Revamp process attribution of network connections

network/iphelper/get.go

@@ -0,0 +1,72 @@
+// +build windows
+
+package iphelper
+
+import (
+	"sync"
+
+	"github.com/safing/portmaster/network/socket"
+)
+
+const (
+	unidentifiedProcessID = -1
+)
+
+var (
+	ipHelper *IPHelper
+	lock     sync.RWMutex
+)
+
+// GetTCP4Table returns the system table for IPv4 TCP activity.
+func GetTCP4Table() (connections []*socket.ConnectionInfo, listeners []*socket.BindInfo, err error) {
+	lock.Lock()
+	defer lock.Unlock()
+
+	err = checkIPHelper()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return ipHelper.getTable(IPv4, TCP)
+}
+
+// GetTCP6Table returns the system table for IPv6 TCP activity.
+func GetTCP6Table() (connections []*socket.ConnectionInfo, listeners []*socket.BindInfo, err error) {
+	lock.Lock()
+	defer lock.Unlock()
+
+	err = checkIPHelper()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return ipHelper.getTable(IPv6, TCP)
+}
+
+// GetUDP4Table returns the system table for IPv4 UDP activity.
+func GetUDP4Table() (binds []*socket.BindInfo, err error) {
+	lock.Lock()
+	defer lock.Unlock()
+
+	err = checkIPHelper()
+	if err != nil {
+		return nil, err
+	}
+
+	_, binds, err = ipHelper.getTable(IPv4, UDP)
+	return
+}
+
+// GetUDP6Table returns the system table for IPv6 UDP activity.
+func GetUDP6Table() (binds []*socket.BindInfo, err error) {
+	lock.Lock()
+	defer lock.Unlock()
+
+	err = checkIPHelper()
+	if err != nil {
+		return nil, err
+	}
+
+	_, binds, err = ipHelper.getTable(IPv6, UDP)
+	return
+}

network/iphelper/iphelper.go

@@ -0,0 +1,63 @@
+// +build windows
+
+package iphelper
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/tevino/abool"
+	"golang.org/x/sys/windows"
+)
+
+var (
+	errInvalid = errors.New("IPHelper not initialzed or broken")
+)
+
+// IPHelper represents a subset of the Windows iphlpapi.dll.
+type IPHelper struct {
+	dll *windows.LazyDLL
+
+	getExtendedTCPTable *windows.LazyProc
+	getExtendedUDPTable *windows.LazyProc
+
+	valid *abool.AtomicBool
+}
+
+func checkIPHelper() (err error) {
+	if ipHelper == nil {
+		ipHelper, err = New()
+		return err
+	}
+	return nil
+}
+
+// New returns a new IPHelper API (with an instance of iphlpapi.dll loaded).
+func New() (*IPHelper, error) {
+
+	new := &IPHelper{}
+	new.valid = abool.NewBool(false)
+	var err error
+
+	// load dll
+	new.dll = windows.NewLazySystemDLL("iphlpapi.dll")
+	err = new.dll.Load()
+	if err != nil {
+		return nil, err
+	}
+
+	// load functions
+	new.getExtendedTCPTable = new.dll.NewProc("GetExtendedTcpTable")
+	err = new.getExtendedTCPTable.Find()
+	if err != nil {
+		return nil, fmt.Errorf("could find proc GetExtendedTcpTable: %s", err)
+	}
+	new.getExtendedUDPTable = new.dll.NewProc("GetExtendedUdpTable")
+	err = new.getExtendedUDPTable.Find()
+	if err != nil {
+		return nil, fmt.Errorf("could find proc GetExtendedUdpTable: %s", err)
+	}
+
+	new.valid.Set()
+	return new, nil
+}

network/iphelper/tables.go

@@ -0,0 +1,304 @@
+// +build windows
+
+package iphelper
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"net"
+	"sync"
+	"unsafe"
+
+	"github.com/safing/portmaster/network/socket"
+
+	"golang.org/x/sys/windows"
+)
+
+// Windows API constants
+const (
+	iphelperTCPTableOwnerPIDAll uintptr = 5
+	iphelperUDPTableOwnerPID    uintptr = 1
+	iphelperTCPStateListen      uint32  = 2
+
+	winErrInsufficientBuffer = uintptr(windows.ERROR_INSUFFICIENT_BUFFER)
+	winErrInvalidParameter   = uintptr(windows.ERROR_INVALID_PARAMETER)
+)
+
+type iphelperTCPTable struct {
+	// docs: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366921(v=vs.85).aspx
+	numEntries uint32
+	table      [4096]iphelperTCPRow
+}
+
+type iphelperTCPRow struct {
+	// docs: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366913(v=vs.85).aspx
+	state      uint32
+	localAddr  uint32
+	localPort  uint32
+	remoteAddr uint32
+	remotePort uint32
+	owningPid  uint32
+}
+
+type iphelperTCP6Table struct {
+	// docs: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366905(v=vs.85).aspx
+	numEntries uint32
+	table      [4096]iphelperTCP6Row
+}
+
+type iphelperTCP6Row struct {
+	// docs: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366896(v=vs.85).aspx
+	localAddr  [16]byte
+	_          uint32 // localScopeID
+	localPort  uint32
+	remoteAddr [16]byte
+	_          uint32 // remoteScopeID
+	remotePort uint32
+	state      uint32
+	owningPid  uint32
+}
+
+type iphelperUDPTable struct {
+	// docs: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366932(v=vs.85).aspx
+	numEntries uint32
+	table      [4096]iphelperUDPRow
+}
+
+type iphelperUDPRow struct {
+	// docs: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366928(v=vs.85).aspx
+	localAddr uint32
+	localPort uint32
+	owningPid uint32
+}
+
+type iphelperUDP6Table struct {
+	// docs: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366925(v=vs.85).aspx
+	numEntries uint32
+	table      [4096]iphelperUDP6Row
+}
+
+type iphelperUDP6Row struct {
+	// docs: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366923(v=vs.85).aspx
+	localAddr [16]byte
+	_         uint32 // localScopeID
+	localPort uint32
+	owningPid uint32
+}
+
+// IP and Protocol constants
+const (
+	IPv4 uint8 = 4
+	IPv6 uint8 = 6
+
+	TCP uint8 = 6
+	UDP uint8 = 17
+)
+
+const (
+	startBufSize = 4096
+	bufSizeUses  = 100
+)
+
+var (
+	bufSize          = startBufSize
+	bufSizeUsageLeft = bufSizeUses
+	bufSizeLock      sync.Mutex
+)
+
+func getBufSize() int {
+	bufSizeLock.Lock()
+	defer bufSizeLock.Unlock()
+
+	// using bufSize
+	bufSizeUsageLeft--
+	// check if we want to reset
+	if bufSizeUsageLeft <= 0 {
+		// reset
+		bufSize = startBufSize
+		bufSizeUsageLeft = bufSizeUses
+	}
+
+	return bufSize
+}
+
+func increaseBufSize() int {
+	bufSizeLock.Lock()
+	defer bufSizeLock.Unlock()
+
+	// increase
+	bufSize *= 2
+	// not too much
+	if bufSize > 65536 {
+		bufSize = 65536
+	}
+	// reset
+	bufSizeUsageLeft = bufSizeUses
+	// return new bufSize
+	return bufSize
+}
+
+// getTable returns the current connection state table of Windows of the given protocol and IP version.
+func (ipHelper *IPHelper) getTable(ipVersion, protocol uint8) (connections []*socket.ConnectionInfo, binds []*socket.BindInfo, err error) { //nolint:gocognit,gocycle // TODO
+	// docs: https://docs.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-getextendedtcptable
+
+	if !ipHelper.valid.IsSet() {
+		return nil, nil, errInvalid
+	}
+
+	var afClass int
+	switch ipVersion {
+	case IPv4:
+		afClass = windows.AF_INET
+	case IPv6:
+		afClass = windows.AF_INET6
+	default:
+		return nil, nil, errors.New("invalid protocol")
+	}
+
+	// try max 3 times
+	maxTries := 3
+	bufSize := getBufSize()
+	var buf []byte
+
+	for i := 1; i <= maxTries; i++ {
+		buf = make([]byte, bufSize)
+		var r1 uintptr
+
+		switch protocol {
+		case TCP:
+			r1, _, err = ipHelper.getExtendedTCPTable.Call(
+				uintptr(unsafe.Pointer(&buf[0])),  // _Out_   PVOID           pTcpTable
+				uintptr(unsafe.Pointer(&bufSize)), // _Inout_ PDWORD          pdwSize
+				0,                                 // _In_    BOOL            bOrder
+				uintptr(afClass),                  // _In_    ULONG           ulAf
+				iphelperTCPTableOwnerPIDAll,       // _In_    TCP_TABLE_CLASS TableClass
+				0,                                 // _In_    ULONG           Reserved
+			)
+		case UDP:
+			r1, _, err = ipHelper.getExtendedUDPTable.Call(
+				uintptr(unsafe.Pointer(&buf[0])),  // _Out_   PVOID           pUdpTable,
+				uintptr(unsafe.Pointer(&bufSize)), // _Inout_ PDWORD          pdwSize,
+				0,                                 // _In_    BOOL            bOrder,
+				uintptr(afClass),                  // _In_    ULONG           ulAf,
+				iphelperUDPTableOwnerPID,          // _In_    UDP_TABLE_CLASS TableClass,
+				0,                                 // _In_    ULONG           Reserved
+			)
+		}
+
+		switch r1 {
+		case winErrInsufficientBuffer:
+			if i >= maxTries {
+				return nil, nil, fmt.Errorf("insufficient buffer error (tried %d times): [NT 0x%X] %s", i, r1, err)
+			}
+			bufSize = increaseBufSize()
+		case winErrInvalidParameter:
+			return nil, nil, fmt.Errorf("invalid parameter: [NT 0x%X] %s", r1, err)
+		case windows.NO_ERROR:
+			// success
+			break
+		default:
+			return nil, nil, fmt.Errorf("unexpected error: [NT 0x%X] %s", r1, err)
+		}
+	}
+
+	// parse output
+	switch {
+	case protocol == TCP && ipVersion == IPv4:
+
+		tcpTable := (*iphelperTCPTable)(unsafe.Pointer(&buf[0]))
+		table := tcpTable.table[:tcpTable.numEntries]
+
+		for _, row := range table {
+			if row.state == iphelperTCPStateListen {
+				binds = append(binds, &socket.BindInfo{
+					Local: socket.Address{
+						IP:   convertIPv4(row.localAddr),
+						Port: uint16(row.localPort>>8 | row.localPort<<8),
+					},
+					PID: int(row.owningPid),
+				})
+			} else {
+				connections = append(connections, &socket.ConnectionInfo{
+					Local: socket.Address{
+						IP:   convertIPv4(row.localAddr),
+						Port: uint16(row.localPort>>8 | row.localPort<<8),
+					},
+					Remote: socket.Address{
+						IP:   convertIPv4(row.remoteAddr),
+						Port: uint16(row.remotePort>>8 | row.remotePort<<8),
+					},
+					PID: int(row.owningPid),
+				})
+			}
+		}
+
+	case protocol == TCP && ipVersion == IPv6:
+
+		tcpTable := (*iphelperTCP6Table)(unsafe.Pointer(&buf[0]))
+		table := tcpTable.table[:tcpTable.numEntries]
+
+		for _, row := range table {
+			if row.state == iphelperTCPStateListen {
+				binds = append(binds, &socket.BindInfo{
+					Local: socket.Address{
+						IP:   net.IP(row.localAddr[:]),
+						Port: uint16(row.localPort>>8 | row.localPort<<8),
+					},
+					PID: int(row.owningPid),
+				})
+			} else {
+				connections = append(connections, &socket.ConnectionInfo{
+					Local: socket.Address{
+						IP:   net.IP(row.localAddr[:]),
+						Port: uint16(row.localPort>>8 | row.localPort<<8),
+					},
+					Remote: socket.Address{
+						IP:   net.IP(row.remoteAddr[:]),
+						Port: uint16(row.remotePort>>8 | row.remotePort<<8),
+					},
+					PID: int(row.owningPid),
+				})
+			}
+		}
+
+	case protocol == UDP && ipVersion == IPv4:
+
+		udpTable := (*iphelperUDPTable)(unsafe.Pointer(&buf[0]))
+		table := udpTable.table[:udpTable.numEntries]
+
+		for _, row := range table {
+			binds = append(binds, &socket.BindInfo{
+				Local: socket.Address{
+					IP:   convertIPv4(row.localAddr),
+					Port: uint16(row.localPort>>8 | row.localPort<<8),
+				},
+				PID: int(row.owningPid),
+			})
+		}
+
+	case protocol == UDP && ipVersion == IPv6:
+
+		udpTable := (*iphelperUDP6Table)(unsafe.Pointer(&buf[0]))
+		table := udpTable.table[:udpTable.numEntries]
+
+		for _, row := range table {
+			binds = append(binds, &socket.BindInfo{
+				Local: socket.Address{
+					IP:   net.IP(row.localAddr[:]),
+					Port: uint16(row.localPort>>8 | row.localPort<<8),
+				},
+				PID: int(row.owningPid),
+			})
+		}
+
+	}
+
+	return connections, binds, nil
+}
+
+func convertIPv4(input uint32) net.IP {
+	addressBuf := make([]byte, 4)
+	binary.BigEndian.PutUint32(addressBuf, input)
+	return net.IP(addressBuf)
+}

network/iphelper/tables_test.go

@@ -0,0 +1,54 @@
+// +build windows
+
+package iphelper
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestSockets(t *testing.T) {
+	connections, listeners, err := GetTCP4Table()
+	if err != nil {
+		t.Fatal(err)
+	}
+	fmt.Println("\nTCP 4 connections:")
+	for _, connection := range connections {
+		fmt.Printf("%+v\n", connection)
+	}
+	fmt.Println("\nTCP 4 listeners:")
+	for _, listener := range listeners {
+		fmt.Printf("%+v\n", listener)
+	}
+
+	connections, listeners, err = GetTCP6Table()
+	if err != nil {
+		t.Fatal(err)
+	}
+	fmt.Println("\nTCP 6 connections:")
+	for _, connection := range connections {
+		fmt.Printf("%+v\n", connection)
+	}
+	fmt.Println("\nTCP 6 listeners:")
+	for _, listener := range listeners {
+		fmt.Printf("%+v\n", listener)
+	}
+
+	binds, err := GetUDP4Table()
+	if err != nil {
+		t.Fatal(err)
+	}
+	fmt.Println("\nUDP 4 binds:")
+	for _, bind := range binds {
+		fmt.Printf("%+v\n", bind)
+	}
+
+	binds, err = GetUDP6Table()
+	if err != nil {
+		t.Fatal(err)
+	}
+	fmt.Println("\nUDP 6 binds:")
+	for _, bind := range binds {
+		fmt.Printf("%+v\n", bind)
+	}
+}

network/iphelper/test/main.go

@@ -0,0 +1,62 @@
+// +build windows
+
+package main
+
+import (
+	"fmt"
+
+	"github.com/safing/portmaster/process/iphelper"
+)
+
+func main() {
+	iph, err := iphelper.New()
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Printf("TCP4\n")
+	conns, lConns, err := iph.GetTables(iphelper.TCP, iphelper.IPv4)
+	if err != nil {
+		panic(err)
+	}
+	fmt.Printf("Connections:\n")
+	for _, conn := range conns {
+		fmt.Printf("%s\n", conn)
+	}
+	fmt.Printf("Listeners:\n")
+	for _, conn := range lConns {
+		fmt.Printf("%s\n", conn)
+	}
+
+	fmt.Printf("\nTCP6\n")
+	conns, lConns, err = iph.GetTables(iphelper.TCP, iphelper.IPv6)
+	if err != nil {
+		panic(err)
+	}
+	fmt.Printf("Connections:\n")
+	for _, conn := range conns {
+		fmt.Printf("%s\n", conn)
+	}
+	fmt.Printf("Listeners:\n")
+	for _, conn := range lConns {
+		fmt.Printf("%s\n", conn)
+	}
+
+	fmt.Printf("\nUDP4\n")
+	_, lConns, err = iph.GetTables(iphelper.UDP, iphelper.IPv4)
+	if err != nil {
+		panic(err)
+	}
+	for _, conn := range lConns {
+		fmt.Printf("%s\n", conn)
+	}
+
+	fmt.Printf("\nUDP6\n")
+	_, lConns, err = iph.GetTables(iphelper.UDP, iphelper.IPv6)
+	if err != nil {
+		panic(err)
+	}
+	for _, conn := range lConns {
+		fmt.Printf("%s\n", conn)
+	}
+}