Date: Wed, 2 Mar 2011 22:20:39 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Dirk Engling <erdgeist@erdgeist.org> Cc: freebsd-hackers@freebsd.org Subject: Re: Detecting listening servers in multi-ip jails Message-ID: <20110302221932.T13400@maildrop.int.zabbadoz.net> In-Reply-To: <4D5AC7F1.7020501@erdgeist.org> References: <4D5AC7F1.7020501@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Feb 2011, Dirk Engling wrote: > Hello, > > until jails could be bound to several ip addresses, my convenience > feature in ezjail to check for and warn about listening services in the > host system and other jails worked simply by asking: > > listeners_ip=`sockstat -4 -l | grep "${ip}:[[:digit:]]"` > listeners_all=`sockstat -4 -l | grep "*:[[:digit:]]"` > > Now where ip adresses are not rewritten on listen() calls anymore, > services in jails can bind to 0.0.0.0 as well and will match the latter, > although they don't really cause the trouble I want to warn users about > (unless, of course the jail really is bound to the same ip address and > the service then binds to 0.0.0.0). > > Now I can, using "nc -z", test if the service really listens. That > allows me to filter and only report those services that actually > respond. However, this is far from clean. > > Are there other ways to relibly test for listening services on any port > for a given ip address? get the pid and use a cross-check on the process; there is no easy way do it otherwise currently unless you write your own extensions needing kvm. /bz -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110302221932.T13400>