Hide Forgot
Backport the current version of the 'ss' command. That way we could provide all new features to the users without reporting and backporting them individually. The current version of 'ss' in RHEL is not very usable and upstream has fixed many outstanding issues. Compatibility notes: * The iproute package is rather stable and we do not expect regressions. * Code of the 'ss' command is standalone. * Version used in the latest RHEL most probably didn't get a serious user base due to its issues.
Hi Pavel, I tested new options and I found bug, ss does not work with -Z option. # getenforce Enforcing # ss -taZ ss: SELinux is not enabled.
Option -z does not work too. # ss -taz ss: SELinux is not enabled.
I'm not sure, but I think I found a regression between new and old version. On old version of iproute, ss -x and ss -A unix shows the same, but on new version ss -x shows only unix stream sockets and ss -A unix shows all type of unix sockets. Try ss -x ss -A unix ss -A unix_stream
(In reply to Jaroslav Aster from comment #9) > I'm not sure, but I think I found a regression between new and old version. > On old version of iproute, ss -x and ss -A unix shows the same, but on new > version ss -x shows only unix stream sockets and ss -A unix shows all type > of unix sockets. Try > > ss -x > > ss -A unix > > ss -A unix_stream Upstream (git master) seems to work well for the three above but seems to fail for the following. ss -A unix_dgram Expected result is to see a couple of lines when 'ss -A unix' showed a couple of dgram lines but no lines are printed out (except the header of course).
(In reply to Pavel Šimerda (pavlix) from comment #10) > (In reply to Jaroslav Aster from comment #9) > > I'm not sure, but I think I found a regression between new and old version. > > On old version of iproute, ss -x and ss -A unix shows the same, but on new > > version ss -x shows only unix stream sockets and ss -A unix shows all type > > of unix sockets. Try > > > > ss -x > > > > ss -A unix > > > > ss -A unix_stream > > Upstream (git master) seems to work well for the three above but seems to > fail for the following. > > ss -A unix_dgram > > Expected result is to see a couple of lines when 'ss -A unix' showed a > couple of dgram lines but no lines are printed out (except the header of > course). And I'm getting the same results with a local build of the package! iproute-3.10.0-46.el7
Hi Jaroslav, (In reply to Jaroslav Aster from comment #9) > I'm not sure, but I think I found a regression between new and old version. > On old version of iproute, ss -x and ss -A unix shows the same, but on new > version ss -x shows only unix stream sockets and ss -A unix shows all type > of unix sockets. Try I don't think this is a bug. Quoting the man-page: "When no option is used ss displays a list of open non-listening TCP sockets that have established connection." If called with parameter '-x' (which is just an alias for '-f unix'), it will do the same for AF_UNIX sockets. Consistently, the output of 'ss -a -x' matches that of 'ss -A unix'. Cheers, Phil
(In reply to Pavel Šimerda (pavlix) from comment #10) > (In reply to Jaroslav Aster from comment #9) > > I'm not sure, but I think I found a regression between new and old version. > > On old version of iproute, ss -x and ss -A unix shows the same, but on new > > version ss -x shows only unix stream sockets and ss -A unix shows all type > > of unix sockets. Try > > > > ss -x > > > > ss -A unix > > > > ss -A unix_stream > > Upstream (git master) seems to work well for the three above but seems to > fail for the following. > > ss -A unix_dgram > > Expected result is to see a couple of lines when 'ss -A unix' showed a > couple of dgram lines but no lines are printed out (except the header of > course). I can't reproduce this with the current release of iproute: [root@vrhel7 iproute2]# rpm -qa | grep iproute iproute-3.10.0-46.el7.x86_64 [root@vrhel7 iproute2]# ss -A unix | grep u_dgr u_dgr UNCONN 0 0 /run/systemd/journal/socket 6696 * 0 u_dgr UNCONN 0 0 /dev/log 6698 * 0 u_dgr UNCONN 0 0 @/org/freedesktop/systemd1/notify 11346 * 0 u_dgr UNCONN 0 0 /run/systemd/shutdownd 11419 * 0 u_dgr UNCONN 0 0 * 18382 * 6698 u_dgr UNCONN 0 0 * 12669 * 12670 u_dgr UNCONN 0 0 * 16530 * 6698 u_dgr UNCONN 0 0 * 12657 * 6696 u_dgr UNCONN 0 0 * 15338 * 6696 u_dgr UNCONN 0 0 * 18672 * 6698 u_dgr UNCONN 0 0 * 12324 * 6696 u_dgr UNCONN 0 0 * 30838 * 6698 u_dgr UNCONN 0 0 * 15648 * 6698 u_dgr UNCONN 0 0 * 15416 * 0 u_dgr UNCONN 0 0 * 16274 * 6698 u_dgr UNCONN 0 0 * 12670 * 12669 u_dgr UNCONN 0 0 * 15713 * 6698 u_dgr UNCONN 0 0 * 21454 * 6698 u_dgr UNCONN 0 0 * 14635 * 6698 u_dgr UNCONN 0 0 * 18511 * 6698 [root@vrhel7 iproute2]# ss -A unix_dgram Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 /run/systemd/journal/socket 6696 * 0 0 0 /dev/log 6698 * 0 0 0 @/org/freedesktop/systemd1/notify 11346 * 0 0 0 /run/systemd/shutdownd 11419 * 0 0 0 * 18382 * 6698 0 0 * 12669 * 12670 0 0 * 16530 * 6698 0 0 * 12657 * 6696 0 0 * 15338 * 6696 0 0 * 18672 * 6698 0 0 * 12324 * 6696 0 0 * 30838 * 6698 0 0 * 15648 * 6698 0 0 * 15416 * 0 0 0 * 16274 * 6698 0 0 * 12670 * 12669 0 0 * 15713 * 6698 0 0 * 21454 * 6698 0 0 * 14635 * 6698 0 0 * 18511 * 6698 Could you please verify this on your system again?
Missing support for SELinux is fixed in version 3.10.0-48.el7: http://pkgs.devel.redhat.com/cgit/rpms/iproute/commit/?h=rhel-7.2&id=13368ed745f31d7dc5d60f7ce9067038e397998b So what's left is the missing output of 'ss -A unix_dgram' Pavel reported which I couldn't reproduce.
Hi Pavel and Phil, I do not know what is correct behaviour of ss, but there is different behaviour between old version of iproute iproute-3.10.0-21.el7 and new version of iproute iproute-3.10.0-48.el7. Old version of iproute shows only established connections in command ss -x, ss -A unix and the output is the same for both commands. # ss -x | wc -l 51 # ss -A unix | wc -l 51 with option -a shows all. # ss -aA unix|wc -l 85 # ss -ax |wc -l 85 New version of iproute has different outputs of ss -x and ss -A unix. ss -x shows the same as in the previous version, but ss -A unix shows more information. It shows the same information as ss -A unix without LISTEN. It's up to you to decide whether it is a regression or a fix :-).
From my side it makes perfect sense to leave the decision up to the new maintainer as he is also a kernel developer. Let me know if I can help in any way.
Sent a patch upstream: http://marc.info/?l=linux-netdev&m=143895429301597&w=2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2117.html