The problematic bit was the 'expr: expr expr' rule. Fix this by making
'expr' token represent a single filter only and introduce a new token
'exprlist' to represent a combination of filters.
Signed-off-by: Phil Sutter <phil@nwl.cc>
If given an invalid input file with -F flag, ss would crash.
Examples of invalid input are line to long, or null file.
Found by fuzzing with ASAN.
Reported-by:Bug Basher <iamliketohack@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This allows the user to dump sockets with a given mark (via
"fwmark = 0x1234/0x1234" or "fwmark = 12345", etc.) , and to
display the socket marks of dumped sockets.
The relevant kernel commits are: d545caca827b ("net: inet: diag:
expose the socket mark to privileged processes.") and
- a52e95abf772 ("net: diag: allow socket bytecode filters to
match socket marks")
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Add support for device names in the filter. Example:
root@kenny:~# ss -t 'sport == :22 && dev == red'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.100.1.2%red:ssh 10.100.1.254:47814
ESTAB 0 0 2100:1::2%red:ssh 2100:1::64:49406
Since kernel does not support iface in the filter specifying a
device name means all filtering is done in userspace.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Phil Sutter
Stephen Hemminger
Lorenzo Colitti
David Ahern
Vadim Kochan
Stephen Hemminger
osdl.org!shemminger