149f8dSJilles Tjoelker pos += xprintf(" "); 133861149f8dSJilles Tjoelker pos += xprintf("%.10s", getprocname(xf->xf_pid)); 133961149f8dSJilles Tjoelker while (pos < 20) 134061149f8dSJilles Tjoelker pos += xprintf(" "); 1341d961ccd3SGleb Smirnoff pos += xprintf("%5lu ", (u_long)xf->xf_pid); 134261149f8dSJilles Tjoelker while (pos < 26) 134361149f8dSJilles Tjoelker pos += xprintf(" "); 1344c5bdcd1fSGleb Smirnoff pos += xprintf("%-3d ", xf->xf_fd); 134561149f8dSJilles Tjoelker displaysock(s, pos); 134661149f8dSJilles Tjoelker } 13477e80c6b0SMichael Tuexen } 134800feaafdSAndrew Thompson if (opt_j >= 0) 134900feaafdSAndrew Thompson return; 1350a83d596fSGleb Smirnoff SLIST_FOREACH(s, &nosocks, socket_list) { 1351a83d596fSGleb Smirnoff if (!check_ports(s)) 1352a83d596fSGleb Smirnoff continue; 1353a83d596fSGleb Smirnoff pos = xprintf("%-8s %-10s %-5s %-2s ", 1354a83d596fSGleb Smirnoff "?", "?", "?", "?"); 1355a83d596fSGleb Smirnoff displaysock(s, pos); 1356a83d596fSGleb Smirnoff } 1357a83d596fSGleb Smirnoff RB_FOREACH(s, socks_t, &socks) { 135861149f8dSJilles Tjoelker if (s->shown) 135961149f8dSJilles Tjoelker continue; 136061149f8dSJilles Tjoelker if (!check_ports(s)) 136161149f8dSJilles Tjoelker continue; 1362a83d596fSGleb Smirnoff pos = xprintf("%-8s %-10s %-5s %-2s ", 136361149f8dSJilles Tjoelker "?", "?", "?", "?"); 136461149f8dSJilles Tjoelker displaysock(s, pos); 136561149f8dSJilles Tjoelker } 136661149f8dSJilles Tjoelker } 1367ca007d91SDag-Erling Smørgrav 1368f1cd4902SRyan Moeller static int 1369f1cd4902SRyan Moeller set_default_protos(void) 13701f3d67aaSGiorgos Keramidas { 13711f3d67aaSGiorgos Keramidas struct protoent *prot; 13721f3d67aaSGiorgos Keramidas const char *pname; 13731f3d67aaSGiorgos Keramidas size_t pindex; 13741f3d67aaSGiorgos Keramidas 13751f3d67aaSGiorgos Keramidas init_protos(default_numprotos); 13761f3d67aaSGiorgos Keramidas 13771f3d67aaSGiorgos Keramidas for (pindex = 0; pindex < default_numprotos; pindex++) { 13781f3d67aaSGiorgos Keramidas pname = default_protos[pindex]; 1379c5a2d8c5SRyan Moeller prot = cap_getprotobyname(capnetdb, pname); 13801f3d67aaSGiorgos Keramidas if (prot == NULL) 1381c5a2d8c5SRyan Moeller err(1, "cap_getprotobyname: %s", pname); 13821f3d67aaSGiorgos Keramidas protos[pindex] = prot->p_proto; 13831f3d67aaSGiorgos Keramidas } 13841f3d67aaSGiorgos Keramidas numprotos = pindex; 13851f3d67aaSGiorgos Keramidas return (pindex); 13861f3d67aaSGiorgos Keramidas } 13871f3d67aaSGiorgos Keramidas 1388f1cd4902SRyan Moeller /* 1389f1cd4902SRyan Moeller * Return the vnet property of the jail, or -1 on error. 1390f1cd4902SRyan Moeller */ 1391f1cd4902SRyan Moeller static int 1392f1cd4902SRyan Moeller jail_getvnet(int jid) 1393f1cd4902SRyan Moeller { 1394f1cd4902SRyan Moeller struct iovec jiov[6]; 1395f1cd4902SRyan Moeller int vnet; 13961fec1fa8SGleb Smirnoff size_t len = sizeof(vnet); 13971fec1fa8SGleb Smirnoff 13981fec1fa8SGleb Smirnoff if (sysctlbyname("kern.features.vimage", &vnet, &len, NULL, 0) != 0) 13991fec1fa8SGleb Smirnoff return (0); 1400f1cd4902SRyan Moeller 1401f1cd4902SRyan Moeller vnet = -1; 1402f1cd4902SRyan Moeller jiov[0].iov_base = __DECONST(char *, "jid"); 1403f1cd4902SRyan Moeller jiov[0].iov_len = sizeof("jid"); 1404f1cd4902SRyan Moeller jiov[1].iov_base = &jid; 1405f1cd4902SRyan Moeller jiov[1].iov_len = sizeof(jid); 1406f1cd4902SRyan Moeller jiov[2].iov_base = __DECONST(char *, "vnet"); 1407f1cd4902SRyan Moeller jiov[2].iov_len = sizeof("vnet"); 1408f1cd4902SRyan Moeller jiov[3].iov_base = &vnet; 1409f1cd4902SRyan Moeller jiov[3].iov_len = sizeof(vnet); 1410f1cd4902SRyan Moeller jiov[4].iov_base = __DECONST(char *, "errmsg"); 1411f1cd4902SRyan Moeller jiov[4].iov_len = sizeof("errmsg"); 1412f1cd4902SRyan Moeller jiov[5].iov_base = jail_errmsg; 1413f1cd4902SRyan Moeller jiov[5].iov_len = JAIL_ERRMSGLEN; 1414f1cd4902SRyan Moeller jail_errmsg[0] = '\0'; 1415f1cd4902SRyan Moeller if (jail_get(jiov, nitems(jiov), 0) < 0) { 1416f1cd4902SRyan Moeller if (!jail_errmsg[0]) 1417f1cd4902SRyan Moeller snprintf(jail_errmsg, JAIL_ERRMSGLEN, 1418f1cd4902SRyan Moeller "jail_get: %s", strerror(errno)); 1419f1cd4902SRyan Moeller return (-1); 1420f1cd4902SRyan Moeller } 1421f1cd4902SRyan Moeller return (vnet); 1422f1cd4902SRyan Moeller } 1423f1cd4902SRyan Moeller 1424ca007d91SDag-Erling Smørgrav static void 1425ca007d91SDag-Erling Smørgrav usage(void) 1426ca007d91SDag-Erling Smørgrav { 14271f3d67aaSGiorgos Keramidas fprintf(stderr, 14286ad26abcSMichael Tuexen "usage: sockstat [-46CciLlnqSsUuvw] [-j jid] [-p ports] [-P protocols]\n"); 1429ca007d91SDag-Erling Smørgrav exit(1); 1430ca007d91SDag-Erling Smørgrav } 1431ca007d91SDag-Erling Smørgrav 1432ca007d91SDag-Erling Smørgrav int 1433ca007d91SDag-Erling Smørgrav main(int argc, char *argv[]) 1434ca007d91SDag-Erling Smørgrav { 1435c5a2d8c5SRyan Moeller cap_channel_t *capcas; 1436c5a2d8c5SRyan Moeller cap_net_limit_t *limit; 14377ad30f58SMariusz Zaborski const char *pwdcmds[] = { "setpassent", "getpwuid" }; 14387ad30f58SMariusz Zaborski const char *pwdfields[] = { "pw_name" }; 14391f3d67aaSGiorgos Keramidas int protos_defined = -1; 14401f3d67aaSGiorgos Keramidas int o, i; 1441ca007d91SDag-Erling Smørgrav 144200feaafdSAndrew Thompson opt_j = -1; 14435f64777aSMichael Tuexen while ((o = getopt(argc, argv, "46Ccij:Llnp:P:qSsUuvw")) != -1) 1444ca007d91SDag-Erling Smørgrav switch (o) { 1445ca007d91SDag-Erling Smørgrav case '4': 1446ca007d91SDag-Erling Smørgrav opt_4 = 1; 1447ca007d91SDag-Erling Smørgrav break; 1448ca007d91SDag-Erling Smørgrav case '6': 1449ca007d91SDag-Erling Smørgrav opt_6 = 1; 1450ca007d91SDag-Erling Smørgrav break; 14512ac089d0SMichael Tuexen case 'C': 14522ac089d0SMichael Tuexen opt_C = 1; 14532ac089d0SMichael Tuexen break; 1454ca007d91SDag-Erling Smørgrav case 'c': 1455ca007d91SDag-Erling Smørgrav opt_c = 1; 1456ca007d91SDag-Erling Smørgrav break; 14575f64777aSMichael Tuexen case 'i': 14585f64777aSMichael Tuexen opt_i = 1; 14595f64777aSMichael Tuexen break; 146000feaafdSAndrew Thompson case 'j': 1461de68a320SJamie Gritton opt_j = jail_getid(optarg); 1462de68a320SJamie Gritton if (opt_j < 0) 146332723a3bSGleb Smirnoff errx(1, "jail_getid: %s", jail_errmsg); 146400feaafdSAndrew Thompson break; 14659b6ca892SBruce M Simpson case 'L': 14669b6ca892SBruce M Simpson opt_L = 1; 14679b6ca892SBruce M Simpson break; 1468ca007d91SDag-Erling Smørgrav case 'l': 1469ca007d91SDag-Erling Smørgrav opt_l = 1; 1470ca007d91SDag-Erling Smørgrav break; 1471ccdd2b2bSAlexander Motin case 'n': 1472ccdd2b2bSAlexander Motin opt_n = 1; 1473ccdd2b2bSAlexander Motin break; 1474ca007d91SDag-Erling Smørgrav case 'p': 1475ca007d91SDag-Erling Smørgrav parse_ports(optarg); 1476ca007d91SDag-Erling Smørgrav break; 14771f3d67aaSGiorgos Keramidas case 'P': 14781f3d67aaSGiorgos Keramidas protos_defined = parse_protos(optarg); 14791f3d67aaSGiorgos Keramidas break; 1480ee0afaa9SEmmanuel Vadot case 'q': 1481ee0afaa9SEmmanuel Vadot opt_q = 1; 148262de7037SEmmanuel Vadot break; 1483e5cccc35SMichael Tuexen case 'S': 1484e5cccc35SMichael Tuexen opt_S = 1; 1485e5cccc35SMichael Tuexen break; 14867a5642b3SDag-Erling Smørgrav case 's': 14877a5642b3SDag-Erling Smørgrav opt_s = 1; 14887a5642b3SDag-Erling Smørgrav break; 148949b836f2SMichael Tuexen case 'U': 149049b836f2SMichael Tuexen opt_U = 1; 149149b836f2SMichael Tuexen break; 1492ca007d91SDag-Erling Smørgrav case 'u': 1493ca007d91SDag-Erling Smørgrav opt_u = 1; 1494ca007d91SDag-Erling Smørgrav break; 1495ca007d91SDag-Erling Smørgrav case 'v': 1496ca007d91SDag-Erling Smørgrav ++opt_v; 1497ca007d91SDag-Erling Smørgrav break; 149883f60cb2SMichael Tuexen case 'w': 149983f60cb2SMichael Tuexen opt_w = 1; 150083f60cb2SMichael Tuexen break; 1501ca007d91SDag-Erling Smørgrav default: 1502ca007d91SDag-Erling Smørgrav usage(); 1503ca007d91SDag-Erling Smørgrav } 1504ca007d91SDag-Erling Smørgrav 1505ca007d91SDag-Erling Smørgrav argc -= optind; 1506ca007d91SDag-Erling Smørgrav argv += optind; 1507ca007d91SDag-Erling Smørgrav 1508ca007d91SDag-Erling Smørgrav if (argc > 0) 1509ca007d91SDag-Erling Smørgrav usage(); 1510ca007d91SDag-Erling Smørgrav 1511f1cd4902SRyan Moeller if (opt_j > 0) { 1512f1cd4902SRyan Moeller switch (jail_getvnet(opt_j)) { 1513f1cd4902SRyan Moeller case -1: 151432723a3bSGleb Smirnoff errx(2, "jail_getvnet: %s", jail_errmsg); 1515f1cd4902SRyan Moeller case JAIL_SYS_NEW: 1516f1cd4902SRyan Moeller if (jail_attach(opt_j) < 0) 1517ae37905bSRyan Moeller err(3, "jail_attach()"); 1518f1cd4902SRyan Moeller /* Set back to -1 for normal output in vnet jail. */ 1519f1cd4902SRyan Moeller opt_j = -1; 1520f1cd4902SRyan Moeller break; 1521f1cd4902SRyan Moeller default: 1522f1cd4902SRyan Moeller break; 1523f1cd4902SRyan Moeller } 1524f1cd4902SRyan Moeller } 1525f1cd4902SRyan Moeller 1526c5a2d8c5SRyan Moeller capcas = cap_init(); 1527c5a2d8c5SRyan Moeller if (capcas == NULL) 1528c5a2d8c5SRyan Moeller err(1, "Unable to contact Casper"); 1529c5a2d8c5SRyan Moeller if (caph_enter_casper() < 0) 1530c5a2d8c5SRyan Moeller err(1, "Unable to enter capability mode"); 1531c5a2d8c5SRyan Moeller capnet = cap_service_open(capcas, "system.net"); 1532c5a2d8c5SRyan Moeller if (capnet == NULL) 1533c5a2d8c5SRyan Moeller err(1, "Unable to open system.net service"); 1534c5a2d8c5SRyan Moeller capnetdb = cap_service_open(capcas, "system.netdb"); 1535c5a2d8c5SRyan Moeller if (capnetdb == NULL) 1536c5a2d8c5SRyan Moeller err(1, "Unable to open system.netdb service"); 1537c5a2d8c5SRyan Moeller capsysctl = cap_service_open(capcas, "system.sysctl"); 1538c5a2d8c5SRyan Moeller if (capsysctl == NULL) 1539c5a2d8c5SRyan Moeller err(1, "Unable to open system.sysctl service"); 15407ad30f58SMariusz Zaborski cappwd = cap_service_open(capcas, "system.pwd"); 15417ad30f58SMariusz Zaborski if (cappwd == NULL) 15427ad30f58SMariusz Zaborski err(1, "Unable to open system.pwd service"); 1543c5a2d8c5SRyan Moeller cap_close(capcas); 1544c5a2d8c5SRyan Moeller limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME); 1545c5a2d8c5SRyan Moeller if (limit == NULL) 1546c5a2d8c5SRyan Moeller err(1, "Unable to init cap_net limits"); 1547c5a2d8c5SRyan Moeller if (cap_net_limit(limit) < 0) 1548c5a2d8c5SRyan Moeller err(1, "Unable to apply limits"); 15497ad30f58SMariusz Zaborski if (cap_pwd_limit_cmds(cappwd, pwdcmds, nitems(pwdcmds)) < 0) 15507ad30f58SMariusz Zaborski err(1, "Unable to apply pwd commands limits"); 15517ad30f58SMariusz Zaborski if (cap_pwd_limit_fields(cappwd, pwdfields, nitems(pwdfields)) < 0) 15527ad30f58SMariusz Zaborski err(1, "Unable to apply pwd commands limits"); 1553c5a2d8c5SRyan Moeller 1554d2d77d2aSGiorgos Keramidas if ((!opt_4 && !opt_6) && protos_defined != -1) 15551f3d67aaSGiorgos Keramidas opt_4 = opt_6 = 1; 1556d2d77d2aSGiorgos Keramidas if (!opt_4 && !opt_6 && !opt_u) 1557d2d77d2aSGiorgos Keramidas opt_4 = opt_6 = opt_u = 1; 1558d2d77d2aSGiorgos Keramidas if ((opt_4 || opt_6) && protos_defined == -1) 1559d2d77d2aSGiorgos Keramidas protos_defined = set_default_protos(); 1560ca007d91SDag-Erling Smørgrav if (!opt_c && !opt_l) 1561ca007d91SDag-Erling Smørgrav opt_c = opt_l = 1; 1562ca007d91SDag-Erling Smørgrav 1563ca007d91SDag-Erling Smørgrav if (opt_4 || opt_6) { 15641f3d67aaSGiorgos Keramidas for (i = 0; i < protos_defined; i++) 1565d5b4aa90SMichael Tuexen if (protos[i] == IPPROTO_SCTP) 1566d5b4aa90SMichael Tuexen gather_sctp(); 1567d5b4aa90SMichael Tuexen else 15681f3d67aaSGiorgos Keramidas gather_inet(protos[i]); 1569ca007d91SDag-Erling Smørgrav } 15701f3d67aaSGiorgos Keramidas 15711f3d67aaSGiorgos Keramidas if (opt_u || (protos_defined == -1 && !opt_4 && !opt_6)) { 1572ca007d91SDag-Erling Smørgrav gather_unix(SOCK_STREAM); 1573ca007d91SDag-Erling Smørgrav gather_unix(SOCK_DGRAM); 1574b8e20e2dSHiroki Sato gather_unix(SOCK_SEQPACKET); 1575ca007d91SDag-Erling Smørgrav } 1576ca007d91SDag-Erling Smørgrav getfiles(); 1577ca007d91SDag-Erling Smørgrav display(); 1578ca007d91SDag-Erling Smørgrav exit(0); 1579ca007d91SDag-Erling Smørgrav } 1580