Date: Wed, 04 Jan 2012 10:54:09 +0200 From: Nikos Vassiliadis <nvass@gmx.com> To: Andrew Hotlab <andrew.hotlab@hotmail.com> Cc: FreeBSD-Jail <freebsd-jail@freebsd.org> Subject: Re: jailed process listening on host addresses Message-ID: <4F0413B1.3040308@gmx.com> In-Reply-To: <DUB112-DS504AD88D198A4E9DA56ABAF6970@phx.gbl> References: <DUB112-DS504AD88D198A4E9DA56ABAF6970@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/4/2012 3:10 AM, Andrew Hotlab wrote: > I noticed a strange behavior some days ago, but I can't say how much > long it have been happening for. Some processes which are running in > different jails on the same host seems to be listening on all host IPs. > Here is an example: > > #sockstat -4l | grep "4 \*:" > root mDNSRespon 69801 3 udp4 *:45258 *:* > root mDNSRespon 69801 4 udp4 *:5353 *:* > root unfsd 69761 3 udp4 *:2049 *:* > root unfsd 69761 4 tcp4 *:2049 *:* > root rpcbind 69703 7 udp4 *:111 *:* > root rpcbind 69703 8 udp4 *:732 *:* > root rpcbind 69703 9 tcp4 *:111 *:* > 921 transmissi 29851 10 udp4 *:* *:* > 931 asterisk 29805 25 udp4 *:* *:* > > > It's happening on several host right now (all are running FreeBSD/amd64 > 8.2-RELEASE-p5), with both UDP and TCP listeners. Any jail is using a > single unicast IP address. I really hope to miss something important... > or should I guess that these processes are "escaping" from the jails?! :S > > Thank very much for any explanation anyone would be so kind to give me. Could you share more about your setup? ifconfig, jls, ps in the jail, commands given to create the jail... I tried to reproduce the problem on a amd64 8.2-RELEASE, without success. > callisto# ifconfig em0 > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> > ether 08:00:27:a0:7a:90 > inet 192.168.73.194 netmask 0xffffff00 broadcast 192.168.73.255 > inet 192.168.73.128 netmask 0xffffff00 broadcast 192.168.73.255 > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > callisto# jail -c name=test persist ip4.addr=192.168.73.128 > callisto# jls > JID IP Address Hostname Path > 2 192.168.73.128 / > callisto# jexec test nc -lu 20000 & > [1] 1130 > callisto# sockstat -4l > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > root nc 1130 3 udp4 192.168.73.128:20000 *:* > root sendmail 857 4 tcp4 127.0.0.1:25 *:* > root sshd 849 4 tcp4 *:22 *:* > root syslogd 561 7 udp4 *:514 *:* Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F0413B1.3040308>