RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1215006 - [RFE] backport current version of the ss command
Summary: [RFE] backport current version of the ss command
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: iproute
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Phil Sutter
QA Contact: Jaroslav Aster
URL:
Whiteboard:
Depends On:
Blocks: 1063927 1071910 1154636
TreeView+ depends on / blocked
 
Reported: 2015-04-24 06:00 UTC by Pavel Šimerda (pavlix)
Modified: 2015-11-19 14:42 UTC (History)
6 users (show)

Fixed In Version: iproute-3.10.0-51.el7
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 14:42:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2117 0 normal SHIPPED_LIVE iproute bug fix and enhancement update 2015-11-19 11:35:06 UTC

Description Pavel Šimerda (pavlix) 2015-04-24 06:00:52 UTC 
Backport the current version of the 'ss' command. That way we could provide all new features to the users without reporting and backporting them individually. The current version of 'ss' in RHEL is not very usable and upstream has fixed many outstanding issues.

Compatibility notes:

 * The iproute package is rather stable and we do not expect regressions.

 * Code of the 'ss' command is standalone.

 * Version used in the latest RHEL most probably didn't get a serious user base due to its issues.
Comment 7 Jaroslav Aster 2015-07-17 13:53:03 UTC 
Hi Pavel,

I tested new options and I found bug, ss does not work with -Z option.

# getenforce 
Enforcing

# ss -taZ
ss: SELinux is not enabled.
Comment 8 Jaroslav Aster 2015-07-17 13:56:44 UTC 
Option -z does not work too.

# ss -taz
ss: SELinux is not enabled.
Comment 9 Jaroslav Aster 2015-07-17 14:48:37 UTC 
I'm not sure, but I think I found a regression between new and old version. On old version of iproute, ss -x and ss -A unix shows the same, but on new version ss -x shows only unix stream sockets and ss -A unix shows all type of unix sockets. Try

ss -x

ss -A unix

ss -A unix_stream
Comment 10 Pavel Šimerda (pavlix) 2015-07-31 10:39:38 UTC 
(In reply to Jaroslav Aster from comment #9)
> I'm not sure, but I think I found a regression between new and old version.
> On old version of iproute, ss -x and ss -A unix shows the same, but on new
> version ss -x shows only unix stream sockets and ss -A unix shows all type
> of unix sockets. Try
> 
> ss -x
> 
> ss -A unix
> 
> ss -A unix_stream

Upstream (git master) seems to work well for the three above but seems to fail for the following.

ss -A unix_dgram

Expected result is to see a couple of lines when 'ss -A unix' showed a couple of dgram lines but no lines are printed out (except the header of course).
Comment 11 Pavel Šimerda (pavlix) 2015-08-03 09:12:15 UTC 
(In reply to Pavel Šimerda (pavlix) from comment #10)
> (In reply to Jaroslav Aster from comment #9)
> > I'm not sure, but I think I found a regression between new and old version.
> > On old version of iproute, ss -x and ss -A unix shows the same, but on new
> > version ss -x shows only unix stream sockets and ss -A unix shows all type
> > of unix sockets. Try
> > 
> > ss -x
> > 
> > ss -A unix
> > 
> > ss -A unix_stream
> 
> Upstream (git master) seems to work well for the three above but seems to
> fail for the following.
> 
> ss -A unix_dgram
> 
> Expected result is to see a couple of lines when 'ss -A unix' showed a
> couple of dgram lines but no lines are printed out (except the header of
> course).

And I'm getting the same results with a local build of the package!

iproute-3.10.0-46.el7
Comment 12 Phil Sutter 2015-08-04 15:32:15 UTC 
Hi Jaroslav,

(In reply to Jaroslav Aster from comment #9)
> I'm not sure, but I think I found a regression between new and old version.
> On old version of iproute, ss -x and ss -A unix shows the same, but on new
> version ss -x shows only unix stream sockets and ss -A unix shows all type
> of unix sockets. Try

I don't think this is a bug. Quoting the man-page: "When no option is used ss displays a list of open non-listening TCP sockets that have established connection."
If called with parameter '-x' (which is just an alias for '-f unix'), it will do the same for AF_UNIX sockets. Consistently, the output of 'ss -a -x' matches that of 'ss -A unix'.

Cheers, Phil
Comment 13 Phil Sutter 2015-08-04 15:35:55 UTC 
(In reply to Pavel Šimerda (pavlix) from comment #10)
> (In reply to Jaroslav Aster from comment #9)
> > I'm not sure, but I think I found a regression between new and old version.
> > On old version of iproute, ss -x and ss -A unix shows the same, but on new
> > version ss -x shows only unix stream sockets and ss -A unix shows all type
> > of unix sockets. Try
> > 
> > ss -x
> > 
> > ss -A unix
> > 
> > ss -A unix_stream
> 
> Upstream (git master) seems to work well for the three above but seems to
> fail for the following.
> 
> ss -A unix_dgram
> 
> Expected result is to see a couple of lines when 'ss -A unix' showed a
> couple of dgram lines but no lines are printed out (except the header of
> course).

I can't reproduce this with the current release of iproute:

[root@vrhel7 iproute2]# rpm -qa | grep iproute
iproute-3.10.0-46.el7.x86_64

[root@vrhel7 iproute2]# ss -A unix | grep u_dgr
u_dgr  UNCONN     0      0      /run/systemd/journal/socket 6696                  * 0                    
u_dgr  UNCONN     0      0      /dev/log 6698                  * 0                    
u_dgr  UNCONN     0      0      @/org/freedesktop/systemd1/notify 11346                 * 0                    
u_dgr  UNCONN     0      0      /run/systemd/shutdownd 11419                 * 0                    
u_dgr  UNCONN     0      0       * 18382                 * 6698                 
u_dgr  UNCONN     0      0       * 12669                 * 12670                
u_dgr  UNCONN     0      0       * 16530                 * 6698                 
u_dgr  UNCONN     0      0       * 12657                 * 6696                 
u_dgr  UNCONN     0      0       * 15338                 * 6696                 
u_dgr  UNCONN     0      0       * 18672                 * 6698                 
u_dgr  UNCONN     0      0       * 12324                 * 6696                 
u_dgr  UNCONN     0      0       * 30838                 * 6698                 
u_dgr  UNCONN     0      0       * 15648                 * 6698                 
u_dgr  UNCONN     0      0       * 15416                 * 0                    
u_dgr  UNCONN     0      0       * 16274                 * 6698                 
u_dgr  UNCONN     0      0       * 12670                 * 12669                
u_dgr  UNCONN     0      0       * 15713                 * 6698                 
u_dgr  UNCONN     0      0       * 21454                 * 6698                 
u_dgr  UNCONN     0      0       * 14635                 * 6698                 
u_dgr  UNCONN     0      0       * 18511                 * 6698                 

[root@vrhel7 iproute2]# ss -A unix_dgram
Recv-Q Send-Q     Local Address:Port                      Peer Address:Port                
0      0      /run/systemd/journal/socket 6696                                 * 0                    
0      0               /dev/log 6698                                 * 0                    
0      0      @/org/freedesktop/systemd1/notify 11346                                * 0                    
0      0      /run/systemd/shutdownd 11419                                * 0                    
0      0                      * 18382                                * 6698                 
0      0                      * 12669                                * 12670                
0      0                      * 16530                                * 6698                 
0      0                      * 12657                                * 6696                 
0      0                      * 15338                                * 6696                 
0      0                      * 18672                                * 6698                 
0      0                      * 12324                                * 6696                 
0      0                      * 30838                                * 6698                 
0      0                      * 15648                                * 6698                 
0      0                      * 15416                                * 0                    
0      0                      * 16274                                * 6698                 
0      0                      * 12670                                * 12669                
0      0                      * 15713                                * 6698                 
0      0                      * 21454                                * 6698                 
0      0                      * 14635                                * 6698                 
0      0                      * 18511                                * 6698                 

Could you please verify this on your system again?
Comment 16 Phil Sutter 2015-08-05 16:31:10 UTC 
Missing support for SELinux is fixed in version 3.10.0-48.el7: http://pkgs.devel.redhat.com/cgit/rpms/iproute/commit/?h=rhel-7.2&id=13368ed745f31d7dc5d60f7ce9067038e397998b

So what's left is the missing output of 'ss -A unix_dgram' Pavel reported which I couldn't reproduce.
Comment 18 Jaroslav Aster 2015-08-06 13:09:26 UTC 
Hi Pavel and Phil,

I do not know what is correct behaviour of ss, but there is different behaviour between old version of iproute iproute-3.10.0-21.el7 and new version of iproute iproute-3.10.0-48.el7.

Old version of iproute shows only established connections in command ss -x, ss -A unix and the output is the same for both commands.

# ss -x | wc -l
51

# ss -A unix | wc -l
51

with option -a shows all.

# ss -aA unix|wc -l
85

# ss -ax |wc -l
85

New version of iproute has different outputs of ss -x and ss -A unix. ss -x shows the same as in the previous version, but ss -A unix shows more information. It shows the same information as ss -A unix without LISTEN.

It's up to you to decide whether it is a regression or a fix :-).
Comment 19 Pavel Šimerda (pavlix) 2015-08-07 13:36:02 UTC 
From my side it makes perfect sense to leave the decision up to the new maintainer as he is also a kernel developer. Let me know if I can help in any way.
Comment 20 Phil Sutter 2015-08-07 15:09:44 UTC 
Sent a patch upstream: http://marc.info/?l=linux-netdev&m=143895429301597&w=2
Comment 22 errata-xmlrpc 2015-11-19 14:42:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2117.html
Note You need to log in before you can comment on or make changes to this bug.