Date: Tue, 15 Feb 2011 19:37:37 +0100 From: Dirk Engling <erdgeist@erdgeist.org> To: freebsd-hackers@freebsd.org Subject: Detecting listening servers in multi-ip jails Message-ID: <4D5AC7F1.7020501@erdgeist.org>
next in thread | raw e-mail | index | archive | help
Hello, until jails could be bound to several ip addresses, my convenience feature in ezjail to check for and warn about listening services in the host system and other jails worked simply by asking: listeners_ip=`sockstat -4 -l | grep "${ip}:[[:digit:]]"` listeners_all=`sockstat -4 -l | grep "*:[[:digit:]]"` Now where ip adresses are not rewritten on listen() calls anymore, services in jails can bind to 0.0.0.0 as well and will match the latter, although they don't really cause the trouble I want to warn users about (unless, of course the jail really is bound to the same ip address and the service then binds to 0.0.0.0). Now I can, using "nc -z", test if the service really listens. That allows me to filter and only report those services that actually respond. However, this is far from clean. Are there other ways to relibly test for listening services on any port for a given ip address? Thanks in advance, erdgeist
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D5AC7F1.7020501>