]> git.saurik.com Git - apple/configd.git/blob - get-network-info
projects / apple / configd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
configd-888.1.2.tar.gz
[apple/configd.git] / get-network-info
1 #!/bin/sh
2
3 #
4 # Copyright © 2015, 2016 Apple Inc.
5 #
6 # get-network-info
7 #
8 # Collect network information.
9 #
10
11 PATH=/bin:/usr/bin:/sbin:/usr/sbin
12
13 # __SETUP_ROUTINES_BEGIN__
14
15 process_opts () {
16
17 for i in $ARGS
18 do
19 case "$i" in
20 -c)
21 COLLECT_CONFIGURATION_FILES="Y"
22 shift
23 ;;
24 -n)
25 COLLECT_NDF_INFO="Y"
26 shift
27 ;;
28 -s)
29 COLLECT_SENSITIVE_INFO="Y"
30 shift
31 ;;
32 --)
33 shift
34 ;;
35 *)
36 REQUESTED_OUTDIR="${i}"
37 shift
38 ;;
39 esac
40 done
41
42 }
43
44 set_root () {
45
46 PRIV=""
47 if [ ${EUID} -ne 0 ]; then
48 PRIV="sudo"
49 fi
50
51 }
52
53 #
54 # Setup
55 #
56 setup () {
57
58 set_root
59 umask 077
60 cd "${REQUESTED_OUTDIR}"
61
62 }
63
64 # __SETUP_ROUTINES_END__
65
66
67 # __COMMAND_ROUTINES_BEGIN__
68
69 # note: the daemons dump to syslog so you need to wait a bit before
70 # capturing the logs.
71 collect_state_dump_sensitive () {
72
73 ${PRIV} /usr/bin/killall -INFO mDNSResponder 2>/dev/null
74
75 sleep 1 &
76
77 }
78
79 #
80 # network interface configuration
81 #
82 run_ifconfig () {
83
84 if [ ! -x /sbin/ifconfig ]; then
85 return
86 fi
87
88 /sbin/ifconfig -a -L -b -m -r -v -v > ifconfig.txt 2>&1
89 if [ $? -ne 0 ]; then
90 /sbin/ifconfig -a > ifconfig.txt 2>&1
91 fi
92
93 }
94
95 #
96 # network route configuration and statistics
97 #
98 run_netstat () {
99
100 if [ ! -x /usr/sbin/netstat ]; then
101 return
102 fi
103
104 echo "#" > netstat.txt
105 echo "# netstat -n -r -a -l" >> netstat.txt
106 echo "#" >> netstat.txt
107 /usr/sbin/netstat -n -r -a -l >> netstat.txt 2>&1
108
109 echo "#" >> netstat.txt
110 echo "# netstat -A -a -l -n -v" >> netstat.txt
111 echo "#" >> netstat.txt
112 /usr/sbin/netstat -A -a -l -n -v >> netstat.txt 2>&1
113
114 echo "#" >> netstat.txt
115 echo "# netstat -s" >> netstat.txt
116 echo "#" >> netstat.txt
117 /usr/sbin/netstat -s >> netstat.txt 2>&1
118
119 echo "#" >> netstat.txt
120 echo "# netstat -rs" >> netstat.txt
121 echo "#" >> netstat.txt
122 /usr/sbin/netstat -rs >> netstat.txt 2>&1
123
124 echo "#" >> netstat.txt
125 echo "# netstat -mmm" >> netstat.txt
126 echo "#" >> netstat.txt
127 /usr/sbin/netstat -mmm >> netstat.txt 2>&1
128
129 echo "#" >> netstat.txt
130 echo "# netstat -i -n -d" >> netstat.txt
131 echo "#" >> netstat.txt
132 /usr/sbin/netstat -i -n -d >> netstat.txt 2>&1
133
134 echo "#" >> netstat.txt
135 echo "# netstat -i -x R" >> netstat.txt
136 echo "#" >> netstat.txt
137 /usr/sbin/netstat -i -x R >> netstat.txt 2>&1
138
139 echo "#" >> netstat.txt
140 echo "# netstat -a -n -p mptcp" >> netstat.txt
141 echo "#" >> netstat.txt
142 /usr/sbin/netstat -anp mptcp >> netstat.txt 2>&1
143
144 echo "#" >> netstat.txt
145 echo "# netstat -s -p mptcp" >> netstat.txt
146 echo "#" >> netstat.txt
147 /usr/sbin/netstat -s -p mptcp >> netstat.txt 2>&1
148
149 echo "#" >> netstat.txt
150 echo "# netstat -g -n -s" >> netstat.txt
151 echo "#" >> netstat.txt
152 /usr/sbin/netstat -g -n -s >> netstat.txt 2>&1
153
154 if [ -x /sbin/ifconfig ]; then
155 for if in ${IF_LIST}
156 do
157 IF_INFO=`/sbin/ifconfig -v ${if}`
158 `echo $IF_INFO | grep -q TXSTART`
159 if [ $? -eq 0 ]; then
160 echo "#" >> netstat.txt
161 echo "# netstat -qq -I ${if}" >> netstat.txt
162 echo "#" >> netstat.txt
163 /usr/sbin/netstat -qq -I ${if} >> netstat.txt 2>&1
164 fi
165 `echo $IF_INFO | grep -q RXPOLL`
166 if [ $? -eq 0 ]; then
167 echo "#" >> netstat.txt
168 echo "# netstat -Q -I ${if}" >> netstat.txt
169 echo "#" >> netstat.txt
170 /usr/sbin/netstat -Q -I ${if} >> netstat.txt 2>&1
171 fi
172 done
173 fi
174
175 }
176
177 #
178 # ndp
179 #
180 run_ndp () {
181
182 if [ ! -x /usr/sbin/ndp ]; then
183 return
184 fi
185
186 echo "#" > ndp-info.txt
187 echo "# ndp -n -a" >> ndp-info.txt
188 echo "#" >> ndp-info.txt
189 /usr/sbin/ndp -n -a >> ndp-info.txt 2>&1
190
191 echo "#" >> ndp-info.txt
192 echo "# ndp -n -p" >> ndp-info.txt
193 echo "#" >> ndp-info.txt
194 /usr/sbin/ndp -n -p >> ndp-info.txt 2>&1
195
196 echo "#" >> ndp-info.txt
197 echo "# ndp -n -r" >> ndp-info.txt
198 echo "#" >> ndp-info.txt
199 /usr/sbin/ndp -n -r >> ndp-info.txt 2>&1
200
201 if [ -x /sbin/ifconfig ]; then
202 for if in ${IF_LIST}
203 do
204 echo "#" >> ndp-info.txt
205 echo "# ndp -i ${if}" >> ndp-info.txt
206 echo "#" >> ndp-info.txt
207 /usr/sbin/ndp -i ${if} >> ndp-info.txt 2>&1
208 done
209 fi
210
211 }
212
213 #
214 # arp
215 #
216 run_arp () {
217
218 if [ ! -x /usr/sbin/arp ]; then
219 return
220 fi
221
222 echo "#" > arp-info.txt
223 echo "# arp -n -a" >> arp-info.txt
224 echo "#" >> arp-info.txt
225 /usr/sbin/arp -n -a >> arp-info.txt 2>&1
226
227 }
228
229 #
230 # DHCP configuration
231 #
232 run_ipconfig () {
233
234 if [ ! -x /usr/sbin/ipconfig ]; then
235 return
236 fi
237
238 for if in ${IF_LIST}
239 do
240 case ${if} in
241 lo* )
242 ;;
243 *)
244 echo "#" >> ipconfig-info.txt
245 echo "# INTERFACE ${if}" >> ipconfig-info.txt
246 echo "#" >> ipconfig-info.txt
247
248 echo "DHCPv4 information:" >> ipconfig-info.txt
249
250 IPCONFIG_INFO=`/usr/sbin/ipconfig getpacket ${if}`
251 if [ "${IPCONFIG_INFO}" != "" ]; then
252 echo "${IPCONFIG_INFO}" >> ipconfig-info.txt
253 else
254 echo "not available" >> ipconfig-info.txt
255 fi
256
257 echo"" >> ipconfig-info.txt
258
259 echo "DHCPv6 information:" >> ipconfig-info.txt
260
261 IPCONFIG_INFO=`/usr/sbin/ipconfig getv6packet ${if}`
262 if [ "${IPCONFIG_INFO}" != "" ]; then
263 echo "${IPCONFIG_INFO}" >> ipconfig-info.txt
264 else
265 echo "not available" >> ipconfig-info.txt
266 fi
267
268 echo"" >> ipconfig-info.txt
269 ;;
270 esac
271 done
272
273 }
274
275 #
276 # IPsec configuration
277 #
278 run_setkey () {
279
280 if [ ! -x /usr/sbin/setkey -o ! -x /usr/bin/perl ]; then
281 return
282 fi
283
284 echo "#" > ipsec.txt
285 echo "# setkey -D" >> ipsec.txt
286 echo "#" >> ipsec.txt
287 ${PRIV} /usr/sbin/setkey -D \
288 | /usr/bin/perl -l -n -e '
289 if (/^(\s+[AE]:\s+\S+\s+)"?(.*)"?\s*$/) {
290 printf "%s[redacted]%s\n", $1, $3;
291 } else {
292 printf "%s\n", $_;
293 }
294 ' >> ipsec.txt
295
296 echo "" >> ipsec.txt
297 echo "#" >> ipsec.txt
298 echo "# setkey -Pp -D" >> ipsec.txt
299 echo "#" >> ipsec.txt
300 ${PRIV} /usr/sbin/setkey -Pp -D >> ipsec.txt
301
302 for CF in /var/run/racoon/*.conf
303 do
304 if [ ! -r "${CF}" ]; then
305 continue
306 fi
307
308 echo "" >> ipsec.txt
309 echo "#" >> ipsec.txt
310 echo "# ${CF}" >> ipsec.txt
311 echo "#" >> ipsec.txt
312 ${PRIV} cat ${CF} \
313 | /usr/bin/perl -l -n -e '
314 if (/^(\s+shared_secret\s+use\s+)"?([^\s;"]+)"?(.*)/) {
315 printf "%s[redacted]%s\n", $1, $3;
316 } else {
317 printf "%s\n", $_;
318 }
319 ' >> ipsec.txt
320 done
321
322 }
323
324 #
325 # Network preferences
326 #
327 collect_configuration_files () {
328
329 for f in \
330 /Library/Preferences/com.apple.networkextension.plist \
331 /Library/Preferences/com.apple.networkextension.control.plist \
332 /Library/Preferences/com.apple.networkextension.necp.plist \
333 /Library/Preferences/SystemConfiguration/com.apple.nat.plist \
334 /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist \
335 /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist \
336 /Library/Preferences/com.apple.mDNSResponder.plist \
337 /Library/Preferences/SystemConfiguration/NetworkInterfaces.plist \
338 /Library/Preferences/SystemConfiguration/preferences.plist \
339
340 do
341 if [ -e "${f}" ]; then
342 b="`basename ${f}`"
343 cat "${f}" > "${b}" 2>&1
344 fi
345 done
346
347 if [ -e /etc/resolv.conf ]; then
348 cat /etc/resolv.conf > etc-resolv-conf.txt 2>&1
349 fi
350 if [ -e /var/run/resolv.conf ]; then
351 cat /var/run/resolv.conf > var-run-resolv-conf.txt 2>&1
352 fi
353 if [ -e /etc/resolver ]; then
354 tar -c -H /etc/resolver > etc-resolver.tar 2>/dev/null
355 fi
356 }
357
358 #
359 # VPN
360 #
361 collect_vpn_logs () {
362
363 for f in \
364 /var/log/vpnd.log \
365 /var/log/racoon.log \
366
367 do
368 if [ -e "${f}" ]; then
369 b="`basename ${f}`"
370 ${PRIV} cat "${f}" > "${b}".txt 2>&1
371 fi
372 done
373 }
374
375 #
376 # Policy
377 #
378 run_neutil () {
379
380 if [ ! -x /usr/local/bin/neutil ]; then
381 return
382 fi
383
384 echo "#" > necp.txt
385 echo "# neutil policy dump" >> necp.txt
386 echo "#" >> necp.txt
387 /usr/local/bin/neutil policy dump >> necp.txt 2>&1
388
389 echo "#" > network-agents.txt
390 echo "# neutil agent dump" >> network-agents.txt
391 echo "#" >> network-agents.txt
392 /usr/local/bin/neutil agent dump >> network-agents.txt 2>&1
393
394 }
395
396 #
397 # Path
398 #
399 run_network_test () {
400
401 if [ ! -x /usr/local/bin/network_test ]; then
402 return
403 fi
404
405 /usr/local/bin/network_test path_watcher > nw_path.txt 2>&1
406
407 }
408
409 #
410 # Network, DNS, Proxy, Reachability, Cache information
411 #
412 run_scutil () {
413
414 if [ ! -x /usr/sbin/scutil ]; then
415 return
416 fi
417
418 echo "#" > network-information.txt
419 echo "# scutil -d -v --nwi" >> network-information.txt
420 echo "#" >> network-information.txt
421 /usr/sbin/scutil -d -v --nwi >> network-information.txt 2>&1
422 for if in ${IF_LIST}
423 do
424 echo "" >> network-information.txt
425 echo "#" >> network-information.txt
426 echo "# scutil --nwi ${if}" >> network-information.txt
427 echo "#" >> network-information.txt
428 scutil --nwi ${if} >> network-information.txt 2>&1
429 done
430
431 echo "#" > dns-configuration.txt
432 echo "# scutil -d -v --dns" >> dns-configuration.txt
433 echo "#" >> dns-configuration.txt
434 /usr/sbin/scutil -d -v --dns >> dns-configuration.txt 2>&1
435
436 echo "#" > proxy-configuration.txt
437 echo "# scutil -d -v --proxy" >> proxy-configuration.txt
438 echo "#" >> proxy-configuration.txt
439 /usr/sbin/scutil -d -v --proxy >> proxy-configuration.txt 2>&1
440
441 echo "#" > reachability-info.txt
442 echo '# scutil -d -v -r www.apple.com' >> reachability-info.txt
443 echo "#" >> reachability-info.txt
444 /usr/sbin/scutil -d -v -r www.apple.com >> reachability-info.txt 2>&1
445
446 echo "#" >> reachability-info.txt
447 echo '# scutil -d -v -r 0.0.0.0' >> reachability-info.txt
448 echo "#" >> reachability-info.txt
449 /usr/sbin/scutil -d -v -r 0.0.0.0 >> reachability-info.txt 2>&1
450
451 echo "#" >> reachability-info.txt
452 echo '# scutil -d -v -r 169.254.0.0' >> reachability-info.txt
453 echo "#" >> reachability-info.txt
454 /usr/sbin/scutil -d -v -r 169.254.0.0 >> reachability-info.txt 2>&1
455
456 echo "#" > nc-info.txt
457 echo '# scutil --nc list' >> nc-info.txt
458 echo "#" >> nc-info.txt
459 /usr/sbin/scutil --nc list >> nc-info.txt 2>&1
460
461 ${PRIV} /usr/sbin/scutil -p --snapshot
462 if [ -f /var/tmp/configd-store.plist ]; then
463 cat /var/tmp/configd-store.plist > configd-store.plist 2>&1
464 fi
465 if [ -f /var/tmp/configd-pattern.plist ]; then
466 cat /var/tmp/configd-pattern.plist > configd-pattern.plist 2>&1
467 fi
468 if [ -f /var/tmp/configd-session.plist ]; then
469 cat /var/tmp/configd-session.plist > configd-session.plist 2>&1
470 fi
471 if [ -f /var/tmp/configd-state ]; then
472 cat /var/tmp/configd-state > configd-state 2>&1
473 fi
474
475 }
476
477 #
478 # route
479 #
480 run_route () {
481
482 if [ ! -x /sbin/route ]; then
483 return
484 fi
485
486 echo "#" > route-info.txt
487 echo '# route -n -v get www.apple.com' >> route-info.txt
488 echo "#" >> route-info.txt
489 /sbin/route -n -v get www.apple.com >> route-info.txt 2>&1
490
491 echo "#" >> route-info.txt
492 echo '# route -n -v get 0.0.0.0' >> route-info.txt
493 echo "#" >> route-info.txt
494 /sbin/route -n -v get 0.0.0.0 >> route-info.txt 2>&1
495
496 }
497
498 #
499 # dig
500 #
501 run_dig () {
502
503 if [ ! -x /usr/bin/dig -o ! -f /etc/resolv.conf ]; then
504 return
505 fi
506
507 echo "#" > dig-info.txt
508 echo '# dig -t any -c any www.apple.com' >> dig-info.txt
509 echo "#" >> dig-info.txt
510 /usr/bin/dig +time=2 -t any -c any www.apple.com >> dig-info.txt 2>/dev/null
511
512 }
513
514 #
515 # hostname
516 #
517 run_hostname () {
518
519 if [ ! -x /bin/hostname ]; then
520 return
521 fi
522
523 /bin/hostname > hostname.txt 2>&1
524
525 }
526
527 #
528 # lsof
529 #
530 run_lsof () {
531
532 if [ ! -x /usr/sbin/lsof ]; then
533 return
534 fi
535
536 ${PRIV} /usr/sbin/lsof -i -n -O -P -T q > lsof.txt 2>&1 &
537 LSOF_PID=$!
538 # start a watchdog for lsof
539 (
540 WAIT_TIME=5
541 while [ $WAIT_TIME -gt 0 ]
542 do
543 ${PRIV} kill -0 ${LSOF_PID} 2>/dev/null
544 if [ $? -eq 0 ]; then
545 # lsof is [still] gathering data...
546 sleep 1
547 WAIT_TIME=$((WAIT_TIME - 1))
548 continue
549 fi
550
551 # lsof completed gathering data
552 break
553 done
554
555 if [ $WAIT_TIME -eq 0 ]; then
556 # lsof timed out
557 ${PRIV} kill ${LSOF_PID} 2>/dev/null
558 fi
559 ) &
560
561 }
562
563 collect_ndf_info () {
564 run_lsof
565 }
566
567 collect_sensitive_info () {
568 collect_state_dump_sensitive
569 run_ndp
570 run_arp
571 run_neutil
572 run_network_test
573 }
574
575 collect_info () {
576
577 if [ "${COLLECT_NDF_INFO}" == "Y" ]; then
578 collect_ndf_info
579 fi
580
581 if [ "${COLLECT_SENSITIVE_INFO}" == "Y" ]; then
582 collect_sensitive_info
583 fi
584
585 run_scutil
586 run_dig
587 run_ifconfig
588 run_netstat
589 run_ipconfig
590 run_setkey
591 collect_vpn_logs
592 run_route
593 run_hostname
594
595 if [ "${COLLECT_CONFIGURATION_FILES}" == "Y" ]; then
596 collect_configuration_files
597 fi
598 }
599
600 # __COMMAND_ROUTINES_END__
601
602 # __HELPER_ROUTINES_BEGIN__
603
604 usage () {
605
606 echo "Usage: get-network-info [-c] [-n] [-s] <info-directory>"
607 echo " -c collects system configuration files"
608 echo " -n collects NDF information (lsof)"
609 echo " -s collects sensitive information (ARP/NDP/mDNS cache)"
610 echo " <info-directory> path to directory where all the information will be collected"
611
612 }
613
614 is_outdir_valid () {
615
616 if [ ! -d ${REQUESTED_OUTDIR} ] ||
617 [ "${REQUESTED_OUTDIR}" = "" ]; then
618 usage
619 exit 1
620 fi
621
622 if [ ! -w ${REQUESTED_OUTDIR} ]; then
623 echo "${REQUESTED_OUTDIR} is write-protected"
624 exit 1
625 fi
626 }
627
628 #
629 # Collect most used command output to be used later
630 #
631 optimize () {
632
633 if [ ! -x /sbin/ifconfig ]; then
634 return
635 fi
636
637 IF_LIST=`/sbin/ifconfig -l`
638
639 }
640
641 init_globals () {
642 REQUESTED_OUTDIR=""
643 COLLECT_SENSITIVE_INFO=""
644 COLLECT_CONFIGURATION_FILES=""
645 }
646
647 # __HELPER_ROUTINES_END__
648
649 #
650 # __MAIN__
651 #
652 ARGS=`getopt cns $*`
653 if [ $? != 0 ]; then
654 usage
655 exit 1
656 fi
657
658 init_globals
659 process_opts
660 is_outdir_valid
661 setup
662 optimize
663 collect_info
664 wait
665
666 exit 0
mirror of configd