Add cmds/core/netstat #2976

ChriMarMe · 2024-04-30T11:19:10Z

Snapshot of status quo netstat implementation in u-root compared to net-tools/netstat

netstat has five main capabilities:

List socket states
List route table (flags: -r, -r4,-r6,-r46)
List multicast group membership (flags: -g, -g4, -g6, -g46)
Print interface information(s) (flags: -i, -I=)
Print network statistics (flags: -s, -s4, -s6)

Status of implementation:

jensdrenhaus · 2024-04-30T12:15:04Z

What socket types and address families should be supported?

Socket types:

raw
unix
tcp
udp
ax25
sctp (Stream Control Transmission Protocol)
ipx
netrom

Address families:

IPv4
IPv6
ax25 (Amateur radio AX.25 protocol)
netrom (AMPR NET/ROM)
ipx (Novell IPX)
ddp(Appletalk DDP)
x25 (ITU-T X.25 / ISO-8208 protocol)

@ChriMarMe evaluated the socket type usage as follows:
raw
raw sockets allow the manipulation of payload and header for the given address family in layer 2 (data-link-layer) or layer 3 (network-layer)
https://stackoverflow.com/questions/14774668/what-is-raw-socket-in-socket-programming
This is a common, broadly used socket type.

unix
unix sockets provide a mechanism for inter-process communication defined in POSIX standard and implemented in the linux kernel.
This is a common, broadly used socket type.

tcp/udp
sockets of type tcp/udp usually used on top of IPv4/IPv6 address families.
This is a common, broadly used socket type

ax25
Broadly used in packet radio application
IIuc: Drop-in replacement for ethernet for a special use case (digital radio stuff) There is no usage in u-root so far.
sctp
The “Stream Control Transmission Protocol” is a transport layer protocol and provides UDP-like connections with TCP reliability build-in.
There is no usage in u-root so far.

ipx
Proprietary protocol. Works like IP/UDP. Popular in the past, not so much anymore.
Does not see usage in u-root

netrom
netrom is a protocol used extensively by radio amateurs. The Linux netrom protocol family permits access to these protocols via the standard networking socket metaphor.
Does not see use in u-root

Proposal:
Processing of the RAW and UNIX socket type data is a viable thing to do. Others do not see any usage in u-root nor vendored dependencies. We suggest implementing RAW and UNIX socket type data processing and skipping the rest. Same goes for the address families linked to the skipped socket types. (ax25,x25,ddp,ipx, netrom)

jensdrenhaus · 2024-04-30T12:18:15Z

cc @10000TB @andrewsun2898

rminnich

this is pretty amazing. See my one comment. You might put the info on what is done, and what is not done, in doc.go

I would be ready to approve as it is now if you want.

pkg/netstat/route.go

ChriMarMe · 2024-05-08T10:25:23Z

When implementing the --cache option for routing tables of IPv6, I encountered legacy compatibility for really old kernel versions. There is a file opened and if that fails, it falls back to a the -fib function but with a filter passed to it.
I asked the maintainer of net-tools what this is about. See: ecki/net-tools#34
Here we have some additional informations about routing cache:
https://serverfault.com/questions/1091128/why-i-get-cache-in-the-output-of-ip-route-get
https://workshop.netfilter.org/2013/wiki/images/2/2a/DaveM_route_cache_removed_nfws2013.pdf

So my takeaway is that routing cache was removed for IPv4/6 some time ago already and the --cache-flag is dragged along for legacy reasons.

For now I will skip the implementation of --cache. Let me know what you think @10000TB @andrewsun2898

10000TB · 2024-05-15T19:38:35Z

@ChriMarMe @jensdrenhaus Hi, srry for the delay! -- re. socket types and address family.

I mostly agree with the assesment put by @jensdrenhaus , except we would like TCP/UDP included too. I think that is beneficial to include. So the requirements from my end are as follows.

Socket types:

Required
- Raw
- Unix
- Tcp
- Udp
Not Required
- ax25
- sctp
- Ipx
- Netrom

Address Family

Required
- IPv4
- IPv6
Not Required
- ax25 (Amateur radio AX.25 protocol)
- netrom (AMPR NET/ROM)
- ipx (Novell IPX)
- ddp(Appletalk DDP)
- x25 (ITU-T X.25 / ISO-8208 protocol)

10000TB · 2024-05-15T19:58:02Z

When implementing the --cache option for routing tables of IPv6, I encountered legacy compatibility for really old kernel versions. There is a file opened and if that fails, it falls back to a the -fib function but with a filter passed to it. I asked the maintainer of net-tools what this is about. See: ecki/net-tools#34 Here we have some additional informations about routing cache: https://serverfault.com/questions/1091128/why-i-get-cache-in-the-output-of-ip-route-get https://workshop.netfilter.org/2013/wiki/images/2/2a/DaveM_route_cache_removed_nfws2013.pdf

So my takeaway is that routing cache was removed for IPv4/6 some time ago already and the --cache-flag is dragged along for legacy reasons.

For now I will skip the implementation of --cache. Let me know what you think @10000TB @andrewsun2898

In that case, how do we display routing cache ? -- and how do we different route from cache versus new lookup need happen ?

I tried on my 6.6 kernel devbox, which has netstat 2.10

xuehaohu@worldpeace:~$ netstat --version
net-tools 2.10
Fred Baumgarten, Alan Cox, Bernd Eckenfels, Phil Blundell, Tuan Hoang, Brian Micek and others
+NEW_ADDRT +RTF_IRTT +RTF_REJECT +FW_MASQUERADE +I18N +SELINUX
AF: (inet) +UNIX +INET +INET6 +IPX +AX25 +NETROM +X25 +ATALK +ECONET +ROSE -BLUETOOTH
HW:  +ETHER +ARC +SLIP +PPP +TUNNEL -TR +AX25 +NETROM +X25 +FR +ROSE +ASH +SIT +FDDI +HIPPI +HDLC/LAPB +EUI64
xuehaohu@worldpeace:~$ uname -a
Linux 6.6.15-2rodete2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.6.15-2rodete2 (2024-03-19) x86_64 GNU/Linux
xuehaohu@worldpeace:

xuehaohu@worldpeace:~$ netstat --help
...
...
        -C, --cache              display routing cache instead of FIB

xuehaohu@worldpeace:~$ netstat -6 -C
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp6       0      0 localhost:52868         localhost:9557          ESTABLISHED
tcp6       0      0 localhost:46904         localhost:9557          ESTABLISHED
tcp6       0      0 localhost:57110         localhost:9557          ESTABLISHED
tcp6       0      0 (redacted):49230     (redacted):5031 ESTABLISHED
tcp6       0      0 localhost:57150         localhost:9557          ESTABLISHED
tcp6       0      0 (redacted):35642     (redacted):5031 ESTABLISHED
tcp6       0      0 localhost:41834         localhost:9557          ESTABLISHED
tcp6       0      0 (redacted):58684     (redacted):5031    ESTABLISHED

ChriMarMe · 2024-05-16T07:26:28Z

@ChriMarMe @jensdrenhaus Hi, srry for the delay! -- re. socket types and address family.

I mostly agree with the assesment put by @jensdrenhaus , except we would like TCP/UDP included too. I think that is beneficial to include. So the requirements from my end are as follows.

Socket types:
* Required
  
  * Raw
  * Unix
  * Tcp
  * Udp

* Not Required
  
  * ax25
  * sctp
  * Ipx
  * Netrom
Address Family
* Required
  
  * IPv4
  * IPv6

* Not Required
  
  * ax25 (Amateur radio AX.25 protocol)
  * netrom (AMPR NET/ROM)
  * ipx (Novell IPX)
  * ddp(Appletalk DDP)
  * x25 (ITU-T X.25 / ISO-8208 protocol)

Thanks for the clarification. I didnt mention TCP/UDP and IPv4/IPv6 because I assumed it as required already :)

When implementing the --cache option for routing tables of IPv6, I encountered legacy compatibility for really old kernel versions. There is a file opened and if that fails, it falls back to a the -fib function but with a filter passed to it. I asked the maintainer of net-tools what this is about. See: ecki/net-tools#34 Here we have some additional informations about routing cache: https://serverfault.com/questions/1091128/why-i-get-cache-in-the-output-of-ip-route-get https://workshop.netfilter.org/2013/wiki/images/2/2a/DaveM_route_cache_removed_nfws2013.pdf
So my takeaway is that routing cache was removed for IPv4/6 some time ago already and the --cache-flag is dragged along for legacy reasons.
For now I will skip the implementation of --cache. Let me know what you think @10000TB @andrewsun2898

In that case, how do we display routing cache ? -- and how do we different route from cache versus new lookup need happen ?

I tried on my 6.6 kernel devbox, which has netstat 2.10
xuehaohu@worldpeace:~$ netstat --version
net-tools 2.10
Fred Baumgarten, Alan Cox, Bernd Eckenfels, Phil Blundell, Tuan Hoang, Brian Micek and others
+NEW_ADDRT +RTF_IRTT +RTF_REJECT +FW_MASQUERADE +I18N +SELINUX
AF: (inet) +UNIX +INET +INET6 +IPX +AX25 +NETROM +X25 +ATALK +ECONET +ROSE -BLUETOOTH
HW:  +ETHER +ARC +SLIP +PPP +TUNNEL -TR +AX25 +NETROM +X25 +FR +ROSE +ASH +SIT +FDDI +HIPPI +HDLC/LAPB +EUI64
xuehaohu@worldpeace:~$ uname -a
Linux 6.6.15-2rodete2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.6.15-2rodete2 (2024-03-19) x86_64 GNU/Linux
xuehaohu@worldpeace:
xuehaohu@worldpeace:~$ netstat --help
...
...
        -C, --cache              display routing cache instead of FIB

xuehaohu@worldpeace:~$ netstat -6 -C
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp6       0      0 localhost:52868         localhost:9557          ESTABLISHED
tcp6       0      0 localhost:46904         localhost:9557          ESTABLISHED
tcp6       0      0 localhost:57110         localhost:9557          ESTABLISHED
tcp6       0      0 (redacted):49230     (redacted):5031 ESTABLISHED
tcp6       0      0 localhost:57150         localhost:9557          ESTABLISHED
tcp6       0      0 (redacted):35642     (redacted):5031 ESTABLISHED
tcp6       0      0 localhost:41834         localhost:9557          ESTABLISHED
tcp6       0      0 (redacted):58684     (redacted):5031    ESTABLISHED

Will have a look at it again. Prolly misunderstood some of the information.

ChriMarMe · 2024-05-16T07:36:37Z

When implementing the --cache option for routing tables of IPv6, I encountered legacy compatibility for really old kernel versions. There is a file opened and if that fails, it falls back to a the -fib function but with a filter passed to it. I asked the maintainer of net-tools what this is about. See: ecki/net-tools#34 Here we have some additional informations about routing cache: https://serverfault.com/questions/1091128/why-i-get-cache-in-the-output-of-ip-route-get https://workshop.netfilter.org/2013/wiki/images/2/2a/DaveM_route_cache_removed_nfws2013.pdf
So my takeaway is that routing cache was removed for IPv4/6 some time ago already and the --cache-flag is dragged along for legacy reasons.
For now I will skip the implementation of --cache. Let me know what you think @10000TB @andrewsun2898

In that case, how do we display routing cache ? -- and how do we different route from cache versus new lookup need happen ?

I tried on my 6.6 kernel devbox, which has netstat 2.10
xuehaohu@worldpeace:~$ netstat --version
net-tools 2.10
Fred Baumgarten, Alan Cox, Bernd Eckenfels, Phil Blundell, Tuan Hoang, Brian Micek and others
+NEW_ADDRT +RTF_IRTT +RTF_REJECT +FW_MASQUERADE +I18N +SELINUX
AF: (inet) +UNIX +INET +INET6 +IPX +AX25 +NETROM +X25 +ATALK +ECONET +ROSE -BLUETOOTH
HW:  +ETHER +ARC +SLIP +PPP +TUNNEL -TR +AX25 +NETROM +X25 +FR +ROSE +ASH +SIT +FDDI +HIPPI +HDLC/LAPB +EUI64
xuehaohu@worldpeace:~$ uname -a
Linux 6.6.15-2rodete2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.6.15-2rodete2 (2024-03-19) x86_64 GNU/Linux
xuehaohu@worldpeace:
xuehaohu@worldpeace:~$ netstat --help
...
...
        -C, --cache              display routing cache instead of FIB

xuehaohu@worldpeace:~$ netstat -6 -C
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp6       0      0 localhost:52868         localhost:9557          ESTABLISHED
tcp6       0      0 localhost:46904         localhost:9557          ESTABLISHED
tcp6       0      0 localhost:57110         localhost:9557          ESTABLISHED
tcp6       0      0 (redacted):49230     (redacted):5031 ESTABLISHED
tcp6       0      0 localhost:57150         localhost:9557          ESTABLISHED
tcp6       0      0 (redacted):35642     (redacted):5031 ESTABLISHED
tcp6       0      0 localhost:41834         localhost:9557          ESTABLISHED
tcp6       0      0 (redacted):58684     (redacted):5031    ESTABLISHED

BTW: The output you have here is not route cache. It's IPv6 sockets listing.

ChriMarMe · 2024-05-24T06:08:45Z

I hate to be picky, but the way this is written, it's a lot of code needing tests.

A friend at meta has had good luck with asking chatgpt to write tests for Go.

Being picky is what helps me being a better dev. So thank you :)

* Interface table printing * specific Interface printing Signed-off-by: Christopher Meis <christopher.meis@9elements.com>

* Add structure and member-functions to handle the different flag mechanism Signed-off-by: Christopher Meis <christopher.meis@9elements.com>