1568160348 Q * guerby Ping timeout: 480 seconds
1568161318 J * guerby ~guerby@ip165.tetaneutral.net
1568167211 Q * dustinm` 
1568167670 J * dustinm` ~dustinm`@static.38.6.217.95.clients.your-server.de
1568168331 J * dustinm`_ ~dustinm`@static.38.6.217.95.clients.your-server.de
1568168439 Q * dustinm` Ping timeout: 480 seconds
1568169813 J * fstd_ ~fstd@xdsl-87-78-239-139.nc.de
1568170282 Q * fstd Ping timeout: 480 seconds
1568173032 M * Bertl_oO  off to bed now ... have a good one everyone!
1568173034 N * Bertl_oO Bertl_zZ
1568185851 J * hijacker ~nikolay@149.235.255.3
1568190786 Q * gnarface Quit: Leaving
1568191356 J * gnarface ~gnarface@108-227-52-42.lightspeed.irvnca.sbcglobal.net
1568193834 J * torrunes ~trs@193.69.63.206
1568194380 M * torrunes Someone help me out here...? How do I limit a host service to a specific ip address only, when the service (gpsd in this case) does not seem to allow specifying specific address(es) to listen to? googling reveals chbind, but I am only getting ncontext: vc_net_create(): Invalid argument. 
1568194900 M * CcxWrk torrunes: Expose only given addresses to the vserver?
1568194943 M * CcxWrk Even on vanilla Linux you should be able to address this with network namespaces.
1568195831 Q * arekm Remote host closed the connection
1568195871 M * torrunes use case it the same as why one would set sshd ListenAddress to the hosts address only instead of 0.0.0.0, in order for the vm to also start sshd on default port.
1568195977 M * torrunes network namespaces: could be an idea, but I never got them to work on wireless interfaces. Could be that it has changed, though, but I was looking for a quicker fix just by limited the service similar to how it can be done with e.g. apache and sshd.
1568196050 M * CcxWrk VServer provides you with an IP whitelist which is probably way simpler for your case.
1568196139 J * arekm ~arekm@000161e0.user.oftc.net
1568196167 M * CcxWrk Though really I'd consider putting some push to have the application fixed to allow you specify where it binds or even just have it accept open socket on a filedescriptor zero and make something else open and bind it.
1568196313 M * CcxWrk If your issue is that your wireless interface is keeping changing addresses then that's a separate concern and you'll probably need some kind of proxying mechanism (either userspace or in kernel/netfilter) to allow it being accessible from different addresses.
1568197707 M * torrunes well, I could file feature request to gpsd to allow binding to specific ip-addresses, but I kind of feel that it would take quite some time to get through. was hoping some other, quick fix was available.
1568197803 M * torrunes in the meantime, actually found this post: http://archives.linux-vserver.org/201409/0003.html, which explains chbind and how that works. Not sure it help here, since the bind happens in another context that the host, but will test.
1568197842 M * torrunes thanks 
1568201435 Q * hijacker Remote host closed the connection
1568201766 Q * Aiken Remote host closed the connection
1568202738 M * CcxWrk I'm still not really seeing your issue. Why not just set stuff in /etc/vservers/vserver-name/interfaces/... appropriately?  http://www.nongnu.org/util-vserver/doc/conf/configuration.html#per-if-dev
1568202871 M * Guy- torrunes: https://www.x4b.net/kb/BindProcessToIPonLinux
1568202878 M * Guy- there are similar other hacks
1568202942 M * CcxWrk Yeah but ... LD_PRELOAD. At that point I'd rather patch the source.
1568203084 M * Guy- I'm not sure I see why
1568203104 M * Guy- if you modify the source you have to keep forward porting your change on every upgrade, or submit a patch and argue for it to be included
1568203310 M * CcxWrk Likewise the preload hack needs to be made sure it doesn't have any ill effects. But you won't have the warning of patch not applying. If there are any other binds it will fail. It seeps into the children. Doesn't work with static executables. It really is a hack.
1568203383 M * CcxWrk But mainly, I don't see how it's needed at all.
1568203615 J * hijacker ~nikolay@external.oldum.net
1568203731 M * Guy- maybe his guest needs several IPs, but the application is only supposed to bind to one of them
1568203847 N * Bertl_zZ Bertl
1568203862 M * Bertl  morning folks!
1568203935 M * Bertl torrunes: so you have a host service which is binding all ports, yes?
1568203963 M * Guy- Bertl: I think he has a guest service
1568203980 M * Guy- "the bind happens in another context that the host"
1568203993 M * Bertl not sure why he would be referring to the sshd example then
1568204060 M * Guy- my guess is he needs to run two applications inside the same guest that need to bind to the same port on different IPs
1568204069 M * Guy- but let's wait until he comes back and explains
1568204099 M * CcxWrk (Do they really need to run in same context then?)
1568204115 M * CcxWrk But yeah, let's not guess.
1568204125 M * Bertl they could also use the same process context but different network contexts
1568204147 M * Bertl gpsd is a daemon to communicate with some GPS devices over network
1568204245 M * CcxWrk Actually IIRC it makes your GPS device (often connected via USB or RS232) available over network.
1568204311 M * Bertl ah, that makes more sense then
1568204370 M * CcxWrk It has a singular flag to listen on INADDR_ANY instead of default INADDR_LOOPBACK apparently.
1568204406 M * Bertl so probably quite old then
1568204523 M * CcxWrk I think I'd just run a simple proxy alongside in the vein of: s6-tcpserver 1.2.3.4 2947 s6-tcpclient 127.0.0.1 2947 s6-ioconnect
1568204632 M * CcxWrk If just using the right network context didn't work that is. (s6-ioconnect uses splice() so the overhead is really neglible)
1568204792 M * Bertl the cleanest solution to me, as already proposed, is to modify the code to bind to a given address
1568204804 M * Bertl but there are a bunch of other options as well
1568204853 M * CcxWrk Yeah. Also iptables if they don't actually want to use the same port on different addresses for different things.
1568208510 Q * hijacker Remote host closed the connection
1568208732 J * hijacker ~nikolay@external.oldum.net
1568208950 M * torrunes Bertl, yes, it was a host service that binds to all ips (namely gpsd)
1568209044 M * torrunes that "blocks" bindng to the same port in the guest. Sorry if I was unclear.
1568209106 M * Bertl okay, so simply use chbind to put it in a network context and be done
1568209140 M * Bertl if you use a single IP for the network context, it will not add any overhead at all, it will just change IP_ADDR_ANY into that ip on bind
1568209245 M * torrunes gpsd is a bit strange. It seems to always bind to localhost, and (optinally) to all other ips. But if I run it using chbind, I do no longer see it on the host e.g. using netstat. Am not really sure if that matters, though.
1568209384 M * torrunes so if I do "chbind --nid 999 --ip 192.168.0.5/24 gpsd -F /var/run/gpsd.sock -G"
1568209422 M * torrunes I can connect from a guest to gpsd using 192.168.0.5, but then the host services do not see gpsd on localhost. 
1568209470 M * torrunes e.g. gpspipe -w says "gpspipe: could not connect to gpsd localhost:2947, can't connect to host/port pair(-6)", which is natural since it does not show in netstat anylonger. 
1568209485 M * torrunes so there are side effect here. 
1568209533 M * torrunes Obviously, it would be best to have a "listenaddress" limitation like other services, but that needs a patch to gpsd as far as I can tell. 
1568210087 M * torrunes another solution could be to run gspd on the host, without any network access, and then also gspd in a chbind. That would mean that gpsd runs twice, and the chbind one would bind to both localhost and the ip address inside the nid. Not sure if that is best practise, though... :)
1568212291 Q * hijacker 
1568212437 M * Bertl just add the localhost ip to the chbind as well
1568212460 M * Bertl it will produce overhead as it now will actively restrict the connects to those two IPs
1568212479 M * torrunes oh. I'll test. not to worried about the overhead.
1568212481 M * Bertl alternatively add a simple forward from localhost to the restricted IP 
1568212944 M * torrunes "chbind --nid 999 --ip 192.168.0.5/24 --ip 127.0.0.1/24 gpsd -F /var/run/gpsd.sock -G" did it.  gsdp localhost works; I can connect to the host's gspd only on the specied address - also from the guest; and the port is avaiable to bind to if one wants inside the guest. Perfect.
1568212946 M * torrunes :)
1568213117 M * torrunes netstat (or other networking tools) does not show any gpsd though (as expected). Not sure if that will create any yet unknown side effects in the longer run. By anyway - main problem solved! A big thank you!
1568213155 M * Bertl you're welcome!
1568213785 J * hijacker ~nikolay@external.oldum.net
1568216819 J * squirrels ~0x56@183.89.2.43
1568219228 Q * hijacker 
1568220678 N * Bertl Bertl_oO
1568225311 Q * squirrels Ping timeout: 480 seconds
1568227070 J * dustinm` ~dustinm`@static.38.6.217.95.clients.your-server.de
1568227222 Q * dustinm`_ Ping timeout: 480 seconds
1568232189 J * Aiken ~Aiken@b951.h.jbmb.net
1568239768 J * click_ ~click@87.248.19.178
1568239976 Q * click Ping timeout: 480 seconds