From owner-freebsd-jail@freebsd.org Thu Jan 31 16:28:59 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F46D14AF37B for ; Thu, 31 Jan 2019 16:28:59 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6773295E30 for ; Thu, 31 Jan 2019 16:28:58 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: by mailman.ysv.freebsd.org (Postfix) id 2269A14AF37A; Thu, 31 Jan 2019 16:28:58 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F40AF14AF379 for ; Thu, 31 Jan 2019 16:28:57 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: from mail.michaelwlucas.com (mail.michaelwlucas.com [104.236.197.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8540C95E2F for ; Thu, 31 Jan 2019 16:28:57 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: from mail.michaelwlucas.com (localhost [127.0.0.1]) by mail.michaelwlucas.com (8.15.2/8.15.2) with ESMTP id x0VGSjQB083628 for ; Thu, 31 Jan 2019 11:28:46 -0500 (EST) (envelope-from mwlucas@mail.michaelwlucas.com) Received: (from mwlucas@localhost) by mail.michaelwlucas.com (8.15.2/8.15.2/Submit) id x0VGSjAh083627 for jail@freebsd.org; Thu, 31 Jan 2019 11:28:45 -0500 (EST) (envelope-from mwlucas) Date: Thu, 31 Jan 2019 11:28:45 -0500 From: "Michael W. Lucas" To: jail@freebsd.org Subject: netstat in a jail, 12 vs 13 Message-ID: <20190131162845.GA83592@mail.michaelwlucas.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.2 (mail.michaelwlucas.com [127.0.0.1]); Thu, 31 Jan 2019 11:28:48 -0500 (EST) X-Rspamd-Queue-Id: 8540C95E2F X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [4.24 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.53)[0.527,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[jail@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; MX_GOOD(-0.01)[cached: mail.michaelwlucas.com]; NEURAL_SPAM_LONG(1.00)[0.999,0]; DMARC_NA(0.00)[michaelwlucas.com]; NEURAL_SPAM_MEDIUM(1.00)[0.997,0]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[mwlucas@michaelwlucas.com,mwlucas@mail.michaelwlucas.com]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14061, ipnet:104.236.192.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[mwlucas@michaelwlucas.com,mwlucas@mail.michaelwlucas.com]; IP_SCORE(0.53)[asn: 14061(2.72), country: US(-0.07)] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2019 16:28:59 -0000 Hi, I have a jail that I swap between a 12.0 userland and a -current userland, and I'm looking at network diagnosis tools available to the jail in both. -current jail on -current can see its own network. root@loghost:/var/db/pkg # sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sendmail 37707 4 tcp4 127.0.0.1:25 *:* root sshd 37704 4 tcp4 *:22 *:* root syslogd 37639 6 udp4 *:514 *:* root@loghost:/var/db/pkg # netstat -na -f inet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 127.0.0.1.25 *.* LISTEN tcp4 0 0 *.22 *.* LISTEN udp4 0 0 *.514 *.* 12.0 jail on -current host: root@loghost:~ # sockstat -4 sockstat: struct xinpgen size mismatch root@loghost:~ # netstat -na -f inet netstat: kvm not available: /dev/mem: No such file or directory Some tcp sockets may have been deleted. Some udp sockets may have been deleted. Neither jail has /dev/mem or /dev/kmem access--they have the same jail.conf entry, I literally move the userland directory. It appears that -current netstat/sockstat doesn't need /dev/mem? As a workaround in the non-vnet case, I can use the host's netstat to view open sockets on a 12.0 jail. That doesn't work with vnets, though. Questions: -Does netstat in -current no longer need /dev/mem, or is something else going on? -Is there a way for a jail owner in 12.0 and earlier to view sockets on their jail? Thanks, ==ml -- Michael W. Lucas https://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...