Logging jid and uid for listen queue overflow? (resend)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 11 Mar 2022 12:21:43 UTC
Hi,
sorry jails@ resend after subscription to net@ to have this mail not rejected.
Any opinion about logging the jid and uid in case a jailed process is
causing listen queue overflows? Any strong objections about committing
something like this?
Code (tabs are most probably mangled up):
---snip---
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index ab8e5d6e1b6..8fba46d7d03 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -699,12 +699,24 @@ sonewconn(struct socket *head, int connstatus)
}
KASSERT(sbuf_len(&descrsb) > 0,
("%s: sbuf creation failed", __func__));
- log(LOG_DEBUG,
- "%s: pcb %p (%s): Listen queue overflow: "
- "%i already in queue awaiting acceptance "
- "(%d occurrences)\n",
- __func__, head->so_pcb, sbuf_data(&descrsb),
- qlen, overcount);
+ if (head->so_cred == 0) {
+ log(LOG_DEBUG,
+ "%s: pcb %p (%s): Listen queue overflow: "
+ "%i already in queue awaiting acceptance "
+ "(%d occurrences)\n",
+ __func__, head->so_pcb, sbuf_data(&descrsb),
+ qlen, overcount);
+ } else {
+ log(LOG_DEBUG, "%s: pcb %p (%s):
Listen queue overflow: "
+ "%i already in queue awaiting acceptance "
+ "(%d occurrences), euid %d, rgid
%d, jail %s\n",
+ __func__, head->so_pcb,
sbuf_data(&descrsb),
+ qlen, overcount,
+ head->so_cred->cr_uid,
head->so_cred->cr_rgid,
+ head->so_cred->cr_prison ?
+ head->so_cred->cr_prison->pr_name :
+ "not_jailed");
+ }
sbuf_delete(&descrsb);
overcount = 0;
---snip---
--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF
--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF