For this last "ss" syntax issue, I have opened a bug in samba upstream project and the most important comment, that explains what is happening, is this one:
Errrr, that puzzled me now, my workstation is a debian sid and, for obvious reasons, all my development environment is Ubuntu... I re-checked "ss" execution in Debian and it worked :\, went back to Ubuntu Eoan and it didn't.
inaddy@workstation:~$ ss -tn state established '( src [172.16.0.3] || src [172.16.0.3] ) ( sport == :22 )' | small
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 172.16.0.3:22 172.16.0.6:53580
0 0 172.16.0.3:22 172.16.0.6:62337
0 0 172.16.0.3:22 172.16.0.6:53587
...
(k)inaddy@ctdbserver01:~$ ss -tn state established '( src [172.16.0.3] || src [172.16.0.3] ) ( sport == :22 )' | small
ss: bison bellows (while parsing filter): "syntax error!" Sorry.
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help this message
-V, --version output version information
-n, --numeric don't resolve service names
-r, --resolve resolve host names
-a, --all display all sockets
...
Since Ubuntu is using an older version for quite awhile, I think latest change to this line broke compatibility with older versions. That, per se, could justify this patch.
commit 04fe9e20749985c71fef1bce7f6e4c439fe11c81
Author: Martin Schwenke <email address hidden>
Date: Thu Aug 27 00:22:49 2015
ctdb-scripts: Use ss instead of netstat for finding TCP connections
ss with a filter is much faster than post-processing output from
netstat. CTDB already has a hard dependency on iproute2 for IP
address handling, so depending on ss is no big deal.
This is the change that introduced this "ss" code, and, I believe that this has been broken in Ubuntu since then. Actually I'm not aware that CTDB ever worked in Ubuntu the way it should, that's why I'm working in the following Bugs:
To make it fully function for Eoan, and backport fixes up to Bionic, *at least*. Would you mind including this patch so we can have iproute2 backwards compatibility ? (Upgrading iproute2 in Ubuntu would mean re-certificating a bunch of stuff depending on it, including all openstack products, etc).
For this last "ss" syntax issue, I have opened a bug in samba upstream project and the most important comment, that explains what is happening, is this one:
BUG: https:/ /bugzilla. samba.org/ show_bug. cgi?id= 13985
COMMENT: https:/ /bugzilla. samba.org/ show_bug. cgi?id= 13985#c4
"""
Hello Martin,
Errrr, that puzzled me now, my workstation is a debian sid and, for obvious reasons, all my development environment is Ubuntu... I re-checked "ss" execution in Debian and it worked :\, went back to Ubuntu Eoan and it didn't.
inaddy@ workstation: ~$ ss -tn state established '( src [172.16.0.3] || src [172.16.0.3] ) ( sport == :22 )' | small
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 172.16.0.3:22 172.16.0.6:53580
0 0 172.16.0.3:22 172.16.0.6:62337
0 0 172.16.0.3:22 172.16.0.6:53587
...
(k)inaddy@ ctdbserver01: ~$ ss -tn state established '( src [172.16.0.3] || src [172.16.0.3] ) ( sport == :22 )' | small
ss: bison bellows (while parsing filter): "syntax error!" Sorry.
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help this message
-V, --version output version information
-n, --numeric don't resolve service names
-r, --resolve resolve host names
-a, --all display all sockets
...
Checking different versions:
inaddy@ workstation: ~$ rmadison iproute2 | awk '{print $1 $2 $3 $4 $5}' 3.16.0- 2|oldstable 4.9.0-1+ deb9u1| stable 4.9.0-1+ deb9u1| stable- debug 4.14.1- 1~bpo9+ 1|stretch- backports 4.20.0- 2~bpo9+ 1|stretch- backports 4.20.0- 2~bpo9+ 1|stretch- backports- debug 4.20.0- 2|testing 4.20.0- 2|unstable 4.20.0- 2|unstable- debug 5.1.0-1| experimental 5.1.0-1| experimental- debug
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
inaddy@ workstation: ~$ rmad iproute2 | awk '{print $1 $2 $3 $4 $5}' 3.12.0- 2|trusty 3.12.0- 2ubuntu1. 2|trusty- updates 4.3.0-1ubuntu3| xenial 4.3.0-1ubuntu3. 16.04.5| xenial- updates 4.15.0- 2ubuntu1| bionic 4.18.0- 1ubuntu2~ ubuntu18. 04.1|bionic- backports 4.18.0- 1ubuntu2| cosmic 4.18.0- 1ubuntu2| disco 4.18.0- 1ubuntu2| eoan
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
iproute2|
Since Ubuntu is using an older version for quite awhile, I think latest change to this line broke compatibility with older versions. That, per se, could justify this patch.
commit 04fe9e20749985c 71fef1bce7f6e4c 439fe11c81
Author: Martin Schwenke <email address hidden>
Date: Thu Aug 27 00:22:49 2015
ctdb-scripts: Use ss instead of netstat for finding TCP connections
ss with a filter is much faster than post-processing output from
netstat. CTDB already has a hard dependency on iproute2 for IP
address handling, so depending on ss is no big deal.
Signed-off-by: Martin Schwenke <email address hidden>
Reviewed-by: Amitay Isaacs <email address hidden>
This is the change that introduced this "ss" code, and, I believe that this has been broken in Ubuntu since then. Actually I'm not aware that CTDB ever worked in Ubuntu the way it should, that's why I'm working in the following Bugs:
https:/ /bugs.launchpad .net/ubuntu/ +source/ samba/+ bug/722201 /bugs.launchpad .net/ubuntu/ +source/ samba/+ bug/1821775 /bugs.launchpad .net/ubuntu/ +source/ samba/+ bug/1828799 /bugs.launchpad .net/ubuntu- server- ha/+bug/ 1831381 /bugzilla. samba.org/ show_bug. cgi?id= 13984 /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 929931
https:/
https:/
https:/
https:/
https:/
To make it fully function for Eoan, and backport fixes up to Bionic, *at least*. Would you mind including this patch so we can have iproute2 backwards compatibility ? (Upgrading iproute2 in Ubuntu would mean re-certificating a bunch of stuff depending on it, including all openstack products, etc).
Thanks a lot!
Best Regards,
Rafael
"""