[PATCH 0/2] unix: Introduce /proc/net/unix_peers file

[PATCH 0/2] unix: Introduce /proc/net/unix_peers file

[Pavel Emelyanov]

Hi.

There's a common problem with unix sockets -- there's no way to determine
which tasks are connected to each other with a unix socket. Although the
/proc/<pid>/fd/<n> symlink shows a socket inode number, the peers do not
share an inode and thus these numbers give no answer.

There have been an attempt last year to print the peer=<number> for unbound
sockets in the existing /proc/net/unix file, but it was left unfinished and
had problems with bound sockets - for those the peer inode was still unknown
and the name didn't help at all.

I'd like to have this ability (determining the unix connection endpoints)
implemented and propose to introduce a /proc/net/unix_peers file with socket
inode number pairs. For not connected sockets 0 is printed.

Are there strong objections against this approach?

Patches apply to net-next tree.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

[PATCH 1/2] unix: Reformat proc files creation

[Pavel Emelyanov]

This just makes codepaths better prepared for yet another
proc file creation.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

---
 net/unix/af_unix.c |   34 +++++++++++++++++++++++++++-------
 1 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 466fbcc..4b83a9c 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2326,6 +2326,29 @@ static const struct file_operations unix_seq_fops = {
 	.release	= seq_release_net,
 };
 
+static int unix_proc_create(struct net *net)
+{
+	if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops))
+		goto out;
+
+	return 0;
+out:
+	return -ENOMEM;
+}
+
+static void unix_proc_destroy(struct net *net)
+{
+	proc_net_remove(net, "unix");
+}
+#else
+static inline int unix_proc_create(struct net *net)
+{
+	return 0;
+}
+
+static inline void unix_proc_destroy(struct net *net)
+{
+}
 #endif
 
 static const struct net_proto_family unix_family_ops = {
@@ -2343,13 +2366,10 @@ static int __net_init unix_net_init(struct net *net)
 	if (unix_sysctl_register(net))
 		goto out;
 
-#ifdef CONFIG_PROC_FS
-	if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops)) {
+	error = unix_proc_create(net);
+	if (error)
 		unix_sysctl_unregister(net);
-		goto out;
-	}
-#endif
-	error = 0;
+
 out:
 	return error;
 }
@@ -2357,7 +2377,7 @@ out:
 static void __net_exit unix_net_exit(struct net *net)
 {
 	unix_sysctl_unregister(net);
-	proc_net_remove(net, "unix");
+	unix_proc_destroy(net);
 }
 
 static struct pernet_operations unix_net_ops = {
-- 
1.5.5.6

[PATCH 2/2] unix: Add /proc/net/unix_peers file

[Pavel Emelyanov]

Currently it's not possible to find out what processes are connected
to each other via a unix socket. In the proposed proc file a socket
inode number and its peer inode number are shown. With these two at
hands it's possible to determine the unix connections endpoints.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

---
 net/unix/af_unix.c |   55 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 55 insertions(+), 0 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 4b83a9c..4ce425a 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2305,6 +2305,33 @@ static int unix_seq_show(struct seq_file *seq, void *v)
 	return 0;
 }
 
+static int unix_peers_seq_show(struct seq_file *seq, void *v)
+{
+	struct sock *s = v, *peer;
+	unsigned long ino, peer_ino = 0;
+
+	if (v == SEQ_START_TOKEN)
+		return 0;
+
+	unix_state_lock(s);
+	ino = sock_i_ino(s);
+	peer = unix_peer(s);
+	if (peer)
+		sock_hold(peer);
+	unix_state_unlock(s);
+
+	if (peer) {
+		unix_state_lock(peer);
+		peer_ino = sock_i_ino(peer);
+		unix_state_unlock(peer);
+
+		sock_put(peer);
+	}
+
+	seq_printf(seq, "%5lu %5lu\n", ino, peer_ino);
+	return 0;
+}
+
 static const struct seq_operations unix_seq_ops = {
 	.start  = unix_seq_start,
 	.next   = unix_seq_next,
@@ -2326,18 +2353,46 @@ static const struct file_operations unix_seq_fops = {
 	.release	= seq_release_net,
 };
 
+static const struct seq_operations unix_peers_seq_ops = {
+	.start  = unix_seq_start,
+	.next   = unix_seq_next,
+	.stop   = unix_seq_stop,
+	.show   = unix_peers_seq_show,
+};
+
+static int unix_peers_seq_open(struct inode *inode, struct file *file)
+{
+	return seq_open_net(inode, file, &unix_peers_seq_ops,
+			    sizeof(struct unix_iter_state));
+}
+
+static const struct file_operations unix_peers_seq_fops = {
+	.owner		= THIS_MODULE,
+	.open		= unix_peers_seq_open,
+	.read		= seq_read,
+	.llseek		= seq_lseek,
+	.release	= seq_release_net,
+};
+
 static int unix_proc_create(struct net *net)
 {
 	if (!proc_net_fops_create(net, "unix", 0, &unix_seq_fops))
 		goto out;
 
+	if (!proc_net_fops_create(net, "unix_peers", 0, &unix_peers_seq_fops))
+		goto out_peers;
+
 	return 0;
+
+out_peers:
+	proc_net_remove(net, "unix");
 out:
 	return -ENOMEM;
 }
 
 static void unix_proc_destroy(struct net *net)
 {
+	proc_net_remove(net, "unix_peers");
 	proc_net_remove(net, "unix");
 }
 #else
-- 
1.5.5.6

Re: [PATCH 2/2] unix: Add /proc/net/unix_peers file

[David Miller]

From: Pavel Emelyanov <xemul@parallels.com>
Date: Thu, 01 Dec 2011 21:42:06 +0400

> Currently it's not possible to find out what processes are connected
> to each other via a unix socket. In the proposed proc file a socket
> inode number and its peer inode number are shown. With these two at
> hands it's possible to determine the unix connections endpoints.
> 
> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

I'm basically against new networking procfs based information
retrieval mechanisms.

Please extend the netlink socket dumping so that it works with
AF_UNIX sockets and subsequently added the necessary netlink
attribute to provide the peer value.

I plan to stand pretty firm on this, so you may want to save your
effort and use said effort to implement this properly.

Thanks.

Re: [PATCH 2/2] unix: Add /proc/net/unix_peers file

[Pavel Emelyanov]

On 12/04/2011 10:25 PM, David Miller wrote:
> From: Pavel Emelyanov <xemul@parallels.com>
> Date: Thu, 01 Dec 2011 21:42:06 +0400
> 
>> Currently it's not possible to find out what processes are connected
>> to each other via a unix socket. In the proposed proc file a socket
>> inode number and its peer inode number are shown. With these two at
>> hands it's possible to determine the unix connections endpoints.
>>
>> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
> 
> I'm basically against new networking procfs based information
> retrieval mechanisms.

So am I, just wanted to bring this topic up again.

> Please extend the netlink socket dumping so that it works with
> AF_UNIX sockets and subsequently added the necessary netlink
> attribute to provide the peer value.

OK, will do it this way. AFAIU you're talking about the NETLINK_INET_DIAG, right?

> I plan to stand pretty firm on this, so you may want to save your
> effort and use said effort to implement this properly.
> 
> Thanks.
> .
> 

Thanks,
Pavel

Re: [PATCH 2/2] unix: Add /proc/net/unix_peers file

[David Miller]

From: Pavel Emelyanov <xemul@parallels.com>
Date: Mon, 05 Dec 2011 14:25:11 +0400

> On 12/04/2011 10:25 PM, David Miller wrote:
>> Please extend the netlink socket dumping so that it works with
>> AF_UNIX sockets and subsequently added the necessary netlink
>> attribute to provide the peer value.
> 
> OK, will do it this way. AFAIU you're talking about the NETLINK_INET_DIAG, right?

Yes.

If that framework, for some reason, doesn't fit AF_UNIX sockets well
or needs to be genericized, please feel free to do whatever you think
is necessary to address that.

Thanks.