lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Aug 2021 20:21:35 +0200
From:   Jonas Bechtel <post@...chtel.de>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     netdev@...r.kernel.org, David Ahern <dsahern@...il.com>
Subject: Re: ss command not showing raw sockets? (regression)



On Tue, 17 Aug 2021 08:04:51 -0700
Jakub Kicinski <kuba@...nel.org> wrote with subject
"Re: ss command not showing raw sockets? (regression)":

> On Mon, 16 Aug 2021 15:08:00 -0700 Jakub Kicinski wrote:
> > On Sun, 15 Aug 2021 23:17:38 +0200 Jonas Bechtel wrote:
> > > I've got following installation:
> > > * ping 32 bit version
> > > * Linux 4.4.0 x86_64 (yes, somewhat ancient)
> > > * iproute2  4.9.0 or 4.20.0 or 5.10.0
> > > 
> > > With one ping command active, there are two raw sockets on my
> > > system: one for IPv4 and one for IPv6 (just one of those is used).
> > > 
> > > My problem is that
> > > 
> > > ss -awp
> > > 
> > > shows 
> > > * two raw sockets (4.9.0)
> > > * any raw socket = bug (4.20.0)
> > > * any raw socket = bug (5.10.0)  
> > 
> > Could you clarify how the bug manifests itself? Does ss crash?
> > 
> > > So is this a bug or is this wont-fix (then, if it is related to
> > > kernel version, package maintainers may be interested)?  
> 
> I had a look, I don't see anything out of the ordinary. I checked with
> v4.6, I don't have a 4.4 box handy. It seems ss got support for
> dumping over netlink in the 4.9. On a 4.4 kernel it should fall back
> to using procfs tho, raw_show() calls inet_show_netlink() which
> should fails and therefore the code should fall through to the old
> procfs stuff.
> 
> No idea why that doesn't happen for you. Is this vanilla 4.4 or does
> it have backports? Is there a /sys/module/raw_diag/ directory on your
> system after you run those commands?

It's was Knoppix distributed package. I don't know about the exact contents, there's also no hint in package description. I just know that it works without initrd, as it directly mounts the root disk.

No, there's /sys/module but no /sys/module/raw_diag/ neither before nor after running those commands.

> 
> Does setting PROC_NET_RAW make the newer iproute version work for you?
> 
> $ PROC_NET_RAW=/proc/net/raw ss -awp

Yes, this did the trick. (And again I was thinking programs were doing something "magical", but in the end it's just a file they access)


Furthermore I checked with Linux 4.19.0 amd64 RT (Debian package; from package description: "This kernel includes the PREEMPT_RT realtime patch set."). With this kernel there was no need for PROC_NET_RAW. All iproute versions worked out of the box and showed even command name, pid and fd number (that's why ss traverses all /proc/[pids]/fd/ directories?).


See attached log file, with kernel versions and iproute2 versions printed.


@kuba With PROC_NET_RAW I consider the problem is found, isn't it? So I will not download/bisect<->build or otherwise investigate the problem until one of you explicitely asks me to do so.

I have now redirected invocation of command with set PROC_NET_RAW on my system, and may (try to) update to Linux 4.19.

Thank you!


Best Regards
 jbechtel



View attachment "ss_debug-logs.txt" of type "text/plain" (3901 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ