Comment 33 for bug 722201

For this last "ss" syntax issue, I have opened a bug in samba upstream project and the most important comment, that explains what is happening, is this one:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13985

COMMENT: https://bugzilla.samba.org/show_bug.cgi?id=13985#c4

"""
Hello Martin,

Errrr, that puzzled me now, my workstation is a debian sid and, for obvious reasons, all my development environment is Ubuntu... I re-checked "ss" execution in Debian and it worked :\, went back to Ubuntu Eoan and it didn't.

inaddy@workstation:~$ ss -tn state established '( src [172.16.0.3] || src [172.16.0.3] ) ( sport == :22 )' | small
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 172.16.0.3:22 172.16.0.6:53580
0 0 172.16.0.3:22 172.16.0.6:62337
0 0 172.16.0.3:22 172.16.0.6:53587
...

(k)inaddy@ctdbserver01:~$ ss -tn state established '( src [172.16.0.3] || src [172.16.0.3] ) ( sport == :22 )' | small
ss: bison bellows (while parsing filter): "syntax error!" Sorry.
Usage: ss [ OPTIONS ]
       ss [ OPTIONS ] [ FILTER ]
   -h, --help this message
   -V, --version output version information
   -n, --numeric don't resolve service names
   -r, --resolve resolve host names
   -a, --all display all sockets
...

Checking different versions:

inaddy@workstation:~$ rmadison iproute2 | awk '{print $1 $2 $3 $4 $5}'
iproute2|3.16.0-2|oldstable
iproute2|4.9.0-1+deb9u1|stable
iproute2|4.9.0-1+deb9u1|stable-debug
iproute2|4.14.1-1~bpo9+1|stretch-backports
iproute2|4.20.0-2~bpo9+1|stretch-backports
iproute2|4.20.0-2~bpo9+1|stretch-backports-debug
iproute2|4.20.0-2|testing
iproute2|4.20.0-2|unstable
iproute2|4.20.0-2|unstable-debug
iproute2|5.1.0-1|experimental
iproute2|5.1.0-1|experimental-debug

inaddy@workstation:~$ rmad iproute2 | awk '{print $1 $2 $3 $4 $5}'
iproute2|3.12.0-2|trusty
iproute2|3.12.0-2ubuntu1.2|trusty-updates
iproute2|4.3.0-1ubuntu3|xenial
iproute2|4.3.0-1ubuntu3.16.04.5|xenial-updates
iproute2|4.15.0-2ubuntu1|bionic
iproute2|4.18.0-1ubuntu2~ubuntu18.04.1|bionic-backports
iproute2|4.18.0-1ubuntu2|cosmic
iproute2|4.18.0-1ubuntu2|disco
iproute2|4.18.0-1ubuntu2|eoan

Since Ubuntu is using an older version for quite awhile, I think latest change to this line broke compatibility with older versions. That, per se, could justify this patch.

commit 04fe9e20749985c71fef1bce7f6e4c439fe11c81
Author: Martin Schwenke <email address hidden>
Date: Thu Aug 27 00:22:49 2015

    ctdb-scripts: Use ss instead of netstat for finding TCP connections

    ss with a filter is much faster than post-processing output from
    netstat. CTDB already has a hard dependency on iproute2 for IP
    address handling, so depending on ss is no big deal.

    Signed-off-by: Martin Schwenke <email address hidden>
    Reviewed-by: Amitay Isaacs <email address hidden>

This is the change that introduced this "ss" code, and, I believe that this has been broken in Ubuntu since then. Actually I'm not aware that CTDB ever worked in Ubuntu the way it should, that's why I'm working in the following Bugs:

https://bugs.launchpad.net/ubuntu/+source/samba/+bug/722201
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1821775
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1828799
https://bugs.launchpad.net/ubuntu-server-ha/+bug/1831381
https://bugzilla.samba.org/show_bug.cgi?id=13984
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929931

To make it fully function for Eoan, and backport fixes up to Bionic, *at least*. Would you mind including this patch so we can have iproute2 backwards compatibility ? (Upgrading iproute2 in Ubuntu would mean re-certificating a bunch of stuff depending on it, including all openstack products, etc).

Thanks a lot!

Best Regards,
Rafael
"""