From owner-freebsd-hackers@freebsd.org  Thu Feb 21 22:40:20 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BFC1214F4231
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Thu, 21 Feb 2019 22:40:20 +0000 (UTC)
 (envelope-from woodsb02@gmail.com)
Received: from mail-ua1-x942.google.com (mail-ua1-x942.google.com
 [IPv6:2607:f8b0:4864:20::942])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 826016AEF3;
 Thu, 21 Feb 2019 22:40:19 +0000 (UTC)
 (envelope-from woodsb02@gmail.com)
Received: by mail-ua1-x942.google.com with SMTP id e16so198417uam.12;
 Thu, 21 Feb 2019 14:40:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=fbfNhkbEFxd0fwaoz8+eb6291mrXEC8N45I39bx5hZ4=;
 b=N5Z9RevXnLU+wCMTHWoR6mdBJG05jt2tdwxKr09FadIY6oXB4JlEjN84fnrqOCFhFJ
 Vm8y7foLdWB2NaEHMG14Ex0PwgJl4nxujT+8Kqy8ndoqn0iUIgZJkl33RYwrohgLW4oQ
 ZlZTCkaM12XAd7KLgFDraDMVhgfpvumEHuo9XvChIOa0AovpuWwac3qdA0gB5//0RXPZ
 WfhNUYcPbAID9ac9gqxc7S6Y/3AatneNaoefmgYXjT0kasBCYJkQVOUMhGdnsaox5O1i
 ujcsuwy8XwBjZnq2F4+P6P2IKpUDYAb7n4F5il9aBaHCzcqULJ5ZnY6Qkq66fRaU5JB5
 QBHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=fbfNhkbEFxd0fwaoz8+eb6291mrXEC8N45I39bx5hZ4=;
 b=WTkV0fEuax3DtLKkZWo30nXeK3M03i2F+2vsBdA8HRDSJ9J6D2IbRIyHH6sQzkNJk0
 LVJVUR0BEZEXRFdvikOHAHkSBbm+GiOwJya428zgNmIDteQwYfAygjK2TslpEqx8hmWN
 vI9P5tVqcTDBNHjHS6FCFHxOyqvEMWyR5jh4Kk1WIYvCSk3jCXo2c6HGWkpDAQUnfEWk
 jmDh6LmCnvgMshmyD9xDOdO2qFp00EMEQ19bISoyy6WkC74/NF6vR0HiKi2xqbAeAdC4
 o+ZjXvcROBeUEtSohXo55uwaETkOk9JgooqcxVwrYdK894hrvicGAVZUaV3cx70RMoUp
 fjGw==
X-Gm-Message-State: AHQUAuZrpZBJlbQGGlfwc/A0z+FylRBDzcQSioq7bjpgXGtWSnCh/HWD
 EGoPSjXap250c+xgSczHz1NnyyUlJf3MY/DGNWeeBw==
X-Google-Smtp-Source: AHgI3IZ6jKK12nqrth3btgnckB7q1WM1025cuvAFZhuX2xYOu/ScoQTF4NRIcLiv3O/TZ770MAlhFuiUvlDy/7vHWDk=
X-Received: by 2002:a67:b145:: with SMTP id z5mr551297vsl.53.1550788818703;
 Thu, 21 Feb 2019 14:40:18 -0800 (PST)
MIME-Version: 1.0
References: <1550610819543-0.post@n6.nabble.com>
 <CAOjFWZ7kJoa-_EVBrLUwLrs9J7ERWqkRf4bZh_giQ4-NRrGS_w@mail.gmail.com>
 <7b44b3ce-9b96-e91b-b9ca-57100c784db7@sentex.net>
 <20190219220404.GA1668@troutmask.apl.washington.edu>
 <1550671337578-0.post@n6.nabble.com>
 <877baa2abd2c062a389b88e66dd67f1fba032e93.camel@freebsd.org>
In-Reply-To: <877baa2abd2c062a389b88e66dd67f1fba032e93.camel@freebsd.org>
From: Ben Woods <woodsb02@gmail.com>
Date: Fri, 22 Feb 2019 06:40:07 +0800
Message-ID: <CAOc73CAGubH69_2JSjk-+8AuR0mFRoMfcGjoJe3xJ6V_HG-doA@mail.gmail.com>
Subject: Re: userland process rpc.lockd opens untraceable ports...is something
 wrong here?
To: Ian Lepore <ian@freebsd.org>
Cc: BBlister <bblister@gmail.com>, freebsd-hackers@freebsd.org
X-Rspamd-Queue-Id: 826016AEF3
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=N5Z9RevX;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of woodsb02@gmail.com designates
 2607:f8b0:4864:20::942 as permitted sender) smtp.mailfrom=woodsb02@gmail.com
X-Spamd-Result: default: False [-2.03 / 15.00]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com];
 FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.978,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3]; NEURAL_SPAM_SHORT(0.02)[0.019,0];
 NEURAL_HAM_LONG(-0.99)[-0.994,0];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 SUBJECT_ENDS_QUESTION(1.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[2.4.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; 
 IP_SCORE(-0.07)[ip: (4.31), ipnet: 2607:f8b0::/32(-2.61), asn: 15169(-1.99),
 country: US(-0.07)]; FREEMAIL_CC(0.00)[gmail.com];
 RCVD_COUNT_TWO(0.00)[2]
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 22:40:21 -0000

On Wed, 20 Feb 2019 at 11:03 pm, Ian Lepore <ian@freebsd.org> wrote:

> On Wed, 2019-02-20 at 07:02 -0700, BBlister wrote:
> > # sockstat | grep -E '874|815'
> > ?        ?          ?     ?  tcp4   *:815                 *:*
> > ?        ?          ?     ?  tcp6   *:874                 *:*
> >
> > rpcinfo -p reports just one port
> > # rpcinfo -p| grep -E '874|815'
> >     100021    0   tcp    815  nlockmgr
> >     100021    1   tcp    815  nlockmgr
> >     100021    3   tcp    815  nlockmgr
> >     100021    4   tcp    815  nlockmgr
> >
>
> The situation here is that the socket is neither opened by nor owned by
> any userland process. The rpc.lockd implementation is split into a
> kernel piece and a userland piece, and much of the work is done in-
> kernel. The in-kernel part of the code contacts the userland daemon
> part for help when it needs to.
>
> So the socket is created by the in-kernel part of lockd, and it is not
> tied to any file descriptor. Tools which report on userland processes
> use file descriptors to associate kernel resources with the processes
> that own them. In this case, it is the kernel itself that owns the
> socket, so it can't be reported as belonging to any userland process.
>
> If you're interested in poking around in the code involved, see
> nlm_server_main() in src/sys/nlm/nlm_prot_impl.c
>
> -- Ian



A similar issue is discussed in this bug report:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212608

My personal opinion is that this is confusing and worrying for users, and a
better user experience would be if sockstat and lsof were able to detail
the owner of these open ports (either just =E2=80=9Ckernel=E2=80=9D or bett=
er yet which
part of the kernel).

I have no idea if this is technically possible or how complicated it is. Is
anyone able to comment on this?

Regards,
Ben
--=20

--
From: Benjamin Woods
woodsb02@gmail.com