| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 May 2016 10:20:58 +0900 From: Lorenzo Colitti <lorenzo@...gle.com> To: David Ahern <dsa@...ulusnetworks.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: [PATCH iproute2] ss: Tell user about -EOPNOTSUPP for SOCK_DESTROY On Tue, May 17, 2016 at 10:14 AM, David Ahern <dsa@...ulusnetworks.com> wrote: >> >> For example, EOPNOTSUPP can just mean "this socket can't be closed >> because it's a timewait or NEW_SYN_RECV socket". In hindsight it might >> have been better to return EBADFD in those cases, but that still >> doesn't solve the UI problem. If the user does something like "ss -K >> dport = :443", the user would expect the command to kill all TCP >> sockets and not just abort if there happens to be a UDP socket to port >> 443 (which can't be closed because UDP doesn't currently implement >> SOCK_DESTROY). > > > Silently doing nothing is just as bad - or worse. I was running in circles trying to figure out why nothing was happening and ss was exiting 0. At least that's documented to be the case in the man page. On the other hand, if your patch is applied, there will be no way to close more than one socket if one of them returns EOPNOTSUPP. On a busy server where things go into TIME_WAIT all the time, you might never be able to close all sockets. If you want to inform the user, then you could do so via the return value of ss - e.g., return 0 if at least one socket was printed and closed, or 1 otherwise.
Powered by blists - more mailing lists