tailscale/portlist/netstat.go

// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build !ios && !js
// +build !ios,!js

package portlist

import (
	"sort"
	"strconv"
	"strings"
)

func parsePort(s string) int {
	// a.b.c.d:1234 or [a:b:c:d]:1234
	i1 := strings.LastIndexByte(s, ':')
	// a.b.c.d.1234 or [a:b:c:d].1234
	i2 := strings.LastIndexByte(s, '.')

	i := i1
	if i2 > i {
		i = i2
	}
	if i < 0 {
		// no match; weird
		return -1
	}

	portstr := s[i+1:]
	if portstr == "*" {
		return 0
	}

	port, err := strconv.ParseUint(portstr, 10, 16)
	if err != nil {
		// invalid port; weird
		return -1
	}

	return int(port)
}

func isLoopbackAddr(s string) bool {
	return strings.HasPrefix(s, "127.") ||
		strings.HasPrefix(s, "[::1]:") ||
		strings.HasPrefix(s, "::1.")
}

type nothing struct{}

// Lowest common denominator parser for "netstat -na" format.
// All of Linux, Windows, and macOS support -na and give similar-ish output
// formats that we can parse without special detection logic.
// Unfortunately, options to filter by proto or state are non-portable,
// so we'll filter for ourselves.
func parsePortsNetstat(output string) List {
	m := map[Port]nothing{}
	lines := strings.Split(string(output), "\n")

	var lastline string
	var lastport Port
	for _, line := range lines {
		trimline := strings.TrimSpace(line)
		cols := strings.Fields(trimline)
		if len(cols) < 1 {
			continue
		}
		protos := strings.ToLower(cols[0])
		var proto, laddr, raddr string
		if strings.HasPrefix(protos, "tcp") {
			if len(cols) < 4 {
				continue
			}
			proto = "tcp"
			laddr = cols[len(cols)-3]
			raddr = cols[len(cols)-2]
			state := cols[len(cols)-1]
			if !strings.HasPrefix(state, "LISTEN") {
				// not interested in non-listener sockets
				continue
			}
			if isLoopbackAddr(laddr) {
				// not interested in loopback-bound listeners
				continue
			}
		} else if strings.HasPrefix(protos, "udp") {
			if len(cols) < 3 {
				continue
			}
			proto = "udp"
			laddr = cols[len(cols)-2]
			raddr = cols[len(cols)-1]
			if isLoopbackAddr(laddr) {
				// not interested in loopback-bound listeners
				continue
			}
		} else if protos[0] == '[' && len(trimline) > 2 {
			// Windows: with netstat -nab, appends a line like:
			//  [description]
			// after the port line.
			p := lastport
			delete(m, lastport)
			proc := trimline[1 : len(trimline)-1]
			if proc == "svchost.exe" && lastline != "" {
				p.Process = argvSubject(lastline)
			} else {
				p.Process = argvSubject(proc)
			}
			m[p] = nothing{}
		} else {
			// not interested in other protocols
			lastline = trimline
			continue
		}

		lport := parsePort(laddr)
		rport := parsePort(raddr)
		if rport != 0 || lport <= 0 {
			// not interested in "connected" sockets
			continue
		}

		p := Port{
			Proto: proto,
			Port:  uint16(lport),
		}
		m[p] = nothing{}
		lastport = p
		lastline = ""
	}

	l := []Port{}
	for p := range m {
		l = append(l, p)
	}
	sort.Slice(l, func(i, j int) bool {
		return (&l[i]).lessThan(&l[j])
	})

	return l
}
Move Linux client & common packages into a public repo. 2020-02-05 14:16:58 -08:00			`// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

wasm: exclude code that's not used on iOS for Wasm too It has similar size constraints. Saves ~1.9MB from the Wasm build. Updates #3157 Signed-off-by: Mihai Parparita <mihai@tailscale.com> 2022-06-06 13:52:52 -07:00			`//go:build !ios && !js`
			`// +build !ios,!js`
portlist: don't depend on osexec package on ios, even if it's unused Continuation of 5bb14c07dce8e5c320. The earlier commit provided the space savings (as the linker could see through that osexec was unused at runtime), but it didn't clean up the dep graph (from go list -json or godepgraph). This removes the netstat.go file from the build too, just so the dep list looks more reasonable. 2020-04-07 08:09:13 -07:00
Move Linux client & common packages into a public repo. 2020-02-05 14:16:58 -08:00			`package portlist`

			`import (`
			`"sort"`
			`"strconv"`
			`"strings"`
			`)`

			`func parsePort(s string) int {`
			`// a.b.c.d:1234 or [a:b:c:d]:1234`
			`i1 := strings.LastIndexByte(s, ':')`
			`// a.b.c.d.1234 or [a:b:c:d].1234`
			`i2 := strings.LastIndexByte(s, '.')`

			`i := i1`
			`if i2 > i {`
			`i = i2`
			`}`
			`if i < 0 {`
			`// no match; weird`
			`return -1`
			`}`

portlist: simplify slice expression. Signed-off-by: David Anderson <dave@natulte.net> 2020-02-10 23:40:56 -08:00			`portstr := s[i+1:]`
Move Linux client & common packages into a public repo. 2020-02-05 14:16:58 -08:00			`if portstr == "*" {`
			`return 0`
			`}`

			`port, err := strconv.ParseUint(portstr, 10, 16)`
			`if err != nil {`
			`// invalid port; weird`
			`return -1`
			`}`

			`return int(port)`
			`}`

portlist: reduce log spam on macOS Running tailscaled on my machine yields lots of entries like: weird: missing {tcp 6060} parsePortsNetstat is filtering out loopback addresses as uninteresting. Then addProcesses is surprised to discover these listening ports, which results in spurious logging. Teach addProcesses to also ignore loopback addresses. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> 2020-09-02 15:42:33 -07:00			`func isLoopbackAddr(s string) bool {`
portlist: filter out all of 127.0.0.0/8, not just 127.0.0.1/32 Per user private bug report. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2021-04-12 09:17:03 -07:00			`return strings.HasPrefix(s, "127.") \|\|`
portlist: exclude services bound to IPv6 loopback address Fixes #1683 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2021-04-12 09:06:57 -07:00			`strings.HasPrefix(s, "[::1]:") \|\|`
			`strings.HasPrefix(s, "::1.")`
portlist: reduce log spam on macOS Running tailscaled on my machine yields lots of entries like: weird: missing {tcp 6060} parsePortsNetstat is filtering out loopback addresses as uninteresting. Then addProcesses is surprised to discover these listening ports, which results in spurious logging. Teach addProcesses to also ignore loopback addresses. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> 2020-09-02 15:42:33 -07:00			`}`

Move Linux client & common packages into a public repo. 2020-02-05 14:16:58 -08:00			`type nothing struct{}`

			`// Lowest common denominator parser for "netstat -na" format.`
			`// All of Linux, Windows, and macOS support -na and give similar-ish output`
			`// formats that we can parse without special detection logic.`
			`// Unfortunately, options to filter by proto or state are non-portable,`
			`// so we'll filter for ourselves.`
			`func parsePortsNetstat(output string) List {`
			`m := map[Port]nothing{}`
			`lines := strings.Split(string(output), "\n")`

			`var lastline string`
			`var lastport Port`
			`for _, line := range lines {`
			`trimline := strings.TrimSpace(line)`
			`cols := strings.Fields(trimline)`
			`if len(cols) < 1 {`
			`continue`
			`}`
			`protos := strings.ToLower(cols[0])`
			`var proto, laddr, raddr string`
			`if strings.HasPrefix(protos, "tcp") {`
			`if len(cols) < 4 {`
			`continue`
			`}`
			`proto = "tcp"`
			`laddr = cols[len(cols)-3]`
			`raddr = cols[len(cols)-2]`
			`state := cols[len(cols)-1]`
			`if !strings.HasPrefix(state, "LISTEN") {`
			`// not interested in non-listener sockets`
			`continue`
			`}`
portlist: reduce log spam on macOS Running tailscaled on my machine yields lots of entries like: weird: missing {tcp 6060} parsePortsNetstat is filtering out loopback addresses as uninteresting. Then addProcesses is surprised to discover these listening ports, which results in spurious logging. Teach addProcesses to also ignore loopback addresses. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> 2020-09-02 15:42:33 -07:00			`if isLoopbackAddr(laddr) {`
portlist: ignore ports bound to localhost Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2020-03-17 20:19:39 -07:00			`// not interested in loopback-bound listeners`
			`continue`
			`}`
Move Linux client & common packages into a public repo. 2020-02-05 14:16:58 -08:00			`} else if strings.HasPrefix(protos, "udp") {`
			`if len(cols) < 3 {`
			`continue`
			`}`
			`proto = "udp"`
			`laddr = cols[len(cols)-2]`
			`raddr = cols[len(cols)-1]`
portlist: reduce log spam on macOS Running tailscaled on my machine yields lots of entries like: weird: missing {tcp 6060} parsePortsNetstat is filtering out loopback addresses as uninteresting. Then addProcesses is surprised to discover these listening ports, which results in spurious logging. Teach addProcesses to also ignore loopback addresses. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> 2020-09-02 15:42:33 -07:00			`if isLoopbackAddr(laddr) {`
portlist: ignore ports bound to localhost Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2020-03-17 20:19:39 -07:00			`// not interested in loopback-bound listeners`
			`continue`
			`}`
Move Linux client & common packages into a public repo. 2020-02-05 14:16:58 -08:00			`} else if protos[0] == '[' && len(trimline) > 2 {`
			`// Windows: with netstat -nab, appends a line like:`
			`// [description]`
			`// after the port line.`
			`p := lastport`
			`delete(m, lastport)`
			`proc := trimline[1 : len(trimline)-1]`
			`if proc == "svchost.exe" && lastline != "" {`
portlist: report a better process name for .Net on linux. Fixes #1440. Signed-off-by: David Anderson <danderson@tailscale.com> 2021-03-03 19:00:41 -08:00			`p.Process = argvSubject(lastline)`
Move Linux client & common packages into a public repo. 2020-02-05 14:16:58 -08:00			`} else {`
portlist: report a better process name for .Net on linux. Fixes #1440. Signed-off-by: David Anderson <danderson@tailscale.com> 2021-03-03 19:00:41 -08:00			`p.Process = argvSubject(proc)`
Move Linux client & common packages into a public repo. 2020-02-05 14:16:58 -08:00			`}`
			`m[p] = nothing{}`
			`} else {`
			`// not interested in other protocols`
			`lastline = trimline`
			`continue`
			`}`

			`lport := parsePort(laddr)`
			`rport := parsePort(raddr)`
			`if rport != 0 \|\| lport <= 0 {`
			`// not interested in "connected" sockets`
			`continue`
			`}`

			`p := Port{`
			`Proto: proto,`
			`Port: uint16(lport),`
			`}`
			`m[p] = nothing{}`
			`lastport = p`
			`lastline = ""`
			`}`

			`l := []Port{}`
			`for p := range m {`
			`l = append(l, p)`
			`}`
			`sort.Slice(l, func(i, j int) bool {`
			`return (&l[i]).lessThan(&l[j])`
			`})`

			`return l`
			`}`