From: Cyrill Gorcunov <gorcunov@gmail.com>
To: David Ahern <dsa@cumulusnetworks.com>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
David Miller <davem@davemloft.net>,
eric.dumazet@gmail.com, kuznet@ms2.inr.ac.ru, jmorris@namei.org,
yoshfuji@linux-ipv6.org, kaber@trash.net, avagin@openvz.org,
stephen@networkplumber.org
Subject: Re: [PATCH v3] net: ip, diag -- Add diag interface for raw sockets
Date: Fri, 16 Sep 2016 00:01:26 +0300 [thread overview]
Message-ID: <20160915210126.GC1867@uranus.lan> (raw)
In-Reply-To: <f482796f-185e-a3b7-248c-20f1f39cb459@cumulusnetworks.com>
On Thu, Sep 15, 2016 at 02:54:57PM -0600, David Ahern wrote:
> On 9/15/16 2:22 PM, Cyrill Gorcunov wrote:
> >> ss -K is not working. Socket lookup fails to find a match due to a protocol mismatch.
> >>
> >> haven't had time to track down why there is a mismatch since the kill uses the socket returned
> >> from the dump. Won't have time to come back to this until early next week.
> >
> > Have you ran iproute2 patched? I just ran ss -K and all sockets get closed
> > (including raw ones), which actually kicked me off the testing machine sshd :/
> >
>
>
> This is the patch I applied to iproute2; the change in your goo.gl link plus a debug to confirm the kill action is initiated by ss:
>
> diff --git a/misc/ss.c b/misc/ss.c
> index 3b268d999426..4d98411738ea 100644
> --- a/misc/ss.c
> +++ b/misc/ss.c
> @@ -2334,6 +2334,10 @@ static int show_one_inet_sock(const struct sockaddr_nl *addr,
> if (diag_arg->f->f && run_ssfilter(diag_arg->f->f, &s) == 0)
> return 0;
>
> + if (diag_arg->f->kill) {
> +printf("want to kill:\n");
> + err = inet_show_sock(h, &s, diag_arg->protocol);
> + }
> if (diag_arg->f->kill && kill_inet_sock(h, arg) != 0) {
> if (errno == EOPNOTSUPP || errno == ENOENT) {
> /* Socket can't be closed, or is already closed. */
> @@ -2631,6 +2635,10 @@ static int raw_show(struct filter *f)
>
> dg_proto = RAW_PROTO;
>
> +if (!getenv("PROC_NET_RAW") && !getenv("PROC_ROOT") &&
> +inet_show_netlink(f, NULL, IPPROTO_RAW) == 0)
> +return 0;
> +
> if (f->families&(1<<AF_INET)) {
> if ((fp = net_raw_open()) == NULL)
> goto outerr;
>
Hmm. Weird. I'm running net-next kernel
---
[root@pcs7 ~]# /root/sock &
[1] 5108
This is a trivial program which opens raw sockets
[root@pcs7 iproute2]# misc/ss -A raw
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 127.0.0.1:ipproto-255 127.0.0.10:ipproto-9090
UNCONN 0 0 127.0.0.10:ipproto-255 *:*
UNCONN 0 0 :::ipv6-icmp :::*
UNCONN 0 0 :::ipv6-icmp :::*
ESTAB 0 0 ::1:ipproto-255 ::1:ipproto-9091
UNCONN 0 0 ::1:ipproto-255 :::*
[root@pcs7 iproute2]#
[root@pcs7 iproute2]# misc/ss -K
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 18071 * 16297
u_str ESTAB 0 0 /run/systemd/journal/stdout 18756 * 16188
u_str ESTAB 0 0 /run/systemd/journal/stdout 23014 * 23013
u_str ESTAB 0 0 * 18909 * 16298
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 19154 * 18163
...
??? ESTAB 0 0 127.0.0.1:ipproto-255 127.0.0.10:ipproto-9090
??? UNCONN 0 0 127.0.0.10:ipproto-255 *:*
??? ESTAB 0 0 ::1:ipproto-255 ::1:ipproto-9091
??? UNCONN 0 0 ::1:ipproto-255 :::*
---
Here I get kicked off the server. Login back
[cyrill@uranus ~] ssh root@pcs7
Last login: Thu Sep 15 23:20:42 2016 from gateway
[root@pcs7 ~]# cd /home/iproute2/
[root@pcs7 iproute2]# misc/ss -A raw
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 :::ipv6-icmp :::*
UNCONN 0 0 :::ipv6-icmp :::*
Maybe I do something wrong for testing?
next prev parent reply other threads:[~2016-09-15 21:01 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-13 17:19 [PATCH v3] net: ip, diag -- Add diag interface for raw sockets Cyrill Gorcunov
2016-09-13 18:33 ` Greg
2016-09-13 20:18 ` Rustad, Mark D
2016-09-13 20:32 ` Greg
2016-09-15 19:53 ` David Ahern
2016-09-15 20:22 ` Cyrill Gorcunov
2016-09-15 20:25 ` David Ahern
2016-09-15 20:36 ` Eric Dumazet
2016-09-15 20:39 ` David Ahern
2016-09-15 20:54 ` David Ahern
2016-09-15 21:01 ` Cyrill Gorcunov [this message]
2016-09-15 22:48 ` Eric Dumazet
2016-09-15 23:45 ` David Ahern
2016-09-16 7:06 ` Cyrill Gorcunov
2016-09-16 19:00 ` Cyrill Gorcunov
2016-09-16 19:30 ` David Ahern
2016-09-16 19:39 ` Cyrill Gorcunov
2016-09-16 19:47 ` David Ahern
2016-09-16 19:52 ` Cyrill Gorcunov
2016-09-16 19:55 ` David Ahern
2016-09-16 20:07 ` Cyrill Gorcunov
2016-09-20 21:13 ` Cyrill Gorcunov
2016-09-26 22:38 ` Cyrill Gorcunov
2016-09-27 1:54 ` David Ahern
2016-09-27 7:48 ` Cyrill Gorcunov
-- strict thread matches above, loose matches on Subject: below --
2016-09-09 18:26 [PATCH] " Cyrill Gorcunov
2016-09-10 16:31 ` David Ahern
2016-09-10 22:05 ` [PATCH v2] " Cyrill Gorcunov
2016-09-10 22:28 ` David Ahern
2016-09-11 19:17 ` [PATCH v3] " Cyrill Gorcunov
2016-09-13 15:57 ` David Miller
2016-09-13 16:31 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160915210126.GC1867@uranus.lan \
--to=gorcunov@gmail.com \
--cc=avagin@openvz.org \
--cc=davem@davemloft.net \
--cc=dsa@cumulusnetworks.com \
--cc=eric.dumazet@gmail.com \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.