Hi Phil, On Tue, Mar 29, 2016 at 09:32:42PM +0200, Phil Sutter wrote: > Hi, > > I am trying to fix a bug in ss filter code, but feel quite lost right > now. The issue is this: > > | ss -nl -f inet '( sport = :22 )' > > prints not only listening sockets (as requested by -l flag), but > established ones as well (reproduce by opening ssh connection to > 127.0.0.1 before calling above). > > In contrast, the following both don't show the established sockets: > > | ss -nl '( sport = :22 )' > | ss -nl -f inet > > My investigation led me to see that current_filter.states is altered > after ssfilter_parse() returns, and using gdb with a watchpoint I was > able to identify parse_hostcond() to be the bad guy: In line 1560, it > calls filter_af_set() after checking for fam != AF_UNSPEC (which is the > case, since fam = preferred_family and the latter is changed to AF_INET > when parsing '-f inet' parameter).
Yes, after removing of fam != AF_UNSPEC body - it works, because it does not overwrite specified states (-l) from command line, but I can't say what it may affect else, I will try to investigate it better. > > This whole jumping back and forth confuses me quite effectively. Since > you did some fixes in the past already, are you possibly able to point > out where/how this tiny mess has to be fixed? > > I guess in an ideal world we would translate '-l' to 'state listen', '-f > inet' to 'src inet:*' and pass everything ANDed together to > ssfilter_parse(). Or maybe that would make things even worse. ;) > > Cheers, Phil I thought I fixed & tested well ss filter, but seems it would be good to have good automation testing. Regards, Vadim Kochan
