From fe898bd10be2bc527f81421f06afff77e8ba42eb Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Sun, 22 Oct 2017 21:44:27 +0200 Subject: [PATCH] ss: add AF_VSOCK support Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1472759 Upstream Status: iproute2.git commit c759116a0b2b commit c759116a0b2b6da8df9687b0a40ac69050132c77 Author: Stefan Hajnoczi Date: Fri Oct 6 11:48:41 2017 -0400 ss: add AF_VSOCK support The AF_VSOCK address family is a host<->guest communications channel supported by VMware, KVM, and Hyper-V. Initial VMware support was released in Linux 3.9 in 2013 and transports for other hypervisors were added later. AF_VSOCK addresses are tuples. The 32-bit cid integer is comparable to an IP address. AF_VSOCK ports work like TCP/UDP ports. Both SOCK_STREAM and SOCK_DGRAM socket types are available. This patch adds AF_VSOCK support to ss(8) so that sockets can be observed. Signed-off-by: Stefan Hajnoczi Signed-off-by: Stefano Brivio --- man/man8/ss.8 | 8 ++- misc/ss.c | 184 +++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 188 insertions(+), 4 deletions(-) diff --git a/man/man8/ss.8 b/man/man8/ss.8 index 81de69de8042e..4323eee3c8687 100644 --- a/man/man8/ss.8 +++ b/man/man8/ss.8 @@ -125,14 +125,18 @@ Display Unix domain sockets (alias for -f unix). .B \-S, \-\-sctp Display SCTP sockets. .TP +.B \-\-vsock +Display vsock sockets (alias for -f vsock). +.TP .B \-f FAMILY, \-\-family=FAMILY Display sockets of type FAMILY. -Currently the following families are supported: unix, inet, inet6, link, netlink. +Currently the following families are supported: unix, inet, inet6, link, netlink, vsock. .TP .B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY List of socket tables to dump, separated by commas. The following identifiers are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, -unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp. +unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp, +vsock_stream, vsock_dgram. .TP .B \-D FILE, \-\-diag=FILE Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used. diff --git a/misc/ss.c b/misc/ss.c index 0d6452777f7b6..e92266539e6b5 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -44,6 +44,7 @@ #include #include #include +#include #define MAGIC_SEQ 123456 @@ -126,6 +127,8 @@ enum { PACKET_R_DB, NETLINK_DB, SCTP_DB, + VSOCK_ST_DB, + VSOCK_DG_DB, MAX_DB }; @@ -134,6 +137,7 @@ enum { #define ALL_DB ((1<type); + break; default: sock_name = "unknown"; } @@ -1139,6 +1172,8 @@ static int run_ssfilter(struct ssfilter *f, struct sockstat *s) return s->lport == 0 && s->local.data[0] == 0; if (s->local.family == AF_NETLINK) return s->lport < 0; + if (s->local.family == AF_VSOCK) + return s->lport > 1023; return is_ephemeral(s->lport); } @@ -1515,6 +1550,15 @@ void *parse_devcond(char *name) return res; } +static void vsock_set_inet_prefix(inet_prefix *a, __u32 cid) +{ + *a = (inet_prefix){ + .bytelen = sizeof(cid), + .family = AF_VSOCK, + }; + memcpy(a->data, &cid, sizeof(cid)); +} + void *parse_hostcond(char *addr, bool is_port) { char *port = NULL; @@ -1589,6 +1633,37 @@ void *parse_hostcond(char *addr, bool is_port) goto out; } + if (fam == AF_VSOCK || strncmp(addr, "vsock:", 6) == 0) { + __u32 cid = ~(__u32)0; + + a.addr.family = AF_VSOCK; + if (strncmp(addr, "vsock:", 6) == 0) + addr += 6; + + if (is_port) + port = addr; + else { + port = strchr(addr, ':'); + if (port) { + *port = '\0'; + port++; + } + } + + if (port && strcmp(port, "*") && + get_u32((__u32 *)&a.port, port, 0)) + return NULL; + + if (addr[0] && strcmp(addr, "*")) { + a.addr.bitlen = 32; + if (get_u32(&cid, addr, 0)) + return NULL; + } + vsock_set_inet_prefix(&a.addr, cid); + fam = AF_VSOCK; + goto out; + } + if (fam == AF_INET || !strncmp(addr, "inet:", 5)) { fam = AF_INET; if (!strncmp(addr, "inet:", 5)) @@ -3653,6 +3728,88 @@ static int netlink_show(struct filter *f) return 0; } +static bool vsock_type_skip(struct sockstat *s, struct filter *f) +{ + if (s->type == SOCK_STREAM && !(f->dbs & (1 << VSOCK_ST_DB))) + return true; + if (s->type == SOCK_DGRAM && !(f->dbs & (1 << VSOCK_DG_DB))) + return true; + return false; +} + +static void vsock_addr_print(inet_prefix *a, __u32 port) +{ + char cid_str[sizeof("4294967295")]; + char port_str[sizeof("4294967295")]; + __u32 cid; + + memcpy(&cid, a->data, sizeof(cid)); + + if (cid == ~(__u32)0) + snprintf(cid_str, sizeof(cid_str), "*"); + else + snprintf(cid_str, sizeof(cid_str), "%u", cid); + + if (port == ~(__u32)0) + snprintf(port_str, sizeof(port_str), "*"); + else + snprintf(port_str, sizeof(port_str), "%u", port); + + sock_addr_print(cid_str, ":", port_str, NULL); +} + +static void vsock_stats_print(struct sockstat *s, struct filter *f) +{ + sock_state_print(s); + + vsock_addr_print(&s->local, s->lport); + vsock_addr_print(&s->remote, s->rport); + + proc_ctx_print(s); + + printf("\n"); +} + +static int vsock_show_sock(const struct sockaddr_nl *addr, + struct nlmsghdr *nlh, void *arg) +{ + struct filter *f = (struct filter *)arg; + struct vsock_diag_msg *r = NLMSG_DATA(nlh); + struct sockstat stat = { + .type = r->vdiag_type, + .lport = r->vdiag_src_port, + .rport = r->vdiag_dst_port, + .state = r->vdiag_state, + .ino = r->vdiag_ino, + }; + + vsock_set_inet_prefix(&stat.local, r->vdiag_src_cid); + vsock_set_inet_prefix(&stat.remote, r->vdiag_dst_cid); + + if (vsock_type_skip(&stat, f)) + return 0; + + if (f->f && run_ssfilter(f->f, &stat) == 0) + return 0; + + vsock_stats_print(&stat, f); + + return 0; +} + +static int vsock_show(struct filter *f) +{ + DIAG_REQUEST(req, struct vsock_diag_req r); + + if (!filter_af_get(f, AF_VSOCK)) + return 0; + + req.r.sdiag_family = AF_VSOCK; + req.r.vdiag_states = f->states; + + return handle_netlink_request(f, &req.nlh, sizeof(req), vsock_show_sock); +} + struct sock_diag_msg { __u8 sdiag_family; }; @@ -3673,6 +3830,8 @@ static int generic_show_sock(const struct sockaddr_nl *addr, return packet_show_sock(addr, nlh, arg); case AF_NETLINK: return netlink_show_sock(addr, nlh, arg); + case AF_VSOCK: + return vsock_show_sock(addr, nlh, arg); default: return -1; } @@ -3900,14 +4059,15 @@ static void _usage(FILE *dest) " -d, --dccp display only DCCP sockets\n" " -w, --raw display only RAW sockets\n" " -x, --unix display only Unix domain sockets\n" +" --vsock display only vsock sockets\n" " -f, --family=FAMILY display sockets of type FAMILY\n" -" FAMILY := {inet|inet6|link|unix|netlink|help}\n" +" FAMILY := {inet|inet6|link|unix|netlink|vsock|help}\n" "\n" " -K, --kill forcibly close sockets, display what was closed\n" " -H, --no-header Suppress header line\n" "\n" " -A, --query=QUERY, --socket=QUERY\n" -" QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]\n" +" QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram}[,QUERY]\n" "\n" " -D, --diag=FILE Dump raw information about TCP sockets to FILE\n" " -F, --filter=FILE read filter information from FILE\n" @@ -3980,6 +4140,9 @@ static int scan_state(const char *state) exit(-1); } +/* Values 'v' and 'V' are already used so a non-character is used */ +#define OPT_VSOCK 256 + static const struct option long_opts[] = { { "numeric", 0, 0, 'n' }, { "resolve", 0, 0, 'r' }, @@ -3996,6 +4159,7 @@ static const struct option long_opts[] = { { "udp", 0, 0, 'u' }, { "raw", 0, 0, 'w' }, { "unix", 0, 0, 'x' }, + { "vsock", 0, 0, OPT_VSOCK }, { "all", 0, 0, 'a' }, { "listening", 0, 0, 'l' }, { "ipv4", 0, 0, '4' }, @@ -4081,6 +4245,9 @@ int main(int argc, char *argv[]) case 'x': filter_af_set(¤t_filter, AF_UNIX); break; + case OPT_VSOCK: + filter_af_set(¤t_filter, AF_VSOCK); + break; case 'a': state_filter = SS_ALL; break; @@ -4107,6 +4274,8 @@ int main(int argc, char *argv[]) filter_af_set(¤t_filter, AF_UNIX); else if (strcmp(optarg, "netlink") == 0) filter_af_set(¤t_filter, AF_NETLINK); + else if (strcmp(optarg, "vsock") == 0) + filter_af_set(¤t_filter, AF_VSOCK); else if (strcmp(optarg, "help") == 0) help(); else { @@ -4172,6 +4341,15 @@ int main(int argc, char *argv[]) filter_db_set(¤t_filter, PACKET_DG_DB); } else if (strcmp(p, "netlink") == 0) { filter_db_set(¤t_filter, NETLINK_DB); + } else if (strcmp(p, "vsock") == 0) { + filter_db_set(¤t_filter, VSOCK_ST_DB); + filter_db_set(¤t_filter, VSOCK_DG_DB); + } else if (strcmp(p, "vsock_stream") == 0 || + strcmp(p, "v_str") == 0) { + filter_db_set(¤t_filter, VSOCK_ST_DB); + } else if (strcmp(p, "vsock_dgram") == 0 || + strcmp(p, "v_dgr") == 0) { + filter_db_set(¤t_filter, VSOCK_DG_DB); } else { fprintf(stderr, "ss: \"%s\" is illegal socket table id\n", p); usage(); @@ -4387,6 +4565,8 @@ int main(int argc, char *argv[]) dccp_show(¤t_filter); if (current_filter.dbs & (1<