diff options
| author | Pavel Moravec <pmoravec@redhat.com> | 2019-06-11 19:46:18 +0200 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2019-08-16 14:17:37 +0100 |
| commit | f84df0fe8311da4f478adf7b27a911fe3ed0535f (patch) | |
| tree | f9ca35a612db8fd9491f28926f3c1ffb8ef49aa0 | |
| parent | f2e7ac47eb96f59362c0e2c0271642377562d746 (diff) | |
| download | sos-f84df0fe8311da4f478adf7b27a911fe3ed0535f.tar.gz | |
[networking] collect commands only when required kernel modules are loaded
- "ip -s macsec show" requires "macsec" kmod loaded
- "ss -peaonmi" requires 6 *_diag kernel modules
Execute the commands only when the modules are loaded, or when explicitly
requested via --allow-system-changes option.
Resolves: #1435
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
| -rw-r--r-- | sos/plugins/networking.py | 46 |
1 files changed, 42 insertions, 4 deletions
diff --git a/sos/plugins/networking.py b/sos/plugins/networking.py index 015fb19e..b698816a 100644 --- a/sos/plugins/networking.py +++ b/sos/plugins/networking.py @@ -6,7 +6,8 @@ # # See the LICENSE file in the source distribution for further information. -from sos.plugins import Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin +from sos.plugins import (Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin, + SoSPredicate) from os import listdir import re @@ -130,7 +131,6 @@ class Networking(Plugin): self.add_cmd_output([ "netstat -s", "netstat %s -agn" % self.ns_wide, - "ss -peaonmi", "ip route show table all", "ip -6 route show table all", "ip -4 rule", @@ -144,9 +144,34 @@ class Networking(Plugin): "ip neigh show nud noarp", "biosdevname -d", "tc -s qdisc show", - "ip -s macsec show", ]) + # below commands require some kernel module(s) to be loaded + # run them only if the modules are loaded, or if explicitly requested + # via --allow-system-changes option + ip_macsec_show_cmd = "ip -s macsec show" + macsec_pred = SoSPredicate(self, kmods=['macsec']) + if self.test_predicate(self, pred=macsec_pred) or \ + self.get_option("allow_system_changes"): + self.add_cmd_output(ip_macsec_show_cmd) + else: + self._log_warn("skipped command '%s' as it requires kernel module " + "'macsecs' that is unloaded; use " + "--allow-system-changes to collect it" + % ip_macsec_show_cmd) + + ss_cmd = "ss -peaonmi" + ss_pred = SoSPredicate(self, kmods=['tcp_diag', 'udp_diag', + 'inet_diag', 'unix_diag', + 'netlink_diag', 'af_packet_diag']) + if self.test_predicate(self, pred=ss_pred) or \ + self.get_option("allow_system_changes"): + self.add_cmd_output(ss_cmd) + else: + self._log_warn("skipped command '%s' as it requires some *_diag " + "kernel module that is unloaded; use " + "--allow-system-changes to collect it" % ss_cmd) + # When iptables is called it will load the modules # iptables and iptables_filter if they are not loaded. # The same goes for ipv6. @@ -203,12 +228,25 @@ class Networking(Plugin): ns_cmd_prefix + "ip address show", ns_cmd_prefix + "ip route show table all", ns_cmd_prefix + "iptables-save", - ns_cmd_prefix + "ss -peaonmi", ns_cmd_prefix + "netstat %s -neopa" % self.ns_wide, ns_cmd_prefix + "netstat -s", ns_cmd_prefix + "netstat %s -agn" % self.ns_wide ]) + ss_cmd = ns_cmd_prefix + "ss -peaonmi" + ss_pred = SoSPredicate(self, kmods=['tcp_diag', 'udp_diag', + 'inet_diag', 'unix_diag', + 'netlink_diag', + 'af_packet_diag']) + if self.test_predicate(self, pred=ss_pred) or \ + self.get_option("allow_system_changes"): + self.add_cmd_output(ss_cmd) + else: + self._log_warn("skipped command '%s' as it requires some " + "*_diag kernel module that is unloaded; " + "use --allow-system-changes to collect it" + % ss_cmd) + # Devices that exist in a namespace use less ethtool # parameters. Run this per namespace. for namespace in self.get_ip_netns(ip_netns_file): |