We run a dante sockd with multiple external interfaces, defined in sockd.conf by: external: address1 external: address2 .. external.rotation: route This means that sockd is supposed to pick the external interface the same way the system would do when connecting to the target address of the connection. This worked absolutely fine in dante-1.1.19_1, however in dante-1.3.2, it fails: Oct 4 10:47:21 (1317718041.076916) sockd[66696]: info: pass(2): tcp/accept [: 145.253.194.41.8642 192.168.51.131.1080 Oct 4 10:47:21 (1317718041.078002) sockd[66697]: warning: getoutaddr(): address 192.168.51.131.0 selected, but not set for external interface Indeed, 192.168.51.131.0 is not defined as an external address. Also the target address of the connection was not in any range that would be reached through 192.168.51.131. How can this happen, if external.rotation is route? It MIGHT be the case that it treats it as same-same... How-To-Repeat: Configure sockd as described above Connect See that the connect tries to go through the wrong interface and eventually fails. Observe the warning in syslog.
Responsible Changed From-To: freebsd-ports-bugs->anders Over to maintainer (via the GNATS Auto Assign Tool)
I tried to trace this in gdb. With another dante (1.1) as SOCKS5 client, the issue happens and looks like= this in gdb (attached to the first "requestcompleter" process sockd spawne= d): Breakpoint 1, getoutaddr (src=3D{s_addr =3D 2201200832}, dst=3D{s_addr =3D = 775042865}) at getoutaddr.c:262 262 if (sockscf.external.addrc <=3D 1 (gdb) print/x dst.s_addr $1 =3D 0x2e323731 (gdb) print (char[4])dst.s_addr $2 =3D "172." I think it's quite obvious that for some reason, the ASCII address got copi= ed into s_addr instead of converted to four bytes. Similar: nc -x 192.168.51.131:1080 -X 5 bamgmtRESTOFHOSTNAMEDELETED 22 Breakpoint 1, getoutaddr (src=3D{s_addr =3D 2201200832}, dst=3D{s_addr =3D = 1735221602}) at getoutaddr.c:262 262 if (sockscf.external.addrc <=3D 1 (gdb) print (char[4])dst.s_addr $3 =3D "bamg" (gdb)=20 The issue does not happen when using netcat and an explicit IP address as d= estination, or -X 4 (SOCKS4 protocol).=
I found some more: the issue is quite clearly caused by this change from 1.1.19 to 1.2.0 to do= request() in sockd_request.c (note that getifa() now is called getoutaddres= s()): =20 /* * Find address to bind on clients behalf. - * First get the IP address. + * First, the IP address ... */ switch (request->req.command) { - case SOCKS_BIND: /* either 0.0.0.0 or previous connectionad= dress, ok. */ + case SOCKS_BIND: case SOCKS_CONNECT: - case SOCKS_UDPASSOCIATE: { /* dst is 0.0.0.0. */ - struct sockaddr dst; - - sockshost2sockaddr(&io.dst.host, &dst); - - /* LINTED possible pointer alignment problem */ - if ((request->req.command =3D=3D SOCKS_CONNECT=20 - && (TOIN(&dst)->sin_addr.s_addr =3D=3D htonl(INA= DDR_ANY))) - || ((TOIN(&bound)->sin_addr =3D getifa(TOIN(&dst)->= sin_addr)).s_addr - =3D=3D htonl(INADDR_NONE))) { - snprintf(msg, sizeof(msg), "invalid address= : %s", - sockaddr2string(&dst, a, sizeof(a))); - - iolog(&io.rule, &io.state, OPERATION_CONNEC= T, &io.src.host, - &io.src.auth, &io.dst.host, &io.dst.auth, m= sg, 0); - - send_failure(request->s, &response, SOCKS_A= DDR_UNSUPP); - close(request->s); - return; - } + case SOCKS_UDPASSOCIATE: /* dst is 0.0.0.0. */ + TOIN(&bound)->sin_addr =3D getifa(io.dst.host.addr.ipv4); break; - } =20 default: SERRX(request->req.command); } The old code supported io.dst.host.atype =3D=3D SOCKS_ADDR_DOMAIN, the new = code only behaves right for SOCKS_ADDR_IPV4, as it no longer resolves the a= ddress like sockshost2sockaddr did.=
Responsible Changed From-To: anders->pgollucci committer&maintainer timeout (anders ; 125 days) / last commit: 97 days ago
Responsible Changed From-To: pgollucci->freebsd-ports-bugs With bugmeister hat, return to pool due to assignee ENOTIME. Note that this PR was already available for commit via maintainer-timeout.
Responsible Changed From-To: freebsd-ports-bugs->scheidell I'll take it.
State Changed From-To: open->feedback Rudolf: if you could attach, to this pr, a properally formated patch, we can test it and get maintainers approval. in your worksrc dir, with your fixes to sockd_request.c, do this: diff -ruN sockd_request.c.orig sockd_request.c > /tmp/patch-sockd_request.c upload it to the pr (attach it to an email, as an ascii text attachment, not inline, but an attachment) subject needs to be: Re: ports/161278: net/dante: getoutaddr(): address [...] selected, but not set for external interface Send it to bug-followup@freebsd.org I will test the patch, and package build in a tinderbox, send you port patches to test, and then we await the maintainers feedback. ok?
Shouldn't we instead just upgrade to upstream's 1.4.0-pre1 release? It has that very bug fixed: From their changelog: o external.rotation was not handling non-IPv4 target addresses correctly. Reported and diagnosed by Rudolf Polzer <rpolzer@one-it.de.example.com>= . I tested 1.4.0-pre1 already, and the only patch I needed was replacing an instance of sqrtl (long double sqrt) by sqrt because 7.4-RELEASE did not have sqrtl yet. Best regards, Rudolf Polzer=
On 7/4/12 10:33 AM, Rudolf Polzer wrote: > I tested 1.4.0-pre1 already, and the only patch I needed was replacing > an instance of sqrtl (long double sqrt) by sqrt because 7.4-RELEASE did > not have sqrtl yet. why not release it as an 'extra-patch-' and do an .if osversion extra_patch+= for it? hey, Im just the committer, not the maintainer or submitter. you post it, maintainer approves it, and it passes tinderbox, and portlint -abt, and I'll commit it. -- Michael Scheidell, CTO >*| * SECNAP Network Security Corporation d: +1.561.948.2259 w: http://people.freebsd.org/~scheidell
Responsible Changed From-To: scheidell->freebsd-ports-bugs Back to pool. Submitter timeout.
Hi Rudolf, unfortunately, there hasn't been any update on your PR for the net/dante port (see [1]) for quite a while. What is the current state of things here? Would you like to send a patch for updating the port to the latest version, as you proposed in your last followup to the port? Best regards, Stefan [1]: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/161278
Responsible Changed From-To: freebsd-ports-bugs->stefan Track this while waiting for submitter's feedback.
----- Forwarded message from Anders Nordby <anders@FreeBSD.org> ----- Date: Mon, 13 May 2013 10:27:04 +0200 From: Anders Nordby <anders@FreeBSD.org> To: stefan@FreeBSD.org Cc: freebsd-ports-bugs@FreeBSD.org, Rudolf Polzer <rpolzer@at-one-it.de> Subject: Re: ports/161278: net/dante: getoutaddr(): address [...] selected, but not set for external interface User-Agent: Mutt/1.5.21 (2010-09-15) Hi, From the author Michael Shuldman: "Dante 1.4.0 is scheduled to be out before the end of the summer. If you want a version without this bug, one must use a pre-release. But all the pre-releases uses more memory than the full releases. So I would continue with 1.3.2, this is probably not a bug that affects so meny, though it is bad for those affected." Cheers, Anders. On søn, mai 12, 2013 at 05:34:11pm +0000, stefan@FreeBSD.org wrote: > Synopsis: net/dante: getoutaddr(): address [...] selected, but not set for external interface > > Responsible-Changed-From-To: freebsd-ports-bugs->stefan > Responsible-Changed-By: stefan > Responsible-Changed-When: Sun May 12 17:33:53 UTC 2013 > Responsible-Changed-Why: > Track this while waiting for submitter's feedback. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=161278 -- Anders. _______________________________________________ freebsd-ports-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs To unsubscribe, send any mail to "freebsd-ports-bugs-unsubscribe@freebsd.org" ----- End forwarded message -----
Hi Anders, Anders Nordby, 13.05.13, 10:27h CEST: > From the author Michael Shuldman: "Dante 1.4.0 is scheduled to be out > before the end of the summer. If you want a version without this bug, > one must use a pre-release. But all the pre-releases uses more memory > than the full releases. So I would continue with 1.3.2, this is probably > not a bug that affects so meny, though it is bad for those affected." well, since all of the above is quoted, I assume all of it is the author's opinion. Since you're the maintainer of the port: What is your opinion on this, then? Should the port be modified or not? In case you want to re-assign the problem report to yourself and take care of it, you're welcome do so. Regards, Stefan
Hi, On man, mai 13, 2013 at 06:25:59pm +0200, Stefan Walter wrote: >> From the author Michael Shuldman: "Dante 1.4.0 is scheduled to be out >> before the end of the summer. If you want a version without this bug, >> one must use a pre-release. But all the pre-releases uses more memory >> than the full releases. So I would continue with 1.3.2, this is probably >> not a bug that affects so meny, though it is bad for those affected." > well, since all of the above is quoted, I assume all of it is the author's > opinion. Since you're the maintainer of the port: What is your opinion on > this, then? Should the port be modified or not? In case you want to > re-assign the problem report to yourself and take care of it, you're > welcome do so. It seems to me a better idea to patch this bug, but submitter has not provided a clean patch. A prerelease should go into a dante-devel port, and not replace the main port? Then again, Dante's release cycle is really slow, it could be a long waiting time to have it fixed upstream in a proper release. So I don't have a strong opinion against just upgrading to 1.4.0-pre1. If you think it's a good idea I'm ok. Bye, -- Anders.
Responsible Changed From-To: stefan->anders I'll leave the decision to the maintainer.
Hi! Any progress here? I'm looking forward for dante upgrade to 1.4.0. I tried to make patch, but sockd doesn't start (I don't have enough skill to solve it). Is it worth to provide what I've done?
hmm. nope, looks like dante doesn't worj at all under FreeBSD10.
I've opened PR ports/187792 It's about breakage. Here is patch to upgrade current version in ports (with STAGE). I don't know what to do first: upgrade it and then fix start under FreeBSD 10 or vice versa.
net/dante was updated to 1.4.0. This PR can be closed.
See PR#187792