lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 17 May 2016 10:20:58 +0900
From:	Lorenzo Colitti <lorenzo@...gle.com>
To:	David Ahern <dsa@...ulusnetworks.com>
Cc:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH iproute2] ss: Tell user about -EOPNOTSUPP for SOCK_DESTROY

On Tue, May 17, 2016 at 10:14 AM, David Ahern <dsa@...ulusnetworks.com> wrote:
>>
>> For example, EOPNOTSUPP can just mean "this socket can't be closed
>> because it's a timewait or NEW_SYN_RECV socket". In hindsight it might
>> have been better to return EBADFD in those cases, but that still
>> doesn't solve the UI problem. If the user does something like "ss -K
>> dport = :443", the user would expect the command to kill all TCP
>> sockets and not just abort if there happens to be a UDP socket to port
>> 443 (which can't be closed because UDP doesn't currently implement
>> SOCK_DESTROY).
>
>
> Silently doing nothing is just as bad - or worse. I was running in circles trying to figure out why nothing was happening and ss was exiting 0.


At least that's documented to be the case in the man page.

On the other hand, if your patch is applied, there will be no way to
close more than one socket if one of them returns EOPNOTSUPP. On a
busy server where things go into TIME_WAIT all the time, you might
never be able to close all sockets.

If you want to inform the user, then you could do so via the return
value of ss - e.g., return 0 if at least one socket was printed and
closed, or 1 otherwise.

Powered by blists - more mailing lists