Seems expression parser did not work correctly some
long time and such simple things did not work too:
# ss -a '( sport = :ssh )'
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Added new '-N NSNAME, --net=NSNAME' option to show socket stats
from the specified network namespace name.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
As inet dgram sockets (udp, raw) can call connect(...) - they
might be set in ESTABLISHED state. So keep the original behaviour of
'ss' which filtered them by ESTABLISHED state by default. So:
$ ss -u
or
$ ss -w
Will show only ESTABLISHED UDP sockets by default.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
When 'ss' prints UDP sockets info together with RAW sockets
e.g.:
$ ss -a
then UDP sockets are resolved as "ipproto-xxx".
It was caused that dg_proto was set after printing UDP
socket info from netlink. So fixed issue by moving
setting dg_proto before printing info from Netlink.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
This patch fixes some filtering combinations issues which does not
work on the 'master' version:
$ ss -4
shows inet & unix sockets, instead of only inet sockets
$ ss -u
needs to specify 'state closed'
$ ss src unix:*X11*
needs to specify '-x' shortcut for UNIX family
$ ss -A all
shows only sockets with established states
There might some other issues which was not observed.
Also changed logic for calculating families, socket types and
states filtering. I think that this version is a little simpler
one. Now there are 2 predefined default tables which describes
the following maping:
family -> (states, dbs)
db -> (states, families)
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Refactored to use one func for output packet stats info
from both /proc and netlink.
Added possibility to get packet stats info from /proc
by setting environment variable PROC_ROOT or PROC_NET_PACKET.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Checking by SS_CLOSE state was remowed in:
(45a4770bc0) ss: Remove checking SS_CLOSE state for packet and netlink
which is not really correct because now by default all sockets are seen
when do 'ss'.
Here is most correct fix which considers specified family.
To see netlink sockets:
ss -A netlink
To see packet sockets:
ss -A packet
And ss by default will show only connected/established sockets as it
was before all the time.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Replaced handling netlink messages by rtnl_dump_filter
from lib/libnetlink.c, also:
- removed unused dump_fp arg;
- added MAGIC_SEQ #define for 123456 seq id;
- silently exit if ENOENT errno is caused for NETLINK_SOCK_DIAG proto
in lib/libnetlink.c: rtnl_duml_filter_l(...) function. This fix
was added in a3fd8e58c1 by Eric
for misc/ss.c
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Now it is posible to filter by existing Netlink protos:
ss -A netlink src uevent
ss -A netlink src nft
ss -A netlink src genl
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
This patch fixes the following issues which was introduced by me in commits:
#1 (2dc854854b) ss: Fixed broken output for Netlink 'Peer Address:Port' column
ISSUE: Broken layout when all sockets are printed out
#2 (eef43b5052) ss: Identify more netlink protocol names
ISSUE: Protocol id is not printed if 'numbers only' output was specified (-n)
Also aligned the width of the local/peer ports to be more wider.
I tested with a lot of option combinations (I may miss some test cases),
but layout seems to me better than the previous released version of iproute2/ss.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
When output the netlink sockets:
ss -A netlink state close
the layout is a little broken with a shifted 'Peer Address:Port'
stars and empty new lines. Fixed by making the port field to be
wider for 'Local Address:Port' column.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
I dont see a reason that packet and netlink states will be
printed only if SS_CLOSE state is set in filter, in that case
to print states of netlink or packet sockets it is needed to run:
ss -A netlink state close
instead of:
ss -A netlink
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
There were only few Netlink protocol names
which were printed on the screen:
rtnl, fw, tcpdiag
So added the ability to identify Netlink proto name
from /etc/iproute/nl_protos or from static table.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Starting from linux-3.15 (commit 9063e21fb026, "netlink: autosize skb
lengths"), kernel is able to send up to 16K in netlink replies.
This change enables iproute2 commands to get bigger chunks,
without breaking compatibility with old kernels.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Display 4 additional tcp socket info fields :
backoff : exponential backoff
lastsnd : time in milli second since last send
lastrcv : time in milli second since last receive
lastack : time in milli second since last acknowledgement
$ ss -ti dst :22
State Recv-Q Send-Q Local Address:Port
Peer Address:Port
ESTAB 0 0 172.16.5.1:58470
172.17.131.143:ssh
cubic wscale:7,7 rto:228 rtt:30/20 ato:40 mss:1256 cwnd:6 ssthresh:4
send 2.0Mbps lastsnd:3480 lastrcv:3464 lastack:3464 rcv_rtt:81.5
rcv_space:87812
Signed-off-by: Eric Dumazet <edumazet@google.com>
Since linux-3.15, kernel exports tcpi_pacing_rate and
tcpi_max_pacing_rate in tcp_info
Add TCP pacing_rate information on ss -i output :
lpaa23:~# ./ss -ti dst 10.246.7.151
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 325800 10.246.7.151:57614
10.246.7.152:46811
cubic wscale:7,7 rto:201 rtt:0.081/0.006 mss:1448 cwnd:90 ssthresh:63
send 12871.1Mbps pacing_rate 15397.8Mbps unacked:90 retrans:0/305
rcv_space:29200
If SO_MAX_PACING_RATE is set on the socket, we add /max_pacing_rate as
in :
... pacing_rate 1570.5Mbps/2.0Gbps ...
Signed-off-by: Eric Dumazet <edumazet@google.com>
The process SELinux contexts can be added to the output using the -Z
option. Using the -z option will show the process and socket contexts (see
the man page for details).
For netlink sockets: if valid process show process context, if pid = 0
show kernel initial context, if unknown show "unavailable".
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This change enable the ss command to display the interface name as zone index
for local addresses when needed.
For this enhanced display *_diag stuff is needed.
It is based on a first version by Bernd Eckenfels.
example:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 fe80::20c:29ff:fe1f:7406%eth1:9999 :::*
udp UNCONN 0 0 :::domain :::*
tcp LISTEN 0 3 :::domain :::*
tcp LISTEN 0 5 fe80::20c:29ff:fe1f:7410%eth2:99 :::*
Signed-off-by: Francois-Xavier Le Bail <fx.lebail@yahoo.com>
This patch enables -A unix_stream, -A unix_dgram and
-A unix_seqpacket option even if ss gets socket information
via netlink.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Use warn_unused_result to enforce checking return value of rtnl_send,
and fix where the errors are.
Suggested by initial patch from Petr Písař <ppisar@redhat.com>
Example:
$ ss state established \( sport = :4060 or sport = :4061 or sport = :4062 or sport = :4063 or sport = :4064 or sport = :4065 or sport = :4066 or sport = :4067 \) > /dev/null
Aborted
In the example above ssfilter_bytecompile(...) will return (int)136.
char l1 = 136; means -120 which will result in a negative number
being passed to malloc at misc/ss.c:913.
Simply declare l1 and l2 as integers to avoid the char overflow.
This is one of the issues originally reported in http://bugs.debian.org/511720
Fix the same problem in other code paths as well (thanks to Eric Dumazet).
Reported-by: Andreas Schuldei <andreas@debian.org>
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Allow ss -i to display more TCP informations :
unacked:N Number of un-acked packets
retrans:X/Y X: number of outstanding retransmit packets
Y: total number of retransmits for the session
lost:N Number of lost packets (tcpi_lost)
sacked:N Number of sacked packets (tcpi_sacked)
facked:N Number of facked packets (tcpi_facked)
reordering:N Reordering level (if different of 3)
Example :
$ ss -emoi dst 10.7.7.83
tcp ESTAB 0 1154056 10.7.7.84:54127 10.7.7.83:34342
timer:(on,200ms,0) ino:57003 sk:ffff88063c51d0c0 <->
skmem:(r0,rb89280,t0,tb2097152,f726504,w1436184,o0,bl0) ts sack cubic
wscale:7,6 rto:310 rtt:107.375/1 mss:1448 cwnd:568 ssthresh:108 send
61.3Mbps unacked:568 retrans:0/21 reordering:127 rcv_space:29200
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
A netlink socket may be connected to a specific group.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
It will be reused for printing info about netlink sockets, when
socket diag is used for retrieving information.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
When extended info is requested (-e option) one will be able to observe
arrows in the output, like this:
ESTAB 0 0 127.0.0.1:41705 127.0.0.1:12345 ino:143321 sk:ffff88003a8cea00 -->
ESTAB 0 0 127.0.0.1:46925 127.0.0.1:12346 ino:143322 sk:ffff88003a8ce4c0 <--
ESTAB 0 0 127.0.0.1:51678 127.0.0.1:12347 ino:143323 sk:ffff88003a8cdf80 ---
ESTAB 0 0 127.0.0.1:46911 127.0.0.1:12348 ino:143324 sk:ffff88003b7f05c0 <->
for SHUT_RD, SHUT_WR, SHUT_RDWR and non-shutdown sockets respectively.
The respective nlattrs in *_diag messages has appeared in Linux v3.7 and
are already present in ss's headers.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch add support of netlink messages for AF_PACKET and thus it allows
to get filter information of this kind of sockets.
To dump these filters info the option --bfp must be specified and the user
must have admin rights.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
ss -i can output "fastopen" attribute if socket used Fast Open
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The output format is the same as for tcp sockets but only the following
fields are currently non-zero: sk_rcvbuf, sk_wmem_alloc and sk_sndbuf.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
