From owner-freebsd-hackers@FreeBSD.ORG  Tue Feb 15 18:37:42 2011
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 34EAA1065673
	for <freebsd-hackers@freebsd.org>; Tue, 15 Feb 2011 18:37:42 +0000 (UTC)
	(envelope-from erdgeist@erdgeist.org)
Received: from elektropost.org (elektropost.org [217.13.206.130])
	by mx1.freebsd.org (Postfix) with ESMTP id 75B1F8FC15
	for <freebsd-hackers@freebsd.org>; Tue, 15 Feb 2011 18:37:40 +0000 (UTC)
Received: (qmail 644 invoked from network); 15 Feb 2011 18:37:38 -0000
Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org)
	by elektropost.org with CAMELLIA256-SHA encrypted SMTP;
	15 Feb 2011 18:37:38 -0000
Message-ID: <4D5AC7F1.7020501@erdgeist.org>
Date: Tue, 15 Feb 2011 19:37:37 +0100
From: Dirk Engling <erdgeist@erdgeist.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
	rv:1.9.2.14) Gecko/20110207 Thunderbird/3.1.8
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Detecting listening servers in multi-ip jails
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2011 18:37:42 -0000

Hello,

until jails could be bound to several ip addresses, my convenience
feature in ezjail to check for and warn about listening services in the
host system and other jails worked simply by asking:

listeners_ip=`sockstat -4 -l | grep "${ip}:[[:digit:]]"`
listeners_all=`sockstat -4 -l | grep "*:[[:digit:]]"`

Now where ip adresses are not rewritten on listen() calls anymore,
services in jails can bind to 0.0.0.0 as well and will match the latter,
although they don't really cause the trouble I want to warn users about
(unless, of course the jail really is bound to the same ip address and
the service then binds to 0.0.0.0).

Now I can, using "nc -z", test if the service really listens. That
allows me to filter and only report those services that actually
respond. However, this is far from clean.

Are there other ways to relibly test for listening services on any port
for a given ip address?

Thanks in advance,

  erdgeist