On 4/30/20 9:52 AM, Dmitry Yakunin wrote: > This patch introduces two new features: obtaining cgroup information and > filtering sockets by cgroups. These features work based on cgroup v2 ID > field in the socket (kernel should be compiled with CONFIG_SOCK_CGROUP_DATA). > > Cgroup information can be obtained by specifying --cgroup flag and now contains > only pathname. For faster pathname lookups cgroup cache is implemented. This > cache is filled on ss startup and missed entries are resolved and saved > on the fly. > > Cgroup filter extends EXPRESSION and allows to specify cgroup pathname > (relative or absolute) to obtain sockets attached only to this cgroup. > Filter syntax: ss [ cgroup PATHNAME ] > Examples: > ss -a cgroup /sys/fs/cgroup/unified (or ss -a cgroup .) > ss -a cgroup /sys/fs/cgroup/unified/cgroup1 (or ss -a cgroup cgroup1) > on a kernel without support for this feature: $ misc/ss -a cgroup /sys/fs/cgroup/unified RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process New iproute2 can be run on older kernels, so errors should be cleanly handled.
