From owner-freebsd-net@FreeBSD.ORG Tue Apr 1 02:52:21 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F2983B61; Tue, 1 Apr 2014 02:52:20 +0000 (UTC) Received: from mail108.syd.optusnet.com.au (mail108.syd.optusnet.com.au [211.29.132.59]) by mx1.freebsd.org (Postfix) with ESMTP id 9D6CC873; Tue, 1 Apr 2014 02:52:20 +0000 (UTC) Received: from c122-106-147-133.carlnfd1.nsw.optusnet.com.au (c122-106-147-133.carlnfd1.nsw.optusnet.com.au [122.106.147.133]) by mail108.syd.optusnet.com.au (Postfix) with ESMTPS id A36511A2373; Tue, 1 Apr 2014 13:52:11 +1100 (EST) Date: Tue, 1 Apr 2014 13:52:10 +1100 (EST) From: Bruce Evans X-X-Sender: bde@besplex.bde.org To: Alan Somers Subject: Re: netstat -i[d] violates PoLS In-Reply-To: Message-ID: <20140401114356.H878@besplex.bde.org> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Optus-CM-Score: 0 X-Optus-CM-Analysis: v=2.1 cv=U6SrU4bu c=1 sm=1 tr=0 a=7NqvjVvQucbO2RlWB8PEog==:117 a=PO7r1zJSAAAA:8 a=Jgj6Na71uFkA:10 a=kj9zAlcOel0A:10 a=JzwRw_2MAAAA:8 a=pH_1NX_M65PnUlo8CmYA:9 a=mL9aW2WkYNHipCf2:21 a=abbXOg4-yxIcHPkX:21 a=CjuIK1q_8ugA:10 Cc: attilio@freebsd.org, FreeBSD Net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2014 02:52:21 -0000 On Mon, 31 Mar 2014, Alan Somers wrote: > "netstat -i" prints dropped output packets iff you also use "-d". > Starting with r199803 on 2009-11-25, "netstat -i" prints dropped input > packets regardless of the "-d" flags. That is a PoLS violation, IMHO. > I think that the "-d" flag should control printing of dropped input > packets as well as dropped output packets. > > OTOH, this behavior has been around for more than 4 years, and some > scripts may rely on it. At the very least, the man page should be > updated to reflect r199803. This also destroyed the output formatting. Please fix other destructions of the output formatting in netstat too. FreeBSD-11 netstat -i: %%% Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll igb0 1500 68:b5:99:b5:2a:02 4189424443 2 0 2499213512 0 0 igb0 - 8.8.178.128/2 freefall 271628427 - - 248798734 - - igb0 - fe80::6ab5:99 fe80::6ab5:99ff:f 182226 - - 182602 - - ... %%% The Idrop column uses space that is not available. Despite using too many columns, the fields are not wide enough to line up. E.g., only 8 columns are available for Ipkts, but 10 are used. The Network and Address fields are also not wide enough. They don't use more columns than are available, but are blindly truncated. FreeBSD-5 netstat -i: %%% Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll bge0 1500 00:04:76:f3:ac:ad 0 0 5 0 0 ... rl0 1500 122.106.144/2 c122-106-147-133. 674 - 529 - - %%% This gives an example of address truncation even in FreeBSD-5. FreeBSD-11 netstat -id (header only): Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll Drop At least 4 more bugs are visible in this alone: 1. "Drop" is not spelled with an "s". Neither is "Coll". This is to save space. The unbroken format is 79 columns wide. Not a single column is available to consistantly pluralize these, so none were used. This is special to the non-I case. Plurals are used for -I. See below. Using more columns than are available to print Idrops turned this careful formatting into garbage. 2. "Idrop" is not spelled with an "s". This is inconsistent too, but there is more reason for it -- all the short fields have width 5, and keeping them all the same width makes the output easier to read. This leaves no space for pluralization. 3. "Drop" is not spelled with an "O". This together with consistently omitting "s" for IDrop and Drop leaves 1 fewer column under the header available for the numeric value for Drop than for Idrop, so the short fields can't actually all have width 5. 3a. The header only allows 4 columns for "Coll", by 5 are used. This doesn't completely break the formatting since it overlaps the 2-column gap between "Oerrs" and "Coll" in the header. This gap is really too small. It makes it look like "Coll" is associated with output. There is space for pluralization of "Coll" be shrinking the gap further. 3b. The header only allows 4 columns for "Drop". Actually, only 3 were used (preceded by a space). Now, none are used -- "Drop" is not printed at all, and there is an XXXGL comment reminding that they should be printed. Printing the column header without even printing 0's or '-'s under it is negatively useful. Extraction of fields using cut -c doesn't work due to the inconsistent formatting. "Drop" is normally the last field, so omitting its numeric value is not such a large problem. 3c. The above output shows strange printing of numeric values of 0 -- sometimes "0" is printed and sometimes "-" is printed. "-" is harder to post-process. 4. "Drop" is added at the end. If it were actually useful, then it would belong with the output fields, unlike "Coll". Note that what used to be under "Drop" is actually for input, and this was moved to be together with the other input fields. So if there were space for it, then it would not be a bug to print it unconditionally there. If this is fixed by printing it conditionally at the end again, then it needs an "I" in its name, and so would output "Drops" if these were actually counted. FreeBSD-5 netstat -id (header only): Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll Drop There was no space available for "Drop" here too. Perhaps it was intentionally left out. FreeBSD-11 netstat -r: %%% Destination Gateway Flags Netif Expire default router.v108.ysv.fr UGS igb0 8.8.178.128/26 link#1 U igb0 ... Internet6: Destination Gateway Flags Netif Expire ... fe80::6ab5:99ff:fe link#1 UHS lo0 %%% OK, except names are unnecessarily truncated because the fixed format is unnecessarily narrow. FreeBSD-11 netstat -rn: %%% Internet: Destination Gateway Flags Netif Expire default 8.8.178.129 UGS igb0 ... Internet6: Destination Gateway Flags Netif Expire ... 2001:1900:2254:206c::/64 link#1 U igb0 ... ff01::/32 fe80::6ab5:99ff:feb5:2a02 U igb0 %%% Broken. The fixed format is unnecessarily wide for all (?) cases and causes wrap for the "Expire" field. Most "Expire" values are 0, so they don't cause line wrap on every line. FreeBSD-11 netstat -I igb0 1: %%% input igb0 output packets errs idrops bytes packets errs bytes colls 8 0 0 1926 8 0 2345 0 9 0 0 1915 7 0 1921 0 %%% FreeBSD-5 netstat -I bge0 1: %%% input (bge0) output packets errs bytes packets errs bytes colls 0 0 0 0 0 0 0 0 0 0 0 0 0 0 %%% Note that everything is pluralized here. Capitalization is inconsistent with that for netstat -i, and worse. The source code has to use separate strings for the field names so as to handle different pluralization and other differences like expanding Ipkts to "input" on 1 line and "packets" on another line. This shows the following regressions: - lost parentheses around the interface name - the interface name and "output" were not moved to the right to adjust for the extra input field - "i" in "idrops" is more inconsistent than for netstat -i, since now it is the only i/o field name with an "i" or an "o" - the extra "i" is not compensated for in the numeric formatting. The numeric values are supposed to be right justified below with their description in the header, but are now off by 1 starting with "idrops". It was very unclear which fields the "input" and "output" headers are over. Now it is even less clear. The interface name used to be centered in the gap between the input and output fields. Now it is over the last input field. This could be improved by not using a separate header for "input" and "output". The abbreviation "I" used for netstat -i is much more readable. Adding -i to netstat -I... doesn't change anything. Adding -d extends the mess only slightly. There is still plenty of space for all the fields. Numeric values for the "drops" field are not available and not printed, as above. Related documentation bugs: - the new Idrops and idrops and the old Drop and Drops are not documented (neither are other field names or field formatting) - -d is still described as being for "dropped packets". It actually gives only the available info for dropped output packets, and that info is null. It used to give the available info for dropped input packets, and that info is not null. Bruce