[conspire] ss(8) (was: Re: Party with iproute2 like it's 1999)

[Michael Paoli]

> From: "Ruben Safir" <ruben at mrbrklyn.com>
> Subject: Re: [conspire] ss(8) (was: Re:  Party with iproute2 like it's 1999)
> Date: Fri, 13 Mar 2020 07:31:59 -0400

> On Fri, Mar 13, 2020 at 01:58:10AM -0700, Michael Paoli wrote:
>> ss(8) is damn fine!  :-)  Though it *does* take some getting used to.
>>
>> One of many cool things with ss(8) is it does in-kernel filtering.
>> E.g., want to know if one has stuff listening on TCP ports 80 and/or 443?:
>> $ ss -nlt '( sport = :80 or sport = :443 )'
>> State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
>> LISTEN     0      128         :::80                      :::*
>> LISTEN     0      128         :::443                     :::*
>> $
>
> Your inability to use grep is not a reason to be stuck with such a
> complex and shitty program.

My my.  Well, second of all, ss(8) isn't a "shitty" program.
Complex? ... debatable - and relative/context.
And not exactly (if at all?) more (or much more) complex than netstat.

And firstly, inability to use grep?  Really?
I'm probably in the top 5%, if not 3% or better, of most typical
DevOps grep wielding environments.  I've used grep since at least
1980.  Regular Expressions (REs) and grep, etc.?
I've taught sessions multiple times on REs, including grep.
How many have you taught?
How many times have you done such presentation at a
[Linux] User Group ([L]UG) or presented such to an audience
of co-workers?
Did you cover all of shell meta-syntax/globbing (a type of RE,
but mostly referred to as globbing and wildcard matching, rather
than RE, though technically also RE),
Unix/POSIX Basic Regular Expressions (BREs),
Unix/POSIX Extended Regular Expressions (EREs)
Common BSD extensions,
Perl REs,
their uses/availabilities in various relevant utilities
and languages, and other common variations of REs in
Unix/Linux contexts?

Do you know how to use grep to get the 5-character
palindromes from /usr/share/dict/words (or similar list of words)?
Do you know how to use grep, and not egrep nor grep with -E
(nor --extended-regexp) option,
to search multiple alternative REs with a single grep command?
How 'bout at least 2 distinct ways to have fgrep (or grep -F) match
any of a set of various strings with a single fgrep (or grep -F)
command.  How much of that would you know without even looking it up?
How 'bout the common usage, where someone is trying to get the PID of
some_process_name, and does something like:
ps [-maybe_some_options] | grep some_process_name
And then they find that also gives them their grep process itself, matching
the some_process_name argument, so then they change it to:
ps [-maybe_some_options] | grep some_process_name | grep -v grep
Well, that's two whole grep commands.  Do you know how to do it
in one?  Do you know how to do it in one with only one RE?
How 'bout instead with a single use of sed(1), or awk(1)?
How many times have you exercised grep enough that you found a
regression bug in grep(1)?  (I checked to report it, would've reported
it, but someone had already beat me to it ... long time ago, and I believe
also fixed now long ago).

> REALLY '( sport = :80 or sport = :443 )'
>
> This is an example of the kind of thinking that makes a program like ss
> suck so much.

Nope.  Hardly some one-off syntax.  Same syntax used by iproute2,
and much code using that common source base.  So, expect to see it
in many - and increasingly many - places (also, newer Linux is switching
from legacy iptables to nftables based iptables ... you aren't still
using ipchains, are you?).

You aren't still putting everything in /etc/hosts and trying to maintain
a "master" /etc/hosts for everyone, 'cause you don't want to use that
newfangled DNS thing now, are you?

> That is my opinion.  I learned the prinicple of KISS in the army where
> getting things done can save your life, and memorizing obscure syntax is
> a waste of time that prevents one from drinking at the Hassinda..
> or can get your killed in the battlefield.

I don't think I want to be drinking at the Hassinda (whatever that
is ... or prinicple is) ...
*that* might get one killed on the battlefield.

You don't have to memorize everything.  Use it frequently enough, you
probably will.  Infrequently - fine, look it up once in a while.

Need to do it fast - fine, practice it, or use something you're already
well familiar with it ... or script/program it.
netstat ... | grep ...
might be fast and easy for you to remember, but may not be nearly as
efficient, and may also be more error prone - notably with potential false
positives - particularly if one isn't quite careful with the REs.
Helluva lot safer (and more efficient) to have ss(8) do the matching
for you - and get exactly and only what you want.  Think of the
full proper RE to match an IP address, say in range 127.1.2.0/25
and then think how you can match it with ss(8): 127.1.2.0/25
Which do you think is more probable to introduce errors?
Now think of similar exercise for a range of IPv6 addresses.
Having fun yet?  Did you cover *all* the possible correct syntax
for those IPv6 addresses with your grep RE(s)?

Anyway, your choice - I'm not tellin' you what to do.

But if you ever want someone to set up a grep / RE challenge between
you and I, let me know - I'm probably up for it, are you?