portlist: collect IPv6 listening sockets on linux.

This is important because some of those v6 sockets are actually
dual-stacked sockets, so this is our only chance of discovering
some services.

Fixes #1443.

Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
David Anderson 2021-03-03 20:12:09 -08:00 committed by Dave Anderson
parent 82edf94df7
commit 63a9adeb6c
2 changed files with 137 additions and 42 deletions

View File

@ -10,6 +10,7 @@
"io"
"io/ioutil"
"os"
"path/filepath"
"runtime"
"sort"
"strconv"
@ -26,19 +27,25 @@
// TODO(apenwarr): Include IPv6 ports eventually.
// Right now we don't route IPv6 anyway so it's better to exclude them.
var sockfiles = []string{"/proc/net/tcp", "/proc/net/udp"}
var protos = []string{"tcp", "udp"}
var sockfiles = []string{"/proc/net/tcp", "/proc/net/tcp6", "/proc/net/udp", "/proc/net/udp6"}
var sawProcNetPermissionErr syncs.AtomicBool
const (
v6Localhost = "00000000000000000000000001000000:"
v6Any = "00000000000000000000000000000000:0000"
v4Localhost = "0100007F:"
v4Any = "00000000:0000"
)
func listPorts() (List, error) {
if sawProcNetPermissionErr.Get() {
return nil, nil
}
l := []Port{}
for pi, fname := range sockfiles {
proto := protos[pi]
for _, fname := range sockfiles {
proto := strings.TrimSuffix(filepath.Base(fname), "6")
// Android 10+ doesn't allow access to this anymore.
// https://developer.android.com/about/versions/10/privacy/changes#proc-net-filesystem
@ -59,47 +66,12 @@ func listPorts() (List, error) {
defer f.Close()
r := bufio.NewReader(f)
// skip header row
_, err = r.ReadString('\n')
ports, err := parsePorts(r, proto)
if err != nil {
return nil, err
return nil, fmt.Errorf("parsing %q: %w", fname, err)
}
for err == nil {
line, err := r.ReadString('\n')
if err == io.EOF {
break
}
if err != nil {
return nil, err
}
// sl local rem ... inode
words := strings.Fields(line)
local := words[1]
rem := words[2]
inode := words[9]
// If a port is bound to 127.0.0.1, ignore it.
if strings.HasPrefix(local, "0100007F:") {
continue
}
if rem != "00000000:0000" {
// not a "listener" port
continue
}
portv, err := strconv.ParseUint(local[9:], 16, 16)
if err != nil {
return nil, fmt.Errorf("%#v: %s", local[9:], err)
}
inodev := fmt.Sprintf("socket:[%s]", inode)
l = append(l, Port{
Proto: proto,
Port: uint16(portv),
inode: inodev,
})
}
l = append(l, ports...)
}
sort.Slice(l, func(i, j int) bool {
@ -109,6 +81,62 @@ func listPorts() (List, error) {
return l, nil
}
func parsePorts(r *bufio.Reader, proto string) ([]Port, error) {
var ret []Port
// skip header row
_, err := r.ReadString('\n')
if err != nil {
return nil, err
}
for err == nil {
line, err := r.ReadString('\n')
if err == io.EOF {
break
}
if err != nil {
return nil, err
}
// sl local rem ... inode
words := strings.Fields(line)
local := words[1]
rem := words[2]
inode := words[9]
// If a port is bound to localhost, ignore it.
// TODO: localhost is bigger than 1 IP, we need to ignore
// more things.
if strings.HasPrefix(local, v4Localhost) || strings.HasPrefix(local, v6Localhost) {
continue
}
if rem != v4Any && rem != v6Any {
// not a "listener" port
continue
}
// Don't use strings.Split here, because it causes
// allocations significant enough to show up in profiles.
i := strings.IndexByte(local, ':')
if i == -1 {
return nil, fmt.Errorf("%q unexpectedly didn't have a colon", local)
}
portv, err := strconv.ParseUint(local[i+1:], 16, 16)
if err != nil {
return nil, fmt.Errorf("%#v: %s", local[9:], err)
}
inodev := fmt.Sprintf("socket:[%s]", inode)
ret = append(ret, Port{
Proto: proto,
Port: uint16(portv),
inode: inodev,
})
}
return ret, nil
}
func addProcesses(pl []Port) ([]Port, error) {
pm := map[string]*Port{} // by Port.inode
for i := range pl {

View File

@ -0,0 +1,67 @@
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package portlist
import (
"bufio"
"bytes"
"testing"
"github.com/google/go-cmp/cmp"
)
func TestParsePorts(t *testing.T) {
tests := []struct {
name string
in string
want []Port
}{
{
name: "empty",
in: "header line (ignored)\n",
want: nil,
},
{
name: "ipv4",
in: `header line
0: 0100007F:0277 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 22303 1 0000000000000000 100 0 0 10 0
1: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 34062 1 0000000000000000 100 0 0 10 0
2: 5501A8C0:ADD4 B25E9536:01BB 01 00000000:00000000 02:00000B2B 00000000 1000 0 155276677 2 0000000000000000 22 4 30 10 -1
`,
want: []Port{
{Proto: "tcp", Port: 22, inode: "socket:[34062]"},
},
},
{
name: "ipv6",
in: ` sl local_address remote_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
0: 00000000000000000000000001000000:0277 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 35720 1 0000000000000000 100 0 0 10 0
1: 00000000000000000000000000000000:1F91 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000 00000000 1000 0 142240557 1 0000000000000000 100 0 0 10 0
2: 00000000000000000000000000000000:0016 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 34064 1 0000000000000000 100 0 0 10 0
3: 69050120005716BC64906EBE009ECD4D:D506 0047062600000000000000006E171268:01BB 01 00000000:00000000 02:0000009E 00000000 1000 0 151042856 2 0000000000000000 21 4 28 10 -1
`,
want: []Port{
{Proto: "tcp", Port: 8081, inode: "socket:[142240557]"},
{Proto: "tcp", Port: 22, inode: "socket:[34064]"},
},
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
buf := bytes.NewBufferString(test.in)
r := bufio.NewReader(buf)
got, err := parsePorts(r, "tcp")
if err != nil {
t.Fatal(err)
}
if diff := cmp.Diff(got, test.want, cmp.AllowUnexported(Port{})); diff != "" {
t.Errorf("unexpected parsed ports (-got+want):\n%s", diff)
}
})
}
}