Re: DOC: Suggest to replace the netstat commands
On 2019-07-09 10:12, Willy Tarreau wrote: On Tue, Jul 09, 2019 at 10:09:36AM +0200, Klaus Foerster wrote: It might be a good idea to show the netstat and the ss command. netstat is for example no more installed by default on ubuntu systems, whereas ss is. Of course netstat can be installed without issues, but it's not there by default. That's sad, though it's understandable given that ubuntu is not exactly made to be primarily used from the command line for most of their users, so they possibly don't care about end-user's experience in production environments where people like to use the same commands on all of their systems. But indeed, indicating what command to run instead of netstat on Linux (at least as a recommended lower cost solution) would be nice. Hello, I agree with Willy, as a Linux user (Debian) I've only seen my point of view based on my Linux experience. If the 'ss' tool is no present on *bsd by example, we have to leave the doc the more compatible as possible. So forgot my suggestion, sorry for your time. Regards, -- [Alain Belkadi / LinuxBeach]
DOC: Suggest to replace the netstat commands
Hello,
As the "netstat" command is deprecated since a long time (1), I suggest
to replace it with other commands like ss and ip.
I've made a first patch for this. As the number of columns is higher
than the 80 standard, I've made a second patch with less long lines ...
but that don't fit inside 80 chars and if I remove more spaces that
don't looks good.
(1) https://en.wikipedia.org/wiki/Netstat
Regards,
--
[Alain Belkadi / LinuxBeach]From 0678b8610ee5931cd31edb66091a09faf21dc1ad Mon Sep 17 00:00:00 2001
From: Alain Belkadi
Date: Mon, 8 Jul 2019 16:17:17 +0200
Subject: [PATCH 1/2] DOC: Replace the deprecated "netstat" command with more
recent tools
---
doc/management.txt | 33 -
1 file changed, 16 insertions(+), 17 deletions(-)
diff --git a/doc/management.txt b/doc/management.txt
index 93bee671..59ffb1ed 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -103,16 +103,14 @@ connections and to initiate outgoing connections. An immediate effect of this is
that there is no relation between packets observed on the two sides of a
forwarded connection, which can be of different size, numbers and even family.
Since a connection may only be accepted from a socket in LISTEN state, all the
-sockets it is listening to are necessarily visible using the "netstat" utility
+sockets it is listening to are necessarily visible using the "ss" utility
to show listening sockets. Example :
- # netstat -ltnp
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address StatePID/Program name
- tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1629/sshd
- tcp0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2847/haproxy
- tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2847/haproxy
-
+ # ss -ltnp
+ StateRecv-Q Send-Q Local Address:Port Peer Address:Port
+ LISTEN 0128 0.0.0.0:80 0.0.0.0:* users:(("haproxy",pid=29687,fd=10))
+ LISTEN 0128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=18594,fd=3))
+ LISTEN 0128 [::]:22[::]:* users:(("sshd",pid=18594,fd=4))
3. Starting HAProxy
---
@@ -2779,7 +2777,7 @@ is ignored. The reason is that in fact even the new process is restarted with a
new configuration, the old one also gets some incoming connections and
processes them, returning unexpected results. When in doubt, just stop the new
process and try again. If it still works, it very likely means that an old
-process remains alive and has to be stopped. Linux's "netstat -lntp" is of good
+process remains alive and has to be stopped. Linux's "ss -lntp" is of good
help here.
When adding entries to an ACL from the command line (eg: when blacklisting a
@@ -2953,14 +2951,15 @@ not noticeable at the naked eye. If they appear a lot in the traces, it is
worth investigating exactly what happens and where the packets are lost. HTTP
doesn't cope well with TCP losses, which introduce huge latencies.
-The "netstat -i" command will report statistics per interface. An interface
-where the Rx-Ovr counter grows indicates that the system doesn't have enough
-resources to receive all incoming packets and that they're lost before being
-processed by the network driver. Rx-Drp indicates that some received packets
-were lost in the network stack because the application doesn't process them
-fast enough. This can happen during some attacks as well. Tx-Drp means that
-the output queues were full and packets had to be dropped. When using TCP it
-should be very rare, but will possibly indicate a saturated outgoing link.
+The "ip -s link" command will report statistics per interface. An interface
+where the 'RX overrun' counter grows indicates that the system doesn't have
+enough resources to receive all incoming packets and that they're lost before
+being processed by the network driver. 'RX dropped' indicates that some
+received packets were lost in the network stack because the application doesn't
+process them fast enough. This can happen during some attacks as well.
+TX dropped means that the output queues were full and packets had to be
+dropped. When using TCP it should be very rare, but will possibly indicate a
+saturated outgoing link.
13. Security considerations
--
2.11.0
From c94d7f2bd58947e220a560e0a7f42318051dc5db Mon Sep 17 00:00:00 2001
From: Alain Belkadi
Date: Mon, 8 Jul 2019 16:40:00 +0200
Subject: [PATCH 2/2] DOC: Replace the deprecated "netstat" command with more
recent tools
---
DOC: Fix typo in management.txt
Hello, An another patch for a typo in management.txt Regards, -- [Alain Belkadi / LinuxBeach]From 492a84aa7f25444b89e5224a5cf015a8e12fb683 Mon Sep 17 00:00:00 2001 From: Alain Belkadi Date: Mon, 8 Jul 2019 14:27:10 +0200 Subject: [PATCH] DOC: Fix a typo in management.txt --- doc/management.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/management.txt b/doc/management.txt index 93bee671..d5f0 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -127,7 +127,7 @@ followed by one of more letters, and possibly followed by one or multiple extra arguments. Without any option, HAProxy displays the help page with a reminder about supported options. Available options may vary slightly based on the operating system. A fair number of these options overlap with an equivalent one -if the "global" section. In this case, the command line always has precedence +in the "global" section. In this case, the command line always has precedence over the configuration file, so that the command line can be used to quickly enforce some settings without touching the configuration files. The current list of options is : -- 2.11.0
DOC: Fix typo in management.txt
Hello, A fix for a typo in ยง3. Regards, -- [Alain Belkadi / LinuxBeach]From 35c31e13d5b8c87f1781674c7a6434cda50716c1 Mon Sep 17 00:00:00 2001 From: Alain Belkadi Date: Mon, 8 Jul 2019 14:12:16 +0200 Subject: [PATCH] DOC: Fix a typo in management.txt --- doc/management.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/management.txt b/doc/management.txt index 93bee671..6a1dcf2a 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -123,7 +123,7 @@ passed on the command line. The actual syntax is : $ haproxy []* where []* is any number of options. An option always starts with '-' -followed by one of more letters, and possibly followed by one or multiple extra +followed by one or more letters, and possibly followed by one or multiple extra arguments. Without any option, HAProxy displays the help page with a reminder about supported options. Available options may vary slightly based on the operating system. A fair number of these options overlap with an equivalent one -- 2.11.0
Fix typo in management.txt
Hello, I've found a little typo in management.txt Regards, -- [Alain Belkadi / LinuxBeach]From b62365ce6c78157a1efd23ad4a150434fbe473d9 Mon Sep 17 00:00:00 2001 From: Alain Belkadi Date: Mon, 8 Jul 2019 11:09:54 +0200 Subject: [PATCH] [DOC] Fix typo in management.txt --- doc/management.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/management.txt b/doc/management.txt index 93bee671..e6b55d77 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -48,7 +48,7 @@ familiar with troubleshooting utilities such as strace and tcpdump. 2. Quick reminder about HAProxy's architecture -- -HAProxy is a multi-threaded, event-driven, non-blocking daemon. This means is +HAProxy is a multi-threaded, event-driven, non-blocking daemon. This means it uses event multiplexing to schedule all of its activities instead of relying on the system to schedule between multiple activities. Most of the time it runs as a single process, so the output of "ps aux" on a system will report only one -- 2.11.0
[PATCH] DOC: Fix typo in intro.txt
Hello, You will find as attachement my first ultra-small contribution to the documentation, a fix for a typo. Regards, -- [Alain Belkadi / LinuxBeach]From ba4a3f9674d31622a002a12a97b7ae6fdeb080b7 Mon Sep 17 00:00:00 2001 From: Alain Belkadi Date: Fri, 5 Jul 2019 10:12:40 +0200 Subject: [PATCH] DOC: Fix typo in intro.txt --- doc/intro.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/intro.txt b/doc/intro.txt index 0ee9fa2d..4eaf18ef 100644 --- a/doc/intro.txt +++ b/doc/intro.txt @@ -1071,7 +1071,7 @@ components. HAProxy provides very detailed logs, with millisecond accuracy and the exact connection accept time that can be searched in firewalls logs (e.g. for NAT -correlation). By default, TCP and HTTP logs are quite detailed an contain +correlation). By default, TCP and HTTP logs are quite detailed and contain everything needed for troubleshooting, such as source IP address and port, frontend, backend, server, timers (request receipt duration, queue duration, connection setup time, response headers time, data transfer time), global -- 2.11.0
