Skip to content

lsfd: decode protocol numbers of RAW and RAW6 sockets #3687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

lsfd: decode protocol numbers of RAW and RAW6 sockets #3687

wants to merge 1 commit into from
+209 −45

Conversation

masatake
Copy link
Member

NOTE: this chage breaks compatibility of existing -Q expression used in a shell script; the data type of RAW.PROTOCOL has changed from to .

With this change, lsfd decodes RAW.PROTOCOL with a built-in table based on linux/in.h and getprotobynumber(3) that may refer to /etc/protocols internally.

In addition, this change adds RAW.PROTOCOL.RAW column that holds the original protocol numbers.

# lsfd -Q 'TYPE == "RAWv6"' 
COMMAND          PID USER ASSOC  XMODE  TYPE SOURCE MNTID INODE NAME
NetworkManager  2424 root    27 rw---m RAWv6 sockfs    11 36083 state=close protocol=58 laddr=::
# ./lsfd -Q 'TYPE == "RAWv6"'
COMMAND          PID USER ASSOC  XMODE  TYPE SOURCE MNTID INODE NAME
NetworkManager  2424 root    27 rw---m RAWv6 sockfs    11 36083 state=close protocol=icmpv6 laddr=::

@masatake masatake force-pushed the lsfd--raw-decode-protocol branch from 317d346 to a9cbb33 Compare August 20, 2025 09:04
@karelzak
Copy link
Collaborator

It would be nice to have a note in the man page stating that between versions v2.39 and v2.41, it was a number.

@masatake
lsfd: decode protocol numbers of RAW and RAW6 sockets
2e45f54 
NOTE: this chage breaks compatibility of existing -Q expression used
in a shell script; the data type of RAW.PROTOCOL has changed from
<number> to <string>.

With this change, lsfd decodes RAW.PROTOCOL with a built-in table
based on linux/in.h and getprotobynumber(3) that may refer to
/etc/protocols internally.

In addition, this change adds RAW.PROTOCOL.RAW column that holds
the original protocol numbers.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
@masatake masatake force-pushed the lsfd--raw-decode-protocol branch from a9cbb33 to 2e45f54 Compare August 20, 2025 12:11
@masatake
Copy link
Member Author

It would be nice to have a note in the man page stating that between versions v2.39 and v2.41, it was a number.

Added the note to the main page. Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@masatake @karelzak