From owner-freebsd-hackers@freebsd.org  Wed Feb 20 15:42:08 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8FCCB14F720B
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Wed, 20 Feb 2019 15:42:08 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9316685BEC
 for <freebsd-hackers@freebsd.org>; Wed, 20 Feb 2019 15:42:07 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA
 id wU0ZgMp8u82YcwU0agzo6x; Wed, 20 Feb 2019 08:42:05 -0700
X-Authority-Analysis: v=2.3 cv=NNSrBHyg c=1 sm=1 tr=0
 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17
 a=IkcTkHD0fZMA:10 a=CFTnQlWoA9kA:10 a=YxBL1-UpAAAA:8 a=pGLkceISAAAA:8
 a=9I5xiGouAAAA:8 a=6I5d2MoRAAAA:8 a=67bvYBd3o6VRA-X7S1AA:9 a=QEXdDO2ut3YA:10
 a=99Hv1CBdQIQA:10 a=Ia-lj3WSrqcvXOmTRaiG:22 a=ARFN2YZ7Uv8kHtb7LS-q:22
 a=IjZwj45LgO3ly-622nXo:22
Received: from android-68f84e02b5988183.esitwifi.local
 (S0106788a207e2972.gv.shawcable.net [70.66.154.233])
 by spqr.komquats.com (Postfix) with ESMTPSA id 0A47491C;
 Wed, 20 Feb 2019 07:42:03 -0800 (PST)
Date: Wed, 20 Feb 2019 07:41:39 -0800
User-Agent: K-9 Mail for Android
In-Reply-To: <3104E48D-B9A8-46F3-BFB9-8E1CB649882E@cschubert.com>
References: <1550610819543-0.post@n6.nabble.com>
 <CAOjFWZ7kJoa-_EVBrLUwLrs9J7ERWqkRf4bZh_giQ4-NRrGS_w@mail.gmail.com>
 <7b44b3ce-9b96-e91b-b9ca-57100c784db7@sentex.net>
 <20190219220404.GA1668@troutmask.apl.washington.edu>
 <1550671337578-0.post@n6.nabble.com>
 <3104E48D-B9A8-46F3-BFB9-8E1CB649882E@cschubert.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: userland process rpc.lockd opens untraceable ports...is something
 wrong here?
To: freebsd-hackers@freebsd.org,BBlister <bblister@gmail.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
Message-ID: <D6E45FB6-D833-4E17-A044-675A4B841EEF@cschubert.com>
X-CMAE-Envelope: MS4wfJs5CaIqTPIeuVjgVk2S387S3GDl6+tJkWaTmWGy1z0d48erIbAAj22FixUMvl6PRV/aF4p/xeGIWcXzVT1emECsT605lydESR5efiWSuRC0btD3CvIt
 G2C9a4t0wajoFQxR0AstStlIr7j+YkXn7zkSIQri7IPoXgprX8sCvarp5Sw5pnh+74L8bvLKNyFtneotsTX/W+j/P32jBDhdGWwaPh6GIlzFYgBp2Qfw7RS+
X-Rspamd-Queue-Id: 9316685BEC
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-4.08 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[233.154.66.70.zen.spamhaus.org :
 127.0.0.11,17.125.67.70.zen.spamhaus.org : 127.0.0.11]; 
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 IP_SCORE(-1.89)[ip: (-4.77), ipnet: 64.59.128.0/20(-2.57), asn: 6327(-2.00),
 country: CA(-0.09)]; MIME_GOOD(-0.10)[text/plain];
 MIME_TRACE(0.00)[0:+]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[cached: spqr.komquats.com];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.99)[-0.987,0];
 R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 SUBJECT_ENDS_QUESTION(1.00)[];
 ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_LAST(0.00)[];
 RCVD_IN_DNSWL_LOW(-0.10)[138.136.59.64.list.dnswl.org : 127.0.5.1]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 15:42:08 -0000

On February 20, 2019 6:56:49 AM PST, Cy Schubert <Cy=2ESchubert@cschubert=
=2Ecom> wrote:
>On February 20, 2019 6:02:17 AM PST, BBlister <bblister@gmail=2Ecom>
>wrote:
>>After one suggestion on the questions list,  I used the rpcinfo -p but
>>this
>>does not print every unknown port=2E For example:
>>
>># netstat -an | grep -E '874|815'=20
>>tcp4       0      0 *=2E815                  *=2E*                  =20
>>LISTEN=20
>>tcp6       0      0 *=2E874                  *=2E*                  =20
>>LISTEN=20
>>
>>sockstat reports ?=20
>># sockstat | grep -E '874|815'=20
>>?        ?          ?     ?  tcp4   *:815                 *:*=20
>>?        ?          ?     ?  tcp6   *:874                 *:*=20
>>
>>rpcinfo -p reports just one port=20
>># rpcinfo -p| grep -E '874|815'=20
>>    100021    0   tcp    815  nlockmgr=20
>>    100021    1   tcp    815  nlockmgr=20
>>    100021    3   tcp    815  nlockmgr=20
>>    100021    4   tcp    815  nlockmgr=20
>>
>>
>>The 874/tcp6 which belongs to rpc=2Elockd does not appear on this list=
=2E=20
>>Is rpcinfo only for IPv4 and if yes,what tool do I use for IPv6 ?=20
>>
>>
>>
>>
>>
>>The grand question is of course, is there any tool to actually locate
>>the
>>processes that open ports and cannot be identified with sockstat?=20
>>
>>The second grand question=2E Why rpc=2Elockd is a different kind of
>process
>>that
>>cannot be located from sockstat? Other RPC processes are found using
>>sockstat, as the following printing shows:
>>
>># rpcinfo -p | grep 2049
>>    100003    2   udp   2049  nfs
>>    100003    3   udp   2049  nfs
>>    100003    2   tcp   2049  nfs
>>    100003    3   tcp   2049  nfs
>>
>>
>>sockstat |grep 2049
>>root     nfsd       41279 5  tcp4   *:2049                *:*
>>root     nfsd       41279 6  tcp6   *:2049                *:*
>>
>>
>>nfs is found using rpcinfo and also using sockstat=2E
>>
>>What rpc=2Elockd does and it is not found=2E After 25 years of sysadmin,=
 I
>>find
>>it very strange for Freebsd to not being able to trace a listening
>port
>>to
>>an executable=2E
>>
>>
>>
>>--
>>Sent from:
>>http://freebsd=2E1045724=2Ex6=2Enabble=2Ecom/freebsd-hackers-f4034256=2E=
html
>>_______________________________________________
>>freebsd-hackers@freebsd=2Eorg mailing list
>>https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-hackers
>>To unsubscribe, send any mail to
>>"freebsd-hackers-unsubscribe@freebsd=2Eorg"
>
>Rpcinfo  displays rpcbind's mapping of RPC program numbers to ports=2E
>
>Sockstat and lsof provide the output you desire=2E Sockstat output below,
>lsof output is too difficult to cut and paste on a phone=2E
>
>3443  4  udp6   *:652                 *:*
>root     rpc=2Estatd  3443  5  tcp6   *:652                 *:*
>root     rpc=2Estatd  3443  6  udp4   *:652                 *:*
>root     rpc=2Estatd  3443  7  tcp4   *:652                 *:*
>
>Your kernel and userland are not in sync=2E

My mistake=2E  This thread is about lockd, not statd=2E
--=20
Pardon the typos and autocorrect, small keyboard in use=2E
Cheers,
Cy Schubert <Cy=2ESchubert@cschubert=2Ecom>
FreeBSD UNIX: <cy@FreeBSD=2Eorg> Web: http://www=2EFreeBSD=2Eorg

	The need of the many outweighs the greed of the few=2E