mirror of
				https://github.com/tailscale/tailscale.git
				synced 2025-10-26 13:51:10 +01:00 
			
		
		
		
	Updates #cleanup Change-Id: Ic4304e909d2131a95a38b26911f49e7b1729aaef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
		
			
				
	
	
		
			288 lines
		
	
	
		
			7.8 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			288 lines
		
	
	
		
			7.8 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright (c) Tailscale Inc & AUTHORS
 | |
| // SPDX-License-Identifier: BSD-3-Clause
 | |
| 
 | |
| package netstat
 | |
| 
 | |
| import (
 | |
| 	"errors"
 | |
| 	"fmt"
 | |
| 	"math/bits"
 | |
| 	"net/netip"
 | |
| 	"unsafe"
 | |
| 
 | |
| 	"golang.org/x/sys/cpu"
 | |
| 	"golang.org/x/sys/windows"
 | |
| 	"tailscale.com/net/netaddr"
 | |
| )
 | |
| 
 | |
| // OSMetadata includes any additional OS-specific information that may be
 | |
| // obtained during the retrieval of a given Entry.
 | |
| type OSMetadata interface {
 | |
| 	// GetModule returns the entry's module name.
 | |
| 	//
 | |
| 	// It returns ("", nil) if no entry is found. As of 2023-01-27, any returned
 | |
| 	// error is silently discarded by its sole caller in portlist_windows.go and
 | |
| 	// treated equivalently as returning ("", nil), but this may change in the
 | |
| 	// future. An error should only be returned in casees that are worthy of
 | |
| 	// being logged at least.
 | |
| 	GetModule() (string, error)
 | |
| }
 | |
| 
 | |
| // See https://docs.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-getextendedtcptable
 | |
| 
 | |
| // TCP_TABLE_OWNER_MODULE_ALL means to include the PID and module. The table type
 | |
| // we get back from Windows depends on AF_INET vs AF_INET6:
 | |
| // MIB_TCPTABLE_OWNER_MODULE for v4 or MIB_TCP6TABLE_OWNER_MODULE for v6.
 | |
| const tcpTableOwnerModuleAll = 8
 | |
| 
 | |
| // TCPIP_OWNER_MODULE_BASIC_INFO means to request "basic information" about the
 | |
| // owner module.
 | |
| const tcpipOwnerModuleBasicInfo = 0
 | |
| 
 | |
| var (
 | |
| 	iphlpapi                    = windows.NewLazySystemDLL("iphlpapi.dll")
 | |
| 	getTCPTable                 = iphlpapi.NewProc("GetExtendedTcpTable")
 | |
| 	getOwnerModuleFromTcpEntry  = iphlpapi.NewProc("GetOwnerModuleFromTcpEntry")
 | |
| 	getOwnerModuleFromTcp6Entry = iphlpapi.NewProc("GetOwnerModuleFromTcp6Entry")
 | |
| 	// TODO: GetExtendedUdpTable also? if/when needed.
 | |
| )
 | |
| 
 | |
| // See https://web.archive.org/web/20221219211913/https://learn.microsoft.com/en-us/windows/win32/api/tcpmib/ns-tcpmib-mib_tcprow_owner_module
 | |
| type _MIB_TCPROW_OWNER_MODULE struct {
 | |
| 	state            uint32
 | |
| 	localAddr        uint32
 | |
| 	localPort        uint32
 | |
| 	remoteAddr       uint32
 | |
| 	remotePort       uint32
 | |
| 	pid              uint32
 | |
| 	createTimestamp  int64
 | |
| 	owningModuleInfo [16]uint64
 | |
| }
 | |
| 
 | |
| func (row *_MIB_TCPROW_OWNER_MODULE) asEntry() Entry {
 | |
| 	return Entry{
 | |
| 		Local:      ipport4(row.localAddr, port(&row.localPort)),
 | |
| 		Remote:     ipport4(row.remoteAddr, port(&row.remotePort)),
 | |
| 		Pid:        int(row.pid),
 | |
| 		State:      state(row.state),
 | |
| 		OSMetadata: row,
 | |
| 	}
 | |
| }
 | |
| 
 | |
| type _MIB_TCPTABLE_OWNER_MODULE struct {
 | |
| 	numEntries uint32
 | |
| 	table      _MIB_TCPROW_OWNER_MODULE
 | |
| }
 | |
| 
 | |
| func (m *_MIB_TCPTABLE_OWNER_MODULE) getRows() []_MIB_TCPROW_OWNER_MODULE {
 | |
| 	return unsafe.Slice(&m.table, m.numEntries)
 | |
| }
 | |
| 
 | |
| // See https://web.archive.org/web/20221219212442/https://learn.microsoft.com/en-us/windows/win32/api/tcpmib/ns-tcpmib-mib_tcp6row_owner_module
 | |
| type _MIB_TCP6ROW_OWNER_MODULE struct {
 | |
| 	localAddr        [16]byte
 | |
| 	localScope       uint32
 | |
| 	localPort        uint32
 | |
| 	remoteAddr       [16]byte
 | |
| 	remoteScope      uint32
 | |
| 	remotePort       uint32
 | |
| 	state            uint32
 | |
| 	pid              uint32
 | |
| 	createTimestamp  int64
 | |
| 	owningModuleInfo [16]uint64
 | |
| }
 | |
| 
 | |
| func (row *_MIB_TCP6ROW_OWNER_MODULE) asEntry() Entry {
 | |
| 	return Entry{
 | |
| 		Local:      ipport6(row.localAddr, row.localScope, port(&row.localPort)),
 | |
| 		Remote:     ipport6(row.remoteAddr, row.remoteScope, port(&row.remotePort)),
 | |
| 		Pid:        int(row.pid),
 | |
| 		State:      state(row.state),
 | |
| 		OSMetadata: row,
 | |
| 	}
 | |
| }
 | |
| 
 | |
| type _MIB_TCP6TABLE_OWNER_MODULE struct {
 | |
| 	numEntries uint32
 | |
| 	table      _MIB_TCP6ROW_OWNER_MODULE
 | |
| }
 | |
| 
 | |
| func (m *_MIB_TCP6TABLE_OWNER_MODULE) getRows() []_MIB_TCP6ROW_OWNER_MODULE {
 | |
| 	return unsafe.Slice(&m.table, m.numEntries)
 | |
| }
 | |
| 
 | |
| // See https://web.archive.org/web/20221219213143/https://learn.microsoft.com/en-us/windows/win32/api/iprtrmib/ns-iprtrmib-tcpip_owner_module_basic_info
 | |
| type _TCPIP_OWNER_MODULE_BASIC_INFO struct {
 | |
| 	moduleName *uint16
 | |
| 	modulePath *uint16
 | |
| }
 | |
| 
 | |
| func get() (*Table, error) {
 | |
| 	t := new(Table)
 | |
| 	if err := t.addEntries(windows.AF_INET); err != nil {
 | |
| 		return nil, fmt.Errorf("failed to get IPv4 entries: %w", err)
 | |
| 	}
 | |
| 	if err := t.addEntries(windows.AF_INET6); err != nil {
 | |
| 		return nil, fmt.Errorf("failed to get IPv6 entries: %w", err)
 | |
| 	}
 | |
| 	return t, nil
 | |
| }
 | |
| 
 | |
| func (t *Table) addEntries(fam int) error {
 | |
| 	var size uint32
 | |
| 	var addr unsafe.Pointer
 | |
| 	var buf []byte
 | |
| 	for {
 | |
| 		err, _, _ := getTCPTable.Call(
 | |
| 			uintptr(addr),
 | |
| 			uintptr(unsafe.Pointer(&size)),
 | |
| 			1, // sorted
 | |
| 			uintptr(fam),
 | |
| 			tcpTableOwnerModuleAll,
 | |
| 			0, // reserved; "must be zero"
 | |
| 		)
 | |
| 		if err == 0 {
 | |
| 			break
 | |
| 		}
 | |
| 		if err == uintptr(windows.ERROR_INSUFFICIENT_BUFFER) {
 | |
| 			const maxSize = 10 << 20
 | |
| 			if size > maxSize || size < 4 {
 | |
| 				return fmt.Errorf("unreasonable kernel-reported size %d", size)
 | |
| 			}
 | |
| 			buf = make([]byte, size)
 | |
| 			addr = unsafe.Pointer(&buf[0])
 | |
| 			continue
 | |
| 		}
 | |
| 		return windows.Errno(err)
 | |
| 	}
 | |
| 	if len(buf) < int(size) {
 | |
| 		return errors.New("unexpected size growth from system call")
 | |
| 	}
 | |
| 	buf = buf[:size]
 | |
| 
 | |
| 	switch fam {
 | |
| 	case windows.AF_INET:
 | |
| 		info := (*_MIB_TCPTABLE_OWNER_MODULE)(unsafe.Pointer(&buf[0]))
 | |
| 		rows := info.getRows()
 | |
| 		for _, row := range rows {
 | |
| 			t.Entries = append(t.Entries, row.asEntry())
 | |
| 		}
 | |
| 	case windows.AF_INET6:
 | |
| 		info := (*_MIB_TCP6TABLE_OWNER_MODULE)(unsafe.Pointer(&buf[0]))
 | |
| 		rows := info.getRows()
 | |
| 		for _, row := range rows {
 | |
| 			t.Entries = append(t.Entries, row.asEntry())
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	return nil
 | |
| }
 | |
| 
 | |
| var states = []string{
 | |
| 	"",
 | |
| 	"CLOSED",
 | |
| 	"LISTEN",
 | |
| 	"SYN-SENT",
 | |
| 	"SYN-RECEIVED",
 | |
| 	"ESTABLISHED",
 | |
| 	"FIN-WAIT-1",
 | |
| 	"FIN-WAIT-2",
 | |
| 	"CLOSE-WAIT",
 | |
| 	"CLOSING",
 | |
| 	"LAST-ACK",
 | |
| 	"DELETE-TCB",
 | |
| }
 | |
| 
 | |
| func state(v uint32) string {
 | |
| 	if v < uint32(len(states)) {
 | |
| 		return states[v]
 | |
| 	}
 | |
| 	return fmt.Sprintf("unknown-state-%d", v)
 | |
| }
 | |
| 
 | |
| func ipport4(addr uint32, port uint16) netip.AddrPort {
 | |
| 	if !cpu.IsBigEndian {
 | |
| 		addr = bits.ReverseBytes32(addr)
 | |
| 	}
 | |
| 	return netip.AddrPortFrom(
 | |
| 		netaddr.IPv4(byte(addr>>24), byte(addr>>16), byte(addr>>8), byte(addr)),
 | |
| 		port)
 | |
| }
 | |
| 
 | |
| func ipport6(addr [16]byte, scope uint32, port uint16) netip.AddrPort {
 | |
| 	ip := netip.AddrFrom16(addr).Unmap()
 | |
| 	if scope != 0 {
 | |
| 		// TODO: something better here?
 | |
| 		ip = ip.WithZone(fmt.Sprint(scope))
 | |
| 	}
 | |
| 	return netip.AddrPortFrom(ip, port)
 | |
| }
 | |
| 
 | |
| func port(v *uint32) uint16 {
 | |
| 	if !cpu.IsBigEndian {
 | |
| 		return uint16(bits.ReverseBytes32(*v) >> 16)
 | |
| 	}
 | |
| 	return uint16(*v >> 16)
 | |
| }
 | |
| 
 | |
| type moduleInfoConstraint interface {
 | |
| 	_MIB_TCPROW_OWNER_MODULE | _MIB_TCP6ROW_OWNER_MODULE
 | |
| }
 | |
| 
 | |
| // moduleInfo implements OSMetadata.GetModule. It calls
 | |
| // getOwnerModuleFromTcpEntry or getOwnerModuleFromTcp6Entry.
 | |
| //
 | |
| // See
 | |
| // https://learn.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-getownermodulefromtcpentry
 | |
| //
 | |
| // It may return "", nil indicating a successful call but with empty data.
 | |
| func moduleInfo[entryType moduleInfoConstraint](entry *entryType, proc *windows.LazyProc) (string, error) {
 | |
| 	var buf []byte
 | |
| 	var desiredLen uint32
 | |
| 	var addr unsafe.Pointer
 | |
| 
 | |
| 	for {
 | |
| 		e, _, _ := proc.Call(
 | |
| 			uintptr(unsafe.Pointer(entry)),
 | |
| 			uintptr(tcpipOwnerModuleBasicInfo),
 | |
| 			uintptr(addr),
 | |
| 			uintptr(unsafe.Pointer(&desiredLen)),
 | |
| 		)
 | |
| 		err := windows.Errno(e)
 | |
| 		if err == windows.ERROR_SUCCESS {
 | |
| 			break
 | |
| 		}
 | |
| 		if err == windows.ERROR_NOT_FOUND {
 | |
| 			return "", nil
 | |
| 		}
 | |
| 		if err != windows.ERROR_INSUFFICIENT_BUFFER {
 | |
| 			return "", err
 | |
| 		}
 | |
| 		if desiredLen > 1<<20 {
 | |
| 			// Sanity check before allocating too much.
 | |
| 			return "", nil
 | |
| 		}
 | |
| 		buf = make([]byte, desiredLen)
 | |
| 		addr = unsafe.Pointer(&buf[0])
 | |
| 	}
 | |
| 	if addr == nil {
 | |
| 		// GetOwnerModuleFromTcp*Entry can apparently return ERROR_SUCCESS
 | |
| 		// (NO_ERROR) on the first call without the usual first
 | |
| 		// ERROR_INSUFFICIENT_BUFFER result. Windows said success, so interpret
 | |
| 		// that was sucessfully not having data.
 | |
| 		return "", nil
 | |
| 	}
 | |
| 	basicInfo := (*_TCPIP_OWNER_MODULE_BASIC_INFO)(addr)
 | |
| 	return windows.UTF16PtrToString(basicInfo.moduleName), nil
 | |
| }
 | |
| 
 | |
| // GetModule implements OSMetadata.
 | |
| func (m *_MIB_TCPROW_OWNER_MODULE) GetModule() (string, error) {
 | |
| 	return moduleInfo(m, getOwnerModuleFromTcpEntry)
 | |
| }
 | |
| 
 | |
| // GetModule implements OSMetadata.
 | |
| func (m *_MIB_TCP6ROW_OWNER_MODULE) GetModule() (string, error) {
 | |
| 	return moduleInfo(m, getOwnerModuleFromTcp6Entry)
 | |
| }
 |