Jails and IP Aliasing
Mel
fbsd.questions at rachie.is-a-geek.net
Tue Jul 8 19:50:29 UTC 2008
On Tuesday 08 July 2008 11:24:33 Mel wrote:
> On Monday 07 July 2008 18:51:33 David Allen wrote:
> > Granted, everything is really happening over the loopback address, but a
> > connection originating from the jailhost to a jail should appear to be
> > using the jailhost's IP address, or so I'd like to think. If it doesn't,
> > then the scenario is awkward at best when trying to understand or debug
> > issues.
>
> To debug this, you need to 'add jail support to sockstat'. This sounds
> hard, and it is
It's actually not that hard, though it stretches the output width. Diff
inlined below sig, for RELENG_7.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Index: sockstat.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/sockstat/sockstat.c,v
retrieving revision 1.17
diff -u -r1.17 sockstat.c
--- sockstat.c 16 Jun 2007 20:24:55 -0000 1.17
+++ sockstat.c 8 Jul 2008 19:40:11 -0000
@@ -94,6 +94,11 @@
struct sock *next;
};
+struct procinfo {
+ const char *procname;
+ int jid;
+};
+
#define HASHSIZE 1009
static struct sock *sockhash[HASHSIZE];
@@ -513,13 +518,16 @@
return xprintf("%s:%d", addrstr, port);
}
-static const char *
-getprocname(pid_t pid)
+static int
+getprocinfo(pid_t pid, struct procinfo *pi_ptr)
{
static struct kinfo_proc proc;
size_t len;
int mib[4];
+ if( pi_ptr == NULL )
+ return -1;
+
mib[0] = CTL_KERN;
mib[1] = KERN_PROC;
mib[2] = KERN_PROC_PID;
@@ -529,9 +537,12 @@
/* Do not warn if the process exits before we get its name. */
if (errno != ESRCH)
warn("sysctl()");
- return ("??");
+ return -1;
}
- return (proc.ki_comm);
+ pi_ptr->procname = proc.ki_comm;
+ pi_ptr->jid = proc.ki_jid;
+
+ return (0);
}
static int
@@ -564,11 +575,12 @@
struct passwd *pwd;
struct xfile *xf;
struct sock *s;
+ struct procinfo pi;
void *p;
int hash, n, pos;
- printf("%-8s %-10s %-5s %-2s %-6s %-21s %-21s\n",
- "USER", "COMMAND", "PID", "FD", "PROTO",
+ printf("%-8s %-10s %-5s %-5s %-2s %-6s %-21s %-21s\n",
+ "USER", "COMMAND", "PID", "JID", "FD", "PROTO",
"LOCAL ADDRESS", "FOREIGN ADDRESS");
setpassent(1);
for (xf = xfiles, n = 0; n < nxfiles; ++n, ++xf) {
@@ -583,33 +595,41 @@
if (!check_ports(s))
continue;
pos = 0;
+ if( -1 == getprocinfo(xf->xf_pid, &pi) )
+ {
+ pi.procname = "??";
+ pi.jid = -1;
+ }
if ((pwd = getpwuid(xf->xf_uid)) == NULL)
pos += xprintf("%lu", (u_long)xf->xf_uid);
else
pos += xprintf("%s", pwd->pw_name);
while (pos < 9)
pos += xprintf(" ");
- pos += xprintf("%.10s", getprocname(xf->xf_pid));
+ pos += xprintf("%.10s", pi.procname);
while (pos < 20)
pos += xprintf(" ");
pos += xprintf("%lu", (u_long)xf->xf_pid);
while (pos < 26)
pos += xprintf(" ");
+ pos += xprintf("%u", pi.jid);
+ while (pos < 32)
+ pos += xprintf(" ");
pos += xprintf("%d", xf->xf_fd);
- while (pos < 29)
+ while (pos < 35)
pos += xprintf(" ");
pos += xprintf("%s", s->protoname);
if (s->vflag & INP_IPV4)
pos += xprintf("4");
if (s->vflag & INP_IPV6)
pos += xprintf("6");
- while (pos < 36)
+ while (pos < 42)
pos += xprintf(" ");
switch (s->family) {
case AF_INET:
case AF_INET6:
pos += printaddr(s->family, &s->laddr);
- while (pos < 58)
+ while (pos < 64)
pos += xprintf(" ");
pos += printaddr(s->family, &s->faddr);
break;
More information about the freebsd-questions
mailing list