Date: Thu, 31 Jan 2019 11:28:45 -0500 From: "Michael W. Lucas" <mwlucas@michaelwlucas.com> To: jail@freebsd.org Subject: netstat in a jail, 12 vs 13 Message-ID: <20190131162845.GA83592@mail.michaelwlucas.com>
next in thread | raw e-mail | index | archive | help
Hi, I have a jail that I swap between a 12.0 userland and a -current userland, and I'm looking at network diagnosis tools available to the jail in both. -current jail on -current can see its own network. root@loghost:/var/db/pkg # sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sendmail 37707 4 tcp4 127.0.0.1:25 *:* root sshd 37704 4 tcp4 *:22 *:* root syslogd 37639 6 udp4 *:514 *:* root@loghost:/var/db/pkg # netstat -na -f inet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 127.0.0.1.25 *.* LISTEN tcp4 0 0 *.22 *.* LISTEN udp4 0 0 *.514 *.* 12.0 jail on -current host: root@loghost:~ # sockstat -4 sockstat: struct xinpgen size mismatch root@loghost:~ # netstat -na -f inet netstat: kvm not available: /dev/mem: No such file or directory Some tcp sockets may have been deleted. Some udp sockets may have been deleted. Neither jail has /dev/mem or /dev/kmem access--they have the same jail.conf entry, I literally move the userland directory. It appears that -current netstat/sockstat doesn't need /dev/mem? As a workaround in the non-vnet case, I can use the host's netstat to view open sockets on a 12.0 jail. That doesn't work with vnets, though. Questions: -Does netstat in -current no longer need /dev/mem, or is something else going on? -Is there a way for a jail owner in 12.0 and earlier to view sockets on their jail? Thanks, ==ml -- Michael W. Lucas https://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190131162845.GA83592>