Date: Wed, 2 Mar 2011 22:20:39 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Dirk Engling <erdgeist@erdgeist.org> Cc: freebsd-hackers@freebsd.org Subject: Re: Detecting listening servers in multi-ip jails Message-ID: <20110302221932.T13400@maildrop.int.zabbadoz.net> In-Reply-To: <4D5AC7F1.7020501@erdgeist.org> References: <4D5AC7F1.7020501@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Feb 2011, Dirk Engling wrote:
> Hello,
>
> until jails could be bound to several ip addresses, my convenience
> feature in ezjail to check for and warn about listening services in the
> host system and other jails worked simply by asking:
>
> listeners_ip=`sockstat -4 -l | grep "${ip}:[[:digit:]]"`
> listeners_all=`sockstat -4 -l | grep "*:[[:digit:]]"`
>
> Now where ip adresses are not rewritten on listen() calls anymore,
> services in jails can bind to 0.0.0.0 as well and will match the latter,
> although they don't really cause the trouble I want to warn users about
> (unless, of course the jail really is bound to the same ip address and
> the service then binds to 0.0.0.0).
>
> Now I can, using "nc -z", test if the service really listens. That
> allows me to filter and only report those services that actually
> respond. However, this is far from clean.
>
> Are there other ways to relibly test for listening services on any port
> for a given ip address?
get the pid and use a cross-check on the process; there is no easy
way do it otherwise currently unless you write your own extensions
needing kvm.
/bz
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110302221932.T13400>