There were only few Netlink protocol names
which were printed on the screen:
rtnl, fw, tcpdiag
So added the ability to identify Netlink proto name
from /etc/iproute/nl_protos or from static table.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Starting from linux-3.15 (commit 9063e21fb026, "netlink: autosize skb
lengths"), kernel is able to send up to 16K in netlink replies.
This change enables iproute2 commands to get bigger chunks,
without breaking compatibility with old kernels.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Display 4 additional tcp socket info fields :
backoff : exponential backoff
lastsnd : time in milli second since last send
lastrcv : time in milli second since last receive
lastack : time in milli second since last acknowledgement
$ ss -ti dst :22
State Recv-Q Send-Q Local Address:Port
Peer Address:Port
ESTAB 0 0 172.16.5.1:58470
172.17.131.143:ssh
cubic wscale:7,7 rto:228 rtt:30/20 ato:40 mss:1256 cwnd:6 ssthresh:4
send 2.0Mbps lastsnd:3480 lastrcv:3464 lastack:3464 rcv_rtt:81.5
rcv_space:87812
Signed-off-by: Eric Dumazet <edumazet@google.com>
Since linux-3.15, kernel exports tcpi_pacing_rate and
tcpi_max_pacing_rate in tcp_info
Add TCP pacing_rate information on ss -i output :
lpaa23:~# ./ss -ti dst 10.246.7.151
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 325800 10.246.7.151:57614
10.246.7.152:46811
cubic wscale:7,7 rto:201 rtt:0.081/0.006 mss:1448 cwnd:90 ssthresh:63
send 12871.1Mbps pacing_rate 15397.8Mbps unacked:90 retrans:0/305
rcv_space:29200
If SO_MAX_PACING_RATE is set on the socket, we add /max_pacing_rate as
in :
... pacing_rate 1570.5Mbps/2.0Gbps ...
Signed-off-by: Eric Dumazet <edumazet@google.com>
The process SELinux contexts can be added to the output using the -Z
option. Using the -z option will show the process and socket contexts (see
the man page for details).
For netlink sockets: if valid process show process context, if pid = 0
show kernel initial context, if unknown show "unavailable".
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This change enable the ss command to display the interface name as zone index
for local addresses when needed.
For this enhanced display *_diag stuff is needed.
It is based on a first version by Bernd Eckenfels.
example:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 fe80::20c:29ff:fe1f:7406%eth1:9999 :::*
udp UNCONN 0 0 :::domain :::*
tcp LISTEN 0 3 :::domain :::*
tcp LISTEN 0 5 fe80::20c:29ff:fe1f:7410%eth2:99 :::*
Signed-off-by: Francois-Xavier Le Bail <fx.lebail@yahoo.com>
This patch enables -A unix_stream, -A unix_dgram and
-A unix_seqpacket option even if ss gets socket information
via netlink.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Use warn_unused_result to enforce checking return value of rtnl_send,
and fix where the errors are.
Suggested by initial patch from Petr Písař <ppisar@redhat.com>
Example:
$ ss state established \( sport = :4060 or sport = :4061 or sport = :4062 or sport = :4063 or sport = :4064 or sport = :4065 or sport = :4066 or sport = :4067 \) > /dev/null
Aborted
In the example above ssfilter_bytecompile(...) will return (int)136.
char l1 = 136; means -120 which will result in a negative number
being passed to malloc at misc/ss.c:913.
Simply declare l1 and l2 as integers to avoid the char overflow.
This is one of the issues originally reported in http://bugs.debian.org/511720
Fix the same problem in other code paths as well (thanks to Eric Dumazet).
Reported-by: Andreas Schuldei <andreas@debian.org>
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Allow ss -i to display more TCP informations :
unacked:N Number of un-acked packets
retrans:X/Y X: number of outstanding retransmit packets
Y: total number of retransmits for the session
lost:N Number of lost packets (tcpi_lost)
sacked:N Number of sacked packets (tcpi_sacked)
facked:N Number of facked packets (tcpi_facked)
reordering:N Reordering level (if different of 3)
Example :
$ ss -emoi dst 10.7.7.83
tcp ESTAB 0 1154056 10.7.7.84:54127 10.7.7.83:34342
timer:(on,200ms,0) ino:57003 sk:ffff88063c51d0c0 <->
skmem:(r0,rb89280,t0,tb2097152,f726504,w1436184,o0,bl0) ts sack cubic
wscale:7,6 rto:310 rtt:107.375/1 mss:1448 cwnd:568 ssthresh:108 send
61.3Mbps unacked:568 retrans:0/21 reordering:127 rcv_space:29200
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
A netlink socket may be connected to a specific group.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
It will be reused for printing info about netlink sockets, when
socket diag is used for retrieving information.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
When extended info is requested (-e option) one will be able to observe
arrows in the output, like this:
ESTAB 0 0 127.0.0.1:41705 127.0.0.1:12345 ino:143321 sk:ffff88003a8cea00 -->
ESTAB 0 0 127.0.0.1:46925 127.0.0.1:12346 ino:143322 sk:ffff88003a8ce4c0 <--
ESTAB 0 0 127.0.0.1:51678 127.0.0.1:12347 ino:143323 sk:ffff88003a8cdf80 ---
ESTAB 0 0 127.0.0.1:46911 127.0.0.1:12348 ino:143324 sk:ffff88003b7f05c0 <->
for SHUT_RD, SHUT_WR, SHUT_RDWR and non-shutdown sockets respectively.
The respective nlattrs in *_diag messages has appeared in Linux v3.7 and
are already present in ss's headers.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch add support of netlink messages for AF_PACKET and thus it allows
to get filter information of this kind of sockets.
To dump these filters info the option --bfp must be specified and the user
must have admin rights.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
ss -i can output "fastopen" attribute if socket used Fast Open
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The output format is the same as for tcp sockets but only the following
fields are currently non-zero: sk_rcvbuf, sk_wmem_alloc and sk_sndbuf.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
On sockets in listen state Send-Q reports the maximum backlog,
otherwise it reports allocated socket write memory.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Currently the default filter lists TCP sockets only which is
rather confusing especially when the '-a/--all' flag is used.
This patch changes the default to include all sockets, imitating
netstat(8) behavior.
Signed-off-by: Petr Šabata <contyk@redhat.com>
Acked-by: David S. Miller <davem@davemloft.net>
Hello!
While building the iproute package in Debian I get warnings from
package helpers like this:
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/iproute/sbin/tc debian/iproute/usr/bin/lnstat debian/iproute/bin/ip debian/iproute/bin/ss debian/iproute/sbin/bridge debian/iproute/sbin/rtmon were not linked against libresolv.so.2 (they use none of the library's symbols)
The -lresolv in ./Makefile seems to come from pre-historic times (before
iproute2 git history, possibly from libc5/pre-glibc days).
I couldn't find out if/why there was any reason for linking to libresolv.
Does anyone know if there are any valid reasons for keeping it still?
If not, I'd be happy to see it go.... while at it I also removed includes
of <resolv.h> which I also couldn't find any reason for, but this is
just an added bonus of the patch (and there are probably more unneeded
includes that could be dropped in the same sources).
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
That is -- write the code, that sends diag request in new format. It's
mostly copied from tcp-diag code. Plus, sock-diag differentiates sockets
by families, thus we have to send two requests sequentially.
If we fail to submit new sock-diag request, try to fall-back and submit
the legacy tcp-diag one.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The existing function inet_show_netlink sends tcp-diag request and
then receives back the response and prints it on the screen.
The sock-diag and legacy tcp-diag have different request types, but
report sockets in the same format. In order to support both it's
convenient to split the code into sending and receiving parts.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The sock-diag is capable to diag udp sockets as well. Prepare the
ss code for this by first renaming soon-to-be-generic tcp-s names
into inet-s.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
linux-3.6-rc1 supports SK_MEMINFO_BACKLOG with commit d594e987c6f54
(sock_diag: add SK_MEMINFO_BACKLOG)
ss command can display it if provided by the kernel.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Vijay Subramanian <subramanian.vijay@gmail.com>
INET_DIAG_SKMEMINFO is used to monitor socket memory information
which contains more information than INET_DIAG_MEMINFO.
-m option is retained for old kernel that don't surpport INET_DIAG_SKMEMINFO.
Signed-off-by: Shan Wei <davidshan@tencent.com>
ss -x currently fails if CONFIG_INET_UDP_DIAG=n or old kernels
Also close file descriptors while we are at it.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Pavel Emelyanov <xemul@parallels.com>
Get the same info as from /proc file plus the peer inode.
Applies on top of new sock diag patch and udp diag patch.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Support ECNSEEN reporting in ss command.
ESTAB 0 0 10.170.73.123:4900
10.170.73.125:51001 uid:501 ino:385994 sk:f31e5f00
mem:(r0,w0,f0,t0) ts sack ecn ecnseen bic wscale:8,8 rto:210
rtt:18.75/15 ato:40 cwnd:10 send 69.9Mbps rcv_space:32768
"ecn" means TCP session negociated ECN capability (TCP layer) at setup
time
"ecnseen" at least one frame with ECT(0) or ECT(1) or ECN (IP layer) was
received from peer.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
This patch emulates 'netstat -ul' behavior, showing 'closed'
(state 07) UDP sockets when ss is called with '-ul' options.
Although dirty, this seems like the least invasive way to fix
it and shouldn't really break anything.
Signed-off-by: Petr Šabata <contyk@redhat.com>
Fixes following error. We currently provide garbage data to kernel, that
can abort the validation process or produce unexpected results.
$ ss -a autobound
State Recv-Q Send-Q Local Address:Port Peer Address:Port
TCPDIAG answers: Invalid argument
After patch:
$ misc/ss -a autobound
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:44624 *:*
ESTAB 0 0 192.168.1.21:47141 74.125.79.109:imaps
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
> On closer inspection, it appears that ss -p does a quadratic scan. It
> rescans every entry in /proc/*/fd/* repeatedly (once per listening
> port? per process? I don't remember what I figured out.)
>
> I humbly suggest that this is not a good idea.
Yep, this is junk. Please give this patch a try:
ss: Avoid quadradic complexity with '-p'
Scan the process list of open sockets once, and store in a hash
table to be used by subsequent find_user() calls.
Reported-by: Steve Fink <sphink@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peter Palfrader said in http://bugs.debian.org/545008 that
"--help output, if explicitly requested, should go to stdout, not stderr."
which this patch fixes.
Additionally, the exit code was adjusted to success if help was
explicitly requested.
(Syntax error still outputs to stderr and has the same exit code.)
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
When load the tcp_diag module, and use "ss -f inet" command to show the socket
information of inet domain. But this command also shows the information of inet6
domain, but not only inet domain. and "ss -f inet6", "ss -4", "ss -6" have the
same problem.
Signed-off-by: Li Yewang <lyw@cn.fujitsu.com>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
when using the "ss -f inet -t" command to show the tcp socket information of
inet domain, we get the error message: "ss: no socket tables to show with such filter."
This patch can fix this bug.
Signed-off-by: Li Yewang <lyw@cn.fujitsu.com>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
The function get_hz() returns the psched hz value which is wrong
for anything other than tc usage. Should be user hz instead, but
kernel is broken (patch sent) and this code doesn't get hit on
current systems (netlink is used first).
In ss.c, generic_proc_open(), for which the net_*_open functions are just
convenient wrappers, uses fopen, so errors are signalled by a NULL return
value. Some checks were expecting negative values instead, fix them.
Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Output from /proc may include partial records, so rather than
trying to be sexy and do own parsing, just use stdio.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
