lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210817114402.78463d9d@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date:   Tue, 17 Aug 2021 11:44:02 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Jonas Bechtel <post@...chtel.de>
Cc:     netdev@...r.kernel.org, David Ahern <dsahern@...il.com>
Subject: Re: ss command not showing raw sockets? (regression)

On Tue, 17 Aug 2021 20:21:35 +0200 Jonas Bechtel wrote:
> On Tue, 17 Aug 2021 08:04:51 -0700
> Jakub Kicinski <kuba@...nel.org> wrote with subject
> > I had a look, I don't see anything out of the ordinary. I checked with
> > v4.6, I don't have a 4.4 box handy. It seems ss got support for
> > dumping over netlink in the 4.9. On a 4.4 kernel it should fall back
> > to using procfs tho, raw_show() calls inet_show_netlink() which
> > should fails and therefore the code should fall through to the old
> > procfs stuff.
> > 
> > No idea why that doesn't happen for you. Is this vanilla 4.4 or does
> > it have backports? Is there a /sys/module/raw_diag/ directory on your
> > system after you run those commands?  
> 
> It's was Knoppix distributed package. I don't know about the exact
> contents, there's also no hint in package description. I just know
> that it works without initrd, as it directly mounts the root disk.
> 
> No, there's /sys/module but no /sys/module/raw_diag/ neither before
> nor after running those commands.

Hm. Could you share the config for that kernel? I don't know Knoppix
but there should be a /boot/config-* or /proc/config.gz, hopefully.

> > Does setting PROC_NET_RAW make the newer iproute version work for
> > you?
> > 
> > $ PROC_NET_RAW=/proc/net/raw ss -awp  
> 
> Yes, this did the trick. (And again I was thinking programs were
> doing something "magical", but in the end it's just a file they
> access)
> 
> 
> Furthermore I checked with Linux 4.19.0 amd64 RT (Debian package;
> from package description: "This kernel includes the PREEMPT_RT
> realtime patch set."). With this kernel there was no need for
> PROC_NET_RAW. All iproute versions worked out of the box and showed
> even command name, pid and fd number (that's why ss traverses all
> /proc/[pids]/fd/ directories?).
> 
> 
> See attached log file, with kernel versions and iproute2 versions
> printed.
> 
> 
> @kuba With PROC_NET_RAW I consider the problem is found, isn't it? So
> I will not download/bisect<->build or otherwise investigate the
> problem until one of you explicitely asks me to do so.
> 
> I have now redirected invocation of command with set PROC_NET_RAW on
> my system, and may (try to) update to Linux 4.19.

I suspect the bisection would end up at the commit which added 
the netlink dump support, so you can hold off for now, yes.

My best guess right now is that Knoppix has a cut-down kernel 
config and we don't handle that case correctly.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ