Skip to content

Commit

Permalink
[networking] collect commands only when required kernel modules are l…
Browse files Browse the repository at this point in the history 
…oaded

- "ip -s macsec show" requires "macsec" kmod loaded
- "ss -peaonmi" requires 6 *_diag kernel modules

Execute the commands only when the modules are loaded, or when explicitly
requested via --allow-kmod-load option.

Resolves: sosreport#1435

Signed-off-by: Pavel Moravec <[email protected]>
  • Loading branch information
@pmoravec
pmoravec committed Jun 11, 2019
1 parent 913ff8c commit 610649f
Showing 1 changed file with 42 additions and 4 deletions.
46 changes: 42 additions & 4 deletions sos/plugins/networking.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
#
# See the LICENSE file in the source distribution for further information.

from sos.plugins import Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin
from sos.plugins import (Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin,
SoSPredicate)
from os import listdir
import re

Expand Down Expand Up @@ -130,7 +131,6 @@ def setup(self):
self.add_cmd_output([
"netstat -s",
"netstat %s -agn" % self.ns_wide,
"ss -peaonmi",
"ip route show table all",
"ip -6 route show table all",
"ip -4 rule",
Expand All @@ -144,9 +144,34 @@ def setup(self):
"ip neigh show nud noarp",
"biosdevname -d",
"tc -s qdisc show",
"ip -s macsec show",
])

# below commands require some kernel module(s) to be loaded
# run them only if the modules are loaded, or if explicitly requested
# via --allow-kmod-load option
ip_macsec_show_cmd = "ip -s macsec show"
macsec_pred = SoSPredicate(self, kmods=['macsec'])
if self.test_predicate(self, pred=macsec_pred) or \
self.get_option("allow_kmod_load"):
self.add_cmd_output(ip_macsec_show_cmd)
else:
self._log_warn("skipped command '%s' as it requires kernel module "
"'macsecs' that is unloaded; use "
"--allow-kmod-load to collect it"
% ip_macsec_show_cmd)

ss_cmd = "ss -peaonmi"
ss_pred = SoSPredicate(self, kmods=['tcp_diag', 'udp_diag',
'inet_diag', 'unix_diag',
'netlink_diag', 'af_packet_diag'])
if self.test_predicate(self, pred=ss_pred) or \
self.get_option("allow_kmod_load"):
self.add_cmd_output(ss_cmd)
else:
self._log_warn("skipped command '%s' as it requires some *_diag "
"kernel module that is unloaded; use "
"--allow-kmod-load to collect it" % ss_cmd)

# When iptables is called it will load the modules
# iptables and iptables_filter if they are not loaded.
# The same goes for ipv6.
Expand Down Expand Up @@ -203,12 +228,25 @@ def setup(self):
ns_cmd_prefix + "ip address show",
ns_cmd_prefix + "ip route show table all",
ns_cmd_prefix + "iptables-save",
ns_cmd_prefix + "ss -peaonmi",
ns_cmd_prefix + "netstat %s -neopa" % self.ns_wide,
ns_cmd_prefix + "netstat -s",
ns_cmd_prefix + "netstat %s -agn" % self.ns_wide
])

ss_cmd = ns_cmd_prefix + "ss -peaonmi"
ss_pred = SoSPredicate(self, kmods=['tcp_diag', 'udp_diag',
'inet_diag', 'unix_diag',
'netlink_diag',
'af_packet_diag'])
if self.test_predicate(self, pred=ss_pred) or \
self.get_option("allow_kmod_load"):
self.add_cmd_output(ss_cmd)
else:
self._log_warn("skipped command '%s' as it requires some "
"*_diag kernel module that is unloaded; "
"use --allow-kmod-load to collect it"
% ss_cmd)

# Devices that exist in a namespace use less ethtool
# parameters. Run this per namespace.
for namespace in self.get_ip_netns(ip_netns_file):
Expand Down

0 comments on commit 610649f

Please sign in to comment.