JDK-8035404 : Java opens random 3-d port when JMX is configured
  • Type: Bug
  • Component: core-svc
  • Sub-Component: java.lang.management
  • Affected Version: 7u51
  • Priority: P4
  • Status: Resolved
  • Resolution: Not an Issue
  • OS: linux
  • CPU: x86_64
  • Submitted: 2014-02-17
  • Updated: 2014-04-02
  • Resolved: 2014-02-26
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
tbd_minorResolved
Description
FULL PRODUCT VERSION :
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)


ADDITIONAL OS VERSION INFORMATION :
Linux CentOS-5-64-0 2.6.18-348.el5 #1 SMP Tue Jan 8 17:53:53 EST 2013 x86_64 x86_64 x86_64 GNU/Linux

A DESCRIPTION OF THE PROBLEM :
I run my program with JDK7 on Centos6. I enable JMX using the following options:

/usr/bin/java -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=true -Djava.rmi.server.useLocalHostname=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.management.jmxremote.port=9123 -Dcom.sun.management.jmxremote.rmi.port=9123

When I check what ports are opened I discover additional random port that not possible to configure:

netstat -plunt | grep java

tcp        0      0 :::41200                    :::*                        LISTEN      13597/java
tcp        0      0 :::9123                     :::*                        LISTEN      13597/java

Additional run:

tcp        0      0 :::58356                    :::*                        LISTEN      13629/java
tcp        0      0 :::9123                     :::*                        LISTEN      13629/java

The port is not being used when connecting with JConsole.

Also, adding of -XX:+DisableAttachMechanism does not close the port:

/usr/bin/java -XX:+DisableAttachMechanism -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=true -Djava.rmi.server.useLocalHostname=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.management.jmxremote.port=9123 -Dcom.sun.management.jmxremote.rmi.port=9123



STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Configure JMX using these options:

/usr/bin/java -XX:+DisableAttachMechanism -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=true -Djava.rmi.server.useLocalHostname=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.management.jmxremote.port=9123 -Dcom.sun.management.jmxremote.rmi.port=9123

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Only one port 9123 is opened
ACTUAL -
Additional random  port is opened

REPRODUCIBILITY :
This bug can be reproduced always.


Comments
The additional ephemeral port is an expected behaviour. It is an implementation specific for JRMP.
02-04-2014

The additional port is for the RMI registry of the local only server. This port is used only for connecting locally and does not need to be traversed through firewalls. What I see as a problem is that even though the port should be bound to the localhost only (127.0.0.1) it is bound to all network interfaces. EDIT: However, when trying to connect to the local port from a remote machine a proper exception is thrown and the connection is denied. java.io.IOException: The server sockets created using the LocalRMIServerSocketFactory only accept connections from clients running on the host where the RMI remote objects have been exported. at sun.management.jmxremote.LocalRMIServerSocketFactory$1.accept(LocalRMIServerSocketFactory.java:114) at sun.rmi.transport.tcp.TCPTransport$AcceptLoop.executeAcceptLoop(TCPTransport.java:389) at sun.rmi.transport.tcp.TCPTransport$AcceptLoop.run(TCPTransport.java:361) at java.lang.Thread.run(Thread.java:724)
25-02-2014

I get the same issue when using different ports: /localhome/java/jdk8-b129/bin/java -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=true -Djava.rmi.server.useLocalHostname=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.management.jmxremote.port=9123 -Dcom.sun.management.jmxremote.rmi.port=9124 DoNothing netstat -plunt | grep java tcp 0 0 :::9123 :::* LISTEN 13261/java tcp 0 0 :::9124 :::* LISTEN 13261/java tcp 0 0 :::37334 :::* LISTEN 13261/java
20-02-2014

The user is trying to start the RMI registry and the JMX connector on the same port - "-Dcom.sun.management.jmxremote.port=9123 -Dcom.sun.management.jmxremote.rmi.port=9123" - 9123 The additional port is opened by the RMI registry after it detects the requested port 9123 not being available (since the JMX connector has already been bound to this port). The solution: RMI Registry and JMX connector ports must not be the same
20-02-2014