Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1063913 - netstat doesn't list sctp servers in -A mode
Summary: netstat doesn't list sctp servers in -A mode
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: net-tools
Version: 7.0
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Michal Ruprich
QA Contact: Petr Sklenar
URL:
Whiteboard:
Depends On:
Blocks: 1039625 1136915 1279974 1380362 1393869
TreeView+ depends on / blocked
 
Reported: 2014-02-11 15:58 UTC by Hubert Kario
Modified: 2017-08-01 16:09 UTC (History)
7 users (show)

Fixed In Version: net-tools-2.0-0.18.20131004git.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 16:09:52 UTC


Attachments (Terms of Use)
Patch - Do not abort and print 'no support for protocol...' if user does not explicitly specifies it (deleted)
2014-02-14 09:45 UTC, Jaromír Končický
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1873 normal SHIPPED_LIVE net-tools bug fix update 2017-08-01 17:52:58 UTC

Description Hubert Kario 2014-02-11 15:58:31 UTC
Description of problem:
When there's a sctp server listening on system, running netstat with either `-A` switch or `-l` switch doesn't list sctp servers.

Version-Release number of selected component (if applicable):
net-tools-2.0-0.15.20131004git.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. yum install -y lksctp-tools
2. modprobe sctp
3. sctp_darn -H 0 -P 2500 -l
4. netstat -nl | grep 2500
5. netstat -nl -A inet,inet6 | grep 2500

Actual results:
*No output*

Expected results:
sctp                0.0.0.0:2500                                    LISTEN

Additional info:
`netstat -na | grep 2500` does list the server as listening on the port

Comment 1 Jiri Popelka 2014-02-11 17:06:50 UTC
If I send some data to the server with
# sctp_darn -H localhost -P 2600 -h localhost -p 2500 -s
sctp_darn ready to send...
localhost:2600-localhost:2500> text

and now try to show listening sctp sockets with 'netstat -lS' I can see it there:
Proto Recv-Q Send-Q Local Address              Foreign Address            State
sctp       0      0 localhost.localdomain:2500 localhost.localdomain:2600 LISTEN

Only the sockets with no 'Foreign Address' are not shown with '-l'.
Not sure how to explain it, maybe sctp has more LISTEN "states" ?

Comment 2 Hubert Kario 2014-02-11 17:20:46 UTC
yes, I noticed that established connections are listed in more places, I have no idea why.

but then `-a` is able to list them, so it doesn't look like they are completely hidden, maybe some kernel people could explain that

Comment 3 Jaromír Končický 2014-02-12 15:46:34 UTC
Well, the expected result
sctp                0.0.0.0:2500                                    LISTEN
is displayed when netstat is run with -a.
In the code, it is managed this way:

static int sctp_info(void)
{
    if(flag_all)
	sctp_info_eps();
    return sctp_info_assocs();
}

So if you don't provide -a, only associations are listed (they come from /proc/net/sctp/assocs file), but when you provide it, also endpoints are listed (coming from /proc/net/sctp/eps file).
It seems rather like intended behavior for me so I'd consider it NOTABUG.

But please note, due to fixing https://bugzilla.redhat.com/show_bug.cgi?id=1063906 sctp will NOT be listed when running 'netstat -nl -A inet,inet6', so you must specify -S to list them. With 'netstat -nl' they should be still listed.

Comment 4 Hubert Kario 2014-02-12 19:16:07 UTC
(In reply to jkoncick from comment #3)
> Well, the expected result
> sctp                0.0.0.0:2500                                    LISTEN
> is displayed when netstat is run with -a.
> In the code, it is managed this way:
> 
> static int sctp_info(void)
> {
>     if(flag_all)
> 	sctp_info_eps();
>     return sctp_info_assocs();
> }
> 
> So if you don't provide -a, only associations are listed (they come from
> /proc/net/sctp/assocs file), but when you provide it, also endpoints are
> listed (coming from /proc/net/sctp/eps file).
> It seems rather like intended behavior for me so I'd consider it NOTABUG.

That's rather counter intuitive. I'd assume that any socket that is able to serve connections from the net is "open" or LISTENING. /proc/net/sctp/* looks more like an implementation detail.
 
> But please note, due to fixing
> https://bugzilla.redhat.com/show_bug.cgi?id=1063906 sctp will NOT be listed
> when running 'netstat -nl -A inet,inet6', so you must specify -S to list
> them. With 'netstat -nl' they should be still listed.

I don't see -S documented anywhere, not in --help or in man page.

Also, since sctp uses ipv4 or ipv6 as the transport, it is reasonable to expect that its sockets will be printed when using -A inet,inet6.

The point is, I want to be able to print all listening network sockets without grepping netstat output. If there is another way to exclude UNIX sockets using netstat options I'm all open for suggestions.

Comment 5 Jiri Popelka 2014-02-13 09:17:04 UTC
(In reply to Hubert Kario from comment #4)
> I don't see -S documented anywhere, not in --help or in man page.

bug #1064756

Comment 6 Jiri Popelka 2014-02-13 10:05:22 UTC
(In reply to Hubert Kario from comment #4)
> (In reply to jkoncick from comment #3)
> > But please note, due to fixing
> > bug #1063906 sctp will NOT be listed
> > when running 'netstat -nl -A inet,inet6', so you must specify -S to list
> > them. With 'netstat -nl' they should be still listed.
> 
> Also, since sctp uses ipv4 or ipv6 as the transport, it is reasonable to
> expect that its sockets will be printed when using -A inet,inet6.

Jaromir, do you think it'd be possible to fix bug #1063906 in a way that
'netstat -n -A inet' would still try to list sctp sockets and wouldn't fail if there's no sctp module loaded ?
It should however still fail when user explicitly requests -S/--sctp.

Comment 7 Jaromír Končický 2014-02-14 09:45:01 UTC
Created attachment 863188 [details]
Patch - Do not abort and print 'no support for protocol...' if user does not explicitly specifies it

> Jaromir, do you think it'd be possible to fix bug #1063906 in a way that
> 'netstat -n -A inet' would still try to list sctp sockets and wouldn't fail if > there's no sctp module loaded ?
> It should however still fail when user explicitly requests -S/--sctp.
Here I made a patch to fix this. Now, when user does not specify any protocol (tcp, udp, sctp...) and netstat uses default set of them, it does not abort and print error message when some of the default protocols is not supported.

Comment 8 Jaromír Končický 2014-02-17 09:13:50 UTC
Hubert, if you have no more notes, I'm closing this as NOTABUG. The use of -a parameter seems rather intentional and better not to change it. On the other hand, you're right with "any socket that is able to serve connections from the net is "open" or LISTENING". You might ask upstream about this.

Comment 9 Hubert Kario 2014-02-17 12:03:50 UTC
To me it looks more like an oversight, both -a and -l are special cases.
Anyway, shouldn't it be rather cond nak: upstream than NOTABUG?

Comment 10 Ondrej Vasik 2014-02-17 12:13:36 UTC
Ok, let's keep it condnack and opened. Moving to 7.1, as it is too late for 7.0.

Comment 11 Bernd Eckenfels 2014-02-20 22:07:42 UTC
Hmmm... -l should list listening sockets. Not familiar mit SCTP, can you consider an "endpoint" a listening socket?

Comment 12 Hubert Kario 2014-03-27 13:26:18 UTC
Yes, I would.

If an endpoint exists and the firewall accepts packets you can make a connection and exchange data with the server. That to me is a definition of a "listening" socket.

Comment 13 Jaromír Končický 2014-03-27 14:18:17 UTC
Ok, then this can be solved by simply printing endpoints without need of -a parameter.
In net-tools-sctp-statistics.patch I found this change:

From:

static int sctp_info(void) {
  int  res;
  res = sctp_info_epts();
  if(res)  return  res;
  return  sctp_info_assocs();
}

To:

static int sctp_info(void)
{
    if(flag_all)
	sctp_info_eps();
    return sctp_info_assocs();
}

This change was introduced with bug 826676 fix.
In upstream version it actually prints the endpoints even without -a option.
So I suggest reverting the sctp_info function to be upstream-like.

Comment 14 Jaromír Končický 2014-03-31 09:05:46 UTC
Fixed it in Fedora rawhide: net-tools-2.0-0.22.20131119git.fc21
The change can be pushed into rhel-7 too.

Comment 18 Jiri Popelka 2015-11-11 12:44:53 UTC
The fix mentioned in comment #14:
http://pkgs.fedoraproject.org/cgit/net-tools.git/commit/?h=f21&id=0ccb3b8f4e8bdc13f5b21fa4465a7dfe335e255a

current upstream version of the function:
static int sctp_info(void)
{
  int res = sctp_info_eps();
  return res ? res : sctp_info_assocs();
}

Comment 25 errata-xmlrpc 2017-08-01 16:09:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1873


Note You need to log in before you can comment on or make changes to this bug.