[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
netstat inet.c inetprint()
- To: tech_(_at_)_OpenBSD_(_dot_)_org
- Subject: netstat inet.c inetprint()
- From: Fabian Kroenner <list-openbsd_(_dot_)_tech_(_at_)_spoiled_(_dot_)_org>
- Date: Thu, 2 Jan 2003 17:15:55 +0000 (UTC)
- Distribution: local
- Organization: spoiled dot org
- Reply-to: Fabian Kroenner <fk_(_at_)_spoiled_(_dot_)_org>
Hi,
when an rpc service dynamically allocates a known port, the following
can happen:
$ netstat -a | grep ^udp
udp 0 0 localhost.2323 *.*
udp 0 0 xxxxx.xxxxx.xxxx.domai *.*
udp 0 0 localhost.domain *.*
udp 0 0 xxxxx.xxxxx.xxxx.netbi *.*
udp 0 0 xxxxx.xxxxx.xxxx.netbi *.*
udp 0 0 *.netbios- *.*
udp 0 0 *.netbios- *.*
udp 0 0 *.bootps *.*
udp 0 0 *.695[nlockmgr] *.*
udp 0 0 *.nfsd *.*
udp 0 0 *.imaps *.*
udp 0 0 localhost.sunrpc *.*
udp 0 0 *.sunrpc *.*
udp 0 0 *.syslog *.*
$ grep imaps /etc/services
imaps 993/tcp # imap4 protocol over TLS/SSL
imaps 993/udp # imap4 protocol over TLS/SSL
$ fstat | grep 993
root mountd 12895 3* internet dgram udp *:993
$
There is no imap service running, as you can see mountd uses port 993.
The following patch against -current changes this behavior. I haven't
tested it well, and i cannot even say that it is 100% correct, but it
does the job for me.
--- usr.bin/netstat/inet.c.orig Thu Jan 2 16:30:28 2003
+++ usr.bin/netstat/inet.c Thu Jan 2 17:48:00 2003
@@ -625,17 +625,17 @@
snprintf(line, sizeof line, "%.*s.", (Aflag && !nflag) ? 12 : 16,
inetname(in));
cp = strchr(line, '\0');
if (!nflag && port)
sp = getservbyport((int)port, proto);
- if (sp || port == 0)
- snprintf(cp, line + sizeof line - cp, "%.8s",
- sp ? sp->s_name : "*");
- else if (local && !nflag && (nam = getrpcportnam(ntohs(port),
+ if (local && !nflag && (nam = getrpcportnam(ntohs(port),
(strcmp(proto, "tcp") == 0 ? IPPROTO_TCP : IPPROTO_UDP))))
snprintf(cp, line + sizeof line - cp, "%d[%.8s]",
ntohs(port), nam);
+ else if (sp || port == 0)
+ snprintf(cp, line + sizeof line - cp, "%.8s",
+ sp ? sp->s_name : "*");
else
snprintf(cp, line + sizeof line - cp, "%d", ntohs(port));
width = Aflag ? 18 : 22;
printf(" %-*.*s", width, width, line);
}
Now the output now looks like this:
$ netstat2 -a | grep ^udp
udp 0 0 localhost.2323 *.*
udp 0 0 kenny.lopht.spoi.domai *.*
udp 0 0 localhost.domain *.*
udp 0 0 kenny.lopht.spoi.netbi *.*
udp 0 0 kenny.lopht.spoi.netbi *.*
udp 0 0 *.netbios- *.*
udp 0 0 *.netbios- *.*
udp 0 0 *.bootps *.*
udp 0 0 *.695[nlockmgr] *.*
udp 0 0 *.2049[nfs] *.*
udp 0 0 *.993[mountd] *.*
udp 0 0 localhost.111[portmapp *.*
udp 0 0 *.111[portmapp] *.*
udp 0 0 *.syslog *.*
$
Caveat: Do to the patch the servicename returned by getrpcportnam()
takes precedence over the name returned by getservbyport().
So 'sunrpc' is now displayed as '[portmapp]', as in:
$ rpcinfo -p 127.0.0.1
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 993 mountd
100005 3 udp 993 mountd
100005 1 tcp 816 mountd
100005 3 tcp 816 mountd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100021 1 udp 695 nlockmgr
100021 3 udp 695 nlockmgr
100021 1 tcp 691 nlockmgr
100021 3 tcp 691 nlockmgr
$
I personally think this is an advantage, but YMMV.
PS: Happy new year!
regards...
fabian
Visit your host, monkey.org