Jails and IP Aliasing

[Mel]

On Tuesday 08 July 2008 11:24:33 Mel wrote:
> On Monday 07 July 2008 18:51:33 David Allen wrote:
> > Granted, everything is really happening over the loopback address, but a
> > connection originating from the jailhost to a jail should appear to be
> > using the jailhost's IP address, or so I'd like to think.  If it doesn't,
> > then the scenario is awkward at best when trying to understand or debug
> > issues.
>
> To debug this, you need to 'add jail support to sockstat'. This sounds
> hard, and it is

It's actually not that hard, though it stretches the output width. Diff 
inlined below sig, for RELENG_7. 

-- 
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.

Index: sockstat.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/sockstat/sockstat.c,v
retrieving revision 1.17
diff -u -r1.17 sockstat.c
--- sockstat.c	16 Jun 2007 20:24:55 -0000	1.17
+++ sockstat.c	8 Jul 2008 19:40:11 -0000
@@ -94,6 +94,11 @@
 	struct sock *next;
 };
 
+struct procinfo {
+	const char *procname;
+	int jid;
+};
+
 #define HASHSIZE 1009
 static struct sock *sockhash[HASHSIZE];
 
@@ -513,13 +518,16 @@
 		return xprintf("%s:%d", addrstr, port);
 }
 
-static const char *
-getprocname(pid_t pid)
+static int
+getprocinfo(pid_t pid, struct procinfo *pi_ptr)
 {
 	static struct kinfo_proc proc;
 	size_t len;
 	int mib[4];
 
+	if( pi_ptr == NULL )
+		return -1;
+
 	mib[0] = CTL_KERN;
 	mib[1] = KERN_PROC;
 	mib[2] = KERN_PROC_PID;
@@ -529,9 +537,12 @@
 		/* Do not warn if the process exits before we get its name. */
 		if (errno != ESRCH)
 			warn("sysctl()");
-		return ("??");
+		return -1;
 	}
-	return (proc.ki_comm);
+	pi_ptr->procname = proc.ki_comm;
+	pi_ptr->jid = proc.ki_jid;
+
+	return (0);
 }
 
 static int
@@ -564,11 +575,12 @@
 	struct passwd *pwd;
 	struct xfile *xf;
 	struct sock *s;
+	struct procinfo pi;
 	void *p;
 	int hash, n, pos;
 
-	printf("%-8s %-10s %-5s %-2s %-6s %-21s %-21s\n",
-	    "USER", "COMMAND", "PID", "FD", "PROTO",
+	printf("%-8s %-10s %-5s %-5s %-2s %-6s %-21s %-21s\n",
+	    "USER", "COMMAND", "PID", "JID", "FD", "PROTO",
 	    "LOCAL ADDRESS", "FOREIGN ADDRESS");
 	setpassent(1);
 	for (xf = xfiles, n = 0; n < nxfiles; ++n, ++xf) {
@@ -583,33 +595,41 @@
 		if (!check_ports(s))
 			continue;
 		pos = 0;
+		if( -1 == getprocinfo(xf->xf_pid, &pi) )
+		{
+			pi.procname = "??";
+			pi.jid = -1;
+		}
 		if ((pwd = getpwuid(xf->xf_uid)) == NULL)
 			pos += xprintf("%lu", (u_long)xf->xf_uid);
 		else
 			pos += xprintf("%s", pwd->pw_name);
 		while (pos < 9)
 			pos += xprintf(" ");
-		pos += xprintf("%.10s", getprocname(xf->xf_pid));
+		pos += xprintf("%.10s", pi.procname);
 		while (pos < 20)
 			pos += xprintf(" ");
 		pos += xprintf("%lu", (u_long)xf->xf_pid);
 		while (pos < 26)
 			pos += xprintf(" ");
+		pos += xprintf("%u", pi.jid);
+		while (pos < 32)
+			pos += xprintf(" ");
 		pos += xprintf("%d", xf->xf_fd);
-		while (pos < 29)
+		while (pos < 35)
 			pos += xprintf(" ");
 		pos += xprintf("%s", s->protoname);
 		if (s->vflag & INP_IPV4)
 			pos += xprintf("4");
 		if (s->vflag & INP_IPV6)
 			pos += xprintf("6");
-		while (pos < 36)
+		while (pos < 42)
 			pos += xprintf(" ");
 		switch (s->family) {
 		case AF_INET:
 		case AF_INET6:
 			pos += printaddr(s->family, &s->laddr);
-			while (pos < 58)
+			while (pos < 64)
 				pos += xprintf(" ");
 			pos += printaddr(s->family, &s->faddr);
 			break;