summaryrefslogtreecommitdiffstats
path: root/src/libnetdata/maps/local-sockets.h
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-11-25 17:33:56 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-11-25 17:34:10 +0000
commit83ba6762cc43d9db581b979bb5e3445669e46cc2 (patch)
tree2e69833b43f791ed253a7a20318b767ebe56cdb8 /src/libnetdata/maps/local-sockets.h
parentReleasing debian version 1.47.5-1. (diff)
downloadnetdata-83ba6762cc43d9db581b979bb5e3445669e46cc2.tar.xz
netdata-83ba6762cc43d9db581b979bb5e3445669e46cc2.zip
Merging upstream version 2.0.3+dfsg (Closes: #923993, #1042533, #1045145).
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/libnetdata/maps/local-sockets.h')
-rw-r--r--src/libnetdata/maps/local-sockets.h1419
1 files changed, 0 insertions, 1419 deletions
diff --git a/src/libnetdata/maps/local-sockets.h b/src/libnetdata/maps/local-sockets.h
deleted file mode 100644
index 6f2ffd81a..000000000
--- a/src/libnetdata/maps/local-sockets.h
+++ /dev/null
@@ -1,1419 +0,0 @@
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-#ifndef NETDATA_LOCAL_SOCKETS_H
-#define NETDATA_LOCAL_SOCKETS_H
-
-#include "libnetdata/libnetdata.h"
-
-#ifdef HAVE_LIBMNL
-#include <linux/rtnetlink.h>
-#include <linux/inet_diag.h>
-#include <linux/sock_diag.h>
-#include <linux/unix_diag.h>
-#include <linux/netlink.h>
-#include <libmnl/libmnl.h>
-#endif
-
-#define UID_UNSET (uid_t)(UINT32_MAX)
-
-// --------------------------------------------------------------------------------------------------------------------
-// hashtable for keeping the namespaces
-// key and value is the namespace inode
-
-#define SIMPLE_HASHTABLE_VALUE_TYPE uint64_t
-#define SIMPLE_HASHTABLE_NAME _NET_NS
-#include "libnetdata/simple_hashtable.h"
-
-// --------------------------------------------------------------------------------------------------------------------
-// hashtable for keeping the sockets of PIDs
-// key is the inode
-
-struct pid_socket;
-#define SIMPLE_HASHTABLE_VALUE_TYPE struct pid_socket
-#define SIMPLE_HASHTABLE_NAME _PID_SOCKET
-#include "libnetdata/simple_hashtable.h"
-
-// --------------------------------------------------------------------------------------------------------------------
-// hashtable for keeping all the sockets
-// key is the inode
-
-struct local_socket;
-#define SIMPLE_HASHTABLE_VALUE_TYPE struct local_socket
-#define SIMPLE_HASHTABLE_NAME _LOCAL_SOCKET
-#include "libnetdata/simple_hashtable.h"
-
-// --------------------------------------------------------------------------------------------------------------------
-// hashtable for keeping all local IPs
-// key is XXH3_64bits hash of the IP
-
-union ipv46;
-#define SIMPLE_HASHTABLE_VALUE_TYPE union ipv46
-#define SIMPLE_HASHTABLE_NAME _LOCAL_IP
-#include "libnetdata/simple_hashtable.h"
-
-// --------------------------------------------------------------------------------------------------------------------
-// hashtable for keeping all listening ports
-// key is XXH3_64bits hash of the family, protocol, port number, namespace
-
-struct local_port;
-#define SIMPLE_HASHTABLE_VALUE_TYPE struct local_port
-#define SIMPLE_HASHTABLE_NAME _LISTENING_PORT
-#include "libnetdata/simple_hashtable.h"
-
-// --------------------------------------------------------------------------------------------------------------------
-
-struct local_socket_state;
-typedef void (*local_sockets_cb_t)(struct local_socket_state *state, struct local_socket *n, void *data);
-
-struct local_sockets_config {
- bool listening;
- bool inbound;
- bool outbound;
- bool local;
- bool tcp4;
- bool tcp6;
- bool udp4;
- bool udp6;
- bool pid;
- bool cmdline;
- bool comm;
- bool uid;
- bool namespaces;
- bool tcp_info;
-
- size_t max_errors;
- size_t max_concurrent_namespaces;
-
- local_sockets_cb_t cb;
- void *data;
-
- const char *host_prefix;
-
- // internal use
- uint64_t net_ns_inode;
-};
-
-typedef struct local_socket_state {
- struct local_sockets_config config;
-
- struct {
- size_t mnl_sends;
- size_t namespaces_found;
- size_t tcp_info_received;
- size_t pid_fds_processed;
- size_t pid_fds_opendir_failed;
- size_t pid_fds_readlink_failed;
- size_t pid_fds_parse_failed;
- size_t errors_encountered;
- } stats;
-
- bool spawn_server_is_mine;
- SPAWN_SERVER *spawn_server;
-
-#ifdef HAVE_LIBMNL
- bool use_nl;
- struct mnl_socket *nl;
- uint16_t tmp_protocol;
-#endif
-
- ARAL *local_socket_aral;
- ARAL *pid_socket_aral;
- SPINLOCK spinlock; // for namespaces
-
- uint64_t proc_self_net_ns_inode;
-
- SIMPLE_HASHTABLE_NET_NS ns_hashtable;
- SIMPLE_HASHTABLE_PID_SOCKET pid_sockets_hashtable;
- SIMPLE_HASHTABLE_LOCAL_SOCKET sockets_hashtable;
- SIMPLE_HASHTABLE_LOCAL_IP local_ips_hashtable;
- SIMPLE_HASHTABLE_LISTENING_PORT listening_ports_hashtable;
-} LS_STATE;
-
-// --------------------------------------------------------------------------------------------------------------------
-
-typedef enum __attribute__((packed)) {
- SOCKET_DIRECTION_NONE = 0,
- SOCKET_DIRECTION_LISTEN = (1 << 0), // a listening socket
- SOCKET_DIRECTION_INBOUND = (1 << 1), // an inbound socket connecting a remote system to a local listening socket
- SOCKET_DIRECTION_OUTBOUND = (1 << 2), // a socket initiated by this system, connecting to another system
- SOCKET_DIRECTION_LOCAL_INBOUND = (1 << 3), // the socket connecting 2 localhost applications
- SOCKET_DIRECTION_LOCAL_OUTBOUND = (1 << 4), // the socket connecting 2 localhost applications
-} SOCKET_DIRECTION;
-
-#ifndef TASK_COMM_LEN
-#define TASK_COMM_LEN 16
-#endif
-
-struct pid_socket {
- uint64_t inode;
- pid_t pid;
- uid_t uid;
- uint64_t net_ns_inode;
- char *cmdline;
- char comm[TASK_COMM_LEN];
-};
-
-struct local_port {
- uint16_t protocol;
- uint16_t family;
- uint16_t port;
- uint64_t net_ns_inode;
-};
-
-union ipv46 {
- uint32_t ipv4;
- struct in6_addr ipv6;
-};
-
-struct socket_endpoint {
- uint16_t protocol;
- uint16_t family;
- uint16_t port;
- union ipv46 ip;
-};
-
-static inline void ipv6_to_in6_addr(const char *ipv6_str, struct in6_addr *d) {
- char buf[9];
-
- for (size_t k = 0; k < 4; ++k) {
- memcpy(buf, ipv6_str + (k * 8), 8);
- buf[sizeof(buf) - 1] = '\0';
- d->s6_addr32[k] = str2uint32_hex(buf, NULL);
- }
-}
-
-typedef struct local_socket {
- uint64_t inode;
- uint64_t net_ns_inode;
-
- int state;
- struct socket_endpoint local;
- struct socket_endpoint remote;
- pid_t pid;
-
- SOCKET_DIRECTION direction;
-
- uint8_t timer;
- uint8_t retransmits; // the # of packets currently queued for retransmission (not yet acknowledged)
- uint32_t expires;
- uint32_t rqueue;
- uint32_t wqueue;
- uid_t uid;
-
- struct {
- bool checked;
- bool ipv46;
- } ipv6ony;
-
- union {
- struct tcp_info tcp;
- } info;
-
- char comm[TASK_COMM_LEN];
- STRING *cmdline;
-
- struct local_port local_port_key;
-
- XXH64_hash_t local_ip_hash;
- XXH64_hash_t remote_ip_hash;
- XXH64_hash_t local_port_hash;
-
-#ifdef LOCAL_SOCKETS_EXTENDED_MEMBERS
- LOCAL_SOCKETS_EXTENDED_MEMBERS
-#endif
-} LOCAL_SOCKET;
-
-static inline void local_sockets_spawn_server_callback(SPAWN_REQUEST *request);
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static inline void local_sockets_log(LS_STATE *ls, const char *format, ...) PRINTFLIKE(2, 3);
-static inline void local_sockets_log(LS_STATE *ls, const char *format, ...) {
- if(ls && ++ls->stats.errors_encountered == ls->config.max_errors) {
- nd_log(NDLS_COLLECTORS, NDLP_ERR, "LOCAL-SOCKETS: max number of logs reached. Not logging anymore");
- return;
- }
-
- if(ls && ls->stats.errors_encountered > ls->config.max_errors)
- return;
-
- char buf[16384];
- va_list args;
- va_start(args, format);
- vsnprintf(buf, sizeof(buf), format, args);
- va_end(args);
-
- nd_log(NDLS_COLLECTORS, NDLP_ERR, "LOCAL-SOCKETS: %s", buf);
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static bool local_sockets_is_ipv4_mapped_ipv6_address(const struct in6_addr *addr) {
- // An IPv4-mapped IPv6 address starts with 80 bits of zeros followed by 16 bits of ones
- static const unsigned char ipv4_mapped_prefix[12] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF };
- return memcmp(addr->s6_addr, ipv4_mapped_prefix, 12) == 0;
-}
-
-static bool local_sockets_is_loopback_address(struct socket_endpoint *se) {
- if (se->family == AF_INET) {
- // For IPv4, loopback addresses are in the 127.0.0.0/8 range
- return (ntohl(se->ip.ipv4) >> 24) == 127; // Check if the first byte is 127
- } else if (se->family == AF_INET6) {
- // Check if the address is an IPv4-mapped IPv6 address
- if (local_sockets_is_ipv4_mapped_ipv6_address(&se->ip.ipv6)) {
- // Extract the last 32 bits (IPv4 address) and check if it's in the 127.0.0.0/8 range
- uint8_t *ip6 = (uint8_t *)&se->ip.ipv6;
- const uint32_t ipv4_addr = *((const uint32_t *)(ip6 + 12));
- return (ntohl(ipv4_addr) >> 24) == 127;
- }
-
- // For IPv6, loopback address is ::1
- return memcmp(&se->ip.ipv6, &in6addr_loopback, sizeof(se->ip.ipv6)) == 0;
- }
-
- return false;
-}
-
-static inline bool local_sockets_is_ipv4_reserved_address(uint32_t ip) {
- // Check for the reserved address ranges
- ip = ntohl(ip);
- return (
- (ip >> 24 == 10) || // Private IP range (A class)
- (ip >> 20 == (172 << 4) + 1) || // Private IP range (B class)
- (ip >> 16 == (192 << 8) + 168) || // Private IP range (C class)
- (ip >> 24 == 127) || // Loopback address (127.0.0.0)
- (ip >> 24 == 0) || // Reserved (0.0.0.0)
- (ip >> 24 == 169 && (ip >> 16) == 254) || // Link-local address (169.254.0.0)
- (ip >> 16 == (192 << 8) + 0) // Test-Net (192.0.0.0)
- );
-}
-
-static inline bool local_sockets_is_private_address(struct socket_endpoint *se) {
- if (se->family == AF_INET) {
- return local_sockets_is_ipv4_reserved_address(se->ip.ipv4);
- }
- else if (se->family == AF_INET6) {
- uint8_t *ip6 = (uint8_t *)&se->ip.ipv6;
-
- // Check if the address is an IPv4-mapped IPv6 address
- if (local_sockets_is_ipv4_mapped_ipv6_address(&se->ip.ipv6)) {
- // Extract the last 32 bits (IPv4 address) and check if it's in the 127.0.0.0/8 range
- const uint32_t ipv4_addr = *((const uint32_t *)(ip6 + 12));
- return local_sockets_is_ipv4_reserved_address(ipv4_addr);
- }
-
- // Check for link-local addresses (fe80::/10)
- if ((ip6[0] == 0xFE) && ((ip6[1] & 0xC0) == 0x80))
- return true;
-
- // Check for Unique Local Addresses (ULA) (fc00::/7)
- if ((ip6[0] & 0xFE) == 0xFC)
- return true;
-
- // Check for multicast addresses (ff00::/8)
- if (ip6[0] == 0xFF)
- return true;
-
- // For IPv6, loopback address is :: or ::1
- return memcmp(&se->ip.ipv6, &in6addr_any, sizeof(se->ip.ipv6)) == 0 ||
- memcmp(&se->ip.ipv6, &in6addr_loopback, sizeof(se->ip.ipv6)) == 0;
- }
-
- return false;
-}
-
-static bool local_sockets_is_multicast_address(struct socket_endpoint *se) {
- if (se->family == AF_INET) {
- // For IPv4, check if the address is 0.0.0.0
- uint32_t ip = htonl(se->ip.ipv4);
- return (ip >= 0xE0000000 && ip <= 0xEFFFFFFF); // Multicast address range (224.0.0.0/4)
- }
- else if (se->family == AF_INET6) {
- // For IPv6, check if the address is ff00::/8
- uint8_t *ip6 = (uint8_t *)&se->ip.ipv6;
- return ip6[0] == 0xff;
- }
-
- return false;
-}
-
-static bool local_sockets_is_zero_address(struct socket_endpoint *se) {
- if (se->family == AF_INET) {
- // For IPv4, check if the address is 0.0.0.0
- return se->ip.ipv4 == 0;
- }
- else if (se->family == AF_INET6) {
- // For IPv6, check if the address is ::
- return memcmp(&se->ip.ipv6, &in6addr_any, sizeof(se->ip.ipv6)) == 0;
- }
-
- return false;
-}
-
-static inline const char *local_sockets_address_space(struct socket_endpoint *se) {
- if(local_sockets_is_zero_address(se))
- return "zero";
- else if(local_sockets_is_loopback_address(se))
- return "loopback";
- else if(local_sockets_is_multicast_address(se))
- return "multicast";
- else if(local_sockets_is_private_address(se))
- return "private";
- else
- return "public";
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static inline bool is_local_socket_ipv46(LOCAL_SOCKET *n) {
- return n->local.family == AF_INET6 &&
- n->direction == SOCKET_DIRECTION_LISTEN &&
- local_sockets_is_zero_address(&n->local) &&
- n->ipv6ony.checked &&
- n->ipv6ony.ipv46;
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static void local_sockets_foreach_local_socket_call_cb(LS_STATE *ls) {
- for(SIMPLE_HASHTABLE_SLOT_LOCAL_SOCKET *sl = simple_hashtable_first_read_only_LOCAL_SOCKET(&ls->sockets_hashtable);
- sl;
- sl = simple_hashtable_next_read_only_LOCAL_SOCKET(&ls->sockets_hashtable, sl)) {
- LOCAL_SOCKET *n = SIMPLE_HASHTABLE_SLOT_DATA(sl);
- if(!n) continue;
-
- if((ls->config.listening && n->direction & SOCKET_DIRECTION_LISTEN) ||
- (ls->config.local && n->direction & (SOCKET_DIRECTION_LOCAL_INBOUND|SOCKET_DIRECTION_LOCAL_OUTBOUND)) ||
- (ls->config.inbound && n->direction & SOCKET_DIRECTION_INBOUND) ||
- (ls->config.outbound && n->direction & SOCKET_DIRECTION_OUTBOUND)
- ) {
- // we have to call the callback for this socket
- if (ls->config.cb)
- ls->config.cb(ls, n, ls->config.data);
- }
- }
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static inline void local_sockets_fix_cmdline(char* str) {
- char *s = str;
-
- // map invalid characters to underscores
- while(*s) {
- if(*s == '|' || iscntrl(*s)) *s = '_';
- s++;
- }
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static inline bool
-local_sockets_read_proc_inode_link(LS_STATE *ls, const char *filename, uint64_t *inode, const char *type) {
- char link_target[FILENAME_MAX + 1];
-
- *inode = 0;
-
- ssize_t len = readlink(filename, link_target, sizeof(link_target) - 1);
- if (len == -1) {
- local_sockets_log(ls, "cannot read '%s' link '%s'", type, filename);
-
- ls->stats.pid_fds_readlink_failed++;
- return false;
- }
- link_target[len] = '\0';
-
- len = strlen(type);
- if(strncmp(link_target, type, len) == 0 && link_target[len] == ':' && link_target[len + 1] == '[' && isdigit(link_target[len + 2])) {
- *inode = strtoull(&link_target[len + 2], NULL, 10);
- // ll_log(ls, "read link of type '%s' '%s' from '%s', inode = %"PRIu64, type, link_target, filename, *inode);
- return true;
- }
- else {
- // ll_log(ls, "cannot read '%s' link '%s' from '%s'", type, link_target, filename);
- ls->stats.pid_fds_processed++;
- return false;
- }
-}
-
-static inline bool local_sockets_is_path_a_pid(const char *s) {
- if(!s || !*s) return false;
-
- while(*s) {
- if(!isdigit(*s++))
- return false;
- }
-
- return true;
-}
-
-static inline bool local_sockets_find_all_sockets_in_proc(LS_STATE *ls, const char *proc_filename) {
- DIR *proc_dir;
- struct dirent *proc_entry;
- char filename[FILENAME_MAX + 1];
- char comm[TASK_COMM_LEN];
- char cmdline[8192];
- const char *cmdline_trimmed;
- uint64_t net_ns_inode;
-
- proc_dir = opendir(proc_filename);
- if (proc_dir == NULL) {
- local_sockets_log(ls, "cannot opendir() '%s'", proc_filename);
- ls->stats.pid_fds_readlink_failed++;
- return false;
- }
-
- while ((proc_entry = readdir(proc_dir)) != NULL) {
- if(proc_entry->d_type != DT_DIR)
- continue;
-
- if(!strcmp(proc_entry->d_name, ".") || !strcmp(proc_entry->d_name, ".."))
- continue;
-
- if(!local_sockets_is_path_a_pid(proc_entry->d_name))
- continue;
-
- // Build the path to the fd directory of the process
- snprintfz(filename, FILENAME_MAX, "%s/%s/fd/", proc_filename, proc_entry->d_name);
- DIR *fd_dir = opendir(filename);
- if (fd_dir == NULL) {
- local_sockets_log(ls, "cannot opendir() '%s'", filename);
- ls->stats.pid_fds_opendir_failed++;
- continue;
- }
-
- comm[0] = '\0';
- cmdline[0] = '\0';
- cmdline_trimmed = NULL;
- pid_t pid = (pid_t)strtoul(proc_entry->d_name, NULL, 10);
- if(!pid) {
- local_sockets_log(ls, "cannot parse pid of '%s'", proc_entry->d_name);
- closedir(fd_dir);
- continue;
- }
- net_ns_inode = 0;
- uid_t uid = UID_UNSET;
-
- struct dirent *fd_entry;
- while ((fd_entry = readdir(fd_dir)) != NULL) {
- if(fd_entry->d_type != DT_LNK)
- continue;
-
- snprintfz(filename, sizeof(filename), "%s/%s/fd/%s", proc_filename, proc_entry->d_name, fd_entry->d_name);
- uint64_t inode = 0;
- if(!local_sockets_read_proc_inode_link(ls, filename, &inode, "socket"))
- continue;
-
- SIMPLE_HASHTABLE_SLOT_PID_SOCKET *sl = simple_hashtable_get_slot_PID_SOCKET(&ls->pid_sockets_hashtable, inode, &inode, true);
- struct pid_socket *ps = SIMPLE_HASHTABLE_SLOT_DATA(sl);
- if(!ps || (ps->pid == 1 && pid != 1)) {
- if(uid == UID_UNSET && ls->config.uid) {
- char status_buf[512];
- snprintfz(filename, sizeof(filename), "%s/%s/status", proc_filename, proc_entry->d_name);
- if (read_txt_file(filename, status_buf, sizeof(status_buf)))
- local_sockets_log(ls, "cannot open file: %s\n", filename);
- else {
- char *u = strstr(status_buf, "Uid:");
- if(u) {
- u += 4;
- while(isspace(*u)) u++; // skip spaces
- while(*u >= '0' && *u <= '9') u++; // skip the first number (real uid)
- while(isspace(*u)) u++; // skip spaces again
- uid = strtol(u, NULL, 10); // parse the 2nd number (effective uid)
- }
- }
- }
- if(!comm[0] && ls->config.comm) {
- snprintfz(filename, sizeof(filename), "%s/%s/comm", proc_filename, proc_entry->d_name);
- if (read_txt_file(filename, comm, sizeof(comm)))
- local_sockets_log(ls, "cannot open file: %s\n", filename);
- else {
- size_t clen = strlen(comm);
- if(comm[clen - 1] == '\n')
- comm[clen - 1] = '\0';
- }
- }
- if(!cmdline[0] && ls->config.cmdline) {
- snprintfz(filename, sizeof(filename), "%s/%s/cmdline", proc_filename, proc_entry->d_name);
- if (read_proc_cmdline(filename, cmdline, sizeof(cmdline)))
- local_sockets_log(ls, "cannot open file: %s\n", filename);
- else {
- local_sockets_fix_cmdline(cmdline);
- cmdline_trimmed = trim(cmdline);
- }
- }
- if(!net_ns_inode && ls->config.namespaces) {
- snprintfz(filename, sizeof(filename), "%s/%s/ns/net", proc_filename, proc_entry->d_name);
- if(local_sockets_read_proc_inode_link(ls, filename, &net_ns_inode, "net")) {
- SIMPLE_HASHTABLE_SLOT_NET_NS *sl_ns = simple_hashtable_get_slot_NET_NS(&ls->ns_hashtable, net_ns_inode, (uint64_t *)net_ns_inode, true);
- simple_hashtable_set_slot_NET_NS(&ls->ns_hashtable, sl_ns, net_ns_inode, (uint64_t *)net_ns_inode);
- }
- }
-
- if(!ps)
- ps = aral_callocz(ls->pid_socket_aral);
-
- ps->inode = inode;
- ps->pid = pid;
- ps->uid = uid;
- ps->net_ns_inode = net_ns_inode;
- strncpyz(ps->comm, comm, sizeof(ps->comm) - 1);
-
- if(ps->cmdline)
- freez(ps->cmdline);
-
- ps->cmdline = cmdline_trimmed ? strdupz(cmdline_trimmed) : NULL;
- simple_hashtable_set_slot_PID_SOCKET(&ls->pid_sockets_hashtable, sl, inode, ps);
- }
- }
-
- closedir(fd_dir);
- }
-
- closedir(proc_dir);
- return true;
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static inline void local_sockets_index_listening_port(LS_STATE *ls, LOCAL_SOCKET *n) {
- if(n->direction & SOCKET_DIRECTION_LISTEN) {
- // for the listening sockets, keep a hashtable with all the local ports
- // so that we will be able to detect INBOUND sockets
-
- SIMPLE_HASHTABLE_SLOT_LISTENING_PORT *sl_port =
- simple_hashtable_get_slot_LISTENING_PORT(&ls->listening_ports_hashtable, n->local_port_hash, &n->local_port_key, true);
-
- struct local_port *port = SIMPLE_HASHTABLE_SLOT_DATA(sl_port);
- if(!port)
- simple_hashtable_set_slot_LISTENING_PORT(&ls->listening_ports_hashtable, sl_port, n->local_port_hash, &n->local_port_key);
- }
-}
-
-static inline bool local_sockets_add_socket(LS_STATE *ls, LOCAL_SOCKET *tmp) {
- if(!tmp->inode) return false;
-
- SIMPLE_HASHTABLE_SLOT_LOCAL_SOCKET *sl = simple_hashtable_get_slot_LOCAL_SOCKET(&ls->sockets_hashtable, tmp->inode, &tmp->inode, true);
- LOCAL_SOCKET *n = SIMPLE_HASHTABLE_SLOT_DATA(sl);
- if(n) {
- local_sockets_log(ls, "inode %" PRIu64" already exists in hashtable - ignoring duplicate", tmp->inode);
- return false;
- }
-
- n = aral_mallocz(ls->local_socket_aral);
- *n = *tmp; // copy all contents
-
- // fix the key
- n->local_port_key.port = n->local.port;
- n->local_port_key.family = n->local.family;
- n->local_port_key.protocol = n->local.protocol;
- n->local_port_key.net_ns_inode = ls->proc_self_net_ns_inode;
-
- n->local_ip_hash = XXH3_64bits(&n->local.ip, sizeof(n->local.ip));
- n->remote_ip_hash = XXH3_64bits(&n->remote.ip, sizeof(n->remote.ip));
- n->local_port_hash = XXH3_64bits(&n->local_port_key, sizeof(n->local_port_key));
-
- // --- look up a pid for it -----------------------------------------------------------------------------------
-
- SIMPLE_HASHTABLE_SLOT_PID_SOCKET *sl_pid = simple_hashtable_get_slot_PID_SOCKET(&ls->pid_sockets_hashtable, n->inode, &n->inode, false);
- struct pid_socket *ps = SIMPLE_HASHTABLE_SLOT_DATA(sl_pid);
- if(ps) {
- n->net_ns_inode = ps->net_ns_inode;
- n->pid = ps->pid;
-
- if(ps->uid != UID_UNSET && n->uid == UID_UNSET)
- n->uid = ps->uid;
-
- if(ps->cmdline)
- n->cmdline = string_strdupz(ps->cmdline);
-
- strncpyz(n->comm, ps->comm, sizeof(n->comm) - 1);
- }
-
- // --- index it -----------------------------------------------------------------------------------------------
-
- simple_hashtable_set_slot_LOCAL_SOCKET(&ls->sockets_hashtable, sl, n->inode, n);
-
- if(!local_sockets_is_zero_address(&n->local)) {
- // put all the local IPs into the local_ips hashtable
- // so, we learn all local IPs the system has
-
- SIMPLE_HASHTABLE_SLOT_LOCAL_IP *sl_ip =
- simple_hashtable_get_slot_LOCAL_IP(&ls->local_ips_hashtable, n->local_ip_hash, &n->local.ip, true);
-
- union ipv46 *ip = SIMPLE_HASHTABLE_SLOT_DATA(sl_ip);
- if(!ip)
- simple_hashtable_set_slot_LOCAL_IP(&ls->local_ips_hashtable, sl_ip, n->local_ip_hash, &n->local.ip);
- }
-
- // --- 1st phase for direction detection ----------------------------------------------------------------------
-
- if((n->local.protocol == IPPROTO_TCP && n->state == TCP_LISTEN) ||
- local_sockets_is_zero_address(&n->local) ||
- local_sockets_is_zero_address(&n->remote)) {
- // the socket is either in a TCP LISTEN, or
- // the remote address is zero
- n->direction |= SOCKET_DIRECTION_LISTEN;
- }
- else {
- // we can't say yet if it is inbound or outboud
- // so, mark it as both inbound and outbound
- n->direction |= SOCKET_DIRECTION_INBOUND | SOCKET_DIRECTION_OUTBOUND;
- }
-
- // --- index it in LISTENING_PORT -----------------------------------------------------------------------------
-
- local_sockets_index_listening_port(ls, n);
-
- return true;
-}
-
-#ifdef HAVE_LIBMNL
-
-static inline void local_sockets_libmnl_init(LS_STATE *ls) {
- ls->nl = mnl_socket_open(NETLINK_INET_DIAG);
- if (ls->nl == NULL) {
- local_sockets_log(ls, "cannot open libmnl netlink socket");
- ls->use_nl = false;
- }
- else if (mnl_socket_bind(ls->nl, 0, MNL_SOCKET_AUTOPID) < 0) {
- local_sockets_log(ls, "cannot bind libmnl netlink socket");
- mnl_socket_close(ls->nl);
- ls->nl = NULL;
- ls->use_nl = false;
- }
- else
- ls->use_nl = true;
-}
-
-static inline void local_sockets_libmnl_cleanup(LS_STATE *ls) {
- if(ls->nl) {
- mnl_socket_close(ls->nl);
- ls->nl = NULL;
- ls->use_nl = false;
- }
-}
-
-static inline int local_sockets_libmnl_cb_data(const struct nlmsghdr *nlh, void *data) {
- LS_STATE *ls = data;
-
- struct inet_diag_msg *diag_msg = mnl_nlmsg_get_payload(nlh);
-
- LOCAL_SOCKET n = {
- .inode = diag_msg->idiag_inode,
- .direction = SOCKET_DIRECTION_NONE,
- .state = diag_msg->idiag_state,
- .ipv6ony = {
- .checked = false,
- .ipv46 = false,
- },
- .local = {
- .protocol = ls->tmp_protocol,
- .family = diag_msg->idiag_family,
- .port = ntohs(diag_msg->id.idiag_sport),
- },
- .remote = {
- .protocol = ls->tmp_protocol,
- .family = diag_msg->idiag_family,
- .port = ntohs(diag_msg->id.idiag_dport),
- },
- .timer = diag_msg->idiag_timer,
- .retransmits = diag_msg->idiag_retrans,
- .expires = diag_msg->idiag_expires,
- .rqueue = diag_msg->idiag_rqueue,
- .wqueue = diag_msg->idiag_wqueue,
- .uid = diag_msg->idiag_uid,
- };
-
- if (diag_msg->idiag_family == AF_INET) {
- memcpy(&n.local.ip.ipv4, diag_msg->id.idiag_src, sizeof(n.local.ip.ipv4));
- memcpy(&n.remote.ip.ipv4, diag_msg->id.idiag_dst, sizeof(n.remote.ip.ipv4));
- }
- else if (diag_msg->idiag_family == AF_INET6) {
- memcpy(&n.local.ip.ipv6, diag_msg->id.idiag_src, sizeof(n.local.ip.ipv6));
- memcpy(&n.remote.ip.ipv6, diag_msg->id.idiag_dst, sizeof(n.remote.ip.ipv6));
- }
-
- struct rtattr *attr = (struct rtattr *)(diag_msg + 1);
- int rtattrlen = nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*diag_msg));
- for (; !n.ipv6ony.checked && RTA_OK(attr, rtattrlen); attr = RTA_NEXT(attr, rtattrlen)) {
- switch (attr->rta_type) {
- case INET_DIAG_INFO: {
- if(ls->tmp_protocol == IPPROTO_TCP) {
- struct tcp_info *info = (struct tcp_info *)RTA_DATA(attr);
- n.info.tcp = *info;
- ls->stats.tcp_info_received++;
- }
- }
- break;
-
- case INET_DIAG_SKV6ONLY: {
- n.ipv6ony.checked = true;
- int ipv6only = *(int *)RTA_DATA(attr);
- n.ipv6ony.ipv46 = !ipv6only;
- }
- break;
-
- default:
- break;
- }
- }
-
- local_sockets_add_socket(ls, &n);
-
- return MNL_CB_OK;
-}
-
-static inline bool local_sockets_libmnl_get_sockets(LS_STATE *ls, uint16_t family, uint16_t protocol) {
- ls->tmp_protocol = protocol;
-
- char buf[MNL_SOCKET_BUFFER_SIZE];
- struct nlmsghdr *nlh;
- struct inet_diag_req_v2 req;
- unsigned int seq, portid = mnl_socket_get_portid(ls->nl);
-
- memset(&req, 0, sizeof(req));
- req.sdiag_family = family;
- req.sdiag_protocol = protocol;
- req.idiag_states = -1;
- req.idiag_ext = 0;
-
- if(family == AF_INET6)
- req.idiag_ext |= 1 << (INET_DIAG_SKV6ONLY - 1);
-
- if(protocol == IPPROTO_TCP && ls->config.tcp_info)
- req.idiag_ext |= 1 << (INET_DIAG_INFO - 1);
-
- nlh = mnl_nlmsg_put_header(buf);
- nlh->nlmsg_type = SOCK_DIAG_BY_FAMILY;
- nlh->nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST;
- nlh->nlmsg_seq = seq = time(NULL);
- mnl_nlmsg_put_extra_header(nlh, sizeof(req));
- memcpy(mnl_nlmsg_get_payload(nlh), &req, sizeof(req));
-
- ls->stats.mnl_sends++;
- if (mnl_socket_sendto(ls->nl, nlh, nlh->nlmsg_len) < 0) {
- local_sockets_log(ls, "mnl_socket_send failed");
- return false;
- }
-
- ssize_t ret;
- while ((ret = mnl_socket_recvfrom(ls->nl, buf, sizeof(buf))) > 0) {
- ret = mnl_cb_run(buf, ret, seq, portid, local_sockets_libmnl_cb_data, ls);
- if (ret <= MNL_CB_STOP)
- break;
- }
- if (ret == -1) {
- local_sockets_log(ls, "mnl_socket_recvfrom");
- return false;
- }
-
- return true;
-}
-#endif // HAVE_LIBMNL
-
-static inline bool local_sockets_read_proc_net_x(LS_STATE *ls, const char *filename, uint16_t family, uint16_t protocol) {
- static bool is_space[256] = {
- [':'] = true,
- [' '] = true,
- };
-
- if(family != AF_INET && family != AF_INET6)
- return false;
-
- FILE *fp = fopen(filename, "r");
- if (fp == NULL)
- return false;
-
- char *line = malloc(1024); // no mallocz() here because getline() may resize
- if(!line) {
- fclose(fp);
- return false;
- }
-
- size_t len = 1024;
- ssize_t read;
-
- ssize_t min_line_length = (family == AF_INET) ? 105 : 155;
- size_t counter = 0;
-
- // Read line by line
- while ((read = getline(&line, &len, fp)) != -1) {
- if(counter++ == 0) continue; // skip the first line
-
- if(read < min_line_length) {
- local_sockets_log(ls, "too small line No %zu of filename '%s': %s", counter, filename, line);
- continue;
- }
-
- LOCAL_SOCKET n = {
- .direction = SOCKET_DIRECTION_NONE,
- .ipv6ony = {
- .checked = false,
- .ipv46 = false,
- },
- .local = {
- .family = family,
- .protocol = protocol,
- },
- .remote = {
- .family = family,
- .protocol = protocol,
- },
- .uid = UID_UNSET,
- };
-
- char *words[32];
- size_t num_words = quoted_strings_splitter(line, words, 32, is_space);
- // char *sl_txt = get_word(words, num_words, 0);
- char *local_ip_txt = get_word(words, num_words, 1);
- char *local_port_txt = get_word(words, num_words, 2);
- char *remote_ip_txt = get_word(words, num_words, 3);
- char *remote_port_txt = get_word(words, num_words, 4);
- char *state_txt = get_word(words, num_words, 5);
- char *tx_queue_txt = get_word(words, num_words, 6);
- char *rx_queue_txt = get_word(words, num_words, 7);
- char *tr_txt = get_word(words, num_words, 8);
- char *tm_when_txt = get_word(words, num_words, 9);
- char *retrans_txt = get_word(words, num_words, 10);
- char *uid_txt = get_word(words, num_words, 11);
- // char *timeout_txt = get_word(words, num_words, 12);
- char *inode_txt = get_word(words, num_words, 13);
-
- if(!local_ip_txt || !local_port_txt || !remote_ip_txt || !remote_port_txt || !state_txt ||
- !tx_queue_txt || !rx_queue_txt || !tr_txt || !tm_when_txt || !retrans_txt || !uid_txt || !inode_txt) {
- local_sockets_log(ls, "cannot parse ipv4 line No %zu of filename '%s'", counter, filename);
- continue;
- }
-
- n.local.port = str2uint32_hex(local_port_txt, NULL);
- n.remote.port = str2uint32_hex(remote_port_txt, NULL);
- n.state = str2uint32_hex(state_txt, NULL);
- n.wqueue = str2uint32_hex(tx_queue_txt, NULL);
- n.rqueue = str2uint32_hex(rx_queue_txt, NULL);
- n.timer = str2uint32_hex(tr_txt, NULL);
- n.expires = str2uint32_hex(tm_when_txt, NULL);
- n.retransmits = str2uint32_hex(retrans_txt, NULL);
- n.uid = str2uint32_t(uid_txt, NULL);
- n.inode = str2uint64_t(inode_txt, NULL);
-
- if(family == AF_INET) {
- n.local.ip.ipv4 = str2uint32_hex(local_ip_txt, NULL);
- n.remote.ip.ipv4 = str2uint32_hex(remote_ip_txt, NULL);
- }
- else if(family == AF_INET6) {
- ipv6_to_in6_addr(local_ip_txt, &n.local.ip.ipv6);
- ipv6_to_in6_addr(remote_ip_txt, &n.remote.ip.ipv6);
- }
-
- local_sockets_add_socket(ls, &n);
- }
-
- fclose(fp);
-
- if (line)
- free(line); // no freez() here because getline() may resize
-
- return true;
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static inline void local_sockets_detect_directions(LS_STATE *ls) {
- for(SIMPLE_HASHTABLE_SLOT_LOCAL_SOCKET *sl = simple_hashtable_first_read_only_LOCAL_SOCKET(&ls->sockets_hashtable);
- sl ;
- sl = simple_hashtable_next_read_only_LOCAL_SOCKET(&ls->sockets_hashtable, sl)) {
- LOCAL_SOCKET *n = SIMPLE_HASHTABLE_SLOT_DATA(sl);
- if (!n) continue;
-
- if ((n->direction & (SOCKET_DIRECTION_INBOUND|SOCKET_DIRECTION_OUTBOUND)) !=
- (SOCKET_DIRECTION_INBOUND|SOCKET_DIRECTION_OUTBOUND))
- continue;
-
- // check if the local port is one of our listening ports
- {
- SIMPLE_HASHTABLE_SLOT_LISTENING_PORT *sl_port =
- simple_hashtable_get_slot_LISTENING_PORT(&ls->listening_ports_hashtable, n->local_port_hash, &n->local_port_key, false);
-
- struct local_port *port = SIMPLE_HASHTABLE_SLOT_DATA(sl_port); // do not reference this pointer - is invalid
- if(port) {
- // the local port of this socket is a port we listen to
- n->direction &= ~SOCKET_DIRECTION_OUTBOUND;
- }
- else
- n->direction &= ~SOCKET_DIRECTION_INBOUND;
- }
-
- // check if the remote IP is one of our local IPs
- {
- SIMPLE_HASHTABLE_SLOT_LOCAL_IP *sl_ip =
- simple_hashtable_get_slot_LOCAL_IP(&ls->local_ips_hashtable, n->remote_ip_hash, &n->remote.ip, false);
-
- union ipv46 *d = SIMPLE_HASHTABLE_SLOT_DATA(sl_ip);
- if (d) {
- // the remote IP of this socket is one of our local IPs
- if(n->direction & SOCKET_DIRECTION_INBOUND) {
- n->direction &= ~SOCKET_DIRECTION_INBOUND;
- n->direction |= SOCKET_DIRECTION_LOCAL_INBOUND;
- }
- else if(n->direction & SOCKET_DIRECTION_OUTBOUND) {
- n->direction &= ~SOCKET_DIRECTION_OUTBOUND;
- n->direction |= SOCKET_DIRECTION_LOCAL_OUTBOUND;
- }
- continue;
- }
- }
-
- if (local_sockets_is_loopback_address(&n->local) ||
- local_sockets_is_loopback_address(&n->remote)) {
- // both IP addresses are loopback
- if(n->direction & SOCKET_DIRECTION_INBOUND) {
- n->direction &= ~SOCKET_DIRECTION_INBOUND;
- n->direction |= SOCKET_DIRECTION_LOCAL_INBOUND;
- }
- else if(n->direction & SOCKET_DIRECTION_OUTBOUND) {
- n->direction &= ~SOCKET_DIRECTION_OUTBOUND;
- n->direction |= SOCKET_DIRECTION_LOCAL_OUTBOUND;
- }
- }
- }
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static inline void local_sockets_init(LS_STATE *ls) {
- ls->config.host_prefix = netdata_configured_host_prefix;
-
- spinlock_init(&ls->spinlock);
-
- simple_hashtable_init_NET_NS(&ls->ns_hashtable, 1024);
- simple_hashtable_init_PID_SOCKET(&ls->pid_sockets_hashtable, 65535);
- simple_hashtable_init_LOCAL_SOCKET(&ls->sockets_hashtable, 65535);
- simple_hashtable_init_LOCAL_IP(&ls->local_ips_hashtable, 4096);
- simple_hashtable_init_LISTENING_PORT(&ls->listening_ports_hashtable, 4096);
-
- ls->local_socket_aral = aral_create(
- "local-sockets",
- sizeof(LOCAL_SOCKET),
- 65536,
- 65536,
- NULL, NULL, NULL, false, true);
-
- ls->pid_socket_aral = aral_create(
- "pid-sockets",
- sizeof(struct pid_socket),
- 65536,
- 65536,
- NULL, NULL, NULL, false, true);
-
- memset(&ls->stats, 0, sizeof(ls->stats));
-
-#ifdef HAVE_LIBMNL
- ls->use_nl = false;
- ls->nl = NULL;
- ls->tmp_protocol = 0;
- local_sockets_libmnl_init(ls);
-#endif
-
- if(ls->config.namespaces && ls->spawn_server == NULL) {
- ls->spawn_server = spawn_server_create(SPAWN_SERVER_OPTION_CALLBACK, NULL, local_sockets_spawn_server_callback, 0, NULL);
- ls->spawn_server_is_mine = true;
- }
- else
- ls->spawn_server_is_mine = false;
-}
-
-static inline void local_sockets_cleanup(LS_STATE *ls) {
-
- if(ls->spawn_server_is_mine) {
- spawn_server_destroy(ls->spawn_server);
- ls->spawn_server = NULL;
- ls->spawn_server_is_mine = false;
- }
-
-#ifdef HAVE_LIBMNL
- local_sockets_libmnl_cleanup(ls);
-#endif
-
- // free the sockets hashtable data
- for(SIMPLE_HASHTABLE_SLOT_LOCAL_SOCKET *sl = simple_hashtable_first_read_only_LOCAL_SOCKET(&ls->sockets_hashtable);
- sl;
- sl = simple_hashtable_next_read_only_LOCAL_SOCKET(&ls->sockets_hashtable, sl)) {
- LOCAL_SOCKET *n = SIMPLE_HASHTABLE_SLOT_DATA(sl);
- if(!n) continue;
-
- string_freez(n->cmdline);
- aral_freez(ls->local_socket_aral, n);
- }
-
- // free the pid_socket hashtable data
- for(SIMPLE_HASHTABLE_SLOT_PID_SOCKET *sl = simple_hashtable_first_read_only_PID_SOCKET(&ls->pid_sockets_hashtable);
- sl;
- sl = simple_hashtable_next_read_only_PID_SOCKET(&ls->pid_sockets_hashtable, sl)) {
- struct pid_socket *ps = SIMPLE_HASHTABLE_SLOT_DATA(sl);
- if(!ps) continue;
-
- freez(ps->cmdline);
- aral_freez(ls->pid_socket_aral, ps);
- }
-
- // free the hashtable
- simple_hashtable_destroy_NET_NS(&ls->ns_hashtable);
- simple_hashtable_destroy_PID_SOCKET(&ls->pid_sockets_hashtable);
- simple_hashtable_destroy_LISTENING_PORT(&ls->listening_ports_hashtable);
- simple_hashtable_destroy_LOCAL_IP(&ls->local_ips_hashtable);
- simple_hashtable_destroy_LOCAL_SOCKET(&ls->sockets_hashtable);
-
- aral_destroy(ls->local_socket_aral);
- aral_destroy(ls->pid_socket_aral);
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static inline void local_sockets_do_family_protocol(LS_STATE *ls, const char *filename, uint16_t family, uint16_t protocol) {
-#ifdef HAVE_LIBMNL
- if(ls->nl && ls->use_nl) {
- ls->use_nl = local_sockets_libmnl_get_sockets(ls, family, protocol);
-
- if(ls->use_nl)
- return;
- }
-#endif
-
- local_sockets_read_proc_net_x(ls, filename, family, protocol);
-}
-
-static inline void local_sockets_read_all_system_sockets(LS_STATE *ls) {
- char path[FILENAME_MAX + 1];
-
- if(ls->config.namespaces) {
- snprintfz(path, sizeof(path), "%s/proc/self/ns/net", ls->config.host_prefix);
- local_sockets_read_proc_inode_link(ls, path, &ls->proc_self_net_ns_inode, "net");
- }
-
- if(ls->config.cmdline || ls->config.comm || ls->config.pid || ls->config.namespaces) {
- snprintfz(path, sizeof(path), "%s/proc", ls->config.host_prefix);
- local_sockets_find_all_sockets_in_proc(ls, path);
- }
-
- if(ls->config.tcp4) {
- snprintfz(path, sizeof(path), "%s/proc/net/tcp", ls->config.host_prefix);
- local_sockets_do_family_protocol(ls, path, AF_INET, IPPROTO_TCP);
- }
-
- if(ls->config.udp4) {
- snprintfz(path, sizeof(path), "%s/proc/net/udp", ls->config.host_prefix);
- local_sockets_do_family_protocol(ls, path, AF_INET, IPPROTO_UDP);
- }
-
- if(ls->config.tcp6) {
- snprintfz(path, sizeof(path), "%s/proc/net/tcp6", ls->config.host_prefix);
- local_sockets_do_family_protocol(ls, path, AF_INET6, IPPROTO_TCP);
- }
-
- if(ls->config.udp6) {
- snprintfz(path, sizeof(path), "%s/proc/net/udp6", ls->config.host_prefix);
- local_sockets_do_family_protocol(ls, path, AF_INET6, IPPROTO_UDP);
- }
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-struct local_sockets_child_work {
- int fd;
- uint64_t net_ns_inode;
-};
-
-static inline void local_sockets_send_to_parent(struct local_socket_state *ls __maybe_unused, struct local_socket *n, void *data) {
- struct local_sockets_child_work *cw = data;
- int fd = cw->fd;
-
- if(n->net_ns_inode != cw->net_ns_inode)
- return;
-
- // local_sockets_log(ls, "child is sending inode %"PRIu64" of namespace %"PRIu64, n->inode, n->net_ns_inode);
-
- if(write(fd, n, sizeof(*n)) != sizeof(*n))
- local_sockets_log(ls, "failed to write local socket to pipe");
-
- size_t len = n->cmdline ? string_strlen(n->cmdline) + 1 : 0;
- if(write(fd, &len, sizeof(len)) != sizeof(len))
- local_sockets_log(ls, "failed to write cmdline length to pipe");
-
- if(len)
- if(write(fd, string2str(n->cmdline), len) != (ssize_t)len)
- local_sockets_log(ls, "failed to write cmdline to pipe");
-}
-
-static inline void local_sockets_spawn_server_callback(SPAWN_REQUEST *request) {
- LS_STATE ls = { 0 };
- ls.config = *((struct local_sockets_config *)request->data);
-
- // we don't need these inside namespaces
- ls.config.cmdline = false;
- ls.config.comm = false;
- ls.config.pid = false;
- ls.config.namespaces = false;
-
- // initialize local sockets
- local_sockets_init(&ls);
-
- ls.config.host_prefix = ""; // we need the /proc of the container
-
- struct local_sockets_child_work cw = {
- .net_ns_inode = ls.proc_self_net_ns_inode,
- .fd = request->fds[1], // stdout
- };
-
- ls.config.cb = local_sockets_send_to_parent;
- ls.config.data = &cw;
- ls.proc_self_net_ns_inode = ls.config.net_ns_inode;
-
- // switch namespace using the custom fd passed via the spawn server
- if (setns(request->fds[3], CLONE_NEWNET) == -1) {
- local_sockets_log(&ls, "failed to switch network namespace at child process using fd %d", request->fds[3]);
- exit(EXIT_FAILURE);
- }
-
- // read all sockets from /proc
- local_sockets_read_all_system_sockets(&ls);
-
- // send all sockets to parent
- local_sockets_foreach_local_socket_call_cb(&ls);
-
- // send the terminating socket
- struct local_socket zero = {
- .net_ns_inode = ls.config.net_ns_inode,
- };
- local_sockets_send_to_parent(&ls, &zero, &cw);
-
- exit(EXIT_SUCCESS);
-}
-
-static inline bool local_sockets_get_namespace_sockets_with_pid(LS_STATE *ls, struct pid_socket *ps) {
- char filename[1024];
- snprintfz(filename, sizeof(filename), "%s/proc/%d/ns/net", ls->config.host_prefix, ps->pid);
-
- // verify the pid is in the target namespace
- int fd = open(filename, O_RDONLY | O_CLOEXEC);
- if (fd == -1) {
- local_sockets_log(ls, "cannot open file '%s'", filename);
- return false;
- }
-
- struct stat statbuf;
- if (fstat(fd, &statbuf) == -1) {
- close(fd);
- local_sockets_log(ls, "failed to get file statistics for '%s'", filename);
- return false;
- }
-
- if (statbuf.st_ino != ps->net_ns_inode) {
- close(fd);
- local_sockets_log(ls, "pid %d is not in the wanted network namespace", ps->pid);
- return false;
- }
-
- if(ls->spawn_server == NULL) {
- close(fd);
- local_sockets_log(ls, "spawn server is not available");
- return false;
- }
-
- struct local_sockets_config config = ls->config;
- config.net_ns_inode = ps->net_ns_inode;
- SPAWN_INSTANCE *si = spawn_server_exec(ls->spawn_server, STDERR_FILENO, fd, NULL, &config, sizeof(config), SPAWN_INSTANCE_TYPE_CALLBACK);
- close(fd); fd = -1;
-
- if(si == NULL) {
- local_sockets_log(ls, "cannot create spawn instance");
- return false;
- }
-
- size_t received = 0;
- struct local_socket buf;
- while(read(spawn_server_instance_read_fd(si), &buf, sizeof(buf)) == sizeof(buf)) {
- size_t len = 0;
- if(read(spawn_server_instance_read_fd(si), &len, sizeof(len)) != sizeof(len))
- local_sockets_log(ls, "failed to read cmdline length from pipe");
-
- if(len) {
- char cmdline[len + 1];
- if(read(spawn_server_instance_read_fd(si), cmdline, len) != (ssize_t)len)
- local_sockets_log(ls, "failed to read cmdline from pipe");
- else {
- cmdline[len] = '\0';
- buf.cmdline = string_strdupz(cmdline);
- }
- }
- else
- buf.cmdline = NULL;
-
- received++;
-
- struct local_socket zero = {
- .net_ns_inode = ps->net_ns_inode,
- };
- if(memcmp(&buf, &zero, sizeof(buf)) == 0) {
- // the terminator
- break;
- }
-
- spinlock_lock(&ls->spinlock);
-
- SIMPLE_HASHTABLE_SLOT_LOCAL_SOCKET *sl = simple_hashtable_get_slot_LOCAL_SOCKET(&ls->sockets_hashtable, buf.inode, &buf, true);
- LOCAL_SOCKET *n = SIMPLE_HASHTABLE_SLOT_DATA(sl);
- if(n) {
- string_freez(buf.cmdline);
-// local_sockets_log(ls,
-// "ns inode %" PRIu64" (comm: '%s', pid: %u, ns: %"PRIu64") already exists in hashtable (comm: '%s', pid: %u, ns: %"PRIu64") - ignoring duplicate",
-// buf.inode, buf.comm, buf.pid, buf.net_ns_inode, n->comm, n->pid, n->net_ns_inode);
- }
- else {
- n = aral_mallocz(ls->local_socket_aral);
- memcpy(n, &buf, sizeof(*n));
- simple_hashtable_set_slot_LOCAL_SOCKET(&ls->sockets_hashtable, sl, n->inode, n);
-
- local_sockets_index_listening_port(ls, n);
- }
-
- spinlock_unlock(&ls->spinlock);
- }
-
- spawn_server_exec_kill(ls->spawn_server, si);
- return received > 0;
-}
-
-struct local_sockets_namespace_worker {
- LS_STATE *ls;
- uint64_t inode;
-};
-
-static inline void *local_sockets_get_namespace_sockets(void *arg) {
- struct local_sockets_namespace_worker *data = arg;
- LS_STATE *ls = data->ls;
- const uint64_t inode = data->inode;
-
- spinlock_lock(&ls->spinlock);
-
- // find a pid_socket that has this namespace
- for(SIMPLE_HASHTABLE_SLOT_PID_SOCKET *sl_pid = simple_hashtable_first_read_only_PID_SOCKET(&ls->pid_sockets_hashtable) ;
- sl_pid ;
- sl_pid = simple_hashtable_next_read_only_PID_SOCKET(&ls->pid_sockets_hashtable, sl_pid)) {
- struct pid_socket *ps = SIMPLE_HASHTABLE_SLOT_DATA(sl_pid);
- if(!ps || ps->net_ns_inode != inode) continue;
-
- // now we have a pid that has the same namespace inode
-
- spinlock_unlock(&ls->spinlock);
- const bool worked = local_sockets_get_namespace_sockets_with_pid(ls, ps);
- spinlock_lock(&ls->spinlock);
-
- if(worked)
- break;
- }
-
- spinlock_unlock(&ls->spinlock);
-
- return NULL;
-}
-
-static inline void local_sockets_namespaces(LS_STATE *ls) {
- size_t threads = ls->config.max_concurrent_namespaces;
- if(threads == 0) threads = 5;
- if(threads > 100) threads = 100;
-
- size_t last_thread = 0;
- ND_THREAD *workers[threads];
- struct local_sockets_namespace_worker workers_data[threads];
- memset(workers, 0, sizeof(workers));
- memset(workers_data, 0, sizeof(workers_data));
-
- spinlock_lock(&ls->spinlock);
-
- for(SIMPLE_HASHTABLE_SLOT_NET_NS *sl = simple_hashtable_first_read_only_NET_NS(&ls->ns_hashtable);
- sl;
- sl = simple_hashtable_next_read_only_NET_NS(&ls->ns_hashtable, sl)) {
- const uint64_t inode = (uint64_t)SIMPLE_HASHTABLE_SLOT_DATA(sl);
-
- if(inode == ls->proc_self_net_ns_inode)
- continue;
-
- spinlock_unlock(&ls->spinlock);
-
- ls->stats.namespaces_found++;
-
- if(workers[last_thread] != NULL) {
- if(++last_thread >= threads)
- last_thread = 0;
-
- if(workers[last_thread]) {
- nd_thread_join(workers[last_thread]);
- workers[last_thread] = NULL;
- }
- }
-
- workers_data[last_thread].ls = ls;
- workers_data[last_thread].inode = inode;
- workers[last_thread] = nd_thread_create(
- "local-sockets-worker", NETDATA_THREAD_OPTION_JOINABLE,
- local_sockets_get_namespace_sockets, &workers_data[last_thread]);
-
- spinlock_lock(&ls->spinlock);
- }
-
- spinlock_unlock(&ls->spinlock);
-
- // wait all the threads running
- for(size_t i = 0; i < threads ;i++) {
- if(workers[i])
- nd_thread_join(workers[i]);
- }
-}
-
-// --------------------------------------------------------------------------------------------------------------------
-
-static inline void local_sockets_process(LS_STATE *ls) {
- // initialize our hashtables
- local_sockets_init(ls);
-
- // read all sockets from /proc
- local_sockets_read_all_system_sockets(ls);
-
- // check all socket namespaces
- if(ls->config.namespaces)
- local_sockets_namespaces(ls);
-
- // detect the directions of the sockets
- if(ls->config.inbound || ls->config.outbound || ls->config.local)
- local_sockets_detect_directions(ls);
-
- // call the callback for each socket
- local_sockets_foreach_local_socket_call_cb(ls);
-
- // free all memory
- local_sockets_cleanup(ls);
-}
-
-static inline void ipv6_address_to_txt(struct in6_addr *in6_addr, char *dst) {
- struct sockaddr_in6 sa = { 0 };
-
- sa.sin6_family = AF_INET6;
- sa.sin6_port = htons(0);
- sa.sin6_addr = *in6_addr;
-
- // Convert to human-readable format
- if (inet_ntop(AF_INET6, &(sa.sin6_addr), dst, INET6_ADDRSTRLEN) == NULL)
- *dst = '\0';
-}
-
-static inline void ipv4_address_to_txt(uint32_t ip, char *dst) {
- uint8_t octets[4];
- octets[0] = ip & 0xFF;
- octets[1] = (ip >> 8) & 0xFF;
- octets[2] = (ip >> 16) & 0xFF;
- octets[3] = (ip >> 24) & 0xFF;
- sprintf(dst, "%u.%u.%u.%u", octets[0], octets[1], octets[2], octets[3]);
-}
-
-#endif //NETDATA_LOCAL_SOCKETS_H