From owner-freebsd-questions@FreeBSD.ORG Tue Jul 8 19:50:29 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 518091065684 for ; Tue, 8 Jul 2008 19:50:29 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id A17B78FC25 for ; Tue, 8 Jul 2008 19:50:28 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id 9350B1CD18; Tue, 8 Jul 2008 11:50:27 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org Date: Tue, 8 Jul 2008 21:50:25 +0200 User-Agent: KMail/1.9.7 References: <2daa8b4e0807070951u607ff031v98b5b96103fdab4@mail.gmail.com> <200807081124.33377.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <200807081124.33377.fbsd.questions@rachie.is-a-geek.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200807082150.26159.fbsd.questions@rachie.is-a-geek.net> Cc: David Allen Subject: Re: Jails and IP Aliasing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2008 19:50:29 -0000 On Tuesday 08 July 2008 11:24:33 Mel wrote: > On Monday 07 July 2008 18:51:33 David Allen wrote: > > Granted, everything is really happening over the loopback address, but a > > connection originating from the jailhost to a jail should appear to be > > using the jailhost's IP address, or so I'd like to think. If it doesn't, > > then the scenario is awkward at best when trying to understand or debug > > issues. > > To debug this, you need to 'add jail support to sockstat'. This sounds > hard, and it is It's actually not that hard, though it stretches the output width. Diff inlined below sig, for RELENG_7. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. Index: sockstat.c =================================================================== RCS file: /home/ncvs/src/usr.bin/sockstat/sockstat.c,v retrieving revision 1.17 diff -u -r1.17 sockstat.c --- sockstat.c 16 Jun 2007 20:24:55 -0000 1.17 +++ sockstat.c 8 Jul 2008 19:40:11 -0000 @@ -94,6 +94,11 @@ struct sock *next; }; +struct procinfo { + const char *procname; + int jid; +}; + #define HASHSIZE 1009 static struct sock *sockhash[HASHSIZE]; @@ -513,13 +518,16 @@ return xprintf("%s:%d", addrstr, port); } -static const char * -getprocname(pid_t pid) +static int +getprocinfo(pid_t pid, struct procinfo *pi_ptr) { static struct kinfo_proc proc; size_t len; int mib[4]; + if( pi_ptr == NULL ) + return -1; + mib[0] = CTL_KERN; mib[1] = KERN_PROC; mib[2] = KERN_PROC_PID; @@ -529,9 +537,12 @@ /* Do not warn if the process exits before we get its name. */ if (errno != ESRCH) warn("sysctl()"); - return ("??"); + return -1; } - return (proc.ki_comm); + pi_ptr->procname = proc.ki_comm; + pi_ptr->jid = proc.ki_jid; + + return (0); } static int @@ -564,11 +575,12 @@ struct passwd *pwd; struct xfile *xf; struct sock *s; + struct procinfo pi; void *p; int hash, n, pos; - printf("%-8s %-10s %-5s %-2s %-6s %-21s %-21s\n", - "USER", "COMMAND", "PID", "FD", "PROTO", + printf("%-8s %-10s %-5s %-5s %-2s %-6s %-21s %-21s\n", + "USER", "COMMAND", "PID", "JID", "FD", "PROTO", "LOCAL ADDRESS", "FOREIGN ADDRESS"); setpassent(1); for (xf = xfiles, n = 0; n < nxfiles; ++n, ++xf) { @@ -583,33 +595,41 @@ if (!check_ports(s)) continue; pos = 0; + if( -1 == getprocinfo(xf->xf_pid, &pi) ) + { + pi.procname = "??"; + pi.jid = -1; + } if ((pwd = getpwuid(xf->xf_uid)) == NULL) pos += xprintf("%lu", (u_long)xf->xf_uid); else pos += xprintf("%s", pwd->pw_name); while (pos < 9) pos += xprintf(" "); - pos += xprintf("%.10s", getprocname(xf->xf_pid)); + pos += xprintf("%.10s", pi.procname); while (pos < 20) pos += xprintf(" "); pos += xprintf("%lu", (u_long)xf->xf_pid); while (pos < 26) pos += xprintf(" "); + pos += xprintf("%u", pi.jid); + while (pos < 32) + pos += xprintf(" "); pos += xprintf("%d", xf->xf_fd); - while (pos < 29) + while (pos < 35) pos += xprintf(" "); pos += xprintf("%s", s->protoname); if (s->vflag & INP_IPV4) pos += xprintf("4"); if (s->vflag & INP_IPV6) pos += xprintf("6"); - while (pos < 36) + while (pos < 42) pos += xprintf(" "); switch (s->family) { case AF_INET: case AF_INET6: pos += printaddr(s->family, &s->laddr); - while (pos < 58) + while (pos < 64) pos += xprintf(" "); pos += printaddr(s->family, &s->faddr); break;