33package agentssh
44
55import (
6+ "errors"
67"fmt"
78"os"
89
@@ -11,24 +12,37 @@ import (
1112)
1213
1314func getListeningPortProcessCmdline (port uint32 ) (string ,error ) {
14- tabs , err := netstat . TCPSocks ( func (s * netstat.SockTabEntry )bool {
15+ acceptFn := func (s * netstat.SockTabEntry )bool {
1516return s .LocalAddr != nil && uint32 (s .LocalAddr .Port )== port
16- })
17- if err != nil {
18- return "" ,xerrors .Errorf ("inspect port %d: %w" ,port ,err )
1917}
20- if len (tabs )== 0 {
21- return "" ,nil
18+ tabs4 ,err4 := netstat .TCPSocks (acceptFn )
19+ tabs6 ,err6 := netstat .TCP6Socks (acceptFn )
20+
21+ // In the common case, we want to check ipv4 listening addresses. If this
22+ // fails, we should return an error. We also need to check ipv6. The
23+ // assumption is, if we have an err4, and 0 ipv6 addresses listed, then we are
24+ // interested in the err4 (and vice versa). So return both errors (at least 1
25+ // is non-nil) if the other list is empty.
26+ if (err4 != nil && len (tabs6 )== 0 )|| (err6 != nil && len (tabs4 )== 0 ) {
27+ return "" ,xerrors .Errorf ("inspect port %d: %w" ,port ,errors .Join (err4 ,err6 ))
2228}
2329
24- // Defensive check.
25- if tabs [0 ].Process == nil {
30+ var proc * netstat.Process
31+ if len (tabs4 )> 0 {
32+ proc = tabs4 [0 ].Process
33+ }else if len (tabs6 )> 0 {
34+ proc = tabs6 [0 ].Process
35+ }
36+ if proc == nil {
37+ // Either nothing is listening on this port or we were unable to read the
38+ // process details (permission issues reading /proc/$pid/* potentially).
39+ // Or, perhaps /proc/net/tcp{,6} is not listing the port for some reason.
2640return "" ,nil
2741}
2842
2943// The process name provided by go-netstat does not include the full command
3044// line so grab that instead.
31- pid := tabs [ 0 ]. Process .Pid
45+ pid := proc .Pid
3246data ,err := os .ReadFile (fmt .Sprintf ("/proc/%d/cmdline" ,pid ))
3347if err != nil {
3448return "" ,xerrors .Errorf ("read /proc/%d/cmdline: %w" ,pid ,err )