| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160329193242.GA28502@orbyte.nwl.cc> Date: Tue, 29 Mar 2016 21:32:42 +0200 From: Phil Sutter <phil@....cc> To: Vadim Kochan <vadim4j@...il.com> Cc: Stephen Hemminger <stephen@...workplumber.org>, netdev@...r.kernel.org Subject: ss filter problem Hi, I am trying to fix a bug in ss filter code, but feel quite lost right now. The issue is this: | ss -nl -f inet '( sport = :22 )' prints not only listening sockets (as requested by -l flag), but established ones as well (reproduce by opening ssh connection to 127.0.0.1 before calling above). In contrast, the following both don't show the established sockets: | ss -nl '( sport = :22 )' | ss -nl -f inet My investigation led me to see that current_filter.states is altered after ssfilter_parse() returns, and using gdb with a watchpoint I was able to identify parse_hostcond() to be the bad guy: In line 1560, it calls filter_af_set() after checking for fam != AF_UNSPEC (which is the case, since fam = preferred_family and the latter is changed to AF_INET when parsing '-f inet' parameter). This whole jumping back and forth confuses me quite effectively. Since you did some fixes in the past already, are you possibly able to point out where/how this tiny mess has to be fixed? I guess in an ideal world we would translate '-l' to 'state listen', '-f inet' to 'src inet:*' and pass everything ANDed together to ssfilter_parse(). Or maybe that would make things even worse. ;) Cheers, Phil
Powered by blists - more mailing lists