Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Feb 2019 06:40:07 +0800
From:      Ben Woods <woodsb02@gmail.com>
To:        Ian Lepore <ian@freebsd.org>
Cc:        BBlister <bblister@gmail.com>, freebsd-hackers@freebsd.org
Subject:   Re: userland process rpc.lockd opens untraceable ports...is something wrong here?
Message-ID:  <CAOc73CAGubH69_2JSjk-%2B8AuR0mFRoMfcGjoJe3xJ6V_HG-doA@mail.gmail.com>
In-Reply-To: <877baa2abd2c062a389b88e66dd67f1fba032e93.camel@freebsd.org>
References:  <1550610819543-0.post@n6.nabble.com> <CAOjFWZ7kJoa-_EVBrLUwLrs9J7ERWqkRf4bZh_giQ4-NRrGS_w@mail.gmail.com> <7b44b3ce-9b96-e91b-b9ca-57100c784db7@sentex.net> <20190219220404.GA1668@troutmask.apl.washington.edu> <1550671337578-0.post@n6.nabble.com> <877baa2abd2c062a389b88e66dd67f1fba032e93.camel@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 20 Feb 2019 at 11:03 pm, Ian Lepore <ian@freebsd.org> wrote:

> On Wed, 2019-02-20 at 07:02 -0700, BBlister wrote:
> > # sockstat | grep -E '874|815'
> > ?        ?          ?     ?  tcp4   *:815                 *:*
> > ?        ?          ?     ?  tcp6   *:874                 *:*
> >
> > rpcinfo -p reports just one port
> > # rpcinfo -p| grep -E '874|815'
> >     100021    0   tcp    815  nlockmgr
> >     100021    1   tcp    815  nlockmgr
> >     100021    3   tcp    815  nlockmgr
> >     100021    4   tcp    815  nlockmgr
> >
>
> The situation here is that the socket is neither opened by nor owned by
> any userland process. The rpc.lockd implementation is split into a
> kernel piece and a userland piece, and much of the work is done in-
> kernel. The in-kernel part of the code contacts the userland daemon
> part for help when it needs to.
>
> So the socket is created by the in-kernel part of lockd, and it is not
> tied to any file descriptor. Tools which report on userland processes
> use file descriptors to associate kernel resources with the processes
> that own them. In this case, it is the kernel itself that owns the
> socket, so it can't be reported as belonging to any userland process.
>
> If you're interested in poking around in the code involved, see
> nlm_server_main() in src/sys/nlm/nlm_prot_impl.c
>
> -- Ian



A similar issue is discussed in this bug report:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212608

My personal opinion is that this is confusing and worrying for users, and a
better user experience would be if sockstat and lsof were able to detail
the owner of these open ports (either just =E2=80=9Ckernel=E2=80=9D or bett=
er yet which
part of the kernel).

I have no idea if this is technically possible or how complicated it is. Is
anyone able to comment on this?

Regards,
Ben
--=20

--
From: Benjamin Woods
woodsb02@gmail.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOc73CAGubH69_2JSjk-%2B8AuR0mFRoMfcGjoJe3xJ6V_HG-doA>