/* netstat.c - Display Linux networking subsystem. * * Copyright 2012 Ranjan Kumar <ranjankumar.bth@gmail.com> * Copyright 2013 Kyungwan Han <asura321@gmail.com> * * Not in SUSv4. * USE_NETSTAT(NEWTOY(netstat, "pWrxwutneal", TOYFLAG_BIN)) config NETSTAT bool "netstat" default n help usage: netstat [-pWrxwutneal] Display networking information. -r Display routing table. -a Display all sockets (Default: Connected). -l Display listening server sockets. -t Display TCP sockets. -u Display UDP sockets. -w Display Raw sockets. -x Display Unix sockets. -e Display other/more information. -n Don't resolve names. -W Wide Display. -p Display PID/Program name for sockets. */ #define FOR_netstat #include "toys.h" #include <net/route.h> GLOBALS( char current_name[21]; int some_process_unidentified; ); typedef union _iaddr { unsigned u; unsigned char b[4]; } iaddr; typedef union _iaddr6 { struct { unsigned a; unsigned b; unsigned c; unsigned d; } u; unsigned char b[16]; } iaddr6; #define ADDR_LEN (INET6_ADDRSTRLEN + 1 + 5 + 1)//IPv6 addr len + : + port + '\0' //For unix states enum { SOCK_ACCEPTCON = (1 << 16), //performed a listen. SOCK_WAIT_DATA = (1 << 17), //wait data to read. SOCK_NO_SPACE = (1 << 18), //no space to write. }; #define SOCK_NOT_CONNECTED 1 typedef struct _pidlist { struct _pidlist *next; long inode; char name[21]; } PID_LIST; PID_LIST *pid_list = NULL; /* * used to convert string into int and * validate the input str for invalid int value or out-of-range. */ static unsigned long get_strtou(char *str, char **endp, int base) { unsigned long uli; char *endptr; if (!isalnum(str[0])) { errno = ERANGE; return UINT_MAX; } errno = 0; uli = strtoul(str, &endptr, base); if (uli > UINT_MAX) { errno = ERANGE; return UINT_MAX; } if (endp) *endp = endptr; if (endptr[0]) { if (isalnum(endptr[0]) || errno) { //"123abc" or out-of-range errno = ERANGE; return UINT_MAX; } errno = EINVAL; } return uli; } /* * used to retrive pid name from pid list. */ static const char *get_pid_name(unsigned long inode) { PID_LIST *tmp; for (tmp = pid_list; tmp; tmp = tmp->next) if (tmp->inode == inode) return tmp->name; return "-"; } /* * For TCP/UDP/RAW display data. */ static void display_data(unsigned rport, char *label, unsigned rxq, unsigned txq, char *lip, char *rip, unsigned state, unsigned uid, unsigned long inode) { char *ss_state = "UNKNOWN", buf[12]; char *state_label[] = {"", "ESTABLISHED", "SYN_SENT", "SYN_RECV", "FIN_WAIT1", "FIN_WAIT2", "TIME_WAIT", "CLOSE", "CLOSE_WAIT", "LAST_ACK", "LISTEN", "CLOSING", "UNKNOWN"}; char user[11]; struct passwd *pw; if (!strcmp(label, "tcp")) { int sz = ARRAY_LEN(state_label); if (!state || state >= sz) state = sz-1; ss_state = state_label[state]; } else if (!strcmp(label, "udp")) { if (state == 1) ss_state = state_label[state]; else if (state == 7) ss_state = ""; } else if (!strcmp(label, "raw")) sprintf(ss_state = buf, "%u", state); if (!(toys.optflags & FLAG_n) && (pw = getpwuid(uid))) { snprintf(user, sizeof(user), "%s", pw->pw_name); } else snprintf(user, sizeof(user), "%d", uid); xprintf("%3s %6d %6d ", label, rxq, txq); xprintf((toys.optflags & FLAG_W) ? "%-51.51s %-51.51s " : "%-23.23s %-23.23s " , lip, rip); xprintf("%-11s ", ss_state); if ((toys.optflags & FLAG_e)) xprintf("%-10s %-11ld ", user, inode); if ((toys.optflags & FLAG_p)) xprintf("%s", get_pid_name(inode)); xputc('\n'); } /* * For TCP/UDP/RAW show data. */ static void show_data(unsigned rport, char *label, unsigned rxq, unsigned txq, char *lip, char *rip, unsigned state, unsigned uid, unsigned long inode) { if (toys.optflags & FLAG_l) { if (!rport && (state & 0xA)) display_data(rport, label, rxq, txq, lip, rip, state, uid, inode); } else if (toys.optflags & FLAG_a) display_data(rport, label, rxq, txq, lip, rip, state, uid, inode); //rport && (TCP | UDP | RAW) else if (rport & (0x10 | 0x20 | 0x40)) display_data(rport, label, rxq, txq, lip, rip, state, uid, inode); } /* * used to get service name. */ static char *get_servname(int port, char *label) { int lport = htons(port); if (!lport) return xmprintf("%s", "*"); struct servent *ser = getservbyport(lport, label); if (ser) return xmprintf("%s", ser->s_name); return xmprintf("%u", (unsigned)ntohs(lport)); } /* * used to convert address into text format. */ static void addr2str(int af, void *addr, unsigned port, char *buf, char *label) { char ip[ADDR_LEN] = {0,}; if (!inet_ntop(af, addr, ip, ADDR_LEN)) { *buf = '\0'; return; } size_t iplen = strlen(ip); if (!port) { strncat(ip+iplen, ":*", ADDR_LEN-iplen-1); memcpy(buf, ip, ADDR_LEN); return; } if (!(toys.optflags & FLAG_n)) { struct addrinfo hints, *result, *rp; memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_family = af; if (!getaddrinfo(ip, NULL, &hints, &result)) { char hbuf[NI_MAXHOST] = {0,}, sbuf[NI_MAXSERV] = {0,}; socklen_t sock_len; char *sname = NULL; int plen = 0; if (af == AF_INET) sock_len = sizeof(struct sockaddr_in); else sock_len = sizeof(struct sockaddr_in6); for (rp = result; rp; rp = rp->ai_next) if (!getnameinfo(rp->ai_addr, sock_len, hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), NI_NUMERICSERV)) break; freeaddrinfo(result); sname = get_servname(port, label); plen = strlen(sname); if (*hbuf) { memset(ip, 0, ADDR_LEN); memcpy(ip, hbuf, (ADDR_LEN - plen - 2)); iplen = strlen(ip); } snprintf(ip + iplen, ADDR_LEN-iplen, ":%s", sname); free(sname); } } else snprintf(ip+iplen, ADDR_LEN-iplen, ":%d", port); memcpy(buf, ip, ADDR_LEN); } /* * display ipv4 info for TCP/UDP/RAW. */ static void show_ipv4(char *fname, char *label) { FILE *fp = fopen(fname, "r"); if (!fp) { perror_msg("'%s'", fname); return; } if(!fgets(toybuf, sizeof(toybuf), fp)) return; //skip header. while (fgets(toybuf, sizeof(toybuf), fp)) { char lip[ADDR_LEN] = {0,}, rip[ADDR_LEN] = {0,}; iaddr laddr, raddr; unsigned lport, rport, state, txq, rxq, num, uid; unsigned long inode; int nitems = sscanf(toybuf, " %d: %x:%x %x:%x %x %x:%x %*X:%*X %*X %d %*d %ld", &num, &laddr.u, &lport, &raddr.u, &rport, &state, &txq, &rxq, &uid, &inode); if (nitems == 10) { addr2str(AF_INET, &laddr, lport, lip, label); addr2str(AF_INET, &raddr, rport, rip, label); show_data(rport, label, rxq, txq, lip, rip, state, uid, inode); } }//End of While fclose(fp); } /* * display ipv6 info for TCP/UDP/RAW. */ static void show_ipv6(char *fname, char *label) { FILE *fp = fopen(fname, "r"); if (!fp) { perror_msg("'%s'", fname); return; } if(!fgets(toybuf, sizeof(toybuf), fp)) return; //skip header. while (fgets(toybuf, sizeof(toybuf), fp)) { char lip[ADDR_LEN] = {0,}, rip[ADDR_LEN] = {0,}; iaddr6 laddr6, raddr6; unsigned lport, rport, state, txq, rxq, num, uid; unsigned long inode; int nitems = sscanf(toybuf, " %d: %8x%8x%8x%8x:%x %8x%8x%8x%8x:%x %x %x:%x " "%*X:%*X %*X %d %*d %ld", &num, &laddr6.u.a, &laddr6.u.b, &laddr6.u.c, &laddr6.u.d, &lport, &raddr6.u.a, &raddr6.u.b, &raddr6.u.c, &raddr6.u.d, &rport, &state, &txq, &rxq, &uid, &inode); if (nitems == 16) { addr2str(AF_INET6, &laddr6, lport, lip, label); addr2str(AF_INET6, &raddr6, rport, rip, label); show_data(rport, label, rxq, txq, lip, rip, state, uid, inode); } }//End of While fclose(fp); } /* * display unix socket info. */ static void show_unix_sockets(char *fname, char *label) { FILE *fp = fopen((char *)fname, "r"); if (!fp) { perror_msg("'%s'", fname); return; } if(!fgets(toybuf, sizeof(toybuf), fp)) return; //skip header. while (fgets(toybuf, sizeof(toybuf), fp)) { unsigned long refcount, label, flags, inode; int nitems = 0, path_offset = 0, type, state; char sock_flags[32] = {0,}, *sock_type, *sock_state, *bptr = toybuf, *term; if (!toybuf[0]) continue; nitems = sscanf(toybuf, "%*p: %lX %lX %lX %X %X %lu %n", &refcount, &label, &flags, &type, &state, &inode, &path_offset); //for state one less if (nitems < 6) break; if (toys.optflags & FLAG_l) { if ( !((state == SOCK_NOT_CONNECTED) && (flags & SOCK_ACCEPTCON)) ) continue; } else if (!(toys.optflags & FLAG_a)) { if ((state == SOCK_NOT_CONNECTED) && (flags & SOCK_ACCEPTCON)) continue; } //prepare socket type, state and flags. { char *ss_type[] = { "", "STREAM", "DGRAM", "RAW", "RDM", "SEQPACKET", "UNKNOWN"}; char *ss_state[] = { "FREE", "LISTENING", "CONNECTING", "CONNECTED", "DISCONNECTING", "UNKNOWN"}; int sz = ARRAY_LEN(ss_type);//sizeof(ss_type)/sizeof(ss_type[0]); if ( (type < SOCK_STREAM) || (type > SOCK_SEQPACKET) ) sock_type = ss_type[sz-1]; else sock_type = ss_type[type]; sz = ARRAY_LEN(ss_state);//sizeof(ss_state)/sizeof(ss_state[0]); if ((state < 0) || (state > sz-2)) sock_state = ss_state[sz-1]; else if (state == SOCK_NOT_CONNECTED) { if (flags & SOCK_ACCEPTCON) sock_state = ss_state[state]; else sock_state = " "; } else sock_state = ss_state[state]; strcpy(sock_flags, "[ "); if (flags & SOCK_ACCEPTCON) strcat(sock_flags, "ACC "); if (flags & SOCK_WAIT_DATA) strcat(sock_flags, "W "); if (flags & SOCK_NO_SPACE) strcat(sock_flags, "N "); strcat(sock_flags, "]"); } xprintf("%-5s %-6ld %-11s %-10s %-13s %8lu ", (!label ? "unix" : "??"), refcount, sock_flags, sock_type, sock_state, inode); if (toys.optflags & FLAG_p) xprintf("%-20s", get_pid_name(inode)); bptr += path_offset; if ((term = strchr(bptr, '\n'))) *term = '\0'; xprintf("%s\n", bptr); }//End of while fclose(fp); } /* * extract inode value from the link. */ static long ss_inode(char *link) { long inode = -1; //"link = socket:[12345]", get "12345" as inode. if (!strncmp(link, "socket:[", sizeof("socket:[")-1)) { inode = get_strtou(link + sizeof("socket:[")-1, (char**)&link, 0); if (*link != ']') inode = -1; } //"link = [0000]:12345", get "12345" as inode. else if (!strncmp(link, "[0000]:", sizeof("[0000]:")-1)) { inode = get_strtou(link + sizeof("[0000]:")-1, NULL, 0); //if not NULL terminated. if (errno) inode = -1; } return inode; } /* * add inode and progname in the pid list. */ static void add2list(long inode) { PID_LIST *node = pid_list; for(; node; node = node->next) { if(node->inode == inode) return; } PID_LIST *new = (PID_LIST *)xzalloc(sizeof(PID_LIST)); new->inode = inode; xstrncpy(new->name, TT.current_name, sizeof(new->name)); new->next = pid_list; pid_list = new; } static void scan_pid_inodes(char *path) { DIR *dp; struct dirent *entry; if (!(dp = opendir(path))) { if (errno == EACCES) { TT.some_process_unidentified = 1; return; } else perror_exit("%s", path); } while ((entry = readdir(dp))) { char link_name[64], *link; long inode; if (!isdigit(entry->d_name[0])) continue; snprintf(link_name, sizeof(link_name), "%s/%s", path, entry->d_name); link = xreadlink(link_name); if ((inode = ss_inode(link)) != -1) add2list(inode); free(link); } closedir(dp); } static void scan_pid(int pid) { char *line, *p, *fd_dir; snprintf(toybuf, sizeof(toybuf), "/proc/%d/cmdline", pid); line = xreadfile(toybuf, 0, 0); if ((p = strchr(line, ' '))) *p = 0; // "/bin/netstat -ntp" -> "/bin/netstat" snprintf(TT.current_name, sizeof(TT.current_name), "%d/%s", pid, basename_r(line)); // "584/netstat" free(line); fd_dir = xmprintf("/proc/%d/fd", pid); scan_pid_inodes(fd_dir); free(fd_dir); } static int scan_pids(struct dirtree *node) { int pid; if (!node->parent) return DIRTREE_RECURSE; if ((pid = atol(node->name))) scan_pid(pid); return 0; } /* * Dealloc pid list. */ static void clean_pid_list(void) { PID_LIST *tmp; while (pid_list) { tmp = pid_list->next; free(pid_list); pid_list = tmp; } } /* * For TCP/UDP/RAW show the header. */ static void show_header(void) { xprintf("Proto Recv-Q Send-Q "); xprintf((toys.optflags & FLAG_W) ? "%-51s %-51s" : "%-23s %-23s", "Local Address", "Foreign Address"); xprintf(" State "); if (toys.optflags & FLAG_e) xprintf(" User Inode "); if (toys.optflags & FLAG_p) xprintf(" PID/Program Name"); xputc('\n'); } /* * used to get the flag values for route command. */ static void get_flag_value(char *flagstr, int flags) { int i = 0; char *str = flagstr; static const char flagchars[] = "GHRDMDAC"; static const unsigned flagarray[] = { RTF_GATEWAY, RTF_HOST, RTF_REINSTATE, RTF_DYNAMIC, RTF_MODIFIED, RTF_DEFAULT, RTF_ADDRCONF, RTF_CACHE }; *str++ = 'U'; while ( (*str = flagchars[i]) ) { if (flags & flagarray[i++]) ++str; } } /* * extract inet4 route info from /proc/net/route file and display it. */ static void display_routes(int is_more_info, int notresolve) { #define IPV4_MASK (RTF_GATEWAY|RTF_HOST|RTF_REINSTATE|RTF_DYNAMIC|RTF_MODIFIED) unsigned long dest, gate, mask; int flags, ref, use, metric, mss, win, irtt; char iface[64]={0,}; char flag_val[10]={0,}; //there are 9 flags "UGHRDMDAC" for route. FILE *fp = xfopen("/proc/net/route", "r"); if(!fgets(toybuf, sizeof(toybuf), fp)) return; //skip header. xprintf("Kernel IP routing table\n" "Destination Gateway Genmask Flags %s Iface\n", is_more_info ? " MSS Window irtt" : "Metric Ref Use"); while (fgets(toybuf, sizeof(toybuf), fp)) { int nitems = 0; char *destip = NULL, *gateip = NULL, *maskip = NULL; nitems = sscanf(toybuf, "%63s%lx%lx%X%d%d%d%lx%d%d%d\n", iface, &dest, &gate, &flags, &ref, &use, &metric, &mask, &mss, &win, &irtt); if (nitems != 11) {//EOF with no (nonspace) chars read. if ((nitems < 0) && feof(fp)) break; perror_exit("sscanf"); } //skip down interfaces. if (!(flags & RTF_UP)) continue; if (dest) {//For Destination if (inet_ntop(AF_INET, &dest, toybuf, sizeof(toybuf)) ) destip = xstrdup(toybuf); } else { if (!notresolve) destip = xstrdup("default"); else destip = xstrdup("0.0.0.0"); } if (gate) {//For Gateway if (inet_ntop(AF_INET, &gate, toybuf, sizeof(toybuf)) ) gateip = xstrdup(toybuf); } else { if (!notresolve) gateip = xstrdup("*"); else gateip = xstrdup("0.0.0.0"); } //For Mask if (inet_ntop(AF_INET, &mask, toybuf, sizeof(toybuf)) ) maskip = xstrdup(toybuf); //Get flag Values get_flag_value(flag_val, flags & IPV4_MASK); if (flags & RTF_REJECT) flag_val[0] = '!'; xprintf("%-15.15s %-15.15s %-16s%-6s", destip, gateip, maskip, flag_val); if (is_more_info) xprintf("%5d %-5d %6d %s\n", mss, win, irtt, iface); else xprintf("%-6d %-2d %7d %s\n", metric, ref, use, iface); if (destip) free(destip); if (gateip) free(gateip); if (maskip) free(maskip); }//end of while. fclose(fp); #undef IPV4_MASK } /* * netstat utility main function. */ void netstat_main(void) { #define IS_NETSTAT_PROTO_FLAGS_UP (toys.optflags & (FLAG_t | FLAG_u | FLAG_w \ | FLAG_x)) // For no parameter, add 't', 'u', 'w', 'x' options as default if (!toys.optflags) toys.optflags = FLAG_t | FLAG_u | FLAG_w | FLAG_x; // For both 'a' and 'l' are set, remove 'l' option if (toys.optflags & FLAG_a && toys.optflags & FLAG_l) toys.optflags &= ~FLAG_l; // For each 'a', 'l', 'e', 'n', 'W', 'p' options // without any 't', 'u', 'w', 'x' option, add 't', 'u', 'w', 'x' options if (((toys.optflags & FLAG_a) || (toys.optflags & FLAG_l) || (toys.optflags & FLAG_e) || (toys.optflags & FLAG_n) || (toys.optflags & FLAG_W) || (toys.optflags & FLAG_p)) && (!IS_NETSTAT_PROTO_FLAGS_UP) ) toys.optflags |= FLAG_t | FLAG_u | FLAG_w | FLAG_x; //Display routing table. if (toys.optflags & FLAG_r) { display_routes(!(toys.optflags & FLAG_e), (toys.optflags & FLAG_n)); return; } if (toys.optflags & FLAG_p) { dirtree_read("/proc", scan_pids); // TODO: we probably shouldn't warn if all the processes we're going to // list were identified. if (TT.some_process_unidentified) fprintf(stderr, "(Not all processes could be identified, non-owned process info\n" " will not be shown, you would have to be root to see it all.)\n"); } //For TCP/UDP/RAW. if ( (toys.optflags & FLAG_t) || (toys.optflags & FLAG_u) || (toys.optflags & FLAG_w) ) { xprintf("Active Internet connections "); if (toys.optflags & FLAG_a) xprintf("(servers and established)\n"); else if (toys.optflags & FLAG_l) xprintf("(only servers)\n"); else xprintf("(w/o servers)\n"); show_header(); if (toys.optflags & FLAG_t) {//For TCP show_ipv4("/proc/net/tcp", "tcp"); show_ipv6("/proc/net/tcp6", "tcp"); } if (toys.optflags & FLAG_u) {//For UDP show_ipv4("/proc/net/udp", "udp"); show_ipv6("/proc/net/udp6", "udp"); } if (toys.optflags & FLAG_w) {//For raw show_ipv4("/proc/net/raw", "raw"); show_ipv6("/proc/net/raw6", "raw"); } } if (toys.optflags & FLAG_x) {//For UNIX xprintf("Active UNIX domain sockets "); if (toys.optflags & FLAG_a) xprintf("(servers and established)\n"); else if (toys.optflags & FLAG_l) xprintf("(only servers)\n"); else xprintf("(w/o servers)\n"); if (toys.optflags & FLAG_p) xprintf("Proto RefCnt Flags Type State " "I-Node PID/Program Name Path\n"); else xprintf("Proto RefCnt Flags Type State " "I-Node Path\n"); show_unix_sockets("/proc/net/unix", "unix"); } if (toys.optflags & FLAG_p) clean_pid_list(); if (toys.exitval) toys.exitval = 0; #undef IS_NETSTAT_PROTO_FLAGS_UP }