]>
Commit | Line | Data |
---|---|---|
aba5acdf SH |
1 | <!doctype linuxdoc system> |
2 | ||
3 | <article> | |
4 | ||
5 | <title>SS Utility: Quick Intro | |
dd8fac8c | 6 | <author>Alexey Kuznetsov, <tt/kuznet@ms2.inr.ac.ru/ |
aba5acdf SH |
7 | <date>some_negative_number, 20 Sep 2001 |
8 | <abstract> | |
9 | <tt/ss/ is one another utility to investigate sockets. | |
10 | Functionally it is NOT better than <tt/netstat/ combined | |
11 | with some perl/awk scripts and though it is surely faster | |
12 | it is not enough to make it much better. :-) | |
13 | So, stop reading this now and do not waste your time. | |
14 | Well, certainly, it proposes some functionality, which current | |
15 | netstat is still not able to do, but surely will soon. | |
16 | </abstract> | |
17 | ||
18 | <sect>Why? | |
19 | ||
20 | <p> <tt>/proc</tt> interface is inadequate, unfortunately. | |
21 | When amount of sockets is enough large, <tt/netstat/ or even | |
22 | plain <tt>cat /proc/net/tcp/</tt> cause nothing but pains and curses. | |
23 | In linux-2.4 the desease became worse: even if amount | |
24 | of sockets is small reading <tt>/proc/net/tcp/</tt> is slow enough. | |
25 | ||
26 | This utility presents a new approach, which is supposed to scale | |
27 | well. I am not going to describe technical details here and | |
28 | will concentrate on description of the command. | |
29 | The only important thing to say is that it is not so bad idea | |
30 | to load module <tt/tcp_diag/, which can be found in directory | |
31 | <tt/Modules/ of <tt/iproute2/. If you do not make this <tt/ss/ | |
32 | will work, but it falls back to <tt>/proc</tt> and becomes slow | |
33 | like <tt/netstat/, well, a bit faster yet (see section "Some numbers"). | |
34 | ||
35 | <sect>Old news | |
36 | ||
37 | <p> | |
38 | In the simplest form <tt/ss/ is equivalent to netstat | |
39 | with some small deviations. | |
40 | ||
41 | <itemize> | |
42 | <item><tt/ss -t -a/ dumps all TCP sockets | |
43 | <item><tt/ss -u -a/ dumps all UDP sockets | |
44 | <item><tt/ss -w -a/ dumps all RAW sockets | |
45 | <item><tt/ss -x -a/ dumps all UNIX sockets | |
46 | </itemize> | |
47 | ||
48 | <p> | |
49 | Option <tt/-o/ shows TCP timers state. | |
50 | Option <tt/-e/ shows some extended information. | |
51 | Etc. etc. etc. Seems, all the options of netstat related to sockets | |
52 | are supported. Though not AX.25 and other bizarres. :-) | |
53 | If someone wants, he can make support for decnet and ipx. | |
54 | Some rudimentary support for them is already present in iproute2 libutils, | |
55 | and I will be glad to see these new members. | |
56 | ||
57 | <p> | |
58 | However, standard functionality is a bit different: | |
59 | ||
60 | <p> | |
61 | The first: without option <tt/-a/ sockets in states | |
62 | <tt/TIME-WAIT/ and <tt/SYN-RECV/ are skipped too. | |
63 | It is more reasonable default, I think. | |
64 | ||
65 | <p> | |
66 | The second: format of UNIX sockets is different. It coincides | |
67 | with tcp/udp. Though standard kernel still does not allow to | |
68 | see write/read queues and peer address of connected UNIX sockets, | |
69 | the patch doing this exists. | |
70 | ||
71 | <p> | |
72 | The third: default is to dump only TCP sockets, rather than all of the types. | |
73 | ||
74 | <p> | |
75 | The next: by default it does not resolve numeric host addresses (like <tt/ip/)! | |
76 | Resolving is enabled with option <tt/-r/. Service names, usually stored | |
77 | in local files, are resolved by default. Also, if service database | |
78 | does not contain references to a port, <tt/ss/ queries system | |
79 | <tt/rpcbind/. RPC services are prefixed with <tt/rpc./ | |
80 | Resolution of services may be suppressed with option <tt/-n/. | |
81 | ||
82 | <p> | |
83 | It does not accept "long" options (I dislike them, sorry). | |
84 | So, address family is given with family identifier following | |
85 | option <tt/-f/ to be algined to iproute2 conventions. | |
86 | Mostly, it is to allow option parser to parse | |
87 | addresses correctly, but as side effect it really limits dumping | |
88 | to sockets supporting only given family. Option <tt/-A/ followed | |
89 | by list of socket tables to dump is also supported. | |
90 | Logically, id of socket table is different of _address_ family, which is | |
91 | another point of incompatibility. So, id is one of | |
92 | <tt/all/, <tt/tcp/, <tt/udp/, | |
93 | <tt/raw/, <tt/inet/, <tt/unix/, <tt/packet/, <tt/netlink/. See? | |
94 | Well, <tt/inet/ is just abbreviation for <tt/tcp|udp|raw/ | |
95 | and it is not difficult to guess that <tt/packet/ allows | |
96 | to look at packet sockets. Actually, there are also some other abbreviations, | |
97 | f.e. <tt/unix_dgram/ selects only datagram UNIX sockets. | |
98 | ||
99 | <p> | |
100 | The next: well, I still do not know. :-) | |
101 | ||
102 | ||
103 | ||
104 | ||
105 | <sect>Time to talk about new functionality. | |
106 | ||
107 | <p>It is builtin filtering of socket lists. | |
108 | ||
109 | <sect1> Filtering by state. | |
110 | ||
111 | <p> | |
112 | <tt/ss/ allows to filter socket states, using keywords | |
113 | <tt/state/ and <tt/exclude/, followed by some state | |
114 | identifier. | |
115 | ||
116 | <p> | |
117 | State identifier are standard TCP state names (not listed, | |
118 | they are useless for you if you already do not know them) | |
119 | or abbreviations: | |
120 | ||
121 | <itemize> | |
122 | <item><tt/all/ - for all the states | |
123 | <item><tt/bucket/ - for TCP minisockets (<tt/TIME-WAIT|SYN-RECV/) | |
124 | <item><tt/big/ - all except for minisockets | |
125 | <item><tt/connected/ - not closed and not listening | |
126 | <item><tt/synchronized/ - connected and not <tt/SYN-SENT/ | |
127 | </itemize> | |
128 | ||
129 | <p> | |
130 | F.e. to dump all tcp sockets except <tt/SYN-RECV/: | |
131 | ||
132 | <tscreen><verb> | |
133 | ss exclude SYN-RECV | |
134 | </verb></tscreen> | |
135 | ||
136 | <p> | |
137 | If neither <tt/state/ nor <tt/exclude/ directives | |
138 | are present, | |
139 | state filter defaults to <tt/all/ with option <tt/-a/ | |
140 | or to <tt/all/, | |
141 | excluding listening, syn-recv, time-wait and closed sockets. | |
142 | ||
143 | <sect1> Filtering by addresses and ports. | |
144 | ||
145 | <p> | |
146 | Option list may contain address/port filter. | |
147 | It is boolean expression which consists of boolean operation | |
148 | <tt/or/, <tt/and/, <tt/not/ and predicates. | |
149 | Actually, all the flavors of names for boolean operations are eaten: | |
150 | <tt/&/, <tt/&&/, <tt/|/, <tt/||/, <tt/!/, but do not forget | |
151 | about special sense given to these symbols by unix shells and escape | |
152 | them correctly, when used from command line. | |
153 | ||
154 | <p> | |
155 | Predicates may be of the folowing kinds: | |
156 | ||
157 | <itemize> | |
158 | <item>A. Address/port match, where address is checked against mask | |
159 | and port is either wildcard or exact. It is one of: | |
160 | ||
161 | <tscreen><verb> | |
162 | dst prefix:port | |
163 | src prefix:port | |
164 | src unix:STRING | |
165 | src link:protocol:ifindex | |
166 | src nl:channel:pid | |
167 | </verb></tscreen> | |
168 | ||
169 | Both prefix and port may be absent or replaced with <tt/*/, | |
170 | which means wildcard. UNIX socket use more powerful scheme | |
171 | matching to socket names by shell wildcards. Also, prefixes | |
172 | unix: and link: may be omitted, if address family is evident | |
173 | from context (with option <tt/-x/ or with <tt/-f unix/ | |
174 | or with <tt/unix/ keyword) | |
175 | ||
176 | <p> | |
177 | F.e. | |
178 | ||
179 | <tscreen><verb> | |
180 | dst 10.0.0.1 | |
181 | dst 10.0.0.1: | |
182 | dst 10.0.0.1/32: | |
183 | dst 10.0.0.1:* | |
184 | </verb></tscreen> | |
185 | are equivalent and mean socket connected to | |
186 | any port on host 10.0.0.1 | |
187 | ||
188 | <tscreen><verb> | |
189 | dst 10.0.0.0/24:22 | |
190 | </verb></tscreen> | |
191 | sockets connected to port 22 on network | |
192 | 10.0.0.0...255. | |
193 | ||
194 | <p> | |
195 | Note that port separated of address with colon, which creates | |
196 | troubles with IPv6 addresses. Generally, we interpret the last | |
197 | colon as splitting port. To allow to give IPv6 addresses, | |
198 | trick like used in IPv6 HTTP URLs may be used: | |
199 | ||
200 | <tscreen><verb> | |
201 | dst [::1] | |
202 | </verb></tscreen> | |
203 | are sockets connected to ::1 on any port | |
204 | ||
205 | <p> | |
206 | Another way is <tt/dst ::1/128/. / helps to understand that | |
207 | colon is part of IPv6 address. | |
208 | ||
209 | <p> | |
210 | Now we can add another alias for <tt/dst 10.0.0.1/: | |
211 | <tt/dst [10.0.0.1]/. :-) | |
212 | ||
213 | <p> Address may be a DNS name. In this case all the addresses are looked | |
214 | up (in all the address families, if it is not limited by option <tt/-f/ | |
215 | or special address prefix <tt/inet:/, <tt/inet6/) and resulting | |
216 | expression is <tt/or/ over all of them. | |
217 | ||
218 | <item> B. Port expressions: | |
219 | <tscreen><verb> | |
220 | dport >= :1024 | |
221 | dport != :22 | |
222 | sport < :32000 | |
223 | </verb></tscreen> | |
224 | etc. | |
225 | ||
226 | All the relations: <tt/</, <tt/>/, <tt/=/, <tt/>=/, <tt/=/, <tt/==/, | |
227 | <tt/!=/, <tt/eq/, <tt/ge/, <tt/lt/, <tt/ne/... | |
228 | Use variant which you like more, but not forget to escape special | |
229 | characters when typing them in command line. :-) | |
230 | ||
231 | Note that port number syntactically coincides to the case A! | |
232 | You may even add an IP address, but it will not participate | |
233 | incomparison, except for <tt/==/ and <tt/!=/, which are equivalent | |
234 | to corresponding predicates of type A. F.e. | |
235 | <p> | |
236 | <tt/dst 10.0.0.1:22/ | |
237 | is equivalent to <tt/dport eq 10.0.0.1:22/ | |
238 | and | |
239 | <tt/not dst 10.0.0.1:22/ is equivalent to | |
240 | <tt/dport neq 10.0.0.1:22/ | |
241 | ||
242 | <item>C. Keyword <tt/autobound/. It matches to sockets bound automatically | |
243 | on local system. | |
244 | ||
245 | </itemize> | |
246 | ||
247 | ||
248 | <sect> Examples | |
249 | ||
250 | <p> | |
251 | <itemize> | |
252 | <item>1. List all the tcp sockets in state <tt/FIN-WAIT-1/ for our apache | |
253 | to network 193.233.7/24 and look at their timers: | |
254 | ||
255 | <tscreen><verb> | |
256 | ss -o state fin-wait-1 \( sport = :http or sport = :https \) \ | |
257 | dst 193.233.7/24 | |
258 | </verb></tscreen> | |
259 | ||
260 | Oops, forgot to say that missing logical operation is | |
261 | equivalent to <tt/and/. | |
262 | ||
263 | <item> 2. Well, now look at the rest... | |
264 | ||
265 | <tscreen><verb> | |
266 | ss -o excl fin-wait-1 | |
267 | ss state fin-wait-1 \( sport neq :http and sport neq :https \) \ | |
268 | or not dst 193.233.7/24 | |
269 | </verb></tscreen> | |
270 | ||
271 | Note that we have to do _two_ calls of ss to do this. | |
272 | State match is always anded to address/port match. | |
273 | The reason for this is purely technical: ss does fast skip of | |
274 | not matching states before parsing addresses and I consider the | |
275 | ability to skip fastly gobs of time-wait and syn-recv sockets | |
276 | as more important than logical generality. | |
277 | ||
278 | <item> 3. So, let's look at all our sockets using autobound ports: | |
279 | ||
280 | <tscreen><verb> | |
281 | ss -a -A all autobound | |
282 | </verb></tscreen> | |
283 | ||
284 | ||
285 | <item> 4. And eventually find all the local processes connected | |
286 | to local X servers: | |
287 | ||
288 | <tscreen><verb> | |
289 | ss -xp dst "/tmp/.X11-unix/*" | |
290 | </verb></tscreen> | |
291 | ||
292 | Pardon, this does not work with current kernel, patching is required. | |
293 | But we still can look at server side: | |
294 | ||
295 | <tscreen><verb> | |
296 | ss -x src "/tmp/.X11-unix/*" | |
297 | </verb></tscreen> | |
298 | ||
299 | </itemize> | |
300 | ||
301 | ||
302 | <sect> Returning to ground: real manual | |
303 | ||
304 | <p> | |
305 | <sect1> Command arguments | |
306 | ||
307 | <p> General format of arguments to <tt/ss/ is: | |
308 | ||
309 | <tscreen><verb> | |
310 | ss [ OPTIONS ] [ STATE-FILTER ] [ ADDRESS-FILTER ] | |
311 | </verb></tscreen> | |
312 | ||
313 | <sect2><tt/OPTIONS/ | |
314 | <p> <tt/OPTIONS/ is list of single letter options, using common unix | |
315 | conventions. | |
316 | ||
317 | <itemize> | |
318 | <item><tt/-h/ - show help page | |
319 | <item><tt/-?/ - the same, of course | |
320 | <item><tt/-v/, <tt/-V/ - print version of <tt/ss/ and exit | |
321 | <item><tt/-s/ - print summary statistics. This option does not parse | |
322 | socket lists obtaining summary from various sources. It is useful | |
323 | when amount of sockets is so huge that parsing <tt>/proc/net/tcp</tt> | |
324 | is painful. | |
325 | <item><tt/-D FILE/ - do not display anything, just dump raw information | |
326 | about TCP sockets to <tt/FILE/ after applying filters. If <tt/FILE/ is <tt/-/ | |
327 | <tt/stdout/ is used. | |
328 | <item><tt/-F FILE/ - read continuation of filter from <tt/FILE/. | |
329 | Each line of <tt/FILE/ is interpreted like single command line option. | |
330 | If <tt/FILE/ is <tt/-/ <tt/stdin/ is used. | |
331 | <item><tt/-r/ - try to resolve numeric address/ports | |
332 | <item><tt/-n/ - do not try to resolve ports | |
333 | <item><tt/-o/ - show some optional information, f.e. TCP timers | |
334 | <item><tt/-i/ - show some infomration specific to TCP (RTO, congestion | |
335 | window, slow start threshould etc.) | |
336 | <item><tt/-e/ - show even more optional information | |
337 | <item><tt/-m/ - show extended information on memory used by the socket. | |
338 | It is available only with <tt/tcp_diag/ enabled. | |
339 | <item><tt/-p/ - show list of processes owning the socket | |
340 | <item><tt/-f FAMILY/ - default address family used for parsing addresses. | |
341 | Also this option limits listing to sockets supporting | |
342 | given address family. Currently the following families | |
343 | are supported: <tt/unix/, <tt/inet/, <tt/inet6/, <tt/link/, | |
344 | <tt/netlink/. | |
345 | <item><tt/-4/ - alias for <tt/-f inet/ | |
346 | <item><tt/-6/ - alias for <tt/-f inet6/ | |
347 | <item><tt/-0/ - alias for <tt/-f link/ | |
348 | <item><tt/-A LIST-OF-TABLES/ - list of socket tables to dump, separated | |
349 | by commas. The following identifiers are understood: | |
350 | <tt/all/, <tt/inet/, <tt/tcp/, <tt/udp/, <tt/raw/, | |
351 | <tt/unix/, <tt/packet/, <tt/netlink/, <tt/unix_dgram/, | |
352 | <tt/unix_stream/, <tt/packet_raw/, <tt/packet_dgram/. | |
353 | <item><tt/-x/ - alias for <tt/-A unix/ | |
354 | <item><tt/-t/ - alias for <tt/-A tcp/ | |
355 | <item><tt/-u/ - alias for <tt/-A udp/ | |
356 | <item><tt/-w/ - alias for <tt/-A raw/ | |
357 | <item><tt/-a/ - show sockets of all the states. By default sockets | |
358 | in states <tt/LISTEN/, <tt/TIME-WAIT/, <tt/SYN_RECV/ | |
359 | and <tt/CLOSE/ are skipped. | |
360 | <item><tt/-l/ - show only sockets in state <tt/LISTEN/ | |
361 | </itemize> | |
362 | ||
363 | <sect2><tt/STATE-FILTER/ | |
364 | ||
365 | <p><tt/STATE-FILTER/ allows to construct arbitrary set of | |
366 | states to match. Its syntax is sequence of keywords <tt/state/ | |
367 | and <tt/exclude/ followed by identifier of state. | |
368 | Available identifiers are: | |
369 | ||
370 | <p> | |
371 | <itemize> | |
372 | <item> All standard TCP states: <tt/established/, <tt/syn-sent/, | |
373 | <tt/syn-recv/, <tt/fin-wait-1/, <tt/fin-wait-2/, <tt/time-wait/, | |
374 | <tt/closed/, <tt/close-wait/, <tt/last-ack/, <tt/listen/ and <tt/closing/. | |
375 | ||
376 | <item><tt/all/ - for all the states | |
377 | <item><tt/connected/ - all the states except for <tt/listen/ and <tt/closed/ | |
378 | <item><tt/synchronized/ - all the <tt/connected/ states except for | |
379 | <tt/syn-sent/ | |
380 | <item><tt/bucket/ - states, which are maintained as minisockets, i.e. | |
381 | <tt/time-wait/ and <tt/syn-recv/. | |
382 | <item><tt/big/ - opposite to <tt/bucket/ | |
383 | </itemize> | |
384 | ||
385 | <sect2><tt/ADDRESS_FILTER/ | |
386 | ||
387 | <p><tt/ADDRESS_FILTER/ is boolean expression with operations <tt/and/, <tt/or/ | |
388 | and <tt/not/, which can be abbreviated in C style f.e. as <tt/&/, | |
389 | <tt/&&/. | |
390 | ||
391 | <p> | |
392 | Predicates check socket addresses, both local and remote. | |
393 | There are the following kinds of predicates: | |
394 | ||
395 | <itemize> | |
396 | <item> <tt/dst ADDRESS_PATTERN/ - matches remote address and port | |
397 | <item> <tt/src ADDRESS_PATTERN/ - matches local address and port | |
398 | <item> <tt/dport RELOP PORT/ - compares remote port to a number | |
399 | <item> <tt/sport RELOP PORT/ - compares local port to a number | |
400 | <item> <tt/autobound/ - checks that socket is bound to an ephemeral | |
401 | port | |
402 | </itemize> | |
403 | ||
404 | <p><tt/RELOP/ is some of <tt/<=/, <tt/>=/, <tt/==/ etc. | |
405 | To make this more convinient for use in unix shell, alphabetic | |
406 | FORTRAN-like notations <tt/le/, <tt/gt/ etc. are accepted as well. | |
407 | ||
408 | <p>The format and semantics of <tt/ADDRESS_PATTERN/ depends on address | |
409 | family. | |
410 | ||
411 | <itemize> | |
412 | <item><tt/inet/ - <tt/ADDRESS_PATTERN/ consists of IP prefix, optionally | |
413 | followed by colon and port. If prefix or port part is absent or replaced | |
414 | with <tt/*/, this means wildcard match. | |
415 | <item><tt/inet6/ - The same as <tt/inet/, only prefix refers to an IPv6 | |
416 | address. Unlike <tt/inet/ colon becomes ambiguous, so that <tt/ss/ allows | |
417 | to use scheme, like used in URLs, where address is suppounded with | |
418 | <tt/[/ ... <tt/]/. | |
419 | <item><tt/unix/ - <tt/ADDRESS_PATTERN/ is shell-style wildcard. | |
420 | <item><tt/packet/ - format looks like <tt/inet/, only interface index | |
421 | stays instead of port and link layer protocol id instead of address. | |
422 | <item><tt/netlink/ - format looks like <tt/inet/, only socket pid | |
423 | stays instead of port and netlink channel instead of address. | |
424 | </itemize> | |
425 | ||
426 | <p><tt/PORT/ is syntactically <tt/ADDRESS_PATTERN/ with wildcard | |
427 | address part. Certainly, it is undefined for UNIX sockets. | |
428 | ||
429 | <sect1> Environment variables | |
430 | ||
431 | <p> | |
432 | <tt/ss/ allows to change source of information using various | |
433 | environment variables: | |
434 | ||
435 | <p> | |
436 | <itemize> | |
437 | <item> <tt/PROC_SLABINFO/ to override <tt>/proc/slabinfo</tt> | |
438 | <item> <tt/PROC_NET_TCP/ to override <tt>/proc/net/tcp</tt> | |
439 | <item> <tt/PROC_NET_UDP/ to override <tt>/proc/net/udp</tt> | |
440 | <item> etc. | |
441 | </itemize> | |
442 | ||
443 | <p> | |
444 | Variable <tt/PROC_ROOT/ allows to change root of all the <tt>/proc/</tt> | |
445 | hierarchy. | |
446 | ||
447 | <p> | |
448 | Variable <tt/TCPDIAG_FILE/ prescribes to open a file instead of | |
449 | requesting kernel to dump information about TCP sockets. | |
450 | ||
451 | ||
452 | <p> This option is used mainly to investigate bug reports, | |
453 | when dumps of files usually found in <tt>/proc/</tt> are recevied | |
454 | by e-mail. | |
455 | ||
456 | <sect1> Output format | |
457 | ||
458 | <p>Six columns. The first is <tt/Netid/, it denotes socket type and | |
459 | transport protocol, when it is ambiguous: <tt/tcp/, <tt/udp/, <tt/raw/, | |
460 | <tt/u_str/ is abbreviation for <tt/unix_stream/, <tt/u_dgr/ for UNIX | |
461 | datagram sockets, <tt/nl/ for netlink, <tt/p_raw/ and <tt/p_dgr/ for | |
462 | raw and datagram packet sockets. This column is optional, it will | |
463 | be hidden, if filter selects an unique netid. | |
464 | ||
465 | <p> | |
466 | The second column is <tt/State/. Socket state is displayed here. | |
467 | The names are standard TCP names, except for <tt/UNCONN/, which | |
468 | cannot happen for TCP, but normal for not connected sockets | |
469 | of another types. Again, this column can be hidden. | |
470 | ||
471 | <p> | |
472 | Then two columns (<tt/Recv-Q/ and <tt/Send-Q/) showing amount of data | |
473 | queued for receive and transmit. | |
474 | ||
475 | <p> | |
476 | And the last two columns display local address and port of the socket | |
477 | and its peer address, if the socket is connected. | |
478 | ||
479 | <p> | |
480 | If options <tt/-o/, <tt/-e/ or <tt/-p/ were given, options are | |
481 | displayed not in fixed positions but separated by spaces pairs: | |
482 | <tt/option:value/. If value is not a single number, it is presented | |
483 | as list of values, enclosed to <tt/(/ ... <tt/)/ and separated with | |
484 | commas. F.e. | |
485 | ||
486 | <tscreen><verb> | |
487 | timer:(keepalive,111min,0) | |
488 | </verb></tscreen> | |
489 | is typical format for TCP timer (option <tt/-o/). | |
490 | ||
491 | <tscreen><verb> | |
492 | users:((X,113,3)) | |
493 | </verb></tscreen> | |
494 | is typical for list of users (option <tt/-p/). | |
495 | ||
496 | ||
497 | <sect>Some numbers | |
498 | ||
499 | <p> | |
500 | Well, let us use <tt/pidentd/ and a tool <tt/ibench/ to measure | |
501 | its performance. It is 30 requests per second here. Nothing to test, | |
502 | it is too slow. OK, let us patch pidentd with patch from directory | |
503 | Patches. After this it handles about 4300 requests per second | |
504 | and becomes handy tool to pollute socket tables with lots of timewait | |
505 | buckets. | |
506 | ||
507 | <p> | |
508 | So, each test starts from pollution tables with 30000 sockets | |
509 | and then doing full dump of the table piped to wc and measuring | |
510 | timings with time: | |
511 | ||
512 | <p>Results: | |
513 | ||
514 | <itemize> | |
515 | <item> <tt/netstat -at/ - 15.6 seconds | |
516 | <item> <tt/ss -atr/, but without <tt/tcp_diag/ - 5.4 seconds | |
517 | <item> <tt/ss -atr/ with <tt/tcp_diag/ - 0.47 seconds | |
518 | </itemize> | |
519 | ||
520 | No comments. Though one comment is necessary, most of time | |
521 | without <tt/tcp_diag/ is wasted inside kernel with completely | |
522 | blocked networking. More than 10 seconds, yes. <tt/tcp_diag/ | |
523 | does the same work for 100 milliseconds of system time. | |
524 | ||
525 | </article> |