lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 5 May 2020 09:50:04 -0600
From:   David Ahern <dsahern@...il.com>
To:     Dmitry Yakunin <zeil@...dex-team.ru>, netdev@...r.kernel.org
Cc:     khlebnikov@...dex-team.ru, cgroups@...r.kernel.org,
        bpf@...r.kernel.org
Subject: Re: [PATCH iproute2-next 2/2] ss: add support for cgroup v2
 information and filtering

On 4/30/20 9:52 AM, Dmitry Yakunin wrote:
> This patch introduces two new features: obtaining cgroup information and
> filtering sockets by cgroups. These features work based on cgroup v2 ID
> field in the socket (kernel should be compiled with CONFIG_SOCK_CGROUP_DATA).
> 
> Cgroup information can be obtained by specifying --cgroup flag and now contains
> only pathname. For faster pathname lookups cgroup cache is implemented. This
> cache is filled on ss startup and missed entries are resolved and saved
> on the fly.
> 
> Cgroup filter extends EXPRESSION and allows to specify cgroup pathname
> (relative or absolute) to obtain sockets attached only to this cgroup.
> Filter syntax: ss [ cgroup PATHNAME ]
> Examples:
>     ss -a cgroup /sys/fs/cgroup/unified (or ss -a cgroup .)
>     ss -a cgroup /sys/fs/cgroup/unified/cgroup1 (or ss -a cgroup cgroup1)
> 

on a kernel without support for this feature:

$ misc/ss -a cgroup /sys/fs/cgroup/unified
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
Netid    State    Recv-Q    Send-Q       Local Address:Port         Peer
Address:Port    Process

New iproute2 can be run on older kernels, so errors should be cleanly
handled.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ