** Also affects: systemd (Ubuntu Mantic)
Importance: High
Assignee: Nick Rosbrook (enr0n)
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2038894
Title:
Ubuntu 23.10 cloud images unexpected UDP listening port 5353
Status in cloud-images:
New
Status in systemd package in Ubuntu:
New
Status in systemd source package in Mantic:
New
Bug description:
In the latest Ubuntu 23.10 cloud images we are seeing unexpected UDP
listening port 5353.
By default and by policy, aside from port 22 there should be no other
open ports on Ubuntu cloud images. Listening port 5353 is a
regression.
Ubuntu 23.10 debug
```
$ ss --listening --no-header --tcp --udp --numeric
udp UNCONN
0 0
127.0.0.54:53
0.0.0.0:*
udp UNCONN
0 0
127.0.0.53%lo:53
0.0.0.0:*
udp UNCONN
0 0
10.154.0.17%ens4:68
0.0.0.0:*
udp UNCONN
0 0
127.0.0.1:323
0.0.0.0:*
udp UNCONN
0 0
0.0.0.0:5353
0.0.0.0:*
udp UNCONN
0 0
[::1]:323
[::]:*
udp UNCONN
0 0
[::]:5353
[::]:*
tcp LISTEN
0
4096
127.0.0.53%lo:53
0.0.0.0:*
tcp LISTEN
0
4096
127.0.0.54:53
0.0.0.0:*
tcp LISTEN
0
4096
*:22
*:*
```
This shows port 5353 open.
To find out what is listening on this port:
```
$ sudo lsof -i -n -P
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 153u IPv6 17848 0t0 TCP *:22 (LISTEN)
systemd-r 321 systemd-resolve 11u IPv4 16159 0t0 UDP *:5353
systemd-r 321 systemd-resolve 12u IPv6 16161 0t0 UDP *:5353
systemd-r 321 systemd-resolve 15u IPv4 16164 0t0 UDP 127.0.0.53:53
systemd-r 321 systemd-resolve 16u IPv4 16165 0t0 TCP 127.0.0.53:53
(LISTEN)
systemd-r 321 systemd-resolve 17u IPv4 16166 0t0 UDP 127.0.0.54:53
systemd-r 321 systemd-resolve 18u IPv4 16167 0t0 TCP 127.0.0.54:53
(LISTEN)
systemd-n 431 systemd-network 18u IPv4 17227 0t0 UDP
10.154.0.17:68
google_os 566 root 3u IPv4 18555 0t0 TCP
10.154.0.17:60818->169.254.169.254:80 (ESTABLISHED)
google_gu 739 root 13u IPv4 19822 0t0 TCP
10.154.0.17:35516->169.254.169.254:80 (ESTABLISHED)
sshd 747 root 3u IPv6 17848 0t0 TCP *:22 (LISTEN)
chronyd 1720 _chrony 5u IPv4 21448 0t0 UDP 127.0.0.1:323
chronyd 1720 _chrony 6u IPv6 21449 0t0 UDP [::1]:323
sshd 1761 root 4u IPv6 22688 0t0 TCP
10.154.0.17:22->185.202.17.195:45142 (ESTABLISHED)
sshd 1882 ubuntu 4u IPv6 22688 0t0 TCP
10.154.0.17:22->185.202.17.195:45142 (ESTABLISHED)
```
Shows that it is systemd-resolved that is listening and from
https://www.freedesktop.org/software/systemd/man/systemd-
resolved.service.html
> The systemd-resolved service listens on the following IP ports:
> Port 5353 on all local addresses, both IPv4 and IPv6 (0.0.0.0 and
::0), for MulticastDNS on UDP. Note that even though the socket is
bound to all local interfaces via the selected "wildcard" IP
addresses, the incoming datagrams are filtered by the network
interface they are coming in on, and separate MulticastDNS link-local
scopes are maintained for each, taking into consideration whether
MulticastDNS is enabled for the interface or not.
So listening on port 5353 is expected for systemd-resolved and
MulticastDNS but we do not expect this to be enabled by default on
cloud images.
```
$ dpkg -l systemd
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-==============-============-=================================
ii systemd 253.5-1ubuntu6 amd64 system and service manager
```
Comparing the open ports on an Ubuntu 22.04 multipass VM
```
$ ss --listening --no-header --tcp --udp --numeric
udp UNCONN
0 0
127.0.0.53%lo:53
0.0.0.0:*
udp UNCONN
0 0
10.212.201.146%ens3:68
0.0.0.0:*
tcp LISTEN
0
4096
127.0.0.53%lo:53
0.0.0.0:*
tcp LISTEN
0
128
0.0.0.0:22
0.0.0.0:*
tcp LISTEN
0
128
[::]:22
[::]:*
```
```
$ dpkg -l systemd
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-==================-============-=================================
ii systemd 249.11-0ubuntu3.10 amd64 system and service manager
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/2038894/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
