Detecting listening servers in multi-ip jails

Bjoern A. Zeeb bzeeb-lists at
Wed Mar 2 22:25:07 UTC 2011

On Tue, 15 Feb 2011, Dirk Engling wrote:

> Hello,
> until jails could be bound to several ip addresses, my convenience
> feature in ezjail to check for and warn about listening services in the
> host system and other jails worked simply by asking:
> listeners_ip=`sockstat -4 -l | grep "${ip}:[[:digit:]]"`
> listeners_all=`sockstat -4 -l | grep "*:[[:digit:]]"`
> Now where ip adresses are not rewritten on listen() calls anymore,
> services in jails can bind to as well and will match the latter,
> although they don't really cause the trouble I want to warn users about
> (unless, of course the jail really is bound to the same ip address and
> the service then binds to
> Now I can, using "nc -z", test if the service really listens. That
> allows me to filter and only report those services that actually
> respond. However, this is far from clean.
> Are there other ways to relibly test for listening services on any port
> for a given ip address?

get the pid and use a cross-check on the process;  there is no easy
way do it otherwise currently unless you write your own extensions
needing kvm.


Bjoern A. Zeeb                                 You have to have visions!
          Stop bit received. Insert coin for new address family.

More information about the freebsd-hackers mailing list