Bug 7221 - Ports can't be automatically unbound on systems with new versions of iproute
Summary: Ports can't be automatically unbound on systems with new versions of iproute
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Server OS (show other bugs)
Target Milestone: 4.10.0
Assignee: Samuel Mannehed
Keywords: prosaic, samuel_tester
Depends on:
Reported: 2018-08-13 15:19 CEST by Samuel Mannehed
Modified: 2018-08-28 11:19 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:


Description Samuel Mannehed cendio 2018-08-13 15:19:26 CEST
A bug in version 4.16.0 of iproute causes our code to trigger a syntax error for ss followed by a 'usage'-text to be printed in our logs every time a user creates a new ThinLinc session. Fedora 28 has this version of iproute in it's stable repos.

> $ sudo tail -f vsmagent.log
> 2018-08-13 15:12:43 WARNING vsmagent: ss wrote to stderr: ss: bison
> bellows (while parsing filter): "syntax error!" Sorry. Usage: ss
>    -h, --help          this message
>    -V, --version       output version information
>    -n, --numeric       don't resolve service names
>    -r, --resolve       resolve host names
>    -a, --all           display all sockets
>    -l, --listening     display listening sockets
>    -o, --options       show timer information
>    -e, --extended      show detailed socket information
>    -m, --memory        show socket memory usage
>    -p, --processes     show process using socket
>    -i, --info          show internal TCP information
>    -s, --summary       show socket usage summary
>    -b, --bpf           show bpf filter socket information
>    -E, --events        continually display sockets as they are
> destroyed -Z, --context       display process SELinux security
> contexts -z, --contexts      display process and socket SELinux
> security contexts -N, --net           switch to the specified network
> namespace name
>    -4, --ipv4          display only IP version 4 sockets
>    -6, --ipv6          display only IP version 6 sockets
>    -0, --packet        display PACKET sockets
>    -t, --tcp           display only TCP sockets
>    -S, --sctp          display only SCTP sockets
>    -u, --udp           display only UDP sockets
>    -d, --dccp          display only DCCP sockets
>    -w, --raw           display only RAW sockets
>    -x, --unix          display only Unix domain sockets
>        --vsock         display only vsock sockets
>    -f, --family=FAMILY display sockets of type FAMILY
>        FAMILY := {inet|inet6|link|unix|netlink|vsock|help}
>    -K, --kill          forcibly close sockets, display what was closed
>    -H, --no-header     Suppress header line
>    -A, --query=QUERY, --socket=QUERY
>        QUERY :=
> {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram}[,QUERY]
>    -D, --diag=FILE     Dump raw information about TCP sockets to FILE
>    -F, --filter=FILE   read filter information from FILE
>        FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
>        STATE-FILTER :=
> {all|connected|synchronized|bucket|big|TCP-STATES} TCP-STATES :=
> {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listening|closing}
> connected :=
> {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
> synchronized :=
> {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
> bucket := {syn-recv|time-wait} big :=
> {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listening|closing}

This seems to be the offending commit:


I have reported the bug to the developers of the commit in iproute and to Fedora:

Comment 1 Samuel Mannehed cendio 2018-08-16 16:23:12 CEST
This bug doesn't only cause spam in the vsmagent.log, it also prevents the agent from automatically freeing any ports it needs.
Comment 2 Samuel Mannehed cendio 2018-08-16 16:24:12 CEST
> iproute-4.17.0-2.fc28 has been submitted as an update to Fedora 28.
> https://bodhi.fedoraproject.org/updates/FEDORA-2018-59278734d4

I have tested iproute-4.17.0-2.fc28 and it fixes the problem. This version is not yet available in any fedora repos however.
Comment 3 Samuel Mannehed cendio 2018-08-17 08:55:18 CEST
> iproute-4.17.0-2.fc28 has been pushed to the Fedora 28 testing repository.
Comment 4 Samuel Mannehed cendio 2018-08-28 11:19:07 CEST
> iproute-4.17.0-2.fc28 has been pushed to the Fedora 28 stable repository.

Since that fixes the problem I'll close this bug.

Note You need to log in before you can comment on or make changes to this bug.