Checking by SS_CLOSE state was remowed in:
(45a4770bc0) ss: Remove checking SS_CLOSE state for packet and netlink
which is not really correct because now by default all sockets are seen
when do 'ss'.
Here is most correct fix which considers specified family.
To see netlink sockets:
ss -A netlink
To see packet sockets:
ss -A packet
And ss by default will show only connected/established sockets as it
was before all the time.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Replaced handling netlink messages by rtnl_dump_filter
from lib/libnetlink.c, also:
- removed unused dump_fp arg;
- added MAGIC_SEQ #define for 123456 seq id;
- silently exit if ENOENT errno is caused for NETLINK_SOCK_DIAG proto
in lib/libnetlink.c: rtnl_duml_filter_l(...) function. This fix
was added in a3fd8e58c1 by Eric
for misc/ss.c
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Now it is posible to filter by existing Netlink protos:
ss -A netlink src uevent
ss -A netlink src nft
ss -A netlink src genl
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
This patch fixes the following issues which was introduced by me in commits:
#1 (2dc854854b) ss: Fixed broken output for Netlink 'Peer Address:Port' column
ISSUE: Broken layout when all sockets are printed out
#2 (eef43b5052) ss: Identify more netlink protocol names
ISSUE: Protocol id is not printed if 'numbers only' output was specified (-n)
Also aligned the width of the local/peer ports to be more wider.
I tested with a lot of option combinations (I may miss some test cases),
but layout seems to me better than the previous released version of iproute2/ss.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
When output the netlink sockets:
ss -A netlink state close
the layout is a little broken with a shifted 'Peer Address:Port'
stars and empty new lines. Fixed by making the port field to be
wider for 'Local Address:Port' column.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
I dont see a reason that packet and netlink states will be
printed only if SS_CLOSE state is set in filter, in that case
to print states of netlink or packet sockets it is needed to run:
ss -A netlink state close
instead of:
ss -A netlink
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
There were only few Netlink protocol names
which were printed on the screen:
rtnl, fw, tcpdiag
So added the ability to identify Netlink proto name
from /etc/iproute/nl_protos or from static table.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Starting from linux-3.15 (commit 9063e21fb026, "netlink: autosize skb
lengths"), kernel is able to send up to 16K in netlink replies.
This change enables iproute2 commands to get bigger chunks,
without breaking compatibility with old kernels.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Display 4 additional tcp socket info fields :
backoff : exponential backoff
lastsnd : time in milli second since last send
lastrcv : time in milli second since last receive
lastack : time in milli second since last acknowledgement
$ ss -ti dst :22
State Recv-Q Send-Q Local Address:Port
Peer Address:Port
ESTAB 0 0 172.16.5.1:58470
172.17.131.143:ssh
cubic wscale:7,7 rto:228 rtt:30/20 ato:40 mss:1256 cwnd:6 ssthresh:4
send 2.0Mbps lastsnd:3480 lastrcv:3464 lastack:3464 rcv_rtt:81.5
rcv_space:87812
Signed-off-by: Eric Dumazet <edumazet@google.com>
Since linux-3.15, kernel exports tcpi_pacing_rate and
tcpi_max_pacing_rate in tcp_info
Add TCP pacing_rate information on ss -i output :
lpaa23:~# ./ss -ti dst 10.246.7.151
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 325800 10.246.7.151:57614
10.246.7.152:46811
cubic wscale:7,7 rto:201 rtt:0.081/0.006 mss:1448 cwnd:90 ssthresh:63
send 12871.1Mbps pacing_rate 15397.8Mbps unacked:90 retrans:0/305
rcv_space:29200
If SO_MAX_PACING_RATE is set on the socket, we add /max_pacing_rate as
in :
... pacing_rate 1570.5Mbps/2.0Gbps ...
Signed-off-by: Eric Dumazet <edumazet@google.com>
The process SELinux contexts can be added to the output using the -Z
option. Using the -z option will show the process and socket contexts (see
the man page for details).
For netlink sockets: if valid process show process context, if pid = 0
show kernel initial context, if unknown show "unavailable".
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This change enable the ss command to display the interface name as zone index
for local addresses when needed.
For this enhanced display *_diag stuff is needed.
It is based on a first version by Bernd Eckenfels.
example:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 fe80::20c:29ff:fe1f:7406%eth1:9999 :::*
udp UNCONN 0 0 :::domain :::*
tcp LISTEN 0 3 :::domain :::*
tcp LISTEN 0 5 fe80::20c:29ff:fe1f:7410%eth2:99 :::*
Signed-off-by: Francois-Xavier Le Bail <fx.lebail@yahoo.com>
This patch enables -A unix_stream, -A unix_dgram and
-A unix_seqpacket option even if ss gets socket information
via netlink.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Use warn_unused_result to enforce checking return value of rtnl_send,
and fix where the errors are.
Suggested by initial patch from Petr Písař <ppisar@redhat.com>
Example:
$ ss state established \( sport = :4060 or sport = :4061 or sport = :4062 or sport = :4063 or sport = :4064 or sport = :4065 or sport = :4066 or sport = :4067 \) > /dev/null
Aborted
In the example above ssfilter_bytecompile(...) will return (int)136.
char l1 = 136; means -120 which will result in a negative number
being passed to malloc at misc/ss.c:913.
Simply declare l1 and l2 as integers to avoid the char overflow.
This is one of the issues originally reported in http://bugs.debian.org/511720
Fix the same problem in other code paths as well (thanks to Eric Dumazet).
Reported-by: Andreas Schuldei <andreas@debian.org>
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Allow ss -i to display more TCP informations :
unacked:N Number of un-acked packets
retrans:X/Y X: number of outstanding retransmit packets
Y: total number of retransmits for the session
lost:N Number of lost packets (tcpi_lost)
sacked:N Number of sacked packets (tcpi_sacked)
facked:N Number of facked packets (tcpi_facked)
reordering:N Reordering level (if different of 3)
Example :
$ ss -emoi dst 10.7.7.83
tcp ESTAB 0 1154056 10.7.7.84:54127 10.7.7.83:34342
timer:(on,200ms,0) ino:57003 sk:ffff88063c51d0c0 <->
skmem:(r0,rb89280,t0,tb2097152,f726504,w1436184,o0,bl0) ts sack cubic
wscale:7,6 rto:310 rtt:107.375/1 mss:1448 cwnd:568 ssthresh:108 send
61.3Mbps unacked:568 retrans:0/21 reordering:127 rcv_space:29200
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
A netlink socket may be connected to a specific group.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
It will be reused for printing info about netlink sockets, when
socket diag is used for retrieving information.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
When extended info is requested (-e option) one will be able to observe
arrows in the output, like this:
ESTAB 0 0 127.0.0.1:41705 127.0.0.1:12345 ino:143321 sk:ffff88003a8cea00 -->
ESTAB 0 0 127.0.0.1:46925 127.0.0.1:12346 ino:143322 sk:ffff88003a8ce4c0 <--
ESTAB 0 0 127.0.0.1:51678 127.0.0.1:12347 ino:143323 sk:ffff88003a8cdf80 ---
ESTAB 0 0 127.0.0.1:46911 127.0.0.1:12348 ino:143324 sk:ffff88003b7f05c0 <->
for SHUT_RD, SHUT_WR, SHUT_RDWR and non-shutdown sockets respectively.
The respective nlattrs in *_diag messages has appeared in Linux v3.7 and
are already present in ss's headers.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch add support of netlink messages for AF_PACKET and thus it allows
to get filter information of this kind of sockets.
To dump these filters info the option --bfp must be specified and the user
must have admin rights.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
ss -i can output "fastopen" attribute if socket used Fast Open
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The output format is the same as for tcp sockets but only the following
fields are currently non-zero: sk_rcvbuf, sk_wmem_alloc and sk_sndbuf.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
On sockets in listen state Send-Q reports the maximum backlog,
otherwise it reports allocated socket write memory.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Currently the default filter lists TCP sockets only which is
rather confusing especially when the '-a/--all' flag is used.
This patch changes the default to include all sockets, imitating
netstat(8) behavior.
Signed-off-by: Petr Šabata <contyk@redhat.com>
Acked-by: David S. Miller <davem@davemloft.net>
Hello!
While building the iproute package in Debian I get warnings from
package helpers like this:
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/iproute/sbin/tc debian/iproute/usr/bin/lnstat debian/iproute/bin/ip debian/iproute/bin/ss debian/iproute/sbin/bridge debian/iproute/sbin/rtmon were not linked against libresolv.so.2 (they use none of the library's symbols)
The -lresolv in ./Makefile seems to come from pre-historic times (before
iproute2 git history, possibly from libc5/pre-glibc days).
I couldn't find out if/why there was any reason for linking to libresolv.
Does anyone know if there are any valid reasons for keeping it still?
If not, I'd be happy to see it go.... while at it I also removed includes
of <resolv.h> which I also couldn't find any reason for, but this is
just an added bonus of the patch (and there are probably more unneeded
includes that could be dropped in the same sources).
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
That is -- write the code, that sends diag request in new format. It's
mostly copied from tcp-diag code. Plus, sock-diag differentiates sockets
by families, thus we have to send two requests sequentially.
If we fail to submit new sock-diag request, try to fall-back and submit
the legacy tcp-diag one.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The existing function inet_show_netlink sends tcp-diag request and
then receives back the response and prints it on the screen.
The sock-diag and legacy tcp-diag have different request types, but
report sockets in the same format. In order to support both it's
convenient to split the code into sending and receiving parts.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The sock-diag is capable to diag udp sockets as well. Prepare the
ss code for this by first renaming soon-to-be-generic tcp-s names
into inet-s.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
linux-3.6-rc1 supports SK_MEMINFO_BACKLOG with commit d594e987c6f54
(sock_diag: add SK_MEMINFO_BACKLOG)
ss command can display it if provided by the kernel.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Vijay Subramanian <subramanian.vijay@gmail.com>
INET_DIAG_SKMEMINFO is used to monitor socket memory information
which contains more information than INET_DIAG_MEMINFO.
-m option is retained for old kernel that don't surpport INET_DIAG_SKMEMINFO.
Signed-off-by: Shan Wei <davidshan@tencent.com>
ss -x currently fails if CONFIG_INET_UDP_DIAG=n or old kernels
Also close file descriptors while we are at it.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Pavel Emelyanov <xemul@parallels.com>
