Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 4 Jan 2012 11:41:15 +0100
From:      "Andrew Hotlab" <andrew.hotlab@hotmail.com>
To:        "Nikos Vassiliadis" <nvass@gmx.com>
Cc:        FreeBSD-Jail <freebsd-jail@freebsd.org>
Subject:   Re: jailed process listening on host addresses
Message-ID:  <DUB112-DS661E1961C8FE913F2A372F6970@phx.gbl>
In-Reply-To: <4F0413B1.3040308@gmx.com>
References:  <DUB112-DS504AD88D198A4E9DA56ABAF6970@phx.gbl> <4F0413B1.3040308@gmx.com>

next in thread | previous in thread | raw e-mail | index | archive | help
-----Original Message----- 
From: Nikos Vassiliadis
Sent: Wednesday, January 04, 2012 9:54 AM
To: Andrew Hotlab
Cc: FreeBSD-Jail
Subject: Re: jailed process listening on host addresses

> On 1/4/2012 3:10 AM, Andrew Hotlab wrote:
> > I noticed a strange behavior some days ago, but I can't say how much
> > long it have been happening for. Some processes which are running in
> > different jails on the same host seems to be listening on all host IPs.
> >
> > It's happening on several host right now (all are running FreeBSD/amd64
> > 8.2-RELEASE-p5), with both UDP and TCP listeners. Any jail is using a
> > single unicast IP address. I really hope to miss something important...
> > or should I guess that these processes are "escaping" from the jails?! 
> > :S
> >
>
> Could you share more about your setup?
> ifconfig, jls, ps in the jail, commands given to create the jail...
> I tried to reproduce the problem on a amd64 8.2-RELEASE, without
> success.
>

Thank you Nikos, the following commands are executed on the host:

# ifconfig xl0
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=82009<RXCSUM,VLAN_MTU,WOL_MAGIC,LINKSTATE>
        ether 00:01:02:aa:9f:c2
        inet 172.19.2.48 netmask 0xffffff00 broadcast 172.19.2.255
        inet 172.19.2.49 netmask 0xffffffff broadcast 172.19.2.49
        inet 172.19.2.50 netmask 0xffffffff broadcast 172.19.2.50
        inet 172.19.2.51 netmask 0xffffffff broadcast 172.19.2.51
        inet 172.19.2.52 netmask 0xffffffff broadcast 172.19.2.52
        inet 172.19.2.53 netmask 0xffffffff broadcast 172.19.2.53
        inet 172.19.2.54 netmask 0xffffffff broadcast 172.19.2.54
        inet 172.19.2.55 netmask 0xffffffff broadcast 172.19.2.55
        inet 172.19.2.56 netmask 0xffffffff broadcast 172.19.2.56
        inet 172.19.2.57 netmask 0xffffffff broadcast 172.19.2.57
        inet 172.19.2.58 netmask 0xffffffff broadcast 172.19.2.58
        inet 172.19.2.59 netmask 0xffffffff broadcast 172.19.2.59
        inet 172.19.2.60 netmask 0xffffffff broadcast 172.19.2.60
        inet 172.19.2.61 netmask 0xffffffff broadcast 172.19.2.61
        inet 172.19.2.62 netmask 0xffffffff broadcast 172.19.2.62
        inet 172.19.2.63 netmask 0xffffffff broadcast 172.19.2.63
        media: Ethernet autoselect (100baseTX 
<full-duplex,flowcontrol,rxpause,txpause>)
        status: active

# jls | grep 172.19.2.50
    5  172.19.2.50     rjpbx01            /usr/jails/rjpbx01

# jexec 5 /usr/local/etc/rc.d/asterisk start
Starting asterisk.

# sockstat -4l | grep asterisk
931      asterisk   91780 11 udp4   172.19.2.50:5060      *:*
931      asterisk   91780 12 tcp4   172.19.2.50:2000      *:*
931      asterisk   91780 18 tcp4   172.19.2.50:1720      *:*
931      asterisk   91780 19 udp4   172.19.2.50:2727      *:*
931      asterisk   91780 22 udp4   172.19.2.50:4569      *:*
931      asterisk   91780 23 udp4   *:*                   *:*
931      asterisk   91780 24 udp4   172.19.2.50:4520      *:*


I think there might be a problem with specific processes (in this case, 
asterisk), because if I run several other commands (for example the nc(1) 
you showed me), all is working as expected.
Until now, I noticed this behavior with these processes: unfsd, rpcbind, 
asterisk, transmission-daemon, mDNSResponderPosix.

I'll try to test the same daemons in a jail with another version of FreeBSD 
as soon as possible. I will also verify whether these daemon are really 
listening on all IP addresses, by analyzing some traffic with tcpdump(1).

Andrew




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DUB112-DS661E1961C8FE913F2A372F6970>