Connection refused when attaching to java 9 process

Bernd Eckenfels ecki at zusammenkunft.net
Wed Aug 29 19:53:01 UTC 2018 

If the dynamic attach returns names (especially „localhost“ or even „hostname“) instead of the ip address in sun.jdwp.listenerAddress then this can be explained by it resolving to the wrong ip.

 For that reason the attach Agent should return an IP or at least a configurable hostname (like rmi.server.name, which has the same Problem)

If I found the Right place, it does prefer names (with a comment which seems not be reflected by the source):

http://hg.openjdk.java.net/jdk10/jdk10/jdk/file/777356696811/src/jdk.jdi/share/classes/com/sun/tools/jdi/SocketTransportService.java#l107

If it is a Wildcard bind it uses InetAddress.getLocalHost() which also has all Kind of dependencies on the machine Setup (especially /etc/hosts).

I would check with „netstat“ what the actual listen address is and then resolve „localhost“ or „<hostname>“ if any of those match. 

Gruss
Bernd
-- 
http://bernd.eckenfels.net

Von: serguei.spitsyn at oracle.com
Gesendet: Mittwoch, 29. August 2018 21:12
An: Egor Ushakov; serviceability-dev at openjdk.java.net serviceability-dev at openjdk.java.net
Betreff: Re: Connection refused when attaching to java 9 process

Hi Egor,

There were some security-related fixes pushed into jdk 9 by Dmitriy 
Samersoff.
You can try a workaround with the explicit IP address of the machine or 
with the asterisk like this:
   com.sun.jdi.SocketAttach:port=*:50327

The security fix was to require the IP address to be always explicit.
The *: can be used to restore the original behavior.

I've sent you more detailed reply in private.
Please, let me know if it helped.

Thanks,
Serguei


On 8/29/18 06:46, Egor Ushakov wrote:
> I was connecting from java 8 to java 9, it seems that in this 
> configuration it is not possible any more
>
>
> On 29-Aug-18 13:50, Egor Ushakov wrote:
>> this one I was able to overcome specifying the "hostname=127.0.0.1":
>>
>> >jdb -connect com.sun.jdi.SocketAttach:port=50327,hostname=127.0.0.1 
>> - works well now, though strange
>>
>> but ProcessAttach still does not work:
>>
>> >jdb -connect com.sun.jdi.ProcessAttach:pid=47844
>> java.net.ConnectException: Connection refused: connect
>>         at java.net.DualStackPlainSocketImpl.connect0(Native Method)
>>         at 
>> java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
>>
>>
>>
>> On 29-Aug-18 13:02, Egor Ushakov wrote:
>>> Hi,
>>>
>>> First, I'm aware about changes in jdk 9 attach "security" 
>>> (bugs.openjdk.java.net/browse/JDK-8175050 etc.).
>>> One specific case is still bothering me:
>>> I'm starting a process in server mode without specifying an address:
>>>
>>> >java -agentlib:jdwp=transport=dt_socket,server=y,suspend=n my.Endless
>>> Listening for transport dt_socket at address: 50327
>>>
>>> so it auto select an address for me (which is what I want), but now 
>>> I'm unable to connect even from the same machine:
>>>
>>> >jdb -connect com.sun.jdi.SocketAttach:port=50327
>>> java.net.ConnectException: Connection refused: connect
>>>         at java.net.DualStackPlainSocketImpl.connect0(Native Method)
>>>         at 
>>> java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
>>> ...
>>>
>>> Is it possible to connect in this configuration?
>>>
>>> Thanks!
>>>
>>
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/serviceability-dev/attachments/20180829/c060c7ef/attachment.html>

More information about the serviceability-dev mailing list