2020-12-17 22:17:27 +08:00
|
|
|
package process
|
2020-07-19 13:17:05 +08:00
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/binary"
|
2022-04-20 01:52:51 +08:00
|
|
|
"net/netip"
|
2022-10-27 11:25:18 +08:00
|
|
|
"strconv"
|
|
|
|
"strings"
|
2020-07-19 13:17:05 +08:00
|
|
|
"syscall"
|
|
|
|
"unsafe"
|
2021-06-15 21:03:47 +08:00
|
|
|
|
|
|
|
"golang.org/x/sys/unix"
|
2020-07-19 13:17:05 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
procpidpathinfo = 0xb
|
|
|
|
procpidpathinfosize = 1024
|
|
|
|
proccallnumpidinfo = 0x2
|
|
|
|
)
|
|
|
|
|
2022-10-27 11:25:18 +08:00
|
|
|
var structSize = func() int {
|
2022-10-27 15:35:53 +08:00
|
|
|
value, _ := syscall.Sysctl("kern.osrelease")
|
2022-10-27 11:25:18 +08:00
|
|
|
major, _, _ := strings.Cut(value, ".")
|
|
|
|
n, _ := strconv.ParseInt(major, 10, 64)
|
|
|
|
switch true {
|
2022-10-27 15:35:53 +08:00
|
|
|
case n >= 22:
|
2022-10-27 11:25:18 +08:00
|
|
|
return 408
|
|
|
|
default:
|
|
|
|
// from darwin-xnu/bsd/netinet/in_pcblist.c:get_pcblist_n
|
|
|
|
// size/offset are round up (aligned) to 8 bytes in darwin
|
|
|
|
// rup8(sizeof(xinpcb_n)) + rup8(sizeof(xsocket_n)) +
|
|
|
|
// 2 * rup8(sizeof(xsockbuf_n)) + rup8(sizeof(xsockstat_n))
|
|
|
|
return 384
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2023-01-14 02:23:30 +08:00
|
|
|
func findProcessName(network string, ip netip.Addr, port int) (uint32, string, error) {
|
2020-07-29 11:27:18 +08:00
|
|
|
var spath string
|
2020-12-17 22:17:27 +08:00
|
|
|
switch network {
|
|
|
|
case TCP:
|
2020-07-29 11:27:18 +08:00
|
|
|
spath = "net.inet.tcp.pcblist_n"
|
2020-12-17 22:17:27 +08:00
|
|
|
case UDP:
|
2020-07-19 13:17:05 +08:00
|
|
|
spath = "net.inet.udp.pcblist_n"
|
2020-07-29 11:27:18 +08:00
|
|
|
default:
|
2023-01-14 02:23:30 +08:00
|
|
|
return 0, "", ErrInvalidNetwork
|
2020-07-19 13:17:05 +08:00
|
|
|
}
|
|
|
|
|
2022-04-20 01:52:51 +08:00
|
|
|
isIPv4 := ip.Is4()
|
2020-07-29 11:27:18 +08:00
|
|
|
|
2024-07-19 22:24:27 +08:00
|
|
|
value, err := unix.SysctlRaw(spath)
|
2020-07-19 13:17:05 +08:00
|
|
|
if err != nil {
|
2023-01-14 02:23:30 +08:00
|
|
|
return 0, "", err
|
2020-07-19 13:17:05 +08:00
|
|
|
}
|
|
|
|
|
2024-07-19 22:24:27 +08:00
|
|
|
buf := value
|
2022-10-27 11:25:18 +08:00
|
|
|
itemSize := structSize
|
2020-12-17 22:17:27 +08:00
|
|
|
if network == TCP {
|
2020-07-29 11:27:18 +08:00
|
|
|
// rup8(sizeof(xtcpcb_n))
|
|
|
|
itemSize += 208
|
|
|
|
}
|
2022-07-15 17:00:41 +08:00
|
|
|
|
|
|
|
var fallbackUDPProcess string
|
2020-09-03 10:27:20 +08:00
|
|
|
// skip the first xinpgen(24 bytes) block
|
|
|
|
for i := 24; i+itemSize <= len(buf); i += itemSize {
|
2020-07-29 11:27:18 +08:00
|
|
|
// offset of xinpcb_n and xsocket_n
|
|
|
|
inp, so := i, i+104
|
2020-07-19 13:17:05 +08:00
|
|
|
|
|
|
|
srcPort := binary.BigEndian.Uint16(buf[inp+18 : inp+20])
|
|
|
|
if uint16(port) != srcPort {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
// xinpcb_n.inp_vflag
|
|
|
|
flag := buf[inp+44]
|
|
|
|
|
2022-07-15 17:00:41 +08:00
|
|
|
var (
|
|
|
|
srcIP netip.Addr
|
|
|
|
srcIsIPv4 bool
|
|
|
|
)
|
2020-07-29 11:27:18 +08:00
|
|
|
switch {
|
|
|
|
case flag&0x1 > 0 && isIPv4:
|
2020-07-19 13:17:05 +08:00
|
|
|
// ipv4
|
2022-07-15 17:00:41 +08:00
|
|
|
srcIP, _ = netip.AddrFromSlice(buf[inp+76 : inp+80])
|
|
|
|
srcIsIPv4 = true
|
2020-07-29 11:27:18 +08:00
|
|
|
case flag&0x2 > 0 && !isIPv4:
|
2020-07-19 13:17:05 +08:00
|
|
|
// ipv6
|
2022-07-15 17:00:41 +08:00
|
|
|
srcIP, _ = netip.AddrFromSlice(buf[inp+64 : inp+80])
|
2020-07-29 11:27:18 +08:00
|
|
|
default:
|
2020-07-19 13:17:05 +08:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2022-07-15 17:00:41 +08:00
|
|
|
if ip == srcIP {
|
|
|
|
// xsocket_n.so_last_pid
|
|
|
|
pid := readNativeUint32(buf[so+68 : so+72])
|
2022-07-24 01:38:00 +08:00
|
|
|
pp, err := getExecPathFromPID(pid)
|
2023-01-14 02:23:30 +08:00
|
|
|
return 0, pp, err
|
2022-07-15 17:00:41 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// udp packet connection may be not equal with srcIP
|
|
|
|
if network == UDP && srcIP.IsUnspecified() && isIPv4 == srcIsIPv4 {
|
|
|
|
fallbackUDPProcess, _ = getExecPathFromPID(readNativeUint32(buf[so+68 : so+72]))
|
2020-07-19 13:17:05 +08:00
|
|
|
}
|
2022-07-15 17:00:41 +08:00
|
|
|
}
|
2020-07-19 13:17:05 +08:00
|
|
|
|
2022-07-15 17:00:41 +08:00
|
|
|
if network == UDP && fallbackUDPProcess != "" {
|
2023-01-14 02:23:30 +08:00
|
|
|
return 0, fallbackUDPProcess, nil
|
2020-07-19 13:17:05 +08:00
|
|
|
}
|
|
|
|
|
2023-01-14 02:23:30 +08:00
|
|
|
return 0, "", ErrNotFound
|
2020-12-17 22:17:27 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
func getExecPathFromPID(pid uint32) (string, error) {
|
|
|
|
buf := make([]byte, procpidpathinfosize)
|
|
|
|
_, _, errno := syscall.Syscall6(
|
|
|
|
syscall.SYS_PROC_INFO,
|
|
|
|
proccallnumpidinfo,
|
|
|
|
uintptr(pid),
|
|
|
|
procpidpathinfo,
|
|
|
|
0,
|
|
|
|
uintptr(unsafe.Pointer(&buf[0])),
|
|
|
|
procpidpathinfosize)
|
|
|
|
if errno != 0 {
|
|
|
|
return "", errno
|
|
|
|
}
|
|
|
|
|
2022-03-12 19:07:53 +08:00
|
|
|
return unix.ByteSliceToString(buf), nil
|
2020-07-19 13:17:05 +08:00
|
|
|
}
|
|
|
|
|
2020-07-29 11:27:18 +08:00
|
|
|
func readNativeUint32(b []byte) uint32 {
|
|
|
|
return *(*uint32)(unsafe.Pointer(&b[0]))
|
2020-07-19 13:17:05 +08:00
|
|
|
}
|