Am using netstat from net-tools 1.60-r13. After reboot, I ssh to system and type "netstat". Top of output correctly shows my ssh session. If I then type "netstat --inet" the current session no longer is displayed. Noticed the problem recently, but am not sure when problem 1st appeared. Kernel was 2.6.22-r8, so upgraded to latest (2.6.24-r7) with no change in behavior. Using "lsof -i :22" DOES show correct data; I'm not sure if this means the bug is in netstat, or elsewhere. Reproducible: Always Steps to Reproduce: 1. ssh to system 1a. From normal user, or after su'ing to root: 2. Type "netstat" and observe TCP data 3. Type "netstat --inet" and see the ssh session no longer appears. Actual Results: thorsond@gluon ~ $ uname -a Linux gluon 2.6.24-gentoo-r7 #1 SMP PREEMPT Mon May 12 16:45:47 CDT 2008 i686 Intel(R) Xeon(TM) CPU 2.80GHz GenuineIntel GNU/Linux thorsond@gluon ~ $ netstat --inet Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State thorsond@gluon ~ $ netstat --inet -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 gluon.DOMAIN:http *:* LISTEN tcp 0 0 gluon.DOMAIN:http *:* LISTEN udp 0 0 *:syslog *:* udp 0 0 *:tftp *:* thorsond@gluon ~ $ netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60740 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 204 @/org/kernel/udev/udevd unix 3 [ ] STREAM CONNECTED 7607 /dev/log unix 3 [ ] STREAM CONNECTED 7606 unix 3 [ ] STREAM CONNECTED 7597 unix 3 [ ] STREAM CONNECTED 7596 unix 3 [ ] STREAM CONNECTED 7525 /dev/log unix 3 [ ] STREAM CONNECTED 7524 After su-ing to root, checked using lsof: gluon ~ # lsof -i :22 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME sshd 4806 root 3u IPv6 7142 TCP *:ssh (LISTEN) sshd 4864 root 3r IPv6 7238 TCP gluon.DOMAIN:ssh->dan-thorson.DOMAIN:60740 (ESTABLISHED) sshd 5091 thorsond 3u IPv6 7238 TCP gluon.DOMAIN:ssh->dan-thorson.DOMAIN:60740 (ESTABLISHED) sshd 5112 root 3r IPv6 7665 TCP gluon.DOMAIN:ssh->dan-thorson.DOMAIN:60746 (ESTABLISHED) sshd 5115 thorsond 3u IPv6 7665 TCP gluon.DOMAIN:ssh->dan-thorson.DOMAIN:60746 (ESTABLISHED) gluon ~ # netstat --inet Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State Expected Results: "netstat --inet" should still show active connections I expected the output of "netstat --inet" to look the same as the top-section of "netstat". That is, if "netstat" shows: gluon ~ # netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60740 ESTABLISHED tcp 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60746 ESTABLISHED tcp 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60755 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 204 @/org/kernel/udev/udevd unix 3 [ ] STREAM CONNECTED 10574 /dev/log [ snip ] Then "netstat --inet" should generate: gluon ~ # netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60740 ESTABLISHED tcp 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60746 ESTABLISHED tcp 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60755 ESTABLISHED Note that I have other systems running on a similar platform for which this works (they're running 2.6.22-r9 and net-tools 1.60-r13), so I know that this is the way it should be. One significant difference between the working and non-working system is that the system which does not work using "netstat --inet" has IPv6 enabled (CONFIG_IPV6=y), and the working systems do NOT have IPv6 (CONFIG_IPV6=n). gluon ~ # emerge --info Portage 2.1.4.4 (default-linux/x86/2007.0/server, gcc-4.1.2, glibc-2.6.1-r0, 2.6.24-gentoo-r7 i686) ================================================================= System uname: 2.6.24-gentoo-r7 i686 Intel(R) Xeon(TM) CPU 2.80GHz Timestamp of tree: Sun, 11 May 2008 12:35:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p33 dev-java/java-config: 1.3.7, 2.1.6 dev-lang/python: 2.3.5-r3, 2.4.4-r9 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -pipe -march=i686 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -march=i686 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.chem.wisc.edu/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://mirror.uni-c.dk/pub/gentoo/" LINGUAS="en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://lepton.DOMAIN/gentoo-portage" USE="acl apache2 berkdb cli cracklib crypt cups dri fortran gdbm gpm iconv ipv6 isdnlog ldap mailwrapper midi mudflap ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection session snmp spl ssl tcpd truetype unicode x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
could you give netstat-1.60_p#### a quick test please
Added =sys-apps/net-tools-1.60_p20071202044231-r1 to package.keywords and re-emerged: # emerge -uDNatv net-tools Calculating dependencies... done! [ebuild U ] sys-apps/net-tools-1.60_p20071202044231-r1 [1.60-r13] USE="nls -static" 180 kB [ebuild R ] app-arch/lzma-utils-4.32.5 USE="-nocxx%" 0 kB No change in behavior: gluon portage # netstat | grep ssh tcp6 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60740 ESTABLISHED tcp6 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60746 ESTABLISHED tcp6 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60755 ESTABLISHED gluon portage # netstat --inet | grep ssh gluon portage # Although I think it's interesting that the output now shows "tcp6" instead of the (correct) "tcp" (my ssh client is ipv4-only). The SSH daemon seems to be the only one which shows up as tcp6: gluon portage # netstat -a | grep tcp tcp 0 0 *:submission *:* LISTEN tcp 0 0 gluon.DOMAIN:http *:* LISTEN tcp 0 0 gluon.DOMAIN:http *:* LISTEN tcp 0 0 *:omni *:* LISTEN tcp 0 0 *:ftp *:* LISTEN tcp 0 0 *:nessus *:* LISTEN tcp 0 0 *:smtp *:* LISTEN tcp 0 0 *:snpp *:* LISTEN tcp 0 0 gluon.DOMAIN:http dan-thorson.DOMAIN:61767 ESTABLISHED tcp 681 0 gluon.DOMAIN:44101 OK101B.DOMAIN:telnet ESTABLISHED tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 40 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60740 ESTABLISHED tcp6 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60746 ESTABLISHED tcp6 0 0 gluon.DOMAIN:ssh dan-thorson.DOMAIN:60755 ESTABLISHED
Did you need more information? What can I do to help?
at this point, someone just has to dig into the source code and track down the issue ...
<bugzilla admin hat> I have removed the subdomain and domain information per a request from the original submitter. </bugzilla admin hat> Also, I have seem something similar to this bug based strictly on the SSH configuration. You may be using a IPv4 host, but it is possible that an application uses and IPv6 socket with a v4-in-v6 style address.
sounds like things are working correctly -- the --inet option shows IPv4, and your ssh connections are IPv6. using --inet6 shows the IPv6 connections.
I'm still using net-tools-1.60_p20071202044231-r1 but it also works for me. I have recently upgraded to kernel 2.6.31-gentoo-r6... hard to say where the fix ultimately came from... just glad it's working!
