Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"ss" Parser not working correctly: Entries Missing #561

Closed
megabert opened this issue Apr 17, 2024 · 5 comments
Closed

"ss" Parser not working correctly: Entries Missing #561

megabert opened this issue Apr 17, 2024 · 5 comments
Labels
bug Something isn't working ready-to-ship

Comments

@megabert
Copy link

megabert commented Apr 17, 2024
edited

jc version: 1.25.2
python interpreter version: 3.10.9
ss utility, iproute2-5.9.0

ss-Parser seems not to be working correctly:

a) raw ss output

export LC_ALL=C;ss -tulpen | grep :443 | cut -c1-100
tcp   LISTEN 0      511                       1.2.3.43:443        0.0.0.0:*    users:(("apache2",pid...
tcp   LISTEN 0      511                       1.2.3.32:443        0.0.0.0:*    users:(("apache2",pid...
tcp   LISTEN 0      511                       1.2.3.31:443        0.0.0.0:*    users:(("apache2",pid...
...

b) resulting jc output

export LC_ALL=C;ss -tulpen | jc --ss | jq .|grep "[^0-9]443"

# no output at all

There should be three blocks like this one for port 443:

# export LC_ALL=C;ss -tulpen| jc --ss | jq '.[] | select (.send_q==8443)'

{
  "netid": "tcp",
  "state": "LISTEN 0",
  "recv_q": 16,
  "send_q": 8443,
  "local_address": "[::]",
  "local_port": "*",
  "peer_address": "users:((\"liveconfig/SRVR\",pid=3279783,fd=11),(\"liveconfig\",pid=3279782,fd=11)) ino:788096034 sk:2016 cgroup:/system.slice/liveconfig.service v6only",
  "peer_portprocess": "1 <->"
}

See raw-output-ss.txt for full ss output
raw-output-ss.txt
@kellyjonbrazil
Copy link
Owner

Hi there - thanks for reporting this. I'll have to see why the ss parser is skipping those lines.

@kellyjonbrazil kellyjonbrazil added the bug Something isn't working label Apr 18, 2024
@kellyjonbrazil
Copy link
Owner

This output seems a bit strange. For example, there is no space between Port and Process in the header. Even with a space added I still see parsing issues, so I'll need to take a closer look at what's going on here.

Netid State  Recv-Q Send-Q                    Local Address:Port  Peer Address:PortProcess                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
udp   UNCONN 0      0                               0.0.0.0:50305      0.0.0.0:*    users:(("host",pid=118409,fd=20)) ino:64236321 sk:1 cgroup:/system.slice/xinetd.service <->                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
udp   UNCONN 0      0                               0.0.0.0:33986      0.0.0.0:*    users:(("host",pid=2494612,fd=20)) ino:530312145 sk:2 cgroup:/system.slice/xinetd.service <->                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           
udp   UNCONN 0      0                               0.0.0.0:42285      0.0.0.0:*    users:(("host",pid=605248,fd=20)) ino:3006390304 sk:3 cgroup:/system.slice/xinetd.service <->

@kellyjonbrazil
Copy link
Owner

I have a fix in the dev branch that is ready to test.

$ cat raw-output-ss.txt | jc --ss  |  jq -c '.[] | select (.local_port=="443")'
{"netid":"tcp","state":"LISTEN","recv_q":0,"send_q":511,"local_address":"1.2.1.43","local_port":"443","peer_address":"0.0.0.0","peer_port":"*","opts":{"process_id":{"4144914":{"user":"apache2","file_descriptor":"5"},"4144905":{"user":"apache2","file_descriptor":"5"},"323307":{"user":"apache2","file_descriptor":"5"},"323306":{"user":"apache2","file_descriptor":"5"},"323298":{"user":"apache2","file_descriptor":"5"},"323191":{"user":"apache2","file_descriptor":"5"},"323190":{"user":"apache2","file_descriptor":"5"},"323188":{"user":"apache2","file_descriptor":"5"},"323187":{"user":"apache2","file_descriptor":"5"},"323186":{"user":"apache2","file_descriptor":"5"},"323185":{"user":"apache2","file_descriptor":"5"},"323184":{"user":"apache2","file_descriptor":"5"},"323176":{"user":"apache2","file_descriptor":"5"},"323175":{"user":"apache2","file_descriptor":"5"},"323174":{"user":"apache2","file_descriptor":"5"},"323172":{"user":"apache2","file_descriptor":"5"},"323171":{"user":"apache2","file_descriptor":"5"},"323019":{"user":"apache2","file_descriptor":"5"},"322663":{"user":"apache2","file_descriptor":"5"},"322641":{"user":"apache2","file_descriptor":"5"},"322586":{"user":"apache2","file_descriptor":"5"},"322520":{"user":"apache2","file_descriptor":"5"},"322405":{"user":"apache2","file_descriptor":"5"},"319633":{"user":"apache2","file_descriptor":"5"}},"inode_number":"843780883","cookie":"200d","cgroup":"/system.slice/apache2.service"},"local_port_num":443}
{"netid":"tcp","state":"LISTEN","recv_q":0,"send_q":511,"local_address":"1.2.1.32","local_port":"443","peer_address":"0.0.0.0","peer_port":"*","opts":{"process_id":{"4144914":{"user":"apache2","file_descriptor":"4"},"4144905":{"user":"apache2","file_descriptor":"4"},"323307":{"user":"apache2","file_descriptor":"4"},"323306":{"user":"apache2","file_descriptor":"4"},"323298":{"user":"apache2","file_descriptor":"4"},"323191":{"user":"apache2","file_descriptor":"4"},"323190":{"user":"apache2","file_descriptor":"4"},"323188":{"user":"apache2","file_descriptor":"4"},"323187":{"user":"apache2","file_descriptor":"4"},"323186":{"user":"apache2","file_descriptor":"4"},"323185":{"user":"apache2","file_descriptor":"4"},"323184":{"user":"apache2","file_descriptor":"4"},"323176":{"user":"apache2","file_descriptor":"4"},"323175":{"user":"apache2","file_descriptor":"4"},"323174":{"user":"apache2","file_descriptor":"4"},"323172":{"user":"apache2","file_descriptor":"4"},"323171":{"user":"apache2","file_descriptor":"4"},"323019":{"user":"apache2","file_descriptor":"4"},"322663":{"user":"apache2","file_descriptor":"4"},"322641":{"user":"apache2","file_descriptor":"4"},"322586":{"user":"apache2","file_descriptor":"4"},"322520":{"user":"apache2","file_descriptor":"4"},"322405":{"user":"apache2","file_descriptor":"4"},"319633":{"user":"apache2","file_descriptor":"4"}},"inode_number":"843780881","cookie":"200e","cgroup":"/system.slice/apache2.service"},"local_port_num":443}
{"netid":"tcp","state":"LISTEN","recv_q":0,"send_q":511,"local_address":"1.2.1.31","local_port":"443","peer_address":"0.0.0.0","peer_port":"*","opts":{"process_id":{"4144914":{"user":"apache2","file_descriptor":"3"},"4144905":{"user":"apache2","file_descriptor":"3"},"323307":{"user":"apache2","file_descriptor":"3"},"323306":{"user":"apache2","file_descriptor":"3"},"323298":{"user":"apache2","file_descriptor":"3"},"323191":{"user":"apache2","file_descriptor":"3"},"323190":{"user":"apache2","file_descriptor":"3"},"323188":{"user":"apache2","file_descriptor":"3"},"323187":{"user":"apache2","file_descriptor":"3"},"323186":{"user":"apache2","file_descriptor":"3"},"323185":{"user":"apache2","file_descriptor":"3"},"323184":{"user":"apache2","file_descriptor":"3"},"323176":{"user":"apache2","file_descriptor":"3"},"323175":{"user":"apache2","file_descriptor":"3"},"323174":{"user":"apache2","file_descriptor":"3"},"323172":{"user":"apache2","file_descriptor":"3"},"323171":{"user":"apache2","file_descriptor":"3"},"323019":{"user":"apache2","file_descriptor":"3"},"322663":{"user":"apache2","file_descriptor":"3"},"322641":{"user":"apache2","file_descriptor":"3"},"322586":{"user":"apache2","file_descriptor":"3"},"322520":{"user":"apache2","file_descriptor":"3"},"322405":{"user":"apache2","file_descriptor":"3"},"319633":{"user":"apache2","file_descriptor":"3"}},"inode_number":"843780879","cookie":"200f","cgroup":"/system.slice/apache2.service"},"local_port_num":443}

There were a couple issues, but basically the Recv-Q field was too close to the State field, so I had to account for that.

Could you copy the file below to your parser plugin directory and see if it works for you?

https://github.com/kellyjonbrazil/jc/blob/dev/jc/parsers/ss.py

  • Linux/unix: $HOME/.local/share/jc/jcparsers
  • macOS: $HOME/Library/Application Support/jc/jcparsers
  • Windows: $LOCALAPPDATA\jc\jc\jcparsers

Let me know if that works for you!

@megabert
Copy link
Author

megabert commented Jun 9, 2024
edited

Hi,

the fix works fine:

# export LC_ALL=C;ss -tulpen| jc --ss \
        | jq -r '.[] | select (.local_port_num==443) | "Port: " + .local_port + " CGroup: " + .opts.cgroup'

Port: 443 CGroup: /system.slice/apache2.service
Port: 443 CGroup: /system.slice/apache2.service
Port: 443 CGroup: /system.slice/apache2.service

Thanks a lot!

@kellyjonbrazil
Copy link
Owner

Fixed in v1.25.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working ready-to-ship
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@megabert @kellyjonbrazil