/*- * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char copyright[] = "@(#) Copyright (c) 1988, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* not lint */ #ifndef lint #if 0 static char sccsid[] = "@(#)fstat.c 8.3 (Berkeley) 5/2/95"; #endif static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define _KERNEL #include #include #include #include #include #undef _KERNEL #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "fstat.h" #define TEXT -1 #define CDIR -2 #define RDIR -3 #define TRACE -4 #define MMAP -5 DEVS *devs; #ifdef notdef struct nlist nl[] = { { "" }, }; #endif int fsflg, /* show files on same filesystem as file(s) argument */ pflg, /* show files open by a particular pid */ uflg; /* show files open by a particular (effective) user */ int checkfile; /* true if restricting to particular files or filesystems */ int nflg; /* (numerical) display f.s. and rdev as dev_t */ int vflg; /* display errors in locating kernel data objects etc... */ int mflg; /* include memory-mapped files */ struct file **ofiles; /* buffer of pointers to file structures */ int maxfiles; #define ALLOC_OFILES(d) \ if ((d) > maxfiles) { \ free(ofiles); \ ofiles = malloc((d) * sizeof(struct file *)); \ if (ofiles == NULL) { \ err(1, NULL); \ } \ maxfiles = (d); \ } kvm_t *kd; void dofiles __P((struct kinfo_proc *kp)); void dommap __P((struct kinfo_proc *kp)); void vtrans __P((struct vnode *vp, int i, int flag)); int ufs_filestat __P((struct vnode *vp, struct filestat *fsp)); int nfs_filestat __P((struct vnode *vp, struct filestat *fsp)); char *getmnton __P((struct mount *m)); void pipetrans __P((struct pipe *pi, int i, int flag)); void socktrans __P((struct socket *sock, int i)); void getinetproto __P((int number)); int getfname __P((char *filename)); void usage __P((void)); int main(argc, argv) int argc; char **argv; { register struct passwd *passwd; struct kinfo_proc *p, *plast; int arg, ch, what; char *memf, *nlistf; char buf[_POSIX2_LINE_MAX]; int cnt; arg = 0; what = KERN_PROC_ALL; nlistf = memf = NULL; while ((ch = getopt(argc, argv, "fmnp:u:vN:M:")) != -1) switch((char)ch) { case 'f': fsflg = 1; break; case 'M': memf = optarg; break; case 'N': nlistf = optarg; break; case 'm': mflg = 1; break; case 'n': nflg = 1; break; case 'p': if (pflg++) usage(); if (!isdigit(*optarg)) { warnx("-p requires a process id"); usage(); } what = KERN_PROC_PID; arg = atoi(optarg); break; case 'u': if (uflg++) usage(); if (!(passwd = getpwnam(optarg))) errx(1, "%s: unknown uid", optarg); what = KERN_PROC_UID; arg = passwd->pw_uid; break; case 'v': vflg = 1; break; case '?': default: usage(); } if (*(argv += optind)) { for (; *argv; ++argv) { if (getfname(*argv)) checkfile = 1; } if (!checkfile) /* file(s) specified, but none accessable */ exit(1); } ALLOC_OFILES(256); /* reserve space for file pointers */ if (fsflg && !checkfile) { /* -f with no files means use wd */ if (getfname(".") == 0) exit(1); checkfile = 1; } /* * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ if (nlistf != NULL || memf != NULL) setgid(getgid()); if ((kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, buf)) == NULL) errx(1, "%s", buf); #ifdef notdef if (kvm_nlist(kd, nl) != 0) errx(1, "no namelist: %s", kvm_geterr(kd)); #endif if ((p = kvm_getprocs(kd, what, arg, &cnt)) == NULL) errx(1, "%s", kvm_geterr(kd)); if (nflg) printf("%s", "USER CMD PID FD DEV INUM MODE SZ|DV R/W"); else printf("%s", "USER CMD PID FD MOUNT INUM MODE SZ|DV R/W"); if (checkfile && fsflg == 0) printf(" NAME\n"); else putchar('\n'); for (plast = &p[cnt]; p < plast; ++p) { if (p->ki_stat == SZOMB) continue; dofiles(p); if (mflg) dommap(p); } exit(0); } char *Uname, *Comm; int Pid; #define PREFIX(i) printf("%-8.8s %-10s %5d", Uname, Comm, Pid); \ switch(i) { \ case TEXT: \ printf(" text"); \ break; \ case CDIR: \ printf(" wd"); \ break; \ case RDIR: \ printf(" root"); \ break; \ case TRACE: \ printf(" tr"); \ break; \ case MMAP: \ printf(" mmap"); \ break; \ default: \ printf(" %4d", i); \ break; \ } /* * print open files attributed to this process */ void dofiles(kp) struct kinfo_proc *kp; { int i; struct file file; struct filedesc0 filed0; #define filed filed0.fd_fd Uname = user_from_uid(kp->ki_uid, 0); Pid = kp->ki_pid; Comm = kp->ki_comm; if (kp->ki_fd == NULL) return; if (!KVM_READ(kp->ki_fd, &filed0, sizeof (filed0))) { dprintf(stderr, "can't read filedesc at %p for pid %d\n", (void *)kp->ki_fd, Pid); return; } /* * root directory vnode, if one */ if (filed.fd_rdir) vtrans(filed.fd_rdir, RDIR, FREAD); /* * current working directory vnode */ vtrans(filed.fd_cdir, CDIR, FREAD); /* * ktrace vnode, if one */ if (kp->ki_tracep) vtrans(kp->ki_tracep, TRACE, FREAD|FWRITE); /* * text vnode, if one */ if (kp->ki_textvp) vtrans(kp->ki_textvp, TEXT, FREAD); /* * open files */ #define FPSIZE (sizeof (struct file *)) ALLOC_OFILES(filed.fd_lastfile+1); if (filed.fd_nfiles > NDFILE) { if (!KVM_READ(filed.fd_ofiles, ofiles, (filed.fd_lastfile+1) * FPSIZE)) { dprintf(stderr, "can't read file structures at %p for pid %d\n", (void *)filed.fd_ofiles, Pid); return; } } else bcopy(filed0.fd_dfiles, ofiles, (filed.fd_lastfile+1) * FPSIZE); for (i = 0; i <= filed.fd_lastfile; i++) { if (ofiles[i] == NULL) continue; if (!KVM_READ(ofiles[i], &file, sizeof (struct file))) { dprintf(stderr, "can't read file %d at %p for pid %d\n", i, (void *)ofiles[i], Pid); continue; } if (file.f_type == DTYPE_VNODE) vtrans((struct vnode *)file.f_data, i, file.f_flag); else if (file.f_type == DTYPE_SOCKET) { if (checkfile == 0) socktrans((struct socket *)file.f_data, i); } #ifdef DTYPE_PIPE else if (file.f_type == DTYPE_PIPE) { if (checkfile == 0) pipetrans((struct pipe *)file.f_data, i, file.f_flag); } #endif #ifdef DTYPE_FIFO else if (file.f_type == DTYPE_FIFO) { if (checkfile == 0) vtrans((struct vnode *)file.f_data, i, file.f_flag); } #endif else { dprintf(stderr, "unknown file type %d for file %d of pid %d\n", file.f_type, i, Pid); } } } void dommap(kp) struct kinfo_proc *kp; { vm_map_t map; struct vmspace vmspace; struct vm_map_entry entry; vm_map_entry_t entryp; struct vm_object object; vm_object_t objp; int prot, fflags; if (!KVM_READ(kp->ki_vmspace, &vmspace, sizeof(vmspace))) { dprintf(stderr, "can't read vmspace at %p for pid %d\n", (void *)kp->ki_vmspace, Pid); return; } map = &vmspace.vm_map; for (entryp = map->header.next; entryp != &kp->ki_vmspace->vm_map.header; entryp = entry.next) { if (!KVM_READ(entryp, &entry, sizeof(entry))) { dprintf(stderr, "can't read vm_map_entry at %p for pid %d\n", (void *)entryp, Pid); return; } if (entry.eflags & MAP_ENTRY_IS_SUB_MAP) continue; if ((objp = entry.object.vm_object) == NULL) continue; for (; objp; objp = object.backing_object) { if (!KVM_READ(objp, &object, sizeof(object))) { dprintf(stderr, "can't read vm_object at %p for pid %d\n", (void *)objp, Pid); return; } } prot = entry.protection; fflags = (prot & VM_PROT_READ ? FREAD : 0) | (prot & VM_PROT_WRITE ? FWRITE : 0); switch (object.type) { case OBJT_VNODE: vtrans((struct vnode *)object.handle, MMAP, fflags); break; default: break; } } } void vtrans(vp, i, flag) struct vnode *vp; int i; int flag; { struct vnode vn; struct filestat fst; char rw[3], mode[15]; char *badtype = NULL, *filename, *getmnton(); filename = badtype = NULL; if (!KVM_READ(vp, &vn, sizeof (struct vnode))) { dprintf(stderr, "can't read vnode at %p for pid %d\n", (void *)vp, Pid); return; } if (vn.v_type == VNON || vn.v_tag == VT_NON) badtype = "none"; else if (vn.v_type == VBAD) badtype = "bad"; else switch (vn.v_tag) { case VT_UFS: if (!ufs_filestat(&vn, &fst)) badtype = "error"; break; case VT_NFS: if (!nfs_filestat(&vn, &fst)) badtype = "error"; break; case VT_MSDOSFS: if (!msdosfs_filestat(&vn, &fst)) badtype = "error"; break; case VT_ISOFS: if (!isofs_filestat(&vn, &fst)) badtype = "error"; break; default: { static char unknown[10]; sprintf(badtype = unknown, "?(%x)", vn.v_tag); break;; } } if (checkfile) { int fsmatch = 0; register DEVS *d; if (badtype) return; for (d = devs; d != NULL; d = d->next) if (d->fsid == fst.fsid) { fsmatch = 1; if (d->ino == fst.fileid) { filename = d->name; break; } } if (fsmatch == 0 || (filename == NULL && fsflg == 0)) return; } PREFIX(i); if (badtype) { (void)printf(" - - %10s -\n", badtype); return; } if (nflg) (void)printf(" %2d,%-2d", major(fst.fsid), minor(fst.fsid)); else (void)printf(" %-8s", getmnton(vn.v_mount)); if (nflg) (void)sprintf(mode, "%o", fst.mode); else strmode(fst.mode, mode); (void)printf(" %6ld %10s", fst.fileid, mode); switch (vn.v_type) { case VBLK: case VCHR: { char *name; if (nflg || ((name = devname(fst.rdev, vn.v_type == VCHR ? S_IFCHR : S_IFBLK)) == NULL)) printf(" %2d,%-2d", major(fst.rdev), minor(fst.rdev)); else printf(" %6s", name); break; } default: printf(" %6lu", fst.size); } rw[0] = '\0'; if (flag & FREAD) strcat(rw, "r"); if (flag & FWRITE) strcat(rw, "w"); printf(" %2s", rw); if (filename && !fsflg) printf(" %s", filename); putchar('\n'); } int ufs_filestat(vp, fsp) struct vnode *vp; struct filestat *fsp; { struct inode inode; if (!KVM_READ(VTOI(vp), &inode, sizeof (inode))) { dprintf(stderr, "can't read inode at %p for pid %d\n", (void *)VTOI(vp), Pid); return 0; } /* * The st_dev from stat(2) is a udev_t. These kernel structures * contain dev_t structures. We need to convert to udev to make * comparisons */ fsp->fsid = dev2udev(inode.i_dev) & 0xffff; fsp->fileid = (long)inode.i_number; fsp->mode = (mode_t)inode.i_mode; fsp->size = (u_long)inode.i_size; fsp->rdev = inode.i_rdev; return 1; } int nfs_filestat(vp, fsp) struct vnode *vp; struct filestat *fsp; { struct nfsnode nfsnode; register mode_t mode; if (!KVM_READ(VTONFS(vp), &nfsnode, sizeof (nfsnode))) { dprintf(stderr, "can't read nfsnode at %p for pid %d\n", (void *)VTONFS(vp), Pid); return 0; } fsp->fsid = nfsnode.n_vattr.va_fsid; fsp->fileid = nfsnode.n_vattr.va_fileid; fsp->size = nfsnode.n_size; fsp->rdev = nfsnode.n_vattr.va_rdev; mode = (mode_t)nfsnode.n_vattr.va_mode; switch (vp->v_type) { case VREG: mode |= S_IFREG; break; case VDIR: mode |= S_IFDIR; break; case VBLK: mode |= S_IFBLK; break; case VCHR: mode |= S_IFCHR; break; case VLNK: mode |= S_IFLNK; break; case VSOCK: mode |= S_IFSOCK; break; case VFIFO: mode |= S_IFIFO; break; case VNON: case VBAD: return 0; }; fsp->mode = mode; return 1; } char * getmnton(m) struct mount *m; { static struct mount mount; static struct mtab { struct mtab *next; struct mount *m; char mntonname[MNAMELEN]; } *mhead = NULL; register struct mtab *mt; for (mt = mhead; mt != NULL; mt = mt->next) if (m == mt->m) return (mt->mntonname); if (!KVM_READ(m, &mount, sizeof(struct mount))) { warnx("can't read mount table at %p", (void *)m); return (NULL); } if ((mt = malloc(sizeof (struct mtab))) == NULL) err(1, NULL); mt->m = m; bcopy(&mount.mnt_stat.f_mntonname[0], &mt->mntonname[0], MNAMELEN); mt->next = mhead; mhead = mt; return (mt->mntonname); } void pipetrans(pi, i, flag) struct pipe *pi; int i; int flag; { struct pipe pip; char rw[3]; PREFIX(i); /* fill in socket */ if (!KVM_READ(pi, &pip, sizeof(struct pipe))) { dprintf(stderr, "can't read pipe at %p\n", (void *)pi); goto bad; } printf("* pipe %8lx <-> %8lx", (u_long)pi, (u_long)pip.pipe_peer); printf(" %6d", (int)pip.pipe_buffer.cnt); rw[0] = '\0'; if (flag & FREAD) strcat(rw, "r"); if (flag & FWRITE) strcat(rw, "w"); printf(" %2s", rw); putchar('\n'); return; bad: printf("* error\n"); } void socktrans(sock, i) struct socket *sock; int i; { static char *stypename[] = { "unused", /* 0 */ "stream", /* 1 */ "dgram", /* 2 */ "raw", /* 3 */ "rdm", /* 4 */ "seqpak" /* 5 */ }; #define STYPEMAX 5 struct socket so; struct protosw proto; struct domain dom; struct inpcb inpcb; struct unpcb unpcb; int len; char dname[32], *strcpy(); PREFIX(i); /* fill in socket */ if (!KVM_READ(sock, &so, sizeof(struct socket))) { dprintf(stderr, "can't read sock at %p\n", (void *)sock); goto bad; } /* fill in protosw entry */ if (!KVM_READ(so.so_proto, &proto, sizeof(struct protosw))) { dprintf(stderr, "can't read protosw at %p", (void *)so.so_proto); goto bad; } /* fill in domain */ if (!KVM_READ(proto.pr_domain, &dom, sizeof(struct domain))) { dprintf(stderr, "can't read domain at %p\n", (void *)proto.pr_domain); goto bad; } if ((len = kvm_read(kd, (u_long)dom.dom_name, dname, sizeof(dname) - 1)) < 0) { dprintf(stderr, "can't read domain name at %p\n", (void *)dom.dom_name); dname[0] = '\0'; } else dname[len] = '\0'; if ((u_short)so.so_type > STYPEMAX) printf("* %s ?%d", dname, so.so_type); else printf("* %s %s", dname, stypename[so.so_type]); /* * protocol specific formatting * * Try to find interesting things to print. For tcp, the interesting * thing is the address of the tcpcb, for udp and others, just the * inpcb (socket pcb). For unix domain, its the address of the socket * pcb and the address of the connected pcb (if connected). Otherwise * just print the protocol number and address of the socket itself. * The idea is not to duplicate netstat, but to make available enough * information for further analysis. */ switch(dom.dom_family) { case AF_INET: case AF_INET6: getinetproto(proto.pr_protocol); if (proto.pr_protocol == IPPROTO_TCP ) { if (so.so_pcb) { if (kvm_read(kd, (u_long)so.so_pcb, (char *)&inpcb, sizeof(struct inpcb)) != sizeof(struct inpcb)) { dprintf(stderr, "can't read inpcb at %p\n", (void *)so.so_pcb); goto bad; } printf(" %lx", (u_long)inpcb.inp_ppcb); } } else if (so.so_pcb) printf(" %lx", (u_long)so.so_pcb); break; case AF_UNIX: /* print address of pcb and connected pcb */ if (so.so_pcb) { printf(" %lx", (u_long)so.so_pcb); if (kvm_read(kd, (u_long)so.so_pcb, (char *)&unpcb, sizeof(struct unpcb)) != sizeof(struct unpcb)){ dprintf(stderr, "can't read unpcb at %p\n", (void *)so.so_pcb); goto bad; } if (unpcb.unp_conn) { char shoconn[4], *cp; cp = shoconn; if (!(so.so_state & SS_CANTRCVMORE)) *cp++ = '<'; *cp++ = '-'; if (!(so.so_state & SS_CANTSENDMORE)) *cp++ = '>'; *cp = '\0'; printf(" %s %lx", shoconn, (u_long)unpcb.unp_conn); } } break; default: /* print protocol number and socket address */ printf(" %d %lx", proto.pr_protocol, (u_long)sock); } printf("\n"); return; bad: printf("* error\n"); } /* * Read the specinfo structure in the kernel (as pointed to by a dev_t) * in order to work out the associated udev_t */ udev_t dev2udev(dev) dev_t dev; { struct specinfo si; if (KVM_READ(dev, &si, sizeof si)) { return si.si_udev; } else { dprintf(stderr, "can't convert dev_t %x to a udev_t\n", dev); return -1; } } /* * getinetproto -- * print name of protocol number */ void getinetproto(number) int number; { static int isopen; register struct protoent *pe; if (!isopen) setprotoent(++isopen); if ((pe = getprotobynumber(number)) != NULL) printf(" %s", pe->p_name); else printf(" %d", number); } int getfname(filename) char *filename; { struct stat statbuf; DEVS *cur; if (stat(filename, &statbuf)) { warn("%s", filename); return(0); } if ((cur = malloc(sizeof(DEVS))) == NULL) err(1, NULL); cur->next = devs; devs = cur; cur->ino = statbuf.st_ino; cur->fsid = statbuf.st_dev & 0xffff; cur->name = filename; return(1); } void usage() { (void)fprintf(stderr, "usage: fstat [-fmnv] [-p pid] [-u user] [-N system] [-M core] [file ...]\n"); exit(1); }