2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2002 Dag-Erling Coïdan Smørgrav
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer
12 * in this position and unchanged.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
34 #include <sys/param.h>
36 #include <sys/socket.h>
37 #include <sys/socketvar.h>
38 #include <sys/sysctl.h>
44 #include <sys/unpcb.h>
46 #include <net/route.h>
48 #include <netinet/in.h>
49 #include <netinet/in_pcb.h>
50 #include <netinet/sctp.h>
51 #include <netinet/tcp.h>
52 #define TCPSTATES /* load state names */
53 #include <netinet/tcp_fsm.h>
54 #include <netinet/tcp_seq.h>
55 #include <netinet/tcp_var.h>
56 #include <arpa/inet.h>
58 #include <capsicum_helpers.h>
71 #include <libcasper.h>
72 #include <casper/cap_net.h>
73 #include <casper/cap_netdb.h>
74 #include <casper/cap_pwd.h>
75 #include <casper/cap_sysctl.h>
77 #define sstosin(ss) ((struct sockaddr_in *)(ss))
78 #define sstosin6(ss) ((struct sockaddr_in6 *)(ss))
79 #define sstosun(ss) ((struct sockaddr_un *)(ss))
80 #define sstosa(ss) ((struct sockaddr *)(ss))
82 static int opt_4; /* Show IPv4 sockets */
83 static int opt_6; /* Show IPv6 sockets */
84 static int opt_C; /* Show congestion control */
85 static int opt_c; /* Show connected sockets */
86 static int opt_j; /* Show specified jail */
87 static int opt_L; /* Don't show IPv4 or IPv6 loopback sockets */
88 static int opt_l; /* Show listening sockets */
89 static int opt_n; /* Don't resolve UIDs to user names */
90 static int opt_q; /* Don't show header */
91 static int opt_S; /* Show protocol stack if applicable */
92 static int opt_s; /* Show protocol state if applicable */
93 static int opt_U; /* Show remote UDP encapsulation port number */
94 static int opt_u; /* Show Unix domain sockets */
95 static int opt_v; /* Verbose mode */
96 static int opt_w; /* Wide print area for addresses */
99 * Default protocols to use if no -P was defined.
101 static const char *default_protos[] = {"sctp", "tcp", "udp", "divert" };
102 static size_t default_numprotos = nitems(default_protos);
104 static int *protos; /* protocols to use */
105 static size_t numprotos; /* allocated size of protos[] */
109 #define INT_BIT (sizeof(int)*CHAR_BIT)
110 #define SET_PORT(p) do { ports[p / INT_BIT] |= 1 << (p % INT_BIT); } while (0)
111 #define CHK_PORT(p) (ports[p / INT_BIT] & (1 << (p % INT_BIT)))
114 struct sockaddr_storage address;
115 unsigned int encaps_port;
128 const char *protoname;
129 char stack[TCP_FUNCTION_NAME_LEN_MAX];
130 char cc[TCP_CA_NAME_MAX];
136 #define HASHSIZE 1009
137 static struct sock *sockhash[HASHSIZE];
139 static struct xfile *xfiles;
142 static cap_channel_t *capnet;
143 static cap_channel_t *capnetdb;
144 static cap_channel_t *capsysctl;
145 static cap_channel_t *cappwd;
148 xprintf(const char *fmt, ...)
154 len = vprintf(fmt, ap);
162 get_proto_type(const char *proto)
164 struct protoent *pent;
166 if (strlen(proto) == 0)
168 if (capnetdb != NULL)
169 pent = cap_getprotobyname(capnetdb, proto);
171 pent = getprotobyname(proto);
173 warn("cap_getprotobyname");
176 return (pent->p_proto);
187 /* Find the maximum number of possible protocols. */
188 while (getprotoent() != NULL)
193 if ((protos = malloc(sizeof(int) * proto_count)) == NULL)
195 numprotos = proto_count;
199 parse_protos(char *protospec)
202 int proto_type, proto_index;
204 if (protospec == NULL)
209 while ((prot = strsep(&protospec, ",")) != NULL) {
210 if (strlen(prot) == 0)
212 proto_type = get_proto_type(prot);
213 if (proto_type != -1)
214 protos[proto_index++] = proto_type;
216 numprotos = proto_index;
217 return (proto_index);
221 parse_ports(const char *portspec)
227 if ((ports = calloc(65536 / INT_BIT, sizeof(int))) == NULL)
232 errx(1, "syntax error in port range");
233 for (q = p; *q != '\0' && isdigit(*q); ++q)
235 for (port = 0; p < q; ++p)
236 port = port * 10 + digittoint(*p);
237 if (port < 0 || port > 65535)
238 errx(1, "invalid port number");
251 for (q = p; *q != '\0' && isdigit(*q); ++q)
253 for (end = 0; p < q; ++p)
254 end = end * 10 + digittoint(*p);
255 if (end < port || end > 65535)
256 errx(1, "invalid port number");
265 sockaddr(struct sockaddr_storage *ss, int af, void *addr, int port)
267 struct sockaddr_in *sin4;
268 struct sockaddr_in6 *sin6;
270 bzero(ss, sizeof(*ss));
274 sin4->sin_len = sizeof(*sin4);
275 sin4->sin_family = af;
276 sin4->sin_port = port;
277 sin4->sin_addr = *(struct in_addr *)addr;
281 sin6->sin6_len = sizeof(*sin6);
282 sin6->sin6_family = af;
283 sin6->sin6_port = port;
284 sin6->sin6_addr = *(struct in6_addr *)addr;
285 #define s6_addr16 __u6_addr.__u6_addr16
286 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
287 sin6->sin6_scope_id =
288 ntohs(sin6->sin6_addr.s6_addr16[1]);
289 sin6->sin6_addr.s6_addr16[1] = 0;
298 free_socket(struct sock *sock)
300 struct addr *cur, *next;
303 while (cur != NULL) {
309 while (cur != NULL) {
321 struct addr *laddr, *prev_laddr, *faddr, *prev_faddr;
322 struct xsctp_inpcb *xinpcb;
323 struct xsctp_tcb *xstcb;
324 struct xsctp_raddr *xraddr;
325 struct xsctp_laddr *xladdr;
330 int no_stcb, local_all_loopback, foreign_all_loopback;
338 varname = "net.inet.sctp.assoclist";
339 if (cap_sysctlbyname(capsysctl, varname, 0, &len, 0, 0) < 0) {
341 err(1, "cap_sysctlbyname()");
344 if ((buf = (char *)malloc(len)) == NULL) {
348 if (cap_sysctlbyname(capsysctl, varname, buf, &len, 0, 0) < 0) {
349 err(1, "cap_sysctlbyname()");
353 xinpcb = (struct xsctp_inpcb *)(void *)buf;
354 offset = sizeof(struct xsctp_inpcb);
355 while ((offset < len) && (xinpcb->last == 0)) {
356 if ((sock = calloc(1, sizeof *sock)) == NULL)
358 sock->socket = xinpcb->socket;
359 sock->proto = IPPROTO_SCTP;
360 sock->protoname = "sctp";
361 if (xinpcb->maxqlen == 0)
362 sock->state = SCTP_CLOSED;
364 sock->state = SCTP_LISTEN;
365 if (xinpcb->flags & SCTP_PCB_FLAGS_BOUND_V6) {
366 sock->family = AF_INET6;
368 * Currently there is no way to distinguish between
369 * IPv6 only sockets or dual family sockets.
370 * So mark it as dual socket.
372 sock->vflag = INP_IPV6 | INP_IPV4;
374 sock->family = AF_INET;
375 sock->vflag = INP_IPV4;
378 local_all_loopback = 1;
379 while (offset < len) {
380 xladdr = (struct xsctp_laddr *)(void *)(buf + offset);
381 offset += sizeof(struct xsctp_laddr);
382 if (xladdr->last == 1)
384 if ((laddr = calloc(1, sizeof(struct addr))) == NULL)
386 switch (xladdr->address.sa.sa_family) {
388 #define __IN_IS_ADDR_LOOPBACK(pina) \
389 ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
390 if (!__IN_IS_ADDR_LOOPBACK(
391 &xladdr->address.sin.sin_addr))
392 local_all_loopback = 0;
393 #undef __IN_IS_ADDR_LOOPBACK
394 sockaddr(&laddr->address, AF_INET,
395 &xladdr->address.sin.sin_addr,
396 htons(xinpcb->local_port));
399 if (!IN6_IS_ADDR_LOOPBACK(
400 &xladdr->address.sin6.sin6_addr))
401 local_all_loopback = 0;
402 sockaddr(&laddr->address, AF_INET6,
403 &xladdr->address.sin6.sin6_addr,
404 htons(xinpcb->local_port));
407 errx(1, "address family %d not supported",
408 xladdr->address.sa.sa_family);
411 if (prev_laddr == NULL)
414 prev_laddr->next = laddr;
417 if (sock->laddr == NULL) {
419 calloc(1, sizeof(struct addr))) == NULL)
421 sock->laddr->address.ss_family = sock->family;
422 if (sock->family == AF_INET)
423 sock->laddr->address.ss_len =
424 sizeof(struct sockaddr_in);
426 sock->laddr->address.ss_len =
427 sizeof(struct sockaddr_in6);
428 local_all_loopback = 0;
430 if ((sock->faddr = calloc(1, sizeof(struct addr))) == NULL)
432 sock->faddr->address.ss_family = sock->family;
433 if (sock->family == AF_INET)
434 sock->faddr->address.ss_len =
435 sizeof(struct sockaddr_in);
437 sock->faddr->address.ss_len =
438 sizeof(struct sockaddr_in6);
440 while (offset < len) {
441 xstcb = (struct xsctp_tcb *)(void *)(buf + offset);
442 offset += sizeof(struct xsctp_tcb);
444 if (opt_l && (sock->vflag & vflag) &&
445 (!opt_L || !local_all_loopback) &&
446 ((xinpcb->flags & SCTP_PCB_FLAGS_UDPTYPE) ||
447 (xstcb->last == 1))) {
448 hash = (int)((uintptr_t)sock->socket %
450 sock->next = sockhash[hash];
451 sockhash[hash] = sock;
456 if (xstcb->last == 1)
460 if ((sock = calloc(1, sizeof *sock)) == NULL)
462 sock->socket = xinpcb->socket;
463 sock->proto = IPPROTO_SCTP;
464 sock->protoname = "sctp";
465 sock->state = (int)xstcb->state;
466 if (xinpcb->flags & SCTP_PCB_FLAGS_BOUND_V6) {
467 sock->family = AF_INET6;
469 * Currently there is no way to distinguish
470 * between IPv6 only sockets or dual family
471 * sockets. So mark it as dual socket.
473 sock->vflag = INP_IPV6 | INP_IPV4;
475 sock->family = AF_INET;
476 sock->vflag = INP_IPV4;
480 local_all_loopback = 1;
481 while (offset < len) {
482 xladdr = (struct xsctp_laddr *)(void *)(buf +
484 offset += sizeof(struct xsctp_laddr);
485 if (xladdr->last == 1)
489 laddr = calloc(1, sizeof(struct addr));
492 switch (xladdr->address.sa.sa_family) {
494 #define __IN_IS_ADDR_LOOPBACK(pina) \
495 ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
496 if (!__IN_IS_ADDR_LOOPBACK(
497 &xladdr->address.sin.sin_addr))
498 local_all_loopback = 0;
499 #undef __IN_IS_ADDR_LOOPBACK
500 sockaddr(&laddr->address, AF_INET,
501 &xladdr->address.sin.sin_addr,
502 htons(xstcb->local_port));
505 if (!IN6_IS_ADDR_LOOPBACK(
506 &xladdr->address.sin6.sin6_addr))
507 local_all_loopback = 0;
508 sockaddr(&laddr->address, AF_INET6,
509 &xladdr->address.sin6.sin6_addr,
510 htons(xstcb->local_port));
514 "address family %d not supported",
515 xladdr->address.sa.sa_family);
518 if (prev_laddr == NULL)
521 prev_laddr->next = laddr;
525 foreign_all_loopback = 1;
526 while (offset < len) {
527 xraddr = (struct xsctp_raddr *)(void *)(buf +
529 offset += sizeof(struct xsctp_raddr);
530 if (xraddr->last == 1)
534 faddr = calloc(1, sizeof(struct addr));
537 switch (xraddr->address.sa.sa_family) {
539 #define __IN_IS_ADDR_LOOPBACK(pina) \
540 ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
541 if (!__IN_IS_ADDR_LOOPBACK(
542 &xraddr->address.sin.sin_addr))
543 foreign_all_loopback = 0;
544 #undef __IN_IS_ADDR_LOOPBACK
545 sockaddr(&faddr->address, AF_INET,
546 &xraddr->address.sin.sin_addr,
547 htons(xstcb->remote_port));
550 if (!IN6_IS_ADDR_LOOPBACK(
551 &xraddr->address.sin6.sin6_addr))
552 foreign_all_loopback = 0;
553 sockaddr(&faddr->address, AF_INET6,
554 &xraddr->address.sin6.sin6_addr,
555 htons(xstcb->remote_port));
559 "address family %d not supported",
560 xraddr->address.sa.sa_family);
562 faddr->encaps_port = xraddr->encaps_port;
563 faddr->state = xraddr->state;
565 if (prev_faddr == NULL)
568 prev_faddr->next = faddr;
572 if ((sock->vflag & vflag) &&
574 !(local_all_loopback ||
575 foreign_all_loopback))) {
576 hash = (int)((uintptr_t)sock->socket %
578 sock->next = sockhash[hash];
579 sockhash[hash] = sock;
585 xinpcb = (struct xsctp_inpcb *)(void *)(buf + offset);
586 offset += sizeof(struct xsctp_inpcb);
592 gather_inet(int proto)
594 struct xinpgen *xig, *exig;
596 struct xtcpcb *xtp = NULL;
599 struct addr *laddr, *faddr;
600 const char *varname, *protoname;
603 int hash, retry, vflag;
613 varname = "net.inet.tcp.pcblist";
617 varname = "net.inet.udp.pcblist";
621 varname = "net.inet.divert.pcblist";
625 errx(1, "protocol %d not supported", proto);
633 if ((buf = realloc(buf, bufsize)) == NULL)
636 if (cap_sysctlbyname(capsysctl, varname, buf, &len,
641 if (errno != ENOMEM || len != bufsize)
642 err(1, "cap_sysctlbyname()");
645 xig = (struct xinpgen *)buf;
646 exig = (struct xinpgen *)(void *)
647 ((char *)buf + len - sizeof *exig);
648 if (xig->xig_len != sizeof *xig ||
649 exig->xig_len != sizeof *exig)
650 errx(1, "struct xinpgen size mismatch");
651 } while (xig->xig_gen != exig->xig_gen && retry--);
653 if (xig->xig_gen != exig->xig_gen && opt_v)
654 warnx("warning: data may be inconsistent");
657 xig = (struct xinpgen *)(void *)((char *)xig + xig->xig_len);
662 xtp = (struct xtcpcb *)xig;
664 if (xtp->xt_len != sizeof(*xtp)) {
665 warnx("struct xtcpcb size mismatch");
668 protoname = xtp->t_flags & TF_TOE ? "toe" : "tcp";
672 xip = (struct xinpcb *)xig;
673 if (xip->xi_len != sizeof(*xip)) {
674 warnx("struct xinpcb size mismatch");
679 errx(1, "protocol %d not supported", proto);
681 so = &xip->xi_socket;
682 if ((xip->inp_vflag & vflag) == 0)
684 if (xip->inp_vflag & INP_IPV4) {
685 if ((xip->inp_fport == 0 && !opt_l) ||
686 (xip->inp_fport != 0 && !opt_c))
688 #define __IN_IS_ADDR_LOOPBACK(pina) \
689 ((ntohl((pina)->s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
691 (__IN_IS_ADDR_LOOPBACK(&xip->inp_faddr) ||
692 __IN_IS_ADDR_LOOPBACK(&xip->inp_laddr)))
694 #undef __IN_IS_ADDR_LOOPBACK
695 } else if (xip->inp_vflag & INP_IPV6) {
696 if ((xip->inp_fport == 0 && !opt_l) ||
697 (xip->inp_fport != 0 && !opt_c))
700 (IN6_IS_ADDR_LOOPBACK(&xip->in6p_faddr) ||
701 IN6_IS_ADDR_LOOPBACK(&xip->in6p_laddr)))
705 warnx("invalid vflag 0x%x", xip->inp_vflag);
708 if ((sock = calloc(1, sizeof(*sock))) == NULL)
710 if ((laddr = calloc(1, sizeof *laddr)) == NULL)
712 if ((faddr = calloc(1, sizeof *faddr)) == NULL)
714 sock->socket = so->xso_so;
716 if (xip->inp_vflag & INP_IPV4) {
717 sock->family = AF_INET;
718 sockaddr(&laddr->address, sock->family,
719 &xip->inp_laddr, xip->inp_lport);
720 sockaddr(&faddr->address, sock->family,
721 &xip->inp_faddr, xip->inp_fport);
722 } else if (xip->inp_vflag & INP_IPV6) {
723 sock->family = AF_INET6;
724 sockaddr(&laddr->address, sock->family,
725 &xip->in6p_laddr, xip->inp_lport);
726 sockaddr(&faddr->address, sock->family,
727 &xip->in6p_faddr, xip->inp_fport);
729 if (proto == IPPROTO_TCP)
730 faddr->encaps_port = xtp->xt_encaps_port;
735 sock->vflag = xip->inp_vflag;
736 if (proto == IPPROTO_TCP) {
737 sock->state = xtp->t_state;
738 memcpy(sock->stack, xtp->xt_stack,
739 TCP_FUNCTION_NAME_LEN_MAX);
740 memcpy(sock->cc, xtp->xt_cc, TCP_CA_NAME_MAX);
742 sock->protoname = protoname;
743 hash = (int)((uintptr_t)sock->socket % HASHSIZE);
744 sock->next = sockhash[hash];
745 sockhash[hash] = sock;
752 gather_unix(int proto)
754 struct xunpgen *xug, *exug;
757 struct addr *laddr, *faddr;
758 const char *varname, *protoname;
765 varname = "net.local.stream.pcblist";
766 protoname = "stream";
769 varname = "net.local.dgram.pcblist";
773 varname = "net.local.seqpacket.pcblist";
774 protoname = "seqpac";
784 if ((buf = realloc(buf, bufsize)) == NULL)
787 if (cap_sysctlbyname(capsysctl, varname, buf, &len,
790 if (errno != ENOMEM || len != bufsize)
791 err(1, "cap_sysctlbyname()");
794 xug = (struct xunpgen *)buf;
795 exug = (struct xunpgen *)(void *)
796 ((char *)buf + len - sizeof(*exug));
797 if (xug->xug_len != sizeof(*xug) ||
798 exug->xug_len != sizeof(*exug)) {
799 warnx("struct xinpgen size mismatch");
802 } while (xug->xug_gen != exug->xug_gen && retry--);
804 if (xug->xug_gen != exug->xug_gen && opt_v)
805 warnx("warning: data may be inconsistent");
808 xug = (struct xunpgen *)(void *)((char *)xug + xug->xug_len);
811 xup = (struct xunpcb *)xug;
812 if (xup->xu_len != sizeof(*xup)) {
813 warnx("struct xunpcb size mismatch");
816 if ((xup->unp_conn == 0 && !opt_l) ||
817 (xup->unp_conn != 0 && !opt_c))
819 if ((sock = calloc(1, sizeof(*sock))) == NULL)
821 if ((laddr = calloc(1, sizeof *laddr)) == NULL)
823 if ((faddr = calloc(1, sizeof *faddr)) == NULL)
825 sock->socket = xup->xu_socket.xso_so;
826 sock->pcb = xup->xu_unpp;
828 sock->family = AF_UNIX;
829 sock->protoname = protoname;
830 if (xup->xu_addr.sun_family == AF_UNIX)
832 *(struct sockaddr_storage *)(void *)&xup->xu_addr;
833 else if (xup->unp_conn != 0)
834 *(kvaddr_t*)&(faddr->address) = xup->unp_conn;
839 hash = (int)((uintptr_t)sock->socket % HASHSIZE);
840 sock->next = sockhash[hash];
841 sockhash[hash] = sock;
852 olen = len = sizeof(*xfiles);
853 if ((xfiles = malloc(len)) == NULL)
855 while (cap_sysctlbyname(capsysctl, "kern.file", xfiles, &len, 0, 0)
857 if (errno != ENOMEM || len != olen)
858 err(1, "cap_sysctlbyname()");
860 if ((xfiles = realloc(xfiles, len)) == NULL)
863 if (len > 0 && xfiles->xf_size != sizeof(*xfiles))
864 errx(1, "struct xfile size mismatch");
865 nxfiles = len / sizeof(*xfiles);
869 printaddr(struct sockaddr_storage *ss)
871 struct sockaddr_un *sun;
872 char addrstr[NI_MAXHOST] = { '\0', '\0' };
873 int error, off, port = 0;
875 switch (ss->ss_family) {
877 if (inet_lnaof(sstosin(ss)->sin_addr) == INADDR_ANY)
879 port = ntohs(sstosin(ss)->sin_port);
882 if (IN6_IS_ADDR_UNSPECIFIED(&sstosin6(ss)->sin6_addr))
884 port = ntohs(sstosin6(ss)->sin6_port);
888 off = (int)((char *)&sun->sun_path - (char *)sun);
889 return (xprintf("%.*s", sun->sun_len - off, sun->sun_path));
891 if (addrstr[0] == '\0') {
892 error = cap_getnameinfo(capnet, sstosa(ss), ss->ss_len,
893 addrstr, sizeof(addrstr), NULL, 0, NI_NUMERICHOST);
895 errx(1, "cap_getnameinfo()");
898 return xprintf("%s:*", addrstr);
900 return xprintf("%s:%d", addrstr, port);
904 getprocname(pid_t pid)
906 static struct kinfo_proc proc;
912 mib[2] = KERN_PROC_PID;
915 if (cap_sysctl(capsysctl, mib, nitems(mib), &proc, &len, NULL, 0)
917 /* Do not warn if the process exits before we get its name. */
919 warn("cap_sysctl()");
922 return (proc.ki_comm);
926 getprocjid(pid_t pid)
928 static struct kinfo_proc proc;
934 mib[2] = KERN_PROC_PID;
937 if (cap_sysctl(capsysctl, mib, nitems(mib), &proc, &len, NULL, 0)
939 /* Do not warn if the process exits before we get its jid. */
941 warn("cap_sysctl()");
944 return (proc.ki_jid);
948 check_ports(struct sock *s)
955 if ((s->family != AF_INET) && (s->family != AF_INET6))
957 for (addr = s->laddr; addr != NULL; addr = addr->next) {
958 if (s->family == AF_INET)
959 port = ntohs(sstosin(&addr->address)->sin_port);
961 port = ntohs(sstosin6(&addr->address)->sin6_port);
965 for (addr = s->faddr; addr != NULL; addr = addr->next) {
966 if (s->family == AF_INET)
967 port = ntohs(sstosin(&addr->address)->sin_port);
969 port = ntohs(sstosin6(&addr->address)->sin6_port);
977 sctp_conn_state(int state)
989 case SCTP_COOKIE_WAIT:
990 return "COOKIE_WAIT";
992 case SCTP_COOKIE_ECHOED:
993 return "COOKIE_ECHOED";
995 case SCTP_ESTABLISHED:
996 return "ESTABLISHED";
998 case SCTP_SHUTDOWN_SENT:
999 return "SHUTDOWN_SENT";
1001 case SCTP_SHUTDOWN_RECEIVED:
1002 return "SHUTDOWN_RECEIVED";
1004 case SCTP_SHUTDOWN_ACK_SENT:
1005 return "SHUTDOWN_ACK_SENT";
1007 case SCTP_SHUTDOWN_PENDING:
1008 return "SHUTDOWN_PENDING";
1017 sctp_path_state(int state)
1020 case SCTP_UNCONFIRMED:
1021 return "UNCONFIRMED";
1036 displaysock(struct sock *s, int pos)
1039 int hash, first, offset;
1040 struct addr *laddr, *faddr;
1044 pos += xprintf(" ");
1045 pos += xprintf("%s", s->protoname);
1046 if (s->vflag & INP_IPV4)
1047 pos += xprintf("4");
1048 if (s->vflag & INP_IPV6)
1049 pos += xprintf("6");
1050 if (s->vflag & (INP_IPV4 | INP_IPV6))
1051 pos += xprintf(" ");
1055 while (laddr != NULL || faddr != NULL) {
1057 while (pos < offset)
1058 pos += xprintf(" ");
1059 switch (s->family) {
1062 if (laddr != NULL) {
1063 pos += printaddr(&laddr->address);
1064 if (s->family == AF_INET6 && pos >= 58)
1065 pos += xprintf(" ");
1067 offset += opt_w ? 46 : 22;
1068 while (pos < offset)
1069 pos += xprintf(" ");
1071 pos += printaddr(&faddr->address);
1072 offset += opt_w ? 46 : 22;
1075 if ((laddr == NULL) || (faddr == NULL))
1076 errx(1, "laddr = %p or faddr = %p is NULL",
1077 (void *)laddr, (void *)faddr);
1079 if (laddr->address.ss_len > 0) {
1080 pos += printaddr(&laddr->address);
1084 p = *(kvaddr_t*)&(faddr->address);
1086 pos += xprintf("(not connected)");
1087 offset += opt_w ? 92 : 44;
1090 pos += xprintf("-> ");
1091 for (hash = 0; hash < HASHSIZE; ++hash) {
1092 for (s_tmp = sockhash[hash];
1094 s_tmp = s_tmp->next)
1095 if (s_tmp->pcb == p)
1100 if (s_tmp == NULL || s_tmp->laddr == NULL ||
1101 s_tmp->laddr->address.ss_len == 0)
1102 pos += xprintf("??");
1104 pos += printaddr(&s_tmp->laddr->address);
1105 offset += opt_w ? 92 : 44;
1111 if (faddr != NULL &&
1112 ((s->proto == IPPROTO_SCTP &&
1113 s->state != SCTP_CLOSED &&
1114 s->state != SCTP_BOUND &&
1115 s->state != SCTP_LISTEN) ||
1116 (s->proto == IPPROTO_TCP &&
1117 s->state != TCPS_CLOSED &&
1118 s->state != TCPS_LISTEN))) {
1119 while (pos < offset)
1120 pos += xprintf(" ");
1121 pos += xprintf("%u",
1122 ntohs(faddr->encaps_port));
1127 if (faddr != NULL &&
1128 s->proto == IPPROTO_SCTP &&
1129 s->state != SCTP_CLOSED &&
1130 s->state != SCTP_BOUND &&
1131 s->state != SCTP_LISTEN) {
1132 while (pos < offset)
1133 pos += xprintf(" ");
1134 pos += xprintf("%s",
1135 sctp_path_state(faddr->state));
1141 if (s->proto == IPPROTO_SCTP ||
1142 s->proto == IPPROTO_TCP) {
1143 while (pos < offset)
1144 pos += xprintf(" ");
1147 pos += xprintf("%s",
1148 sctp_conn_state(s->state));
1151 if (s->state >= 0 &&
1152 s->state < TCP_NSTATES)
1153 pos += xprintf("%s",
1154 tcpstates[s->state]);
1156 pos += xprintf("?");
1163 if (s->proto == IPPROTO_TCP) {
1164 while (pos < offset)
1165 pos += xprintf(" ");
1166 pos += xprintf("%.*s",
1167 TCP_FUNCTION_NAME_LEN_MAX,
1170 offset += TCP_FUNCTION_NAME_LEN_MAX + 1;
1173 if (s->proto == IPPROTO_TCP) {
1174 while (pos < offset)
1175 pos += xprintf(" ");
1176 xprintf("%.*s", TCP_CA_NAME_MAX, s->cc);
1178 offset += TCP_CA_NAME_MAX + 1;
1182 laddr = laddr->next;
1184 faddr = faddr->next;
1185 if ((laddr != NULL) || (faddr != NULL)) {
1203 printf("%-8s %-10s %-5s %-2s %-6s %-*s %-*s",
1204 "USER", "COMMAND", "PID", "FD", "PROTO",
1205 opt_w ? 45 : 21, "LOCAL ADDRESS",
1206 opt_w ? 45 : 21, "FOREIGN ADDRESS");
1208 printf(" %-6s", "ENCAPS");
1210 printf(" %-12s", "PATH STATE");
1211 printf(" %-12s", "CONN STATE");
1214 printf(" %-*.*s", TCP_FUNCTION_NAME_LEN_MAX,
1215 TCP_FUNCTION_NAME_LEN_MAX, "STACK");
1217 printf(" %-.*s", TCP_CA_NAME_MAX, "CC");
1220 cap_setpassent(cappwd, 1);
1221 for (xf = xfiles, n = 0; n < nxfiles; ++n, ++xf) {
1222 if (xf->xf_data == 0)
1224 if (opt_j >= 0 && opt_j != getprocjid(xf->xf_pid))
1226 hash = (int)((uintptr_t)xf->xf_data % HASHSIZE);
1227 for (s = sockhash[hash]; s != NULL; s = s->next) {
1228 if (s->socket != xf->xf_data)
1230 if (!check_ports(s))
1235 (pwd = cap_getpwuid(cappwd, xf->xf_uid)) == NULL)
1236 pos += xprintf("%lu ", (u_long)xf->xf_uid);
1238 pos += xprintf("%s ", pwd->pw_name);
1240 pos += xprintf(" ");
1241 pos += xprintf("%.10s", getprocname(xf->xf_pid));
1243 pos += xprintf(" ");
1244 pos += xprintf("%lu ", (u_long)xf->xf_pid);
1246 pos += xprintf(" ");
1247 pos += xprintf("%d ", xf->xf_fd);
1248 displaysock(s, pos);
1253 for (hash = 0; hash < HASHSIZE; hash++) {
1254 for (s = sockhash[hash]; s != NULL; s = s->next) {
1257 if (!check_ports(s))
1260 pos += xprintf("%-8s %-10s %-5s %-2s ",
1261 "?", "?", "?", "?");
1262 displaysock(s, pos);
1268 set_default_protos(void)
1270 struct protoent *prot;
1274 init_protos(default_numprotos);
1276 for (pindex = 0; pindex < default_numprotos; pindex++) {
1277 pname = default_protos[pindex];
1278 prot = cap_getprotobyname(capnetdb, pname);
1280 err(1, "cap_getprotobyname: %s", pname);
1281 protos[pindex] = prot->p_proto;
1288 * Return the vnet property of the jail, or -1 on error.
1291 jail_getvnet(int jid)
1293 struct iovec jiov[6];
1297 jiov[0].iov_base = __DECONST(char *, "jid");
1298 jiov[0].iov_len = sizeof("jid");
1299 jiov[1].iov_base = &jid;
1300 jiov[1].iov_len = sizeof(jid);
1301 jiov[2].iov_base = __DECONST(char *, "vnet");
1302 jiov[2].iov_len = sizeof("vnet");
1303 jiov[3].iov_base = &vnet;
1304 jiov[3].iov_len = sizeof(vnet);
1305 jiov[4].iov_base = __DECONST(char *, "errmsg");
1306 jiov[4].iov_len = sizeof("errmsg");
1307 jiov[5].iov_base = jail_errmsg;
1308 jiov[5].iov_len = JAIL_ERRMSGLEN;
1309 jail_errmsg[0] = '\0';
1310 if (jail_get(jiov, nitems(jiov), 0) < 0) {
1311 if (!jail_errmsg[0])
1312 snprintf(jail_errmsg, JAIL_ERRMSGLEN,
1313 "jail_get: %s", strerror(errno));
1323 "usage: sockstat [-46cLlSsUuvw] [-j jid] [-p ports] [-P protocols]\n");
1328 main(int argc, char *argv[])
1330 cap_channel_t *capcas;
1331 cap_net_limit_t *limit;
1332 const char *pwdcmds[] = { "setpassent", "getpwuid" };
1333 const char *pwdfields[] = { "pw_name" };
1334 int protos_defined = -1;
1338 while ((o = getopt(argc, argv, "46Ccj:Llnp:P:qSsUuvw")) != -1)
1353 opt_j = jail_getid(optarg);
1355 errx(1, "%s", jail_errmsg);
1367 parse_ports(optarg);
1370 protos_defined = parse_protos(optarg);
1404 switch (jail_getvnet(opt_j)) {
1406 errx(2, "%s", jail_errmsg);
1408 if (jail_attach(opt_j) < 0)
1409 err(3, "jail_attach()");
1410 /* Set back to -1 for normal output in vnet jail. */
1418 capcas = cap_init();
1420 err(1, "Unable to contact Casper");
1421 if (caph_enter_casper() < 0)
1422 err(1, "Unable to enter capability mode");
1423 capnet = cap_service_open(capcas, "system.net");
1425 err(1, "Unable to open system.net service");
1426 capnetdb = cap_service_open(capcas, "system.netdb");
1427 if (capnetdb == NULL)
1428 err(1, "Unable to open system.netdb service");
1429 capsysctl = cap_service_open(capcas, "system.sysctl");
1430 if (capsysctl == NULL)
1431 err(1, "Unable to open system.sysctl service");
1432 cappwd = cap_service_open(capcas, "system.pwd");
1434 err(1, "Unable to open system.pwd service");
1436 limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
1438 err(1, "Unable to init cap_net limits");
1439 if (cap_net_limit(limit) < 0)
1440 err(1, "Unable to apply limits");
1441 if (cap_pwd_limit_cmds(cappwd, pwdcmds, nitems(pwdcmds)) < 0)
1442 err(1, "Unable to apply pwd commands limits");
1443 if (cap_pwd_limit_fields(cappwd, pwdfields, nitems(pwdfields)) < 0)
1444 err(1, "Unable to apply pwd commands limits");
1446 if ((!opt_4 && !opt_6) && protos_defined != -1)
1448 if (!opt_4 && !opt_6 && !opt_u)
1449 opt_4 = opt_6 = opt_u = 1;
1450 if ((opt_4 || opt_6) && protos_defined == -1)
1451 protos_defined = set_default_protos();
1452 if (!opt_c && !opt_l)
1455 if (opt_4 || opt_6) {
1456 for (i = 0; i < protos_defined; i++)
1457 if (protos[i] == IPPROTO_SCTP)
1460 gather_inet(protos[i]);
1463 if (opt_u || (protos_defined == -1 && !opt_4 && !opt_6)) {
1464 gather_unix(SOCK_STREAM);
1465 gather_unix(SOCK_DGRAM);
1466 gather_unix(SOCK_SEQPACKET);