#include <linux/packet_diag.h>
#include <linux/netlink_diag.h>
#include <linux/sctp.h>
+#include <linux/vm_sockets_diag.h>
#define MAGIC_SEQ 123456
PACKET_R_DB,
NETLINK_DB,
SCTP_DB,
+ VSOCK_ST_DB,
+ VSOCK_DG_DB,
MAX_DB
};
#define ALL_DB ((1<<MAX_DB)-1)
#define INET_L4_DBM ((1<<TCP_DB)|(1<<UDP_DB)|(1<<DCCP_DB)|(1<<SCTP_DB))
#define INET_DBM (INET_L4_DBM | (1<<RAW_DB))
+#define VSOCK_DBM ((1<<VSOCK_ST_DB)|(1<<VSOCK_DG_DB))
enum {
SS_UNKNOWN,
struct filter {
int dbs;
int states;
- int families;
+ uint64_t families;
struct ssfilter *f;
bool kill;
};
+#define FAMILY_MASK(family) ((uint64_t)1 << (family))
+
static const struct filter default_dbs[MAX_DB] = {
[TCP_DB] = {
.states = SS_CONN,
- .families = (1 << AF_INET) | (1 << AF_INET6),
+ .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
},
[DCCP_DB] = {
.states = SS_CONN,
- .families = (1 << AF_INET) | (1 << AF_INET6),
+ .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
},
[UDP_DB] = {
.states = (1 << SS_ESTABLISHED),
- .families = (1 << AF_INET) | (1 << AF_INET6),
+ .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
},
[RAW_DB] = {
.states = (1 << SS_ESTABLISHED),
- .families = (1 << AF_INET) | (1 << AF_INET6),
+ .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
},
[UNIX_DG_DB] = {
.states = (1 << SS_CLOSE),
- .families = (1 << AF_UNIX),
+ .families = FAMILY_MASK(AF_UNIX),
},
[UNIX_ST_DB] = {
.states = SS_CONN,
- .families = (1 << AF_UNIX),
+ .families = FAMILY_MASK(AF_UNIX),
},
[UNIX_SQ_DB] = {
.states = SS_CONN,
- .families = (1 << AF_UNIX),
+ .families = FAMILY_MASK(AF_UNIX),
},
[PACKET_DG_DB] = {
.states = (1 << SS_CLOSE),
- .families = (1 << AF_PACKET),
+ .families = FAMILY_MASK(AF_PACKET),
},
[PACKET_R_DB] = {
.states = (1 << SS_CLOSE),
- .families = (1 << AF_PACKET),
+ .families = FAMILY_MASK(AF_PACKET),
},
[NETLINK_DB] = {
.states = (1 << SS_CLOSE),
- .families = (1 << AF_NETLINK),
+ .families = FAMILY_MASK(AF_NETLINK),
},
[SCTP_DB] = {
.states = SS_CONN,
- .families = (1 << AF_INET) | (1 << AF_INET6),
+ .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
+ },
+ [VSOCK_ST_DB] = {
+ .states = SS_CONN,
+ .families = FAMILY_MASK(AF_VSOCK),
+ },
+ [VSOCK_DG_DB] = {
+ .states = SS_CONN,
+ .families = FAMILY_MASK(AF_VSOCK),
},
};
.dbs = (1 << NETLINK_DB),
.states = (1 << SS_CLOSE),
},
+ [AF_VSOCK] = {
+ .dbs = VSOCK_DBM,
+ .states = SS_CONN,
+ },
};
static int do_default = 1;
static void filter_af_set(struct filter *f, int af)
{
f->states |= default_afs[af].states;
- f->families |= 1 << af;
+ f->families |= FAMILY_MASK(af);
do_default = 0;
preferred_family = af;
}
static int filter_af_get(struct filter *f, int af)
{
- return f->families & (1 << af);
+ return !!(f->families & FAMILY_MASK(af));
}
static void filter_default_dbs(struct filter *f)
filter_db_set(f, PACKET_DG_DB);
filter_db_set(f, NETLINK_DB);
filter_db_set(f, SCTP_DB);
+ filter_db_set(f, VSOCK_ST_DB);
+ filter_db_set(f, VSOCK_DG_DB);
}
static void filter_states_set(struct filter *f, int states)
f->families |= default_dbs[db].families;
}
for (af = 0; af < AF_MAX; af++) {
- if (!(f->families & (1 << af)))
+ if (!(f->families & FAMILY_MASK(af)))
continue;
if (!(default_afs[af].dbs & f->dbs))
return "???";
}
+static const char *vsock_netid_name(int type)
+{
+ switch (type) {
+ case SOCK_STREAM:
+ return "v_str";
+ case SOCK_DGRAM:
+ return "v_dgr";
+ default:
+ return "???";
+ }
+}
+
static void sock_state_print(struct sockstat *s)
{
const char *sock_name;
case AF_NETLINK:
sock_name = "nl";
break;
+ case AF_VSOCK:
+ sock_name = vsock_netid_name(s->type);
+ break;
default:
sock_name = "unknown";
}
return s->lport == 0 && s->local.data[0] == 0;
if (s->local.family == AF_NETLINK)
return s->lport < 0;
+ if (s->local.family == AF_VSOCK)
+ return s->lport > 1023;
return is_ephemeral(s->lport);
}
return res;
}
+static void vsock_set_inet_prefix(inet_prefix *a, __u32 cid)
+{
+ *a = (inet_prefix){
+ .bytelen = sizeof(cid),
+ .family = AF_VSOCK,
+ };
+ memcpy(a->data, &cid, sizeof(cid));
+}
+
void *parse_hostcond(char *addr, bool is_port)
{
char *port = NULL;
goto out;
}
+ if (fam == AF_VSOCK || strncmp(addr, "vsock:", 6) == 0) {
+ __u32 cid = ~(__u32)0;
+
+ a.addr.family = AF_VSOCK;
+ if (strncmp(addr, "vsock:", 6) == 0)
+ addr += 6;
+
+ if (is_port)
+ port = addr;
+ else {
+ port = strchr(addr, ':');
+ if (port) {
+ *port = '\0';
+ port++;
+ }
+ }
+
+ if (port && strcmp(port, "*") &&
+ get_u32((__u32 *)&a.port, port, 0))
+ return NULL;
+
+ if (addr[0] && strcmp(addr, "*")) {
+ a.addr.bitlen = 32;
+ if (get_u32(&cid, addr, 0))
+ return NULL;
+ }
+ vsock_set_inet_prefix(&a.addr, cid);
+ fam = AF_VSOCK;
+ goto out;
+ }
+
if (fam == AF_INET || !strncmp(addr, "inet:", 5)) {
fam = AF_INET;
if (!strncmp(addr, "inet:", 5))
struct inet_diag_msg *r = NLMSG_DATA(h);
struct sockstat s = {};
- if (!(diag_arg->f->families & (1 << r->idiag_family)))
+ if (!(diag_arg->f->families & FAMILY_MASK(r->idiag_family)))
return 0;
parse_diag_msg(h, &s);
return -1;
}
- if (f->families & (1<<AF_INET)) {
+ if (f->families & FAMILY_MASK(AF_INET)) {
if ((fp = net_tcp_open()) == NULL)
goto outerr;
fclose(fp);
}
- if ((f->families & (1<<AF_INET6)) &&
+ if ((f->families & FAMILY_MASK(AF_INET6)) &&
(fp = net_tcp6_open()) != NULL) {
setbuffer(fp, buf, bufsize);
if (generic_record_read(fp, tcp_show_line, f, AF_INET6))
&& inet_show_netlink(f, NULL, IPPROTO_UDP) == 0)
return 0;
- if (f->families&(1<<AF_INET)) {
+ if (f->families&FAMILY_MASK(AF_INET)) {
if ((fp = net_udp_open()) == NULL)
goto outerr;
if (generic_record_read(fp, dgram_show_line, f, AF_INET))
fclose(fp);
}
- if ((f->families&(1<<AF_INET6)) &&
+ if ((f->families&FAMILY_MASK(AF_INET6)) &&
(fp = net_udp6_open()) != NULL) {
if (generic_record_read(fp, dgram_show_line, f, AF_INET6))
goto outerr;
inet_show_netlink(f, NULL, IPPROTO_RAW) == 0)
return 0;
- if (f->families&(1<<AF_INET)) {
+ if (f->families&FAMILY_MASK(AF_INET)) {
if ((fp = net_raw_open()) == NULL)
goto outerr;
if (generic_record_read(fp, dgram_show_line, f, AF_INET))
fclose(fp);
}
- if ((f->families&(1<<AF_INET6)) &&
+ if ((f->families&FAMILY_MASK(AF_INET6)) &&
(fp = net_raw6_open()) != NULL) {
if (generic_record_read(fp, dgram_show_line, f, AF_INET6))
goto outerr;
return 0;
}
+static bool vsock_type_skip(struct sockstat *s, struct filter *f)
+{
+ if (s->type == SOCK_STREAM && !(f->dbs & (1 << VSOCK_ST_DB)))
+ return true;
+ if (s->type == SOCK_DGRAM && !(f->dbs & (1 << VSOCK_DG_DB)))
+ return true;
+ return false;
+}
+
+static void vsock_addr_print(inet_prefix *a, __u32 port)
+{
+ char cid_str[sizeof("4294967295")];
+ char port_str[sizeof("4294967295")];
+ __u32 cid;
+
+ memcpy(&cid, a->data, sizeof(cid));
+
+ if (cid == ~(__u32)0)
+ snprintf(cid_str, sizeof(cid_str), "*");
+ else
+ snprintf(cid_str, sizeof(cid_str), "%u", cid);
+
+ if (port == ~(__u32)0)
+ snprintf(port_str, sizeof(port_str), "*");
+ else
+ snprintf(port_str, sizeof(port_str), "%u", port);
+
+ sock_addr_print(cid_str, ":", port_str, NULL);
+}
+
+static void vsock_stats_print(struct sockstat *s, struct filter *f)
+{
+ sock_state_print(s);
+
+ vsock_addr_print(&s->local, s->lport);
+ vsock_addr_print(&s->remote, s->rport);
+
+ proc_ctx_print(s);
+
+ printf("\n");
+}
+
+static int vsock_show_sock(const struct sockaddr_nl *addr,
+ struct nlmsghdr *nlh, void *arg)
+{
+ struct filter *f = (struct filter *)arg;
+ struct vsock_diag_msg *r = NLMSG_DATA(nlh);
+ struct sockstat stat = {
+ .type = r->vdiag_type,
+ .lport = r->vdiag_src_port,
+ .rport = r->vdiag_dst_port,
+ .state = r->vdiag_state,
+ .ino = r->vdiag_ino,
+ };
+
+ vsock_set_inet_prefix(&stat.local, r->vdiag_src_cid);
+ vsock_set_inet_prefix(&stat.remote, r->vdiag_dst_cid);
+
+ if (vsock_type_skip(&stat, f))
+ return 0;
+
+ if (f->f && run_ssfilter(f->f, &stat) == 0)
+ return 0;
+
+ vsock_stats_print(&stat, f);
+
+ return 0;
+}
+
+static int vsock_show(struct filter *f)
+{
+ DIAG_REQUEST(req, struct vsock_diag_req r);
+
+ if (!filter_af_get(f, AF_VSOCK))
+ return 0;
+
+ req.r.sdiag_family = AF_VSOCK;
+ req.r.vdiag_states = f->states;
+
+ return handle_netlink_request(f, &req.nlh, sizeof(req), vsock_show_sock);
+}
+
struct sock_diag_msg {
__u8 sdiag_family;
};
return packet_show_sock(addr, nlh, arg);
case AF_NETLINK:
return netlink_show_sock(addr, nlh, arg);
+ case AF_VSOCK:
+ return vsock_show_sock(addr, nlh, arg);
default:
return -1;
}
int groups = 0;
struct rtnl_handle rth;
- if (f->families & (1 << AF_INET) && f->dbs & (1 << TCP_DB))
+ if (f->families & FAMILY_MASK(AF_INET) && f->dbs & (1 << TCP_DB))
groups |= 1 << (SKNLGRP_INET_TCP_DESTROY - 1);
- if (f->families & (1 << AF_INET) && f->dbs & (1 << UDP_DB))
+ if (f->families & FAMILY_MASK(AF_INET) && f->dbs & (1 << UDP_DB))
groups |= 1 << (SKNLGRP_INET_UDP_DESTROY - 1);
- if (f->families & (1 << AF_INET6) && f->dbs & (1 << TCP_DB))
+ if (f->families & FAMILY_MASK(AF_INET6) && f->dbs & (1 << TCP_DB))
groups |= 1 << (SKNLGRP_INET6_TCP_DESTROY - 1);
- if (f->families & (1 << AF_INET6) && f->dbs & (1 << UDP_DB))
+ if (f->families & FAMILY_MASK(AF_INET6) && f->dbs & (1 << UDP_DB))
groups |= 1 << (SKNLGRP_INET6_UDP_DESTROY - 1);
if (groups == 0)
" -d, --dccp display only DCCP sockets\n"
" -w, --raw display only RAW sockets\n"
" -x, --unix display only Unix domain sockets\n"
+" --vsock display only vsock sockets\n"
" -f, --family=FAMILY display sockets of type FAMILY\n"
-" FAMILY := {inet|inet6|link|unix|netlink|help}\n"
+" FAMILY := {inet|inet6|link|unix|netlink|vsock|help}\n"
"\n"
" -K, --kill forcibly close sockets, display what was closed\n"
" -H, --no-header Suppress header line\n"
"\n"
" -A, --query=QUERY, --socket=QUERY\n"
-" QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]\n"
+" QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram}[,QUERY]\n"
"\n"
" -D, --diag=FILE Dump raw information about TCP sockets to FILE\n"
" -F, --filter=FILE read filter information from FILE\n"
exit(-1);
}
+/* Values 'v' and 'V' are already used so a non-character is used */
+#define OPT_VSOCK 256
+
static const struct option long_opts[] = {
{ "numeric", 0, 0, 'n' },
{ "resolve", 0, 0, 'r' },
{ "udp", 0, 0, 'u' },
{ "raw", 0, 0, 'w' },
{ "unix", 0, 0, 'x' },
+ { "vsock", 0, 0, OPT_VSOCK },
{ "all", 0, 0, 'a' },
{ "listening", 0, 0, 'l' },
{ "ipv4", 0, 0, '4' },
case 'x':
filter_af_set(¤t_filter, AF_UNIX);
break;
+ case OPT_VSOCK:
+ filter_af_set(¤t_filter, AF_VSOCK);
+ break;
case 'a':
state_filter = SS_ALL;
break;
filter_af_set(¤t_filter, AF_UNIX);
else if (strcmp(optarg, "netlink") == 0)
filter_af_set(¤t_filter, AF_NETLINK);
+ else if (strcmp(optarg, "vsock") == 0)
+ filter_af_set(¤t_filter, AF_VSOCK);
else if (strcmp(optarg, "help") == 0)
help();
else {
filter_db_set(¤t_filter, PACKET_DG_DB);
} else if (strcmp(p, "netlink") == 0) {
filter_db_set(¤t_filter, NETLINK_DB);
+ } else if (strcmp(p, "vsock") == 0) {
+ filter_db_set(¤t_filter, VSOCK_ST_DB);
+ filter_db_set(¤t_filter, VSOCK_DG_DB);
+ } else if (strcmp(p, "vsock_stream") == 0 ||
+ strcmp(p, "v_str") == 0) {
+ filter_db_set(¤t_filter, VSOCK_ST_DB);
+ } else if (strcmp(p, "vsock_dgram") == 0 ||
+ strcmp(p, "v_dgr") == 0) {
+ filter_db_set(¤t_filter, VSOCK_DG_DB);
} else {
fprintf(stderr, "ss: \"%s\" is illegal socket table id\n", p);
usage();
dccp_show(¤t_filter);
if (current_filter.dbs & (1<<SCTP_DB))
sctp_show(¤t_filter);
+ if (current_filter.dbs & VSOCK_DBM)
+ vsock_show(¤t_filter);
if (show_users || show_proc_ctx || show_sock_ctx)
user_ent_destroy();