* [PATCH iproute2-next] ss: stop displaying dccp sockets
@ 2026-06-30 11:41 Yafang Shao
2026-06-30 23:13 ` Kuniyuki Iwashima
2026-07-01 1:55 ` [PATCH " Stephen Hemminger
0 siblings, 2 replies; 5+ messages in thread
From: Yafang Shao @ 2026-06-30 11:41 UTC (permalink / raw)
To: stephen, kuniyu; +Cc: netdev, Yafang Shao
DCCP support was retired in kernel commit 2a63dd0edf38 ("net: Retire
DCCP socket."). However, ss still attempts to query DCCP sockets via
netlink, which triggers repeated SELinux warnings in dmesg:
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 \
sclass=netlink_tcpdiag_socket pid=188945 comm=ss
Stop sending DCCPDIAG_GETSOCK netlink messages to suppress these
warnings and align ss with the kernel change.
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Cc: Kuniyuki Iwashima <kuniyu@google.com>
---
man/man8/ss.8 | 5 +++--
misc/ss.c | 40 ++++++++--------------------------------
2 files changed, 11 insertions(+), 34 deletions(-)
diff --git a/man/man8/ss.8 b/man/man8/ss.8
index 70e0a566..37dd75a0 100644
--- a/man/man8/ss.8
+++ b/man/man8/ss.8
@@ -378,7 +378,8 @@ Display TCP sockets.
Display UDP sockets.
.TP
.B \-d, \-\-dccp
-Display DCCP sockets.
+[Deprecated] DCCP is no longer supported since kernel 6.16.
+This option is ignored.
.TP
.B \-w, \-\-raw
Display RAW sockets.
@@ -411,7 +412,7 @@ supported: unix, inet, inet6, link, netlink, vsock, tipc, xdp.
.B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY
List of socket tables to dump, separated by commas. The following identifiers
are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram,
-unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp, tipc,
+unix_stream, unix_seqpacket, packet_raw, packet_dgram, sctp, tipc,
vsock_stream, vsock_dgram, xdp, mptcp. Any item in the list may optionally be
prefixed by an exclamation mark
.RB ( ! )
diff --git a/misc/ss.c b/misc/ss.c
index 14e9f27a..dae5f282 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -195,7 +195,6 @@ static const char *dg_proto;
enum {
TCP_DB,
MPTCP_DB,
- DCCP_DB,
UDP_DB,
RAW_DB,
UNIX_DG_DB,
@@ -215,7 +214,7 @@ enum {
#define PACKET_DBM ((1<<PACKET_DG_DB)|(1<<PACKET_R_DB))
#define UNIX_DBM ((1<<UNIX_DG_DB)|(1<<UNIX_ST_DB)|(1<<UNIX_SQ_DB))
#define ALL_DB ((1<<MAX_DB)-1)
-#define INET_L4_DBM ((1<<TCP_DB)|(1<<MPTCP_DB)|(1<<UDP_DB)|(1<<DCCP_DB)|(1<<SCTP_DB))
+#define INET_L4_DBM ((1<<TCP_DB)|(1<<MPTCP_DB)|(1<<UDP_DB)|(1<<SCTP_DB))
#define INET_DBM (INET_L4_DBM | (1<<RAW_DB))
#define VSOCK_DBM ((1<<VSOCK_ST_DB)|(1<<VSOCK_DG_DB))
@@ -274,10 +273,6 @@ static const struct filter default_dbs[MAX_DB] = {
.states = SS_CONN,
.families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
},
- [DCCP_DB] = {
- .states = SS_CONN,
- .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
- },
[UDP_DB] = {
.states = (1 << SS_ESTABLISHED),
.families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
@@ -388,13 +383,12 @@ static int filter_db_parse(struct filter *f, const char *s)
int dbs[MAX_DB + 1];
} db_name_tbl[] = {
#define ENTRY(name, ...) { #name, { __VA_ARGS__, MAX_DB } }
- ENTRY(all, UDP_DB, DCCP_DB, TCP_DB, MPTCP_DB, RAW_DB,
+ ENTRY(all, UDP_DB, TCP_DB, MPTCP_DB, RAW_DB,
UNIX_ST_DB, UNIX_DG_DB, UNIX_SQ_DB,
PACKET_R_DB, PACKET_DG_DB, NETLINK_DB,
SCTP_DB, VSOCK_ST_DB, VSOCK_DG_DB, XDP_DB),
- ENTRY(inet, UDP_DB, DCCP_DB, TCP_DB, MPTCP_DB, SCTP_DB, RAW_DB),
+ ENTRY(inet, UDP_DB, TCP_DB, MPTCP_DB, SCTP_DB, RAW_DB),
ENTRY(udp, UDP_DB),
- ENTRY(dccp, DCCP_DB),
ENTRY(tcp, TCP_DB),
ENTRY(mptcp, MPTCP_DB),
ENTRY(sctp, SCTP_DB),
@@ -935,8 +929,6 @@ static const char *proto_name(int protocol)
return "mptcp";
case IPPROTO_SCTP:
return "sctp";
- case IPPROTO_DCCP:
- return "dccp";
case IPPROTO_ICMPV6:
return "icmp6";
}
@@ -3897,8 +3889,6 @@ static int tcpdiag_send(int fd, int protocol, struct filter *f)
if (protocol == IPPROTO_TCP)
req.nlh.nlmsg_type = TCPDIAG_GETSOCK;
- else if (protocol == IPPROTO_DCCP)
- req.nlh.nlmsg_type = DCCPDIAG_GETSOCK;
else
return -1;
@@ -4134,7 +4124,7 @@ static int inet_show_netlink(struct filter *f, FILE *dump_fp, int protocol)
/* Suppress netlink errors. Older kernels do not support extended
* protocol requests using INET_DIAG_REQ_PROTOCOL, and some protocols
- * may not be available in the running kernel (e.g. SCTP, DCCP).
+ * may not be available in the running kernel (e.g. SCTP).
* In both cases the kernel returns EINVAL which would cause
* rtnl_dump_error() to print a confusing "RTNETLINK answers" error.
*/
@@ -4309,18 +4299,6 @@ static int mptcp_show(struct filter *f)
return 0;
}
-static int dccp_show(struct filter *f)
-{
- if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
- return 0;
-
- if (!getenv("PROC_NET_DCCP") && !getenv("PROC_ROOT")
- && inet_show_netlink(f, NULL, IPPROTO_DCCP) == 0)
- return 0;
-
- return 0;
-}
-
static int sctp_show(struct filter *f)
{
if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
@@ -5779,7 +5757,7 @@ static void _usage(FILE *dest)
" -M, --mptcp display only MPTCP sockets\n"
" -S, --sctp display only SCTP sockets\n"
" -u, --udp display only UDP sockets\n"
-" -d, --dccp display only DCCP sockets\n"
+" -d, --dccp DCCP is no longer supported, option ignored\n"
" -w, --raw display only RAW sockets\n"
" -x, --unix display only Unix domain sockets\n"
" --tipc display only TIPC sockets\n"
@@ -5795,7 +5773,7 @@ static void _usage(FILE *dest)
" --inet-sockopt show various inet socket options\n"
"\n"
" -A, --query=QUERY, --socket=QUERY\n"
-" QUERY := {all|inet|tcp|mptcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|packet_raw|packet_dgram|netlink|dccp|sctp|vsock_stream|vsock_dgram|tipc|xdp}[,QUERY]\n"
+" QUERY := {all|inet|tcp|mptcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|packet_raw|packet_dgram|netlink|sctp|vsock_stream|vsock_dgram|tipc|xdp}[,QUERY]\n"
"\n"
" -D, --diag=FILE Dump raw information about TCP sockets to FILE\n"
" -F, --filter=FILE read filter information from FILE\n"
@@ -5907,7 +5885,7 @@ static const struct option long_opts[] = {
{ "threads", 0, 0, 'T' },
{ "bpf", 0, 0, 'b' },
{ "events", 0, 0, 'E' },
- { "dccp", 0, 0, 'd' },
+ { "dccp", 0, 0, 'd' }, /* DCCP retired, kept for compatibility */
{ "tcp", 0, 0, 't' },
{ "sctp", 0, 0, 'S' },
{ "udp", 0, 0, 'u' },
@@ -5997,7 +5975,7 @@ int main(int argc, char *argv[])
follow_events = 1;
break;
case 'd':
- filter_db_set(¤t_filter, DCCP_DB, true);
+ /* DCCP retired in kernel 6.16, kept for compatibility */
break;
case 't':
filter_db_set(¤t_filter, TCP_DB, true);
@@ -6290,8 +6268,6 @@ int main(int argc, char *argv[])
udp_show(¤t_filter);
if (current_filter.dbs & (1<<TCP_DB))
tcp_show(¤t_filter);
- if (current_filter.dbs & (1<<DCCP_DB))
- dccp_show(¤t_filter);
if (current_filter.dbs & (1<<SCTP_DB))
sctp_show(¤t_filter);
if (current_filter.dbs & VSOCK_DBM)
--
2.50.1 (Apple Git-155)
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH iproute2-next] ss: stop displaying dccp sockets
2026-06-30 11:41 [PATCH iproute2-next] ss: stop displaying dccp sockets Yafang Shao
@ 2026-06-30 23:13 ` Kuniyuki Iwashima
2026-07-01 1:56 ` Stephen Hemminger
2026-07-01 1:55 ` [PATCH " Stephen Hemminger
1 sibling, 1 reply; 5+ messages in thread
From: Kuniyuki Iwashima @ 2026-06-30 23:13 UTC (permalink / raw)
To: Yafang Shao; +Cc: stephen, netdev
On Tue, Jun 30, 2026 at 4:41 AM Yafang Shao <laoar.shao@gmail.com> wrote:
>
> DCCP support was retired in kernel commit 2a63dd0edf38 ("net: Retire
> DCCP socket."). However, ss still attempts to query DCCP sockets via
> netlink, which triggers repeated SELinux warnings in dmesg:
>
> SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 \
> sclass=netlink_tcpdiag_socket pid=188945 comm=ss
>
> Stop sending DCCPDIAG_GETSOCK netlink messages to suppress these
> warnings and align ss with the kernel change.
>
> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> Cc: Kuniyuki Iwashima <kuniyu@google.com>
> ---
> man/man8/ss.8 | 5 +++--
> misc/ss.c | 40 ++++++++--------------------------------
> 2 files changed, 11 insertions(+), 34 deletions(-)
>
> diff --git a/man/man8/ss.8 b/man/man8/ss.8
> index 70e0a566..37dd75a0 100644
> --- a/man/man8/ss.8
> +++ b/man/man8/ss.8
> @@ -378,7 +378,8 @@ Display TCP sockets.
> Display UDP sockets.
> .TP
> .B \-d, \-\-dccp
> -Display DCCP sockets.
> +[Deprecated] DCCP is no longer supported since kernel 6.16.
> +This option is ignored.
> .TP
> .B \-w, \-\-raw
> Display RAW sockets.
> @@ -411,7 +412,7 @@ supported: unix, inet, inet6, link, netlink, vsock, tipc, xdp.
> .B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY
> List of socket tables to dump, separated by commas. The following identifiers
> are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram,
> -unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp, tipc,
> +unix_stream, unix_seqpacket, packet_raw, packet_dgram, sctp, tipc,
> vsock_stream, vsock_dgram, xdp, mptcp. Any item in the list may optionally be
> prefixed by an exclamation mark
> .RB ( ! )
> diff --git a/misc/ss.c b/misc/ss.c
> index 14e9f27a..dae5f282 100644
> --- a/misc/ss.c
> +++ b/misc/ss.c
> @@ -195,7 +195,6 @@ static const char *dg_proto;
> enum {
> TCP_DB,
> MPTCP_DB,
> - DCCP_DB,
> UDP_DB,
> RAW_DB,
> UNIX_DG_DB,
> @@ -215,7 +214,7 @@ enum {
> #define PACKET_DBM ((1<<PACKET_DG_DB)|(1<<PACKET_R_DB))
> #define UNIX_DBM ((1<<UNIX_DG_DB)|(1<<UNIX_ST_DB)|(1<<UNIX_SQ_DB))
> #define ALL_DB ((1<<MAX_DB)-1)
> -#define INET_L4_DBM ((1<<TCP_DB)|(1<<MPTCP_DB)|(1<<UDP_DB)|(1<<DCCP_DB)|(1<<SCTP_DB))
> +#define INET_L4_DBM ((1<<TCP_DB)|(1<<MPTCP_DB)|(1<<UDP_DB)|(1<<SCTP_DB))
> #define INET_DBM (INET_L4_DBM | (1<<RAW_DB))
> #define VSOCK_DBM ((1<<VSOCK_ST_DB)|(1<<VSOCK_DG_DB))
>
> @@ -274,10 +273,6 @@ static const struct filter default_dbs[MAX_DB] = {
> .states = SS_CONN,
> .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
> },
> - [DCCP_DB] = {
> - .states = SS_CONN,
> - .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
> - },
> [UDP_DB] = {
> .states = (1 << SS_ESTABLISHED),
> .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
> @@ -388,13 +383,12 @@ static int filter_db_parse(struct filter *f, const char *s)
> int dbs[MAX_DB + 1];
> } db_name_tbl[] = {
> #define ENTRY(name, ...) { #name, { __VA_ARGS__, MAX_DB } }
> - ENTRY(all, UDP_DB, DCCP_DB, TCP_DB, MPTCP_DB, RAW_DB,
> + ENTRY(all, UDP_DB, TCP_DB, MPTCP_DB, RAW_DB,
> UNIX_ST_DB, UNIX_DG_DB, UNIX_SQ_DB,
> PACKET_R_DB, PACKET_DG_DB, NETLINK_DB,
> SCTP_DB, VSOCK_ST_DB, VSOCK_DG_DB, XDP_DB),
> - ENTRY(inet, UDP_DB, DCCP_DB, TCP_DB, MPTCP_DB, SCTP_DB, RAW_DB),
> + ENTRY(inet, UDP_DB, TCP_DB, MPTCP_DB, SCTP_DB, RAW_DB),
> ENTRY(udp, UDP_DB),
> - ENTRY(dccp, DCCP_DB),
> ENTRY(tcp, TCP_DB),
> ENTRY(mptcp, MPTCP_DB),
> ENTRY(sctp, SCTP_DB),
> @@ -935,8 +929,6 @@ static const char *proto_name(int protocol)
> return "mptcp";
> case IPPROTO_SCTP:
> return "sctp";
> - case IPPROTO_DCCP:
> - return "dccp";
> case IPPROTO_ICMPV6:
> return "icmp6";
> }
> @@ -3897,8 +3889,6 @@ static int tcpdiag_send(int fd, int protocol, struct filter *f)
>
> if (protocol == IPPROTO_TCP)
> req.nlh.nlmsg_type = TCPDIAG_GETSOCK;
> - else if (protocol == IPPROTO_DCCP)
> - req.nlh.nlmsg_type = DCCPDIAG_GETSOCK;
> else
> return -1;
>
> @@ -4134,7 +4124,7 @@ static int inet_show_netlink(struct filter *f, FILE *dump_fp, int protocol)
>
> /* Suppress netlink errors. Older kernels do not support extended
> * protocol requests using INET_DIAG_REQ_PROTOCOL, and some protocols
> - * may not be available in the running kernel (e.g. SCTP, DCCP).
> + * may not be available in the running kernel (e.g. SCTP).
> * In both cases the kernel returns EINVAL which would cause
> * rtnl_dump_error() to print a confusing "RTNETLINK answers" error.
> */
> @@ -4309,18 +4299,6 @@ static int mptcp_show(struct filter *f)
> return 0;
> }
>
> -static int dccp_show(struct filter *f)
> -{
> - if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
> - return 0;
> -
> - if (!getenv("PROC_NET_DCCP") && !getenv("PROC_ROOT")
> - && inet_show_netlink(f, NULL, IPPROTO_DCCP) == 0)
> - return 0;
> -
> - return 0;
> -}
> -
> static int sctp_show(struct filter *f)
> {
> if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
> @@ -5779,7 +5757,7 @@ static void _usage(FILE *dest)
> " -M, --mptcp display only MPTCP sockets\n"
> " -S, --sctp display only SCTP sockets\n"
> " -u, --udp display only UDP sockets\n"
> -" -d, --dccp display only DCCP sockets\n"
> +" -d, --dccp DCCP is no longer supported, option ignored\n"
> " -w, --raw display only RAW sockets\n"
> " -x, --unix display only Unix domain sockets\n"
> " --tipc display only TIPC sockets\n"
> @@ -5795,7 +5773,7 @@ static void _usage(FILE *dest)
> " --inet-sockopt show various inet socket options\n"
> "\n"
> " -A, --query=QUERY, --socket=QUERY\n"
> -" QUERY := {all|inet|tcp|mptcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|packet_raw|packet_dgram|netlink|dccp|sctp|vsock_stream|vsock_dgram|tipc|xdp}[,QUERY]\n"
> +" QUERY := {all|inet|tcp|mptcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|packet_raw|packet_dgram|netlink|sctp|vsock_stream|vsock_dgram|tipc|xdp}[,QUERY]\n"
> "\n"
> " -D, --diag=FILE Dump raw information about TCP sockets to FILE\n"
> " -F, --filter=FILE read filter information from FILE\n"
> @@ -5907,7 +5885,7 @@ static const struct option long_opts[] = {
> { "threads", 0, 0, 'T' },
> { "bpf", 0, 0, 'b' },
> { "events", 0, 0, 'E' },
> - { "dccp", 0, 0, 'd' },
> + { "dccp", 0, 0, 'd' }, /* DCCP retired, kept for compatibility */
> { "tcp", 0, 0, 't' },
> { "sctp", 0, 0, 'S' },
> { "udp", 0, 0, 'u' },
> @@ -5997,7 +5975,7 @@ int main(int argc, char *argv[])
> follow_events = 1;
> break;
> case 'd':
> - filter_db_set(¤t_filter, DCCP_DB, true);
> + /* DCCP retired in kernel 6.16, kept for compatibility */
I think it more user-friendly to remove the case and show usage(),
instead of just ignoring the option.
> break;
> case 't':
> filter_db_set(¤t_filter, TCP_DB, true);
> @@ -6290,8 +6268,6 @@ int main(int argc, char *argv[])
> udp_show(¤t_filter);
> if (current_filter.dbs & (1<<TCP_DB))
> tcp_show(¤t_filter);
> - if (current_filter.dbs & (1<<DCCP_DB))
> - dccp_show(¤t_filter);
> if (current_filter.dbs & (1<<SCTP_DB))
> sctp_show(¤t_filter);
> if (current_filter.dbs & VSOCK_DBM)
> --
> 2.50.1 (Apple Git-155)
>
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH iproute2-next] ss: stop displaying dccp sockets
2026-06-30 23:13 ` Kuniyuki Iwashima
@ 2026-07-01 1:56 ` Stephen Hemminger
2026-07-01 2:50 ` [PATCH v2 " Yafang Shao
0 siblings, 1 reply; 5+ messages in thread
From: Stephen Hemminger @ 2026-07-01 1:56 UTC (permalink / raw)
To: Kuniyuki Iwashima; +Cc: Yafang Shao, netdev
On Tue, 30 Jun 2026 16:13:10 -0700
Kuniyuki Iwashima <kuniyu@google.com> wrote:
> > case 'd':
> > - filter_db_set(¤t_filter, DCCP_DB, true);
> > + /* DCCP retired in kernel 6.16, kept for compatibility */
>
> I think it more user-friendly to remove the case and show usage(),
> instead of just ignoring the option.
It should just be killed completely, parse 'd' as error.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2 iproute2-next] ss: stop displaying dccp sockets
2026-07-01 1:56 ` Stephen Hemminger
@ 2026-07-01 2:50 ` Yafang Shao
0 siblings, 0 replies; 5+ messages in thread
From: Yafang Shao @ 2026-07-01 2:50 UTC (permalink / raw)
To: stephen; +Cc: kuniyu, laoar.shao, netdev
DCCP support was retired in kernel commit 2a63dd0edf38 ("net: Retire
DCCP socket."). However, ss still attempts to query DCCP sockets via
netlink, which triggers repeated SELinux warnings in dmesg:
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 \
sclass=netlink_tcpdiag_socket pid=188945 comm=ss
Stop sending DCCPDIAG_GETSOCK netlink messages to suppress these
warnings and align ss with the kernel change.
After this commit, running `ss -d` fails with:
# ./misc/ss -d
./misc/ss: invalid option -- 'd'
[...]
# ./misc/ss --dccp
./misc/ss: unrecognized option '--dccp'
[...]
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Cc: Kuniyuki Iwashima <kuniyu@google.com>
---
man/man8/ss.8 | 5 +----
misc/ss.c | 41 ++++++-----------------------------------
2 files changed, 7 insertions(+), 39 deletions(-)
diff --git a/man/man8/ss.8 b/man/man8/ss.8
index 70e0a566..3871612d 100644
--- a/man/man8/ss.8
+++ b/man/man8/ss.8
@@ -377,9 +377,6 @@ Display TCP sockets.
.B \-u, \-\-udp
Display UDP sockets.
.TP
-.B \-d, \-\-dccp
-Display DCCP sockets.
-.TP
.B \-w, \-\-raw
Display RAW sockets.
.TP
@@ -411,7 +408,7 @@ supported: unix, inet, inet6, link, netlink, vsock, tipc, xdp.
.B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY
List of socket tables to dump, separated by commas. The following identifiers
are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram,
-unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp, tipc,
+unix_stream, unix_seqpacket, packet_raw, packet_dgram, sctp, tipc,
vsock_stream, vsock_dgram, xdp, mptcp. Any item in the list may optionally be
prefixed by an exclamation mark
.RB ( ! )
diff --git a/misc/ss.c b/misc/ss.c
index 14e9f27a..b5f59a37 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -195,7 +195,6 @@ static const char *dg_proto;
enum {
TCP_DB,
MPTCP_DB,
- DCCP_DB,
UDP_DB,
RAW_DB,
UNIX_DG_DB,
@@ -215,7 +214,7 @@ enum {
#define PACKET_DBM ((1<<PACKET_DG_DB)|(1<<PACKET_R_DB))
#define UNIX_DBM ((1<<UNIX_DG_DB)|(1<<UNIX_ST_DB)|(1<<UNIX_SQ_DB))
#define ALL_DB ((1<<MAX_DB)-1)
-#define INET_L4_DBM ((1<<TCP_DB)|(1<<MPTCP_DB)|(1<<UDP_DB)|(1<<DCCP_DB)|(1<<SCTP_DB))
+#define INET_L4_DBM ((1<<TCP_DB)|(1<<MPTCP_DB)|(1<<UDP_DB)|(1<<SCTP_DB))
#define INET_DBM (INET_L4_DBM | (1<<RAW_DB))
#define VSOCK_DBM ((1<<VSOCK_ST_DB)|(1<<VSOCK_DG_DB))
@@ -274,10 +273,6 @@ static const struct filter default_dbs[MAX_DB] = {
.states = SS_CONN,
.families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
},
- [DCCP_DB] = {
- .states = SS_CONN,
- .families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
- },
[UDP_DB] = {
.states = (1 << SS_ESTABLISHED),
.families = FAMILY_MASK(AF_INET) | FAMILY_MASK(AF_INET6),
@@ -388,13 +383,12 @@ static int filter_db_parse(struct filter *f, const char *s)
int dbs[MAX_DB + 1];
} db_name_tbl[] = {
#define ENTRY(name, ...) { #name, { __VA_ARGS__, MAX_DB } }
- ENTRY(all, UDP_DB, DCCP_DB, TCP_DB, MPTCP_DB, RAW_DB,
+ ENTRY(all, UDP_DB, TCP_DB, MPTCP_DB, RAW_DB,
UNIX_ST_DB, UNIX_DG_DB, UNIX_SQ_DB,
PACKET_R_DB, PACKET_DG_DB, NETLINK_DB,
SCTP_DB, VSOCK_ST_DB, VSOCK_DG_DB, XDP_DB),
- ENTRY(inet, UDP_DB, DCCP_DB, TCP_DB, MPTCP_DB, SCTP_DB, RAW_DB),
+ ENTRY(inet, UDP_DB, TCP_DB, MPTCP_DB, SCTP_DB, RAW_DB),
ENTRY(udp, UDP_DB),
- ENTRY(dccp, DCCP_DB),
ENTRY(tcp, TCP_DB),
ENTRY(mptcp, MPTCP_DB),
ENTRY(sctp, SCTP_DB),
@@ -935,8 +929,6 @@ static const char *proto_name(int protocol)
return "mptcp";
case IPPROTO_SCTP:
return "sctp";
- case IPPROTO_DCCP:
- return "dccp";
case IPPROTO_ICMPV6:
return "icmp6";
}
@@ -3897,8 +3889,6 @@ static int tcpdiag_send(int fd, int protocol, struct filter *f)
if (protocol == IPPROTO_TCP)
req.nlh.nlmsg_type = TCPDIAG_GETSOCK;
- else if (protocol == IPPROTO_DCCP)
- req.nlh.nlmsg_type = DCCPDIAG_GETSOCK;
else
return -1;
@@ -4134,7 +4124,7 @@ static int inet_show_netlink(struct filter *f, FILE *dump_fp, int protocol)
/* Suppress netlink errors. Older kernels do not support extended
* protocol requests using INET_DIAG_REQ_PROTOCOL, and some protocols
- * may not be available in the running kernel (e.g. SCTP, DCCP).
+ * may not be available in the running kernel (e.g. SCTP).
* In both cases the kernel returns EINVAL which would cause
* rtnl_dump_error() to print a confusing "RTNETLINK answers" error.
*/
@@ -4309,18 +4299,6 @@ static int mptcp_show(struct filter *f)
return 0;
}
-static int dccp_show(struct filter *f)
-{
- if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
- return 0;
-
- if (!getenv("PROC_NET_DCCP") && !getenv("PROC_ROOT")
- && inet_show_netlink(f, NULL, IPPROTO_DCCP) == 0)
- return 0;
-
- return 0;
-}
-
static int sctp_show(struct filter *f)
{
if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
@@ -5779,7 +5757,6 @@ static void _usage(FILE *dest)
" -M, --mptcp display only MPTCP sockets\n"
" -S, --sctp display only SCTP sockets\n"
" -u, --udp display only UDP sockets\n"
-" -d, --dccp display only DCCP sockets\n"
" -w, --raw display only RAW sockets\n"
" -x, --unix display only Unix domain sockets\n"
" --tipc display only TIPC sockets\n"
@@ -5795,7 +5772,7 @@ static void _usage(FILE *dest)
" --inet-sockopt show various inet socket options\n"
"\n"
" -A, --query=QUERY, --socket=QUERY\n"
-" QUERY := {all|inet|tcp|mptcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|packet_raw|packet_dgram|netlink|dccp|sctp|vsock_stream|vsock_dgram|tipc|xdp}[,QUERY]\n"
+" QUERY := {all|inet|tcp|mptcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|packet_raw|packet_dgram|netlink|sctp|vsock_stream|vsock_dgram|tipc|xdp}[,QUERY]\n"
"\n"
" -D, --diag=FILE Dump raw information about TCP sockets to FILE\n"
" -F, --filter=FILE read filter information from FILE\n"
@@ -5907,7 +5884,6 @@ static const struct option long_opts[] = {
{ "threads", 0, 0, 'T' },
{ "bpf", 0, 0, 'b' },
{ "events", 0, 0, 'E' },
- { "dccp", 0, 0, 'd' },
{ "tcp", 0, 0, 't' },
{ "sctp", 0, 0, 'S' },
{ "udp", 0, 0, 'u' },
@@ -5961,7 +5937,7 @@ int main(int argc, char *argv[])
int state_filter = 0;
while ((ch = getopt_long(argc, argv,
- "dhalBetuwxnro460spTbEf:mMiA:D:F:vVzZN:KHQSO",
+ "halBetuwxnro460spTbEf:mMiA:D:F:vVzZN:KHQSO",
long_opts, NULL)) != EOF) {
switch (ch) {
case 'n':
@@ -5996,9 +5972,6 @@ int main(int argc, char *argv[])
case 'E':
follow_events = 1;
break;
- case 'd':
- filter_db_set(¤t_filter, DCCP_DB, true);
- break;
case 't':
filter_db_set(¤t_filter, TCP_DB, true);
break;
@@ -6290,8 +6263,6 @@ int main(int argc, char *argv[])
udp_show(¤t_filter);
if (current_filter.dbs & (1<<TCP_DB))
tcp_show(¤t_filter);
- if (current_filter.dbs & (1<<DCCP_DB))
- dccp_show(¤t_filter);
if (current_filter.dbs & (1<<SCTP_DB))
sctp_show(¤t_filter);
if (current_filter.dbs & VSOCK_DBM)
--
2.52.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH iproute2-next] ss: stop displaying dccp sockets
2026-06-30 11:41 [PATCH iproute2-next] ss: stop displaying dccp sockets Yafang Shao
2026-06-30 23:13 ` Kuniyuki Iwashima
@ 2026-07-01 1:55 ` Stephen Hemminger
1 sibling, 0 replies; 5+ messages in thread
From: Stephen Hemminger @ 2026-07-01 1:55 UTC (permalink / raw)
To: Yafang Shao; +Cc: kuniyu, netdev
On Tue, 30 Jun 2026 19:41:21 +0800
Yafang Shao <laoar.shao@gmail.com> wrote:
> DCCP support was retired in kernel commit 2a63dd0edf38 ("net: Retire
> DCCP socket."). However, ss still attempts to query DCCP sockets via
> netlink, which triggers repeated SELinux warnings in dmesg:
>
> SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 \
> sclass=netlink_tcpdiag_socket pid=188945 comm=ss
>
> Stop sending DCCPDIAG_GETSOCK netlink messages to suppress these
> warnings and align ss with the kernel change.
>
> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> Cc: Kuniyuki Iwashima <kuniyu@google.com>
> ---
Please just completely purge dccp. Remove all vestiages from usage and man page.
Leave no ghosts behind. We purged decnet in the past.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-07-01 2:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-30 11:41 [PATCH iproute2-next] ss: stop displaying dccp sockets Yafang Shao
2026-06-30 23:13 ` Kuniyuki Iwashima
2026-07-01 1:56 ` Stephen Hemminger
2026-07-01 2:50 ` [PATCH v2 " Yafang Shao
2026-07-01 1:55 ` [PATCH " Stephen Hemminger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox