On Fri, Sep 16, 2016 at 10:06:23AM +0300, Cyrill Gorcunov wrote: > On Thu, Sep 15, 2016 at 05:45:02PM -0600, David Ahern wrote: > > > > > > Try to be selective in the -K , do not kill tcp sockets ? > > > > I am running > > ss -aKw 'dev == red' > > > > to kill raw sockets bound to device named 'red'. > > Thanks David, Eric! I'll play with this option today and report the results.
I created veth pair and bound raw socket into it. [root@pcs7 iproute2]# misc/ss -A raw State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 127.0.0.1:ipproto-255 127.0.0.10:ipproto-9090 UNCONN 0 0 127.0.0.10:ipproto-255 *:* UNCONN 0 0 :::ipv6-icmp :::* UNCONN 0 0 :::ipv6-icmp :::* ESTAB 0 0 ::1:ipproto-255 ::1:ipproto-9091 UNCONN 0 0 ::1%vm1:ipproto-255 :::* [root@pcs7 iproute2]# [root@pcs7 iproute2]# misc/ss -aKw 'dev == vm1' State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 ::1%vm1:ipproto-255 :::* [root@pcs7 iproute2]# misc/ss -A raw State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 127.0.0.1:ipproto-255 127.0.0.10:ipproto-9090 UNCONN 0 0 127.0.0.10:ipproto-255 *:* UNCONN 0 0 :::ipv6-icmp :::* UNCONN 0 0 :::ipv6-icmp :::* ESTAB 0 0 ::1:ipproto-255 ::1:ipproto-9091 so it get zapped out. Is there some other way to test it?