lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180226134613.04edcc98@xeon-e3>
Date:   Mon, 26 Feb 2018 13:46:13 -0800
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     David Miller <davem@...hat.com>
Cc:     willy@...radead.org, netdev@...r.kernel.org, linux-mm@...ck.org,
        ikomyagin@...il.com, sthemmin@...rosoft.com
Subject: Re: [PATCH 0/2] mark some slabs as visible not mergeable

On Mon, 26 Feb 2018 15:15:02 -0500 (EST)
David Miller <davem@...hat.com> wrote:

> From: Stephen Hemminger <stephen@...workplumber.org>
> Date: Sat, 24 Feb 2018 11:04:52 -0800
> 
> > This fixes an old bug in iproute2's ss command because it was
> > reading slabinfo to get statistics. There isn't a better API
> > to do this, and one can argue that /proc is a UAPI that must
> > not change.  
> 
> Please elaborate what kind of statistics are needed.

This is ancient original iproute2 code that dumpster dives into
slabinfo to get summary statistics on active objects.

	1) open sockets (sock_inode_cache)
	2) TCP ports bound (tcp_bind_buckets) [*]
	3) TCP time wait sockets (tw_sock_TCP) [*]
	4) TCP syn sockets (request_sock_TCP) [*]

From man page:

       -s, --summary
              Print summary statistics. This option does not parse socket lists  obtaining  summary  from
              various  sources. It is useful when amount of sockets is so huge that parsing /proc/net/tcp
              is painful.


The items with * are currently broken. See 0 for timewait, synrecv, and ports.

$ sudo ss -s

Total: 1089 (kernel 1093)
TCP:   33 (estab 4, closed 1, orphaned 0, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*	  1093      -         -        
RAW	  0         0         0        
UDP	  21        13        8        
TCP	  32        24        8        
INET	  53        37        16       
FRAG	  0         0         0        

> 
> > Therefore this patch set adds a flag to slab to give another
> > reason to prevent merging, and then uses it in network code.
> > 
> > The patches are against davem's linux-net tree and should also
> > goto stable as well.  
> 
> Well, as has been pointed out this never worked with SLUB so
> in some sense this was always broken.
> 
> And the "UAPI" of slabinfo is to show the state of the various
> slab caches.  And that's it.
> 
> If the implementation does merging or whatever, the UAPI is expressing
> that and it's perfectly legitimate and not breaking UAPI in my
> opinion.
> 
> I think the better solution is to grab the information from somewhere
> else, so let's move this conversation along with the answer to my
> question about asking for more details about what is needed by
> iproute2.
> 
> Thank you.

There is no where else that gives summary information.

Both /proc/net/tcp and sock diag info require user space to
read all the data, which is what I think Alexey was trying to avoid.
Ideally there would be network namespace aware API to do this, but
the code (iproute2 and kernel) are currently broken. Some values
are missing (because they are merged) and some values have wrong
cache name (because of acme's changes to make this generic).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ