From nobody@FreeBSD.org  Fri Jan 13 12:36:41 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 813EE1065675
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 13 Jan 2012 12:36:41 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 6C39F8FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 13 Jan 2012 12:36:41 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q0DCafYl003886
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 13 Jan 2012 12:36:41 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q0DCafJl003885;
	Fri, 13 Jan 2012 12:36:41 GMT
	(envelope-from nobody)
Message-Id: <201201131236.q0DCafJl003885@red.freebsd.org>
Date: Fri, 13 Jan 2012 12:36:41 GMT
From: Jim Pirzyk <pirzyk@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: sockstat not reporting all open sockets
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         164081
>Category:       bin
>Synopsis:       sockstat(1) not reporting all open sockets
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    jilles
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 13 12:40:09 UTC 2012
>Closed-Date:    Sun Apr 20 19:18:40 UTC 2014
>Last-Modified:  Sun Apr 20 19:18:40 UTC 2014
>Originator:     Jim Pirzyk
>Release:        8.2-RELEASE-p3
>Organization:
>Environment:
FreeBSD amigo.home.pirzyk.org 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:45:57 UTC 2011     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
When using rkhunter one of the FreeBSD specific tests is to compare the output from sockstat with netstat.  The idea is that most rootkits will replace the netstat binary but do not deal with sockstat (since it is FreeBSD specific).  Currently on my machine, netstat is reporting *more* sockets open than sockstat.  One port in particular is port 979, which nlockmgr is running on:

pirzyk@amigo:~/tmp
44>netstat -an | g 979
tcp4       0      0 127.0.0.1.3306         127.0.0.1.47979        TIME_WAIT
tcp4       0      0 *.979                  *.*                    LISTEN
pirzyk@amigo:~/tmp
45>rpcinfo -p | g 979
    100021    0   tcp    979  nlockmgr
    100021    1   tcp    979  nlockmgr
    100021    3   tcp    979  nlockmgr
    100021    4   tcp    979  nlockmgr
pirzyk@amigo:~/tmp
46>sockstat |g 979
pirzyk@amigo:~/tmp
47>

According to the sockstat man page there should be some differences between the two but I believe since port 979 is in LISTEN mode, it should be displayed by sockstat.
>How-To-Repeat:
Simple shell script do to the diff between outputs:

#!/bin/sh

sockstat | awk 'NF == 7 { print $6 } NF == 8 {print $7}' |grep '[:.][0-9][0-9]*$' | sed -e 's/^.*[:.]\([0-9]*\)$/\1/' | sort | uniq > sockstat.out

netstat -an |  awk '{ print $4 }' |grep '[:.][0-9][0-9]*$' | sed -e 's/^.*[:.]\([0-9]*\)$/\1/' | sort | uniq > netstat.out

diff -Nru netstat.out sockstat.out
>Fix:


>Release-Note:
>Audit-Trail:

From: Jilles Tjoelker <jilles@stack.nl>
To: bug-followup@FreeBSD.org, pirzyk@FreeBSD.org
Cc:  
Subject: Re: bin/164081: sockstat not reporting all open sockets
Date: Sat, 14 Jan 2012 01:03:34 +0100

 > [netstat reports sockets that sockstat does not]
 
 The sockstat utility checks all file descriptors open by all processes
 looking for sockets, while netstat shows all kernel-level sockets. This
 may mismatch in many ways: a process may have closed its descriptor but
 TCP still needs to maintain some state like TIME_WAIT (as mentioned in
 the sockstat(1) man page), multiple descriptors may exist for a single
 socket and kernel code (like nlockmgr) may use the socket(9) API
 directly so there is no descriptor. However, any socket file descriptor
 shown by sockstat must correspond to a kernel-level socket shown by
 netstat.
 
 This does appear to be intended, although it is surprising and not
 documented very well.
 
 -- 
 Jilles Tjoelker

From: Jim Pirzyk <pirzyk@FreeBSD.org>
To: Jilles Tjoelker <jilles@stack.nl>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/164081: sockstat not reporting all open sockets
Date: Tue, 17 Jan 2012 08:13:59 -0500

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
 So maybe in light of that, we should change this ticket to update the =
 man page to document this case too?
 
 - - JimP
 
 On Jan 13, 2012, at 7:03 PM, Jilles Tjoelker wrote:
 
 >> [netstat reports sockets that sockstat does not]
 >=20
 > The sockstat utility checks all file descriptors open by all processes
 > looking for sockets, while netstat shows all kernel-level sockets. =
 This
 > may mismatch in many ways: a process may have closed its descriptor =
 but
 > TCP still needs to maintain some state like TIME_WAIT (as mentioned in
 > the sockstat(1) man page), multiple descriptors may exist for a single
 > socket and kernel code (like nlockmgr) may use the socket(9) API
 > directly so there is no descriptor. However, any socket file =
 descriptor
 > shown by sockstat must correspond to a kernel-level socket shown by
 > netstat.
 >=20
 > This does appear to be intended, although it is surprising and not
 > documented very well.
 >=20
 > --=20
 > Jilles Tjoelker
 
 - --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $
     __o  jim@pirzyk.org =
 --------------------------------------------------
  _'\<,_
 (*)/ (*) I'd rather be out biking.
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (Darwin)
 
 iFcDBQFPFXQXUQdE3d8ckhQRCP3wAPsEXLol7rjYJ9MQAHrjGZY7t6eKpG8NV5NV
 o6kWM0DGRwEA1EgXqSlVwl2maY0bnnYz502rT6WZE6V2r+gA5QOM4S8=3D
 =3DrilP
 -----END PGP SIGNATURE-----

From: Jilles Tjoelker <jilles@stack.nl>
To: Jim Pirzyk <pirzyk@FreeBSD.org>, des@FreeBSD.org
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/164081: sockstat not reporting all open sockets
Date: Sun, 22 Jan 2012 23:01:30 +0100

 On Tue, Jan 17, 2012 at 08:13:59AM -0500, Jim Pirzyk wrote:
 > On Jan 13, 2012, at 7:03 PM, Jilles Tjoelker wrote:
 
 > >> [netstat reports sockets that sockstat does not]
 
 > > The sockstat utility checks all file descriptors open by all processes
 > > looking for sockets, while netstat shows all kernel-level sockets. This
 > > may mismatch in many ways: a process may have closed its descriptor but
 > > TCP still needs to maintain some state like TIME_WAIT (as mentioned in
 > > the sockstat(1) man page), multiple descriptors may exist for a single
 > > socket and kernel code (like nlockmgr) may use the socket(9) API
 > > directly so there is no descriptor. However, any socket file descriptor
 > > shown by sockstat must correspond to a kernel-level socket shown by
 > > netstat.
 
 > > This does appear to be intended, although it is surprising and not
 > > documented very well.
 
 > So maybe in light of that, we should change this ticket to update the
 > man page to document this case too?
 
 I looked in the code and tried to make sockstat show sockets that are
 not associated with any open file. This turned out to be fairly easy.
 
 I have tested this on 10-current and 8-stable. On 8-stable there will be
 a conflict in sockstat.1 which can safely be ignored (it is because
 r200779 was not MFCed).
 
 On a machine that runs UDP nfsd it adds at least two lines to the
 output:
 
 ?        ?          ?     ?  udp6   *:2049                *:*
 ?        ?          ?     ?  udp4   *:2049                *:*
 
 DES, what do you think of this?
 
 Index: usr.bin/sockstat/sockstat.1
 ===================================================================
 --- usr.bin/sockstat/sockstat.1	(revision 230388)
 +++ usr.bin/sockstat/sockstat.1	(working copy)
 @@ -136,20 +136,6 @@
  The address the foreign end of the socket is bound to (see
  .Xr getpeername 2 ) .
  .El
 -.Pp
 -Note that TCP sockets in the
 -.Dv AF_INET
 -or
 -.Dv AF_INET6
 -domains that are not in one of the
 -.Dv LISTEN , SYN_SENT ,
 -or
 -.Dv ESTABLISHED
 -states may not be shown by
 -.Nm ;
 -use
 -.Xr netstat 1
 -to examine them instead.
  .Sh SEE ALSO
  .Xr fstat 1 ,
  .Xr netstat 1 ,
 @@ -167,10 +153,3 @@
  .Nm
  command and this manual page were written by
  .An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
 -.Sh BUGS
 -Unlike
 -.Xr netstat 1 ,
 -.Nm
 -lists sockets by walking file descriptor tables and will not output
 -the ones owned by the kernel, e.g. NLM sockets created by
 -.Xr rpc.lockd 8 .
 Index: usr.bin/sockstat/sockstat.c
 ===================================================================
 --- usr.bin/sockstat/sockstat.c	(revision 230388)
 +++ usr.bin/sockstat/sockstat.c	(working copy)
 @@ -86,6 +86,7 @@
  struct sock {
  	void *socket;
  	void *pcb;
 +	int shown;
  	int vflag;
  	int family;
  	int proto;
 @@ -571,12 +572,67 @@
  }
  
  static void
 +displaysock(struct sock *s, int pos)
 +{
 +	void *p;
 +	int hash;
 +
 +	while (pos < 29)
 +		pos += xprintf(" ");
 +	pos += xprintf("%s", s->protoname);
 +	if (s->vflag & INP_IPV4)
 +		pos += xprintf("4 ");
 +	if (s->vflag & INP_IPV6)
 +		pos += xprintf("6 ");
 +	while (pos < 36)
 +		pos += xprintf(" ");
 +	switch (s->family) {
 +	case AF_INET:
 +	case AF_INET6:
 +		pos += printaddr(s->family, &s->laddr);
 +		if (s->family == AF_INET6 && pos >= 58)
 +			pos += xprintf(" ");
 +		while (pos < 58)
 +			pos += xprintf(" ");
 +		pos += printaddr(s->family, &s->faddr);
 +		break;
 +	case AF_UNIX:
 +		/* server */
 +		if (s->laddr.ss_len > 0) {
 +			pos += printaddr(s->family, &s->laddr);
 +			break;
 +		}
 +		/* client */
 +		p = *(void **)&s->faddr;
 +		if (p == NULL) {
 +			pos += xprintf("(not connected)");
 +			break;
 +		}
 +		pos += xprintf("-> ");
 +		for (hash = 0; hash < HASHSIZE; ++hash) {
 +			for (s = sockhash[hash]; s != NULL; s = s->next)
 +				if (s->pcb == p)
 +					break;
 +			if (s != NULL)
 +				break;
 +		}
 +		if (s == NULL || s->laddr.ss_len == 0)
 +			pos += xprintf("??");
 +		else
 +			pos += printaddr(s->family, &s->laddr);
 +		break;
 +	default:
 +		abort();
 +	}
 +	xprintf("\n");
 +}
 +
 +static void
  display(void)
  {
  	struct passwd *pwd;
  	struct xfile *xf;
  	struct sock *s;
 -	void *p;
  	int hash, n, pos;
  
  	printf("%-8s %-10s %-5s %-2s %-6s %-21s %-21s\n",
 @@ -594,6 +650,7 @@
  			continue;
  		if (!check_ports(s))
  			continue;
 +		s->shown = 1;
  		pos = 0;
  		if ((pwd = getpwuid(xf->xf_uid)) == NULL)
  			pos += xprintf("%lu ", (u_long)xf->xf_uid);
 @@ -608,54 +665,19 @@
  		while (pos < 26)
  			pos += xprintf(" ");
  		pos += xprintf("%d ", xf->xf_fd);
 -		while (pos < 29)
 -			pos += xprintf(" ");
 -		pos += xprintf("%s", s->protoname);
 -		if (s->vflag & INP_IPV4)
 -			pos += xprintf("4 ");
 -		if (s->vflag & INP_IPV6)
 -			pos += xprintf("6 ");
 -		while (pos < 36)
 -			pos += xprintf(" ");
 -		switch (s->family) {
 -		case AF_INET:
 -		case AF_INET6:
 -			pos += printaddr(s->family, &s->laddr);
 -			if (s->family == AF_INET6 && pos >= 58)
 -				pos += xprintf(" ");
 -			while (pos < 58)
 -				pos += xprintf(" ");
 -			pos += printaddr(s->family, &s->faddr);
 -			break;
 -		case AF_UNIX:
 -			/* server */
 -			if (s->laddr.ss_len > 0) {
 -				pos += printaddr(s->family, &s->laddr);
 -				break;
 -			}
 -			/* client */
 -			p = *(void **)&s->faddr;
 -			if (p == NULL) {
 -				pos += xprintf("(not connected)");
 -				break;
 -			}
 -			pos += xprintf("-> ");
 -			for (hash = 0; hash < HASHSIZE; ++hash) {
 -				for (s = sockhash[hash]; s != NULL; s = s->next)
 -					if (s->pcb == p)
 -						break;
 -				if (s != NULL)
 -					break;
 -			}
 -			if (s == NULL || s->laddr.ss_len == 0)
 -				pos += xprintf("??");
 -			else
 -				pos += printaddr(s->family, &s->laddr);
 -			break;
 -		default:
 -			abort();
 +		displaysock(s, pos);
 +	}
 +	for (hash = 0; hash < HASHSIZE; hash++) {
 +		for (s = sockhash[hash]; s != NULL; s = s->next) {
 +			if (s->shown)
 +				continue;
 +			if (!check_ports(s))
 +				continue;
 +			pos = 0;
 +			pos += xprintf("%-8s %-10s %-5s %-2s ",
 +			    "?", "?", "?", "?");
 +			displaysock(s, pos);
  		}
 -		xprintf("\n");
  	}
  }
  
 -- 
 Jilles Tjoelker

From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Jilles Tjoelker <jilles@stack.nl>
Cc: Jim Pirzyk <pirzyk@FreeBSD.org>,  bug-followup@FreeBSD.org
Subject: Re: bin/164081: sockstat not reporting all open sockets
Date: Mon, 23 Jan 2012 10:21:05 +0100

 Jilles Tjoelker <jilles@stack.nl> writes:
 > DES, what do you think of this?
 
 No objection.
 
 DES
 --=20
 Dag-Erling Sm=C3=B8rgrav - des@des.no

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/164081: commit references a PR
Date: Tue, 24 Jan 2012 21:33:43 +0000 (UTC)

 Author: jilles
 Date: Tue Jan 24 21:33:34 2012
 New Revision: 230512
 URL: http://svn.freebsd.org/changeset/base/230512
 
 Log:
   sockstat: Also show sockets not associated with a file descriptor.
   
   Sockets not associated with a file descriptor include TCP TIME_WAIT states
   and sockets created via the socket(9) API such as from rpc.lockd and the NFS
   client.
   
   PR:		bin/164081
   MFC after:	2 weeks
   No objection:	des
 
 Modified:
   head/usr.bin/sockstat/sockstat.1
   head/usr.bin/sockstat/sockstat.c
 
 Modified: head/usr.bin/sockstat/sockstat.1
 ==============================================================================
 --- head/usr.bin/sockstat/sockstat.1	Tue Jan 24 17:31:27 2012	(r230511)
 +++ head/usr.bin/sockstat/sockstat.1	Tue Jan 24 21:33:34 2012	(r230512)
 @@ -27,7 +27,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd July 9, 2009
 +.Dd January 24, 2012
  .Dt SOCKSTAT 1
  .Os
  .Sh NAME
 @@ -137,19 +137,10 @@ The address the foreign end of the socke
  .Xr getpeername 2 ) .
  .El
  .Pp
 -Note that TCP sockets in the
 -.Dv AF_INET
 -or
 -.Dv AF_INET6
 -domains that are not in one of the
 -.Dv LISTEN , SYN_SENT ,
 -or
 -.Dv ESTABLISHED
 -states may not be shown by
 -.Nm ;
 -use
 -.Xr netstat 1
 -to examine them instead.
 +If a socket is associated with more than one file descriptor,
 +it is shown multiple times.
 +If a socket is not associated with any file descriptor,
 +the first four columns have no meaning.
  .Sh SEE ALSO
  .Xr fstat 1 ,
  .Xr netstat 1 ,
 @@ -167,10 +158,3 @@ The
  .Nm
  command and this manual page were written by
  .An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
 -.Sh BUGS
 -Unlike
 -.Xr netstat 1 ,
 -.Nm
 -lists sockets by walking file descriptor tables and will not output
 -the ones owned by the kernel, e.g. NLM sockets created by
 -.Xr rpc.lockd 8 .
 
 Modified: head/usr.bin/sockstat/sockstat.c
 ==============================================================================
 --- head/usr.bin/sockstat/sockstat.c	Tue Jan 24 17:31:27 2012	(r230511)
 +++ head/usr.bin/sockstat/sockstat.c	Tue Jan 24 21:33:34 2012	(r230512)
 @@ -86,6 +86,7 @@ static int	*ports;
  struct sock {
  	void *socket;
  	void *pcb;
 +	int shown;
  	int vflag;
  	int family;
  	int proto;
 @@ -571,12 +572,67 @@ check_ports(struct sock *s)
  }
  
  static void
 +displaysock(struct sock *s, int pos)
 +{
 +	void *p;
 +	int hash;
 +
 +	while (pos < 29)
 +		pos += xprintf(" ");
 +	pos += xprintf("%s", s->protoname);
 +	if (s->vflag & INP_IPV4)
 +		pos += xprintf("4 ");
 +	if (s->vflag & INP_IPV6)
 +		pos += xprintf("6 ");
 +	while (pos < 36)
 +		pos += xprintf(" ");
 +	switch (s->family) {
 +	case AF_INET:
 +	case AF_INET6:
 +		pos += printaddr(s->family, &s->laddr);
 +		if (s->family == AF_INET6 && pos >= 58)
 +			pos += xprintf(" ");
 +		while (pos < 58)
 +			pos += xprintf(" ");
 +		pos += printaddr(s->family, &s->faddr);
 +		break;
 +	case AF_UNIX:
 +		/* server */
 +		if (s->laddr.ss_len > 0) {
 +			pos += printaddr(s->family, &s->laddr);
 +			break;
 +		}
 +		/* client */
 +		p = *(void **)&s->faddr;
 +		if (p == NULL) {
 +			pos += xprintf("(not connected)");
 +			break;
 +		}
 +		pos += xprintf("-> ");
 +		for (hash = 0; hash < HASHSIZE; ++hash) {
 +			for (s = sockhash[hash]; s != NULL; s = s->next)
 +				if (s->pcb == p)
 +					break;
 +			if (s != NULL)
 +				break;
 +		}
 +		if (s == NULL || s->laddr.ss_len == 0)
 +			pos += xprintf("??");
 +		else
 +			pos += printaddr(s->family, &s->laddr);
 +		break;
 +	default:
 +		abort();
 +	}
 +	xprintf("\n");
 +}
 +
 +static void
  display(void)
  {
  	struct passwd *pwd;
  	struct xfile *xf;
  	struct sock *s;
 -	void *p;
  	int hash, n, pos;
  
  	printf("%-8s %-10s %-5s %-2s %-6s %-21s %-21s\n",
 @@ -594,6 +650,7 @@ display(void)
  			continue;
  		if (!check_ports(s))
  			continue;
 +		s->shown = 1;
  		pos = 0;
  		if ((pwd = getpwuid(xf->xf_uid)) == NULL)
  			pos += xprintf("%lu ", (u_long)xf->xf_uid);
 @@ -608,54 +665,19 @@ display(void)
  		while (pos < 26)
  			pos += xprintf(" ");
  		pos += xprintf("%d ", xf->xf_fd);
 -		while (pos < 29)
 -			pos += xprintf(" ");
 -		pos += xprintf("%s", s->protoname);
 -		if (s->vflag & INP_IPV4)
 -			pos += xprintf("4 ");
 -		if (s->vflag & INP_IPV6)
 -			pos += xprintf("6 ");
 -		while (pos < 36)
 -			pos += xprintf(" ");
 -		switch (s->family) {
 -		case AF_INET:
 -		case AF_INET6:
 -			pos += printaddr(s->family, &s->laddr);
 -			if (s->family == AF_INET6 && pos >= 58)
 -				pos += xprintf(" ");
 -			while (pos < 58)
 -				pos += xprintf(" ");
 -			pos += printaddr(s->family, &s->faddr);
 -			break;
 -		case AF_UNIX:
 -			/* server */
 -			if (s->laddr.ss_len > 0) {
 -				pos += printaddr(s->family, &s->laddr);
 -				break;
 -			}
 -			/* client */
 -			p = *(void **)&s->faddr;
 -			if (p == NULL) {
 -				pos += xprintf("(not connected)");
 -				break;
 -			}
 -			pos += xprintf("-> ");
 -			for (hash = 0; hash < HASHSIZE; ++hash) {
 -				for (s = sockhash[hash]; s != NULL; s = s->next)
 -					if (s->pcb == p)
 -						break;
 -				if (s != NULL)
 -					break;
 -			}
 -			if (s == NULL || s->laddr.ss_len == 0)
 -				pos += xprintf("??");
 -			else
 -				pos += printaddr(s->family, &s->laddr);
 -			break;
 -		default:
 -			abort();
 +		displaysock(s, pos);
 +	}
 +	for (hash = 0; hash < HASHSIZE; hash++) {
 +		for (s = sockhash[hash]; s != NULL; s = s->next) {
 +			if (s->shown)
 +				continue;
 +			if (!check_ports(s))
 +				continue;
 +			pos = 0;
 +			pos += xprintf("%-8s %-10s %-5s %-2s ",
 +			    "?", "?", "?", "?");
 +			displaysock(s, pos);
  		}
 -		xprintf("\n");
  	}
  }
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: jilles 
State-Changed-When: Fri Jan 27 21:11:04 UTC 2012 
State-Changed-Why:  
Fixed in head. 


Responsible-Changed-From-To: freebsd-bugs->jilles 
Responsible-Changed-By: jilles 
Responsible-Changed-When: Fri Jan 27 21:11:04 UTC 2012 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=164081 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/164081: commit references a PR
Date: Wed, 15 Feb 2012 21:03:37 +0000 (UTC)

 Author: jilles
 Date: Wed Feb 15 21:03:26 2012
 New Revision: 231779
 URL: http://svn.freebsd.org/changeset/base/231779
 
 Log:
   MFC r230512: sockstat: Also show sockets not associated with a descriptor.
   
   Sockets not associated with a file descriptor include TCP TIME_WAIT states
   and sockets created via the socket(9) API such as from rpc.lockd and the NFS
   client.
   
   PR:		bin/164081
 
 Modified:
   stable/9/usr.bin/sockstat/sockstat.1
   stable/9/usr.bin/sockstat/sockstat.c
 Directory Properties:
   stable/9/usr.bin/sockstat/   (props changed)
 
 Modified: stable/9/usr.bin/sockstat/sockstat.1
 ==============================================================================
 --- stable/9/usr.bin/sockstat/sockstat.1	Wed Feb 15 18:59:26 2012	(r231778)
 +++ stable/9/usr.bin/sockstat/sockstat.1	Wed Feb 15 21:03:26 2012	(r231779)
 @@ -27,7 +27,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd July 9, 2009
 +.Dd January 24, 2012
  .Dt SOCKSTAT 1
  .Os
  .Sh NAME
 @@ -137,19 +137,10 @@ The address the foreign end of the socke
  .Xr getpeername 2 ) .
  .El
  .Pp
 -Note that TCP sockets in the
 -.Dv AF_INET
 -or
 -.Dv AF_INET6
 -domains that are not in one of the
 -.Dv LISTEN , SYN_SENT ,
 -or
 -.Dv ESTABLISHED
 -states may not be shown by
 -.Nm ;
 -use
 -.Xr netstat 1
 -to examine them instead.
 +If a socket is associated with more than one file descriptor,
 +it is shown multiple times.
 +If a socket is not associated with any file descriptor,
 +the first four columns have no meaning.
  .Sh SEE ALSO
  .Xr fstat 1 ,
  .Xr netstat 1 ,
 @@ -167,10 +158,3 @@ The
  .Nm
  command and this manual page were written by
  .An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
 -.Sh BUGS
 -Unlike
 -.Xr netstat 1 ,
 -.Nm
 -lists sockets by walking file descriptor tables and will not output
 -the ones owned by the kernel, e.g. NLM sockets created by
 -.Xr rpc.lockd 8 .
 
 Modified: stable/9/usr.bin/sockstat/sockstat.c
 ==============================================================================
 --- stable/9/usr.bin/sockstat/sockstat.c	Wed Feb 15 18:59:26 2012	(r231778)
 +++ stable/9/usr.bin/sockstat/sockstat.c	Wed Feb 15 21:03:26 2012	(r231779)
 @@ -86,6 +86,7 @@ static int	*ports;
  struct sock {
  	void *socket;
  	void *pcb;
 +	int shown;
  	int vflag;
  	int family;
  	int proto;
 @@ -572,12 +573,67 @@ check_ports(struct sock *s)
  }
  
  static void
 +displaysock(struct sock *s, int pos)
 +{
 +	void *p;
 +	int hash;
 +
 +	while (pos < 29)
 +		pos += xprintf(" ");
 +	pos += xprintf("%s", s->protoname);
 +	if (s->vflag & INP_IPV4)
 +		pos += xprintf("4 ");
 +	if (s->vflag & INP_IPV6)
 +		pos += xprintf("6 ");
 +	while (pos < 36)
 +		pos += xprintf(" ");
 +	switch (s->family) {
 +	case AF_INET:
 +	case AF_INET6:
 +		pos += printaddr(s->family, &s->laddr);
 +		if (s->family == AF_INET6 && pos >= 58)
 +			pos += xprintf(" ");
 +		while (pos < 58)
 +			pos += xprintf(" ");
 +		pos += printaddr(s->family, &s->faddr);
 +		break;
 +	case AF_UNIX:
 +		/* server */
 +		if (s->laddr.ss_len > 0) {
 +			pos += printaddr(s->family, &s->laddr);
 +			break;
 +		}
 +		/* client */
 +		p = *(void **)&s->faddr;
 +		if (p == NULL) {
 +			pos += xprintf("(not connected)");
 +			break;
 +		}
 +		pos += xprintf("-> ");
 +		for (hash = 0; hash < HASHSIZE; ++hash) {
 +			for (s = sockhash[hash]; s != NULL; s = s->next)
 +				if (s->pcb == p)
 +					break;
 +			if (s != NULL)
 +				break;
 +		}
 +		if (s == NULL || s->laddr.ss_len == 0)
 +			pos += xprintf("??");
 +		else
 +			pos += printaddr(s->family, &s->laddr);
 +		break;
 +	default:
 +		abort();
 +	}
 +	xprintf("\n");
 +}
 +
 +static void
  display(void)
  {
  	struct passwd *pwd;
  	struct xfile *xf;
  	struct sock *s;
 -	void *p;
  	int hash, n, pos;
  
  	printf("%-8s %-10s %-5s %-2s %-6s %-21s %-21s\n",
 @@ -595,6 +651,7 @@ display(void)
  			continue;
  		if (!check_ports(s))
  			continue;
 +		s->shown = 1;
  		pos = 0;
  		if ((pwd = getpwuid(xf->xf_uid)) == NULL)
  			pos += xprintf("%lu ", (u_long)xf->xf_uid);
 @@ -609,54 +666,19 @@ display(void)
  		while (pos < 26)
  			pos += xprintf(" ");
  		pos += xprintf("%d ", xf->xf_fd);
 -		while (pos < 29)
 -			pos += xprintf(" ");
 -		pos += xprintf("%s", s->protoname);
 -		if (s->vflag & INP_IPV4)
 -			pos += xprintf("4 ");
 -		if (s->vflag & INP_IPV6)
 -			pos += xprintf("6 ");
 -		while (pos < 36)
 -			pos += xprintf(" ");
 -		switch (s->family) {
 -		case AF_INET:
 -		case AF_INET6:
 -			pos += printaddr(s->family, &s->laddr);
 -			if (s->family == AF_INET6 && pos >= 58)
 -				pos += xprintf(" ");
 -			while (pos < 58)
 -				pos += xprintf(" ");
 -			pos += printaddr(s->family, &s->faddr);
 -			break;
 -		case AF_UNIX:
 -			/* server */
 -			if (s->laddr.ss_len > 0) {
 -				pos += printaddr(s->family, &s->laddr);
 -				break;
 -			}
 -			/* client */
 -			p = *(void **)&s->faddr;
 -			if (p == NULL) {
 -				pos += xprintf("(not connected)");
 -				break;
 -			}
 -			pos += xprintf("-> ");
 -			for (hash = 0; hash < HASHSIZE; ++hash) {
 -				for (s = sockhash[hash]; s != NULL; s = s->next)
 -					if (s->pcb == p)
 -						break;
 -				if (s != NULL)
 -					break;
 -			}
 -			if (s == NULL || s->laddr.ss_len == 0)
 -				pos += xprintf("??");
 -			else
 -				pos += printaddr(s->family, &s->laddr);
 -			break;
 -		default:
 -			abort();
 +		displaysock(s, pos);
 +	}
 +	for (hash = 0; hash < HASHSIZE; hash++) {
 +		for (s = sockhash[hash]; s != NULL; s = s->next) {
 +			if (s->shown)
 +				continue;
 +			if (!check_ports(s))
 +				continue;
 +			pos = 0;
 +			pos += xprintf("%-8s %-10s %-5s %-2s ",
 +			    "?", "?", "?", "?");
 +			displaysock(s, pos);
  		}
 -		xprintf("\n");
  	}
  }
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/164081: commit references a PR
Date: Wed, 15 Feb 2012 22:35:52 +0000 (UTC)

 Author: jilles
 Date: Wed Feb 15 22:35:30 2012
 New Revision: 231789
 URL: http://svn.freebsd.org/changeset/base/231789
 
 Log:
   MFC r230512: sockstat: Also show sockets not associated with a descriptor.
   
   Sockets not associated with a file descriptor include TCP TIME_WAIT states
   and sockets created via the socket(9) API such as from rpc.lockd and the NFS
   client.
   
   PR:		bin/164081
 
 Modified:
   stable/8/usr.bin/sockstat/sockstat.1
   stable/8/usr.bin/sockstat/sockstat.c
 Directory Properties:
   stable/8/usr.bin/sockstat/   (props changed)
 
 Modified: stable/8/usr.bin/sockstat/sockstat.1
 ==============================================================================
 --- stable/8/usr.bin/sockstat/sockstat.1	Wed Feb 15 22:26:51 2012	(r231788)
 +++ stable/8/usr.bin/sockstat/sockstat.1	Wed Feb 15 22:35:30 2012	(r231789)
 @@ -27,7 +27,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd July 9, 2009
 +.Dd January 24, 2012
  .Dt SOCKSTAT 1
  .Os
  .Sh NAME
 @@ -137,19 +137,10 @@ The address the foreign end of the socke
  .Xr getpeername 2 ) .
  .El
  .Pp
 -Note that TCP sockets in the
 -.Dv AF_INET
 -or
 -.Dv AF_INET6
 -domains that are not in one of the
 -.Dv LISTEN , SYN_SENT ,
 -or
 -.Dv ESTABLISHED
 -states may not be shown by
 -.Nm ;
 -use
 -.Xr netstat 1
 -to examine them instead.
 +If a socket is associated with more than one file descriptor,
 +it is shown multiple times.
 +If a socket is not associated with any file descriptor,
 +the first four columns have no meaning.
  .Sh SEE ALSO
  .Xr fstat 1 ,
  .Xr netstat 1 ,
 
 Modified: stable/8/usr.bin/sockstat/sockstat.c
 ==============================================================================
 --- stable/8/usr.bin/sockstat/sockstat.c	Wed Feb 15 22:26:51 2012	(r231788)
 +++ stable/8/usr.bin/sockstat/sockstat.c	Wed Feb 15 22:35:30 2012	(r231789)
 @@ -86,6 +86,7 @@ static int	*ports;
  struct sock {
  	void *socket;
  	void *pcb;
 +	int shown;
  	int vflag;
  	int family;
  	int proto;
 @@ -572,12 +573,67 @@ check_ports(struct sock *s)
  }
  
  static void
 +displaysock(struct sock *s, int pos)
 +{
 +	void *p;
 +	int hash;
 +
 +	while (pos < 29)
 +		pos += xprintf(" ");
 +	pos += xprintf("%s", s->protoname);
 +	if (s->vflag & INP_IPV4)
 +		pos += xprintf("4 ");
 +	if (s->vflag & INP_IPV6)
 +		pos += xprintf("6 ");
 +	while (pos < 36)
 +		pos += xprintf(" ");
 +	switch (s->family) {
 +	case AF_INET:
 +	case AF_INET6:
 +		pos += printaddr(s->family, &s->laddr);
 +		if (s->family == AF_INET6 && pos >= 58)
 +			pos += xprintf(" ");
 +		while (pos < 58)
 +			pos += xprintf(" ");
 +		pos += printaddr(s->family, &s->faddr);
 +		break;
 +	case AF_UNIX:
 +		/* server */
 +		if (s->laddr.ss_len > 0) {
 +			pos += printaddr(s->family, &s->laddr);
 +			break;
 +		}
 +		/* client */
 +		p = *(void **)&s->faddr;
 +		if (p == NULL) {
 +			pos += xprintf("(not connected)");
 +			break;
 +		}
 +		pos += xprintf("-> ");
 +		for (hash = 0; hash < HASHSIZE; ++hash) {
 +			for (s = sockhash[hash]; s != NULL; s = s->next)
 +				if (s->pcb == p)
 +					break;
 +			if (s != NULL)
 +				break;
 +		}
 +		if (s == NULL || s->laddr.ss_len == 0)
 +			pos += xprintf("??");
 +		else
 +			pos += printaddr(s->family, &s->laddr);
 +		break;
 +	default:
 +		abort();
 +	}
 +	xprintf("\n");
 +}
 +
 +static void
  display(void)
  {
  	struct passwd *pwd;
  	struct xfile *xf;
  	struct sock *s;
 -	void *p;
  	int hash, n, pos;
  
  	printf("%-8s %-10s %-5s %-2s %-6s %-21s %-21s\n",
 @@ -595,6 +651,7 @@ display(void)
  			continue;
  		if (!check_ports(s))
  			continue;
 +		s->shown = 1;
  		pos = 0;
  		if ((pwd = getpwuid(xf->xf_uid)) == NULL)
  			pos += xprintf("%lu ", (u_long)xf->xf_uid);
 @@ -609,54 +666,19 @@ display(void)
  		while (pos < 26)
  			pos += xprintf(" ");
  		pos += xprintf("%d ", xf->xf_fd);
 -		while (pos < 29)
 -			pos += xprintf(" ");
 -		pos += xprintf("%s", s->protoname);
 -		if (s->vflag & INP_IPV4)
 -			pos += xprintf("4 ");
 -		if (s->vflag & INP_IPV6)
 -			pos += xprintf("6 ");
 -		while (pos < 36)
 -			pos += xprintf(" ");
 -		switch (s->family) {
 -		case AF_INET:
 -		case AF_INET6:
 -			pos += printaddr(s->family, &s->laddr);
 -			if (s->family == AF_INET6 && pos >= 58)
 -				pos += xprintf(" ");
 -			while (pos < 58)
 -				pos += xprintf(" ");
 -			pos += printaddr(s->family, &s->faddr);
 -			break;
 -		case AF_UNIX:
 -			/* server */
 -			if (s->laddr.ss_len > 0) {
 -				pos += printaddr(s->family, &s->laddr);
 -				break;
 -			}
 -			/* client */
 -			p = *(void **)&s->faddr;
 -			if (p == NULL) {
 -				pos += xprintf("(not connected)");
 -				break;
 -			}
 -			pos += xprintf("-> ");
 -			for (hash = 0; hash < HASHSIZE; ++hash) {
 -				for (s = sockhash[hash]; s != NULL; s = s->next)
 -					if (s->pcb == p)
 -						break;
 -				if (s != NULL)
 -					break;
 -			}
 -			if (s == NULL || s->laddr.ss_len == 0)
 -				pos += xprintf("??");
 -			else
 -				pos += printaddr(s->family, &s->laddr);
 -			break;
 -		default:
 -			abort();
 +		displaysock(s, pos);
 +	}
 +	for (hash = 0; hash < HASHSIZE; hash++) {
 +		for (s = sockhash[hash]; s != NULL; s = s->next) {
 +			if (s->shown)
 +				continue;
 +			if (!check_ports(s))
 +				continue;
 +			pos = 0;
 +			pos += xprintf("%-8s %-10s %-5s %-2s ",
 +			    "?", "?", "?", "?");
 +			displaysock(s, pos);
  		}
 -		xprintf("\n");
  	}
  }
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: "Chris" <chris@chrysalisnet.org>
To: <bug-followup@FreeBSD.org>,
	<pirzyk@FreeBSD.org>
Cc:  
Subject: Re: bin/164081: sockstat(1) not reporting all open sockets
Date: Thu, 10 May 2012 03:32:53 +0100

 I have what seems a similiar problem but it doesnt occur on any of my
 FreeBSD 8 servers only a 9.0 server.
 
 It has 2 specific issues.
 
 I see it showing open TCP connections not assigned to any process.
 Something I have never seen before on sockstat.
 It also shows streams not assigned to any process.
 
 Example below, not I am only showing the part of sockstat which has the
 problem, it still outputs plenty of norma info as well, however very few
 connections are assigned to a PID now but rather just listening sockets.
 
 example from a 8.3 server.
 
 apache   httpd      97230 427 tcp4  78.46.x.x:80      200.4.197.x:51937
 
 example from my 9.0 server. Note the ? for the pid, process name and uid.
 
 ?        ?          ?     ?  tcp4   208.100.2.x:10592   195.20.205.x:80
 ?        ?          ?     ?  tcp4   208.100.23.x:80      80.84.51.x:63323
 ?        ?          ?     ?  tcp4   208.100.23.x:80      80.84.51.x:63638
 ?        ?          ?     ?  tcp4   208.100.23.x:80      118.96.1.x:52955
 ?        ?          ?     ?  tcp4   208.100.23.x:80      80.84.51.x:62817
 ?        ?          ?     ?  tcp4   208.100.23.x:80      80.84.51.x:63060
 
State-Changed-From-To: patched->closed 
State-Changed-By: jilles 
State-Changed-When: Sun Apr 20 19:17:51 UTC 2014 
State-Changed-Why:  
Fixed long ago in head and all supported stable branches. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=164081 
>Unformatted:
