summaryrefslogtreecommitdiffstats
path: root/man7/sock_diag.7
diff options
context:
space:
mode:
Diffstat (limited to 'man7/sock_diag.7')
-rw-r--r--man7/sock_diag.7825
1 files changed, 0 insertions, 825 deletions
diff --git a/man7/sock_diag.7 b/man7/sock_diag.7
deleted file mode 100644
index 3da3b4a..0000000
--- a/man7/sock_diag.7
+++ /dev/null
@@ -1,825 +0,0 @@
-.\" Copyright (c) 2016 Pavel Emelyanov <xemul@virtuozzo.com>
-.\" Copyright (c) 2016 Dmitry V. Levin <ldv@altlinux.org>
-.\"
-.\" SPDX-License-Identifier: GPL-2.0-or-later
-.TH sock_diag 7 2023-10-31 "Linux man-pages 6.7"
-.SH NAME
-sock_diag \- obtaining information about sockets
-.SH SYNOPSIS
-.nf
-.B #include <sys/socket.h>
-.B #include <linux/sock_diag.h>
-.BR "#include <linux/unix_diag.h>" " /* for UNIX domain sockets */"
-.BR "#include <linux/inet_diag.h>" " /* for IPv4 and IPv6 sockets */"
-.P
-.BI "diag_socket = socket(AF_NETLINK, " socket_type ", NETLINK_SOCK_DIAG);"
-.fi
-.SH DESCRIPTION
-The sock_diag netlink subsystem provides a mechanism for obtaining
-information about sockets of various address families from the kernel.
-This subsystem can be used to obtain information about individual
-sockets or request a list of sockets.
-.P
-In the request, the caller can specify additional information it would
-like to obtain about the socket, for example, memory information or
-information specific to the address family.
-.P
-When requesting a list of sockets, the caller can specify filters that
-would be applied by the kernel to select a subset of sockets to report.
-For now, there is only the ability to filter sockets by state (connected,
-listening, and so on.)
-.P
-Note that sock_diag reports only those sockets that have a name;
-that is, either sockets bound explicitly with
-.BR bind (2)
-or sockets that were automatically bound to an address (e.g., by
-.BR connect (2)).
-This is the same set of sockets that is available via
-.IR /proc/net/unix ,
-.IR /proc/net/tcp ,
-.IR /proc/net/udp ,
-and so on.
-.\"
-.SS Request
-The request starts with a
-.I "struct nlmsghdr"
-header described in
-.BR netlink (7)
-with
-.I nlmsg_type
-field set to
-.BR SOCK_DIAG_BY_FAMILY .
-It is followed by a header specific to the address family that starts with
-a common part shared by all address families:
-.P
-.in +4n
-.EX
-struct sock_diag_req {
- __u8 sdiag_family;
- __u8 sdiag_protocol;
-};
-.EE
-.in
-.P
-The fields of this structure are as follows:
-.TP
-.I sdiag_family
-An address family.
-It should be set to the appropriate
-.B AF_*
-constant.
-.TP
-.I sdiag_protocol
-Depends on
-.IR sdiag_family .
-It should be set to the appropriate
-.B IPPROTO_*
-constant for
-.B AF_INET
-and
-.BR AF_INET6 ,
-and to 0 otherwise.
-.P
-If the
-.I nlmsg_flags
-field of the
-.I "struct nlmsghdr"
-header has the
-.B NLM_F_DUMP
-flag set, it means that a list of sockets is being requested;
-otherwise it is a query about an individual socket.
-.\"
-.SS Response
-The response starts with a
-.I "struct nlmsghdr"
-header and is followed by an array of objects specific to the address family.
-The array is to be accessed with the standard
-.B NLMSG_*
-macros from the
-.BR netlink (3)
-API.
-.P
-Each object is the NLA (netlink attributes) list that is to be accessed
-with the
-.B RTA_*
-macros from
-.BR rtnetlink (3)
-API.
-.\"
-.SS UNIX domain sockets
-For UNIX domain sockets the request is represented in the following structure:
-.P
-.in +4n
-.EX
-struct unix_diag_req {
- __u8 sdiag_family;
- __u8 sdiag_protocol;
- __u16 pad;
- __u32 udiag_states;
- __u32 udiag_ino;
- __u32 udiag_show;
- __u32 udiag_cookie[2];
-};
-.EE
-.in
-.P
-The fields of this structure are as follows:
-.TP
-.I sdiag_family
-The address family; it should be set to
-.BR AF_UNIX .
-.P
-.I sdiag_protocol
-.PD 0
-.TP
-.PD
-.I pad
-These fields should be set to 0.
-.TP
-.I udiag_states
-This is a bit mask that defines a filter of sockets states.
-Only those sockets whose states are in this mask will be reported.
-Ignored when querying for an individual socket.
-Supported values are:
-.P
-.RS 12
-1 <<
-.B TCP_ESTABLISHED
-.P
-1 <<
-.B TCP_LISTEN
-.RE
-.TP
-.I udiag_ino
-This is an inode number when querying for an individual socket.
-Ignored when querying for a list of sockets.
-.TP
-.I udiag_show
-This is a set of flags defining what kind of information to report.
-Each requested kind of information is reported back as a netlink
-attribute as described below:
-.RS
-.TP
-.B UDIAG_SHOW_NAME
-The attribute reported in answer to this request is
-.BR UNIX_DIAG_NAME .
-The payload associated with this attribute is the pathname to which
-the socket was bound (a sequence of bytes up to
-.B UNIX_PATH_MAX
-length).
-.TP
-.B UDIAG_SHOW_VFS
-The attribute reported in answer to this request is
-.BR UNIX_DIAG_VFS .
-The payload associated with this attribute is represented in the following
-structure:
-.IP
-.in +4n
-.EX
-struct unix_diag_vfs {
- __u32 udiag_vfs_dev;
- __u32 udiag_vfs_ino;
-};
-.EE
-.in
-.IP
-The fields of this structure are as follows:
-.RS
-.TP
-.I udiag_vfs_dev
-The device number of the corresponding on-disk socket inode.
-.TP
-.I udiag_vfs_ino
-The inode number of the corresponding on-disk socket inode.
-.RE
-.TP
-.B UDIAG_SHOW_PEER
-The attribute reported in answer to this request is
-.BR UNIX_DIAG_PEER .
-The payload associated with this attribute is a __u32 value
-which is the peer's inode number.
-This attribute is reported for connected sockets only.
-.TP
-.B UDIAG_SHOW_ICONS
-The attribute reported in answer to this request is
-.BR UNIX_DIAG_ICONS .
-The payload associated with this attribute is an array of __u32 values
-which are inode numbers of sockets that has passed the
-.BR connect (2)
-call, but hasn't been processed with
-.BR accept (2)
-yet.
-This attribute is reported for listening sockets only.
-.TP
-.B UDIAG_SHOW_RQLEN
-The attribute reported in answer to this request is
-.BR UNIX_DIAG_RQLEN .
-The payload associated with this attribute is represented in the following
-structure:
-.IP
-.in +4n
-.EX
-struct unix_diag_rqlen {
- __u32 udiag_rqueue;
- __u32 udiag_wqueue;
-};
-.EE
-.in
-.IP
-The fields of this structure are as follows:
-.RS
-.TP
-.I udiag_rqueue
-For listening sockets:
-the number of pending connections.
-The length of the array associated with the
-.B UNIX_DIAG_ICONS
-response attribute is equal to this value.
-.IP
-For established sockets:
-the amount of data in incoming queue.
-.TP
-.I udiag_wqueue
-For listening sockets:
-the backlog length which equals to the value passed as the second argument to
-.BR listen (2).
-.IP
-For established sockets:
-the amount of memory available for sending.
-.RE
-.TP
-.B UDIAG_SHOW_MEMINFO
-The attribute reported in answer to this request is
-.BR UNIX_DIAG_MEMINFO .
-The payload associated with this attribute is an array of __u32 values
-described below in the subsection "Socket memory information".
-.P
-The following attributes are reported back without any specific request:
-.TP
-.B UNIX_DIAG_SHUTDOWN
-The payload associated with this attribute is __u8 value which represents
-bits of
-.BR shutdown (2)
-state.
-.RE
-.TP
-.I udiag_cookie
-This is an array of opaque identifiers that could be used along with
-.I udiag_ino
-to specify an individual socket.
-It is ignored when querying for a list
-of sockets, as well as when all its elements are set to \-1.
-.P
-The response to a query for UNIX domain sockets is represented as an array of
-.P
-.in +4n
-.EX
-struct unix_diag_msg {
- __u8 udiag_family;
- __u8 udiag_type;
- __u8 udiag_state;
- __u8 pad;
- __u32 udiag_ino;
- __u32 udiag_cookie[2];
-};
-.EE
-.in
-.P
-followed by netlink attributes.
-.P
-The fields of this structure are as follows:
-.TP
-.I udiag_family
-This field has the same meaning as in
-.IR "struct unix_diag_req" .
-.TP
-.I udiag_type
-This is set to one of
-.BR SOCK_PACKET ,
-.BR SOCK_STREAM ,
-or
-.BR SOCK_SEQPACKET .
-.TP
-.I udiag_state
-This is set to one of
-.B TCP_LISTEN
-or
-.BR TCP_ESTABLISHED .
-.TP
-.I pad
-This field is set to 0.
-.TP
-.I udiag_ino
-This is the socket inode number.
-.TP
-.I udiag_cookie
-This is an array of opaque identifiers that could be used in subsequent
-queries.
-.\"
-.SS IPv4 and IPv6 sockets
-For IPv4 and IPv6 sockets,
-the request is represented in the following structure:
-.P
-.in +4n
-.EX
-struct inet_diag_req_v2 {
- __u8 sdiag_family;
- __u8 sdiag_protocol;
- __u8 idiag_ext;
- __u8 pad;
- __u32 idiag_states;
- struct inet_diag_sockid id;
-};
-.EE
-.in
-.P
-where
-.I "struct inet_diag_sockid"
-is defined as follows:
-.P
-.in +4n
-.EX
-struct inet_diag_sockid {
- __be16 idiag_sport;
- __be16 idiag_dport;
- __be32 idiag_src[4];
- __be32 idiag_dst[4];
- __u32 idiag_if;
- __u32 idiag_cookie[2];
-};
-.EE
-.in
-.P
-The fields of
-.I "struct inet_diag_req_v2"
-are as follows:
-.TP
-.I sdiag_family
-This should be set to either
-.B AF_INET
-or
-.B AF_INET6
-for IPv4 or IPv6 sockets respectively.
-.TP
-.I sdiag_protocol
-This should be set to one of
-.BR IPPROTO_TCP ,
-.BR IPPROTO_UDP ,
-or
-.BR IPPROTO_UDPLITE .
-.TP
-.I idiag_ext
-This is a set of flags defining what kind of extended information to report.
-Each requested kind of information is reported back as a netlink attribute
-as described below:
-.RS
-.TP
-.B INET_DIAG_TOS
-The payload associated with this attribute is a __u8 value
-which is the TOS of the socket.
-.TP
-.B INET_DIAG_TCLASS
-The payload associated with this attribute is a __u8 value
-which is the TClass of the socket.
-IPv6 sockets only.
-For LISTEN and CLOSE sockets, this is followed by
-.B INET_DIAG_SKV6ONLY
-attribute with associated __u8 payload value meaning whether the socket
-is IPv6-only or not.
-.TP
-.B INET_DIAG_MEMINFO
-The payload associated with this attribute is represented in the following
-structure:
-.IP
-.in +4n
-.EX
-struct inet_diag_meminfo {
- __u32 idiag_rmem;
- __u32 idiag_wmem;
- __u32 idiag_fmem;
- __u32 idiag_tmem;
-};
-.EE
-.in
-.IP
-The fields of this structure are as follows:
-.RS
-.TP 12
-.I idiag_rmem
-The amount of data in the receive queue.
-.TP
-.I idiag_wmem
-The amount of data that is queued by TCP but not yet sent.
-.TP
-.I idiag_fmem
-The amount of memory scheduled for future use (TCP only).
-.TP
-.I idiag_tmem
-The amount of data in send queue.
-.RE
-.TP
-.B INET_DIAG_SKMEMINFO
-The payload associated with this attribute is an array of __u32 values
-described below in the subsection "Socket memory information".
-.TP
-.B INET_DIAG_INFO
-The payload associated with this attribute is specific to the address family.
-For TCP sockets, it is an object of type
-.IR "struct tcp_info" .
-.TP
-.B INET_DIAG_CONG
-The payload associated with this attribute is a string that describes the
-congestion control algorithm used.
-For TCP sockets only.
-.RE
-.TP
-.I pad
-This should be set to 0.
-.TP
-.I idiag_states
-This is a bit mask that defines a filter of socket states.
-Only those sockets whose states are in this mask will be reported.
-Ignored when querying for an individual socket.
-.TP
-.I id
-This is a socket ID object that is used in dump requests, in queries
-about individual sockets, and is reported back in each response.
-Unlike UNIX domain sockets, IPv4 and IPv6 sockets are identified
-using addresses and ports.
-All values are in network byte order.
-.P
-The fields of
-.I "struct inet_diag_sockid"
-are as follows:
-.TP
-.I idiag_sport
-The source port.
-.TP
-.I idiag_dport
-The destination port.
-.TP
-.I idiag_src
-The source address.
-.TP
-.I idiag_dst
-The destination address.
-.TP
-.I idiag_if
-The interface number the socket is bound to.
-.TP
-.I idiag_cookie
-This is an array of opaque identifiers that could be used along with
-other fields of this structure to specify an individual socket.
-It is ignored when querying for a list of sockets, as well as
-when all its elements are set to \-1.
-.P
-The response to a query for IPv4 or IPv6 sockets is represented as an array of
-.P
-.in +4n
-.EX
-struct inet_diag_msg {
- __u8 idiag_family;
- __u8 idiag_state;
- __u8 idiag_timer;
- __u8 idiag_retrans;
-\&
- struct inet_diag_sockid id;
-\&
- __u32 idiag_expires;
- __u32 idiag_rqueue;
- __u32 idiag_wqueue;
- __u32 idiag_uid;
- __u32 idiag_inode;
-};
-.EE
-.in
-.P
-followed by netlink attributes.
-.P
-The fields of this structure are as follows:
-.TP
-.I idiag_family
-This is the same field as in
-.IR "struct inet_diag_req_v2" .
-.TP
-.I idiag_state
-This denotes socket state as in
-.IR "struct inet_diag_req_v2" .
-.TP
-.I idiag_timer
-For TCP sockets, this field describes the type of timer that is currently
-active for the socket.
-It is set to one of the following constants:
-.IP
-.PD 0
-.RS 12
-.TP
-.B 0
-no timer is active
-.TP
-.B 1
-a retransmit timer
-.TP
-.B 2
-a keep-alive timer
-.TP
-.B 3
-a TIME_WAIT timer
-.TP
-.B 4
-a zero window probe timer
-.RE
-.PD
-.IP
-For non-TCP sockets, this field is set to 0.
-.TP
-.I idiag_retrans
-For
-.I idiag_timer
-values 1, 2, and 4, this field contains the number of retransmits.
-For other
-.I idiag_timer
-values, this field is set to 0.
-.TP
-.I idiag_expires
-For TCP sockets that have an active timer, this field describes its expiration
-time in milliseconds.
-For other sockets, this field is set to 0.
-.TP
-.I idiag_rqueue
-For listening sockets:
-the number of pending connections.
-.IP
-For other sockets:
-the amount of data in the incoming queue.
-.TP
-.I idiag_wqueue
-For listening sockets:
-the backlog length.
-.IP
-For other sockets:
-the amount of memory available for sending.
-.TP
-.I idiag_uid
-This is the socket owner UID.
-.TP
-.I idiag_inode
-This is the socket inode number.
-.\"
-.SS Socket memory information
-The payload associated with
-.B UNIX_DIAG_MEMINFO
-and
-.B INET_DIAG_SKMEMINFO
-netlink attributes is an array of the following __u32 values:
-.TP
-.B SK_MEMINFO_RMEM_ALLOC
-The amount of data in receive queue.
-.TP
-.B SK_MEMINFO_RCVBUF
-The receive socket buffer as set by
-.BR SO_RCVBUF .
-.TP
-.B SK_MEMINFO_WMEM_ALLOC
-The amount of data in send queue.
-.TP
-.B SK_MEMINFO_SNDBUF
-The send socket buffer as set by
-.BR SO_SNDBUF .
-.TP
-.B SK_MEMINFO_FWD_ALLOC
-The amount of memory scheduled for future use (TCP only).
-.TP
-.B SK_MEMINFO_WMEM_QUEUED
-The amount of data queued by TCP, but not yet sent.
-.TP
-.B SK_MEMINFO_OPTMEM
-The amount of memory allocated for the socket's service needs (e.g., socket
-filter).
-.TP
-.B SK_MEMINFO_BACKLOG
-The amount of packets in the backlog (not yet processed).
-.SH VERSIONS
-.B NETLINK_INET_DIAG
-was introduced in Linux 2.6.14 and supported
-.B AF_INET
-and
-.B AF_INET6
-sockets only.
-In Linux 3.3, it was renamed to
-.B NETLINK_SOCK_DIAG
-and extended to support
-.B AF_UNIX
-sockets.
-.P
-.B UNIX_DIAG_MEMINFO
-and
-.B INET_DIAG_SKMEMINFO
-were introduced in Linux 3.6.
-.SH STANDARDS
-Linux.
-.SH EXAMPLES
-The following example program prints inode number, peer's inode number,
-and name of all UNIX domain sockets in the current namespace.
-.P
-.EX
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <linux/netlink.h>
-#include <linux/rtnetlink.h>
-#include <linux/sock_diag.h>
-#include <linux/unix_diag.h>
-\&
-static int
-send_query(int fd)
-{
- struct sockaddr_nl nladdr = {
- .nl_family = AF_NETLINK
- };
- struct
- {
- struct nlmsghdr nlh;
- struct unix_diag_req udr;
- } req = {
- .nlh = {
- .nlmsg_len = sizeof(req),
- .nlmsg_type = SOCK_DIAG_BY_FAMILY,
- .nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP
- },
- .udr = {
- .sdiag_family = AF_UNIX,
- .udiag_states = \-1,
- .udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER
- }
- };
- struct iovec iov = {
- .iov_base = &req,
- .iov_len = sizeof(req)
- };
- struct msghdr msg = {
- .msg_name = &nladdr,
- .msg_namelen = sizeof(nladdr),
- .msg_iov = &iov,
- .msg_iovlen = 1
- };
-\&
- for (;;) {
- if (sendmsg(fd, &msg, 0) < 0) {
- if (errno == EINTR)
- continue;
-\&
- perror("sendmsg");
- return \-1;
- }
-\&
- return 0;
- }
-}
-\&
-static int
-print_diag(const struct unix_diag_msg *diag, unsigned int len)
-{
- if (len < NLMSG_LENGTH(sizeof(*diag))) {
- fputs("short response\en", stderr);
- return \-1;
- }
- if (diag\->udiag_family != AF_UNIX) {
- fprintf(stderr, "unexpected family %u\en", diag\->udiag_family);
- return \-1;
- }
-\&
- unsigned int rta_len = len \- NLMSG_LENGTH(sizeof(*diag));
- unsigned int peer = 0;
- size_t path_len = 0;
- char path[sizeof(((struct sockaddr_un *) 0)\->sun_path) + 1];
-\&
- for (struct rtattr *attr = (struct rtattr *) (diag + 1);
- RTA_OK(attr, rta_len); attr = RTA_NEXT(attr, rta_len)) {
- switch (attr\->rta_type) {
- case UNIX_DIAG_NAME:
- if (!path_len) {
- path_len = RTA_PAYLOAD(attr);
- if (path_len > sizeof(path) \- 1)
- path_len = sizeof(path) \- 1;
- memcpy(path, RTA_DATA(attr), path_len);
- path[path_len] = \[aq]\e0\[aq];
- }
- break;
-\&
- case UNIX_DIAG_PEER:
- if (RTA_PAYLOAD(attr) >= sizeof(peer))
- peer = *(unsigned int *) RTA_DATA(attr);
- break;
- }
- }
-\&
- printf("inode=%u", diag\->udiag_ino);
-\&
- if (peer)
- printf(", peer=%u", peer);
-\&
- if (path_len)
- printf(", name=%s%s", *path ? "" : "@",
- *path ? path : path + 1);
-\&
- putchar(\[aq]\en\[aq]);
- return 0;
-}
-\&
-static int
-receive_responses(int fd)
-{
- long buf[8192 / sizeof(long)];
- struct sockaddr_nl nladdr;
- struct iovec iov = {
- .iov_base = buf,
- .iov_len = sizeof(buf)
- };
- int flags = 0;
-\&
- for (;;) {
- struct msghdr msg = {
- .msg_name = &nladdr,
- .msg_namelen = sizeof(nladdr),
- .msg_iov = &iov,
- .msg_iovlen = 1
- };
-\&
- ssize_t ret = recvmsg(fd, &msg, flags);
-\&
- if (ret < 0) {
- if (errno == EINTR)
- continue;
-\&
- perror("recvmsg");
- return \-1;
- }
- if (ret == 0)
- return 0;
-\&
- if (nladdr.nl_family != AF_NETLINK) {
- fputs("!AF_NETLINK\en", stderr);
- return \-1;
- }
-\&
- const struct nlmsghdr *h = (struct nlmsghdr *) buf;
-\&
- if (!NLMSG_OK(h, ret)) {
- fputs("!NLMSG_OK\en", stderr);
- return \-1;
- }
-\&
- for (; NLMSG_OK(h, ret); h = NLMSG_NEXT(h, ret)) {
- if (h\->nlmsg_type == NLMSG_DONE)
- return 0;
-\&
- if (h\->nlmsg_type == NLMSG_ERROR) {
- const struct nlmsgerr *err = NLMSG_DATA(h);
-\&
- if (h\->nlmsg_len < NLMSG_LENGTH(sizeof(*err))) {
- fputs("NLMSG_ERROR\en", stderr);
- } else {
- errno = \-err\->error;
- perror("NLMSG_ERROR");
- }
-\&
- return \-1;
- }
-\&
- if (h\->nlmsg_type != SOCK_DIAG_BY_FAMILY) {
- fprintf(stderr, "unexpected nlmsg_type %u\en",
- (unsigned) h\->nlmsg_type);
- return \-1;
- }
-\&
- if (print_diag(NLMSG_DATA(h), h\->nlmsg_len))
- return \-1;
- }
- }
-}
-\&
-int
-main(void)
-{
- int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG);
-\&
- if (fd < 0) {
- perror("socket");
- return 1;
- }
-\&
- int ret = send_query(fd) || receive_responses(fd);
-\&
- close(fd);
- return ret;
-}
-.EE
-.SH SEE ALSO
-.BR netlink (3),
-.BR rtnetlink (3),
-.BR netlink (7),
-.BR tcp (7)