Page MenuHomeFreeBSD
Files F131802998

D41446.diff
No OneTemporary
Actions

D41446.diff
View Options

diff --git a/usr.bin/netstat/Makefile b/usr.bin/netstat/Makefile
--- a/usr.bin/netstat/Makefile
+++ b/usr.bin/netstat/Makefile
@@ -69,4 +69,9 @@
CFLAGS+=-DWITHOUT_NETLINK
.endif
+.if ${MK_JAIL} != "no" && !defined(RESCUE)
+CFLAGS+= -DJAIL
+LIBADD+= jail
+.endif
+
.include <bsd.prog.mk>
diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c
--- a/usr.bin/netstat/main.c
+++ b/usr.bin/netstat/main.c
@@ -46,6 +46,9 @@
#include <sys/param.h>
#include <sys/file.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
@@ -60,6 +63,9 @@
#include <ctype.h>
#include <err.h>
#include <errno.h>
+#ifdef JAIL
+#include <jail.h>
+#endif
#include <kvm.h>
#include <limits.h>
#include <netdb.h>
@@ -233,6 +239,9 @@
char *interface; /* desired i/f for stats, or NULL for all i/fs */
int unit; /* unit number for above */
+#ifdef JAIL
+char *jail_name; /* desired jail to operate in */
+#endif
static int af; /* address family */
int live; /* true if we are examining a live system */
@@ -245,6 +254,9 @@
int fib = -1;
char *endptr;
bool first = true;
+#ifdef JAIL
+ int jid;
+#endif
af = AF_UNSPEC;
@@ -252,7 +264,7 @@
if (argc < 0)
exit(EXIT_FAILURE);
- while ((ch = getopt(argc, argv, "46AaBbCcdF:f:ghI:iLlM:mN:nOoPp:Qq:RrSTsuWw:xz"))
+ while ((ch = getopt(argc, argv, "46AaBbCcdF:f:ghI:ij:LlM:mN:nOoPp:Qq:RrSTsuWw:xz"))
!= -1)
switch(ch) {
case '4':
@@ -340,6 +352,15 @@
case 'i':
iflag = 1;
break;
+ case 'j':
+#ifdef JAIL
+ if (optarg == NULL)
+ usage();
+ jail_name = optarg;
+#else
+ errx(1, "Jail support is not compiled in");
+#endif
+ break;
case 'L':
Lflag = 1;
break;
@@ -436,6 +457,16 @@
}
#endif
+#ifdef JAIL
+ if (jail_name != NULL) {
+ jid = jail_getid(jail_name);
+ if (jid == -1)
+ errx(1, "Jail not found");
+ if (jail_attach(jid) != 0)
+ errx(1, "Cannot attach to jail");
+ }
+#endif
+
/*
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
@@ -890,24 +921,24 @@
usage(void)
{
(void)xo_error("%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n",
-"usage: netstat [-46AaCcLnRSTWx] [-f protocol_family | -p protocol]\n"
+"usage: netstat [-j jail] [-46AaCcLnRSTWx] [-f protocol_family | -p protocol]\n"
" [-M core] [-N system]",
-" netstat -i | -I interface [-46abdhnW] [-f address_family]\n"
+" netstat [-j jail] -i | -I interface [-46abdhnW] [-f address_family]\n"
" [-M core] [-N system]",
-" netstat -w wait [-I interface] [-46d] [-M core] [-N system]\n"
+" netstat [-j jail] -w wait [-I interface] [-46d] [-M core] [-N system]\n"
" [-q howmany]",
-" netstat -s [-46sz] [-f protocol_family | -p protocol]\n"
+" netstat [-j jail] -s [-46sz] [-f protocol_family | -p protocol]\n"
" [-M core] [-N system]",
-" netstat -i | -I interface -s [-46s]\n"
+" netstat [-j jail] -i | -I interface -s [-46s]\n"
" [-f protocol_family | -p protocol] [-M core] [-N system]",
-" netstat -m [-M core] [-N system]",
-" netstat -B [-z] [-I interface]",
-" netstat -r [-46AnW] [-F fibnum] [-f address_family]\n"
+" netstat [-j jail] -m [-M core] [-N system]",
+" netstat [-j jail] -B [-z] [-I interface]",
+" netstat [-j jail] -r [-46AnW] [-F fibnum] [-f address_family]\n"
" [-M core] [-N system]",
-" netstat -rs [-s] [-M core] [-N system]",
-" netstat -g [-46W] [-f address_family] [-M core] [-N system]",
-" netstat -gs [-46s] [-f address_family] [-M core] [-N system]",
-" netstat -Q");
+" netstat [-j jail] -rs [-s] [-M core] [-N system]",
+" netstat [-j jail] -g [-46W] [-f address_family] [-M core] [-N system]",
+" netstat [-j jail] -gs [-46s] [-f address_family] [-M core] [-N system]",
+" netstat [-j jail] -Q");
xo_finish();
exit(1);
}
diff --git a/usr.bin/netstat/netstat.1 b/usr.bin/netstat/netstat.1
--- a/usr.bin/netstat/netstat.1
+++ b/usr.bin/netstat/netstat.1
@@ -38,16 +38,19 @@
.Bk -words
.Bl -tag -width "netstat"
.It Nm
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl 46AaCLnPRSTWx
.Op Fl f Ar protocol_family | Fl p Ar protocol
.It Nm Fl i | I Ar interface
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl 46abdhnW
.Op Fl f Ar address_family
.Op Fl M Ar core
.Op Fl N Ar system
.It Nm Fl w Ar wait
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl I Ar interface
.Op Fl 46d
@@ -55,46 +58,55 @@
.Op Fl N Ar system
.Op Fl q Ar howmany
.It Nm Fl s
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl 46sz
.Op Fl f Ar protocol_family | Fl p Ar protocol
.Op Fl M Ar core
.Op Fl N Ar system
.It Nm Fl i | I Ar interface Fl s
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl 46s
.Op Fl f Ar protocol_family | Fl p Ar protocol
.Op Fl M Ar core
.Op Fl N Ar system
.It Nm Fl m
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl M Ar core
.Op Fl N Ar system
.It Nm Fl B
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl z
.Op Fl I Ar interface
.It Nm Fl r
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl 46nW
.Op Fl F Ar fibnum
.Op Fl f Ar address_family
.It Nm Fl rs
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl s
.Op Fl M Ar core
.Op Fl N Ar system
.It Nm Fl g
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl 46W
.Op Fl f Ar address_family
.It Nm Fl gs
+.Op Fl j Ar jail
.Op Fl -libxo
.Op Fl 46s
.Op Fl f Ar address_family
.Op Fl M Ar core
.Op Fl N Ar system
.It Nm Fl Q
+.Op Fl j Ar jail
.Op Fl -libxo
.El
.Ek
@@ -111,6 +123,7 @@
.Nm
.Op Fl 46AaCLnRSTWx
.Op Fl f Ar protocol_family | Fl p Ar protocol
+.Op Fl j Ar jail
.Ek
.Xc
Display a list of active sockets
@@ -238,6 +251,10 @@
.Ar protocol .
See
.Sx GENERAL OPTIONS .
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
@@ -247,6 +264,7 @@
.Op Fl f Ar address_family
.Op Fl M Ar core
.Op Fl N Ar system
+.Op Fl j Ar jail
.Ek
.Xc
Show the state of all network interfaces or a single
@@ -316,6 +334,10 @@
.Ar protocol_family .
See
.Sx GENERAL OPTIONS .
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
@@ -326,6 +348,7 @@
.Op Fl M Ar core
.Op Fl N Ar system
.Op Fl q Ar howmany
+.Op Fl j Ar jail
.Ek
.Xc
At intervals of
@@ -374,6 +397,10 @@
Exit after
.Ar howmany
outputs.
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
@@ -383,6 +410,7 @@
.Op Fl f Ar protocol_family | Fl p Ar protocol
.Op Fl M Ar core
.Op Fl N Ar system
+.Op Fl j Ar jail
.Ek
.Xc
Display system-wide statistics for each network protocol.
@@ -419,6 +447,10 @@
Use an alternative kernel image
See
.Sx GENERAL OPTIONS .
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
@@ -428,6 +460,7 @@
.Op Fl f Ar protocol_family | Fl p Ar protocol
.Op Fl M Ar core
.Op Fl N Ar system
+.Op Fl j Ar jail
.Ek
.Xc
Display per-interface statistics for each network protocol.
@@ -470,6 +503,10 @@
Use an alternative kernel image
See
.Sx GENERAL OPTIONS .
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
@@ -477,6 +514,7 @@
.Fl m
.Op Fl M Ar core
.Op Fl N Ar system
+.Op Fl j Ar jail
.Ek
.Xc
Show statistics recorded by the memory management routines
@@ -491,6 +529,10 @@
Use an alternative kernel image
See
.Sx GENERAL OPTIONS .
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
@@ -498,6 +540,7 @@
.Fl B
.Op Fl z
.Op Fl I Ar interface
+.Op Fl j Ar jail
.Ek
.Xc
Show statistics about
@@ -534,6 +577,10 @@
.Bl -tag -width indent
.It Fl z
Reset statistic counters after displaying them.
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
@@ -544,6 +591,7 @@
.Op Fl f Ar address_family
.Op Fl M Ar core
.Op Fl N Ar system
+.Op Fl j Ar jail
.Ek
.Xc
Display the contents of routing tables.
@@ -628,6 +676,10 @@
Use an alternative kernel image
See
.Sx GENERAL OPTIONS .
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
@@ -636,6 +688,7 @@
.Op Fl s
.Op Fl M Ar core
.Op Fl N Ar system
+.Op Fl j Ar jail
.Ek
.Xc
Display routing statistics.
@@ -652,6 +705,10 @@
Use an alternative kernel image
See
.Sx GENERAL OPTIONS .
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
@@ -661,6 +718,7 @@
.Op Fl f Ar address_family
.Op Fl M Ar core
.Op Fl N Ar system
+.Op Fl j Ar jail
.Ek
.Xc
Display the contents of the multicast virtual interface tables,
@@ -696,6 +754,10 @@
Use an alternative kernel image
See
.Sx GENERAL OPTIONS .
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
@@ -705,6 +767,7 @@
.Op Fl f Ar address_family
.Op Fl M Ar core
.Op Fl N Ar system
+.Op Fl j Ar jail
.Ek
.Xc
Show multicast routing statistics.
@@ -734,11 +797,16 @@
Use an alternative kernel image
See
.Sx GENERAL OPTIONS .
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.It Xo
.Bk -words
.Nm
.Fl Q
+.Op Fl j Ar jail
.Ek
.Xc
Show
@@ -749,6 +817,10 @@
.It Li C Ta Dv NETISR_SNP_FLAGS_M2CPUID Ta "Able to map mbuf to cpu id"
.It Li D Ta Dv NETISR_SNP_FLAGS_DRAINEDCPU Ta "Has queue drain handler"
.It Li F Ta Dv NETISR_SNP_FLAGS_M2FLOW Ta "Able to map mbuf to flow id"
+.It Fl j Ar jail
+Run inside a jail.
+See
+.Sx GENERAL OPTIONS .
.El
.El
.Ss GENERAL OPTIONS
@@ -808,6 +880,13 @@
Non-numeric values such as domain names may still be truncated; use the
.Fl n
option if necessary to avoid ambiguity.
+.It Fl j Ar jail
+Perform the actions inside the
+.Ar jail .
+This allows network state to be accessed even if the
+.Cm netstat
+binary is not available in the
+.Ar jail .
.El
.Sh EXAMPLES
Show packet traffic information (packets, bytes, errors, packet drops, etc) for

File Metadata

Mime Type
text/plain
Expires
Sun, Oct 12, 7:13 AM (15 h, 57 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
23595387
Default Alt Text
D41446.diff (9 KB)

Event Timeline