Hi! A recent kernel security update[1] caused some issues with our ctdb cluster; messages like: | We are still serving a public IP 'x.x.x.x' that we should not be serving. Removing it | common/system_common.c:89 failed to open raw socket (Invalid argument) | Could not find which interface the ip address is hosted on. can not release it and | common/system_linux.c:344 failed to open raw socket (Invalid argument) The corresponding parts in ctdb's code look like this: | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); converting IPPROTO_RAW to 0xff00 (from strace): | socket(PF_INET, SOCK_RAW, 0xff00 /* IPPROTO_??? */) = -1 EINVAL (Invalid argument) Removing htons() from both calls seems to fix the issue for us. Is it possible that the call to htons is just wrong and should be removed? -- Adi [1] https://security-tracker.debian.org/tracker/CVE-2015-8543
Hi, On Wed, Jan 27, 2016 at 9:51 PM, Adi Kriegisch <adi at cg.tuwien.ac.at> wrote:> Hi! > > A recent kernel security update[1] caused some issues with our ctdb > cluster; messages like: > | We are still serving a public IP 'x.x.x.x' that we should not be > serving. Removing it > | common/system_common.c:89 failed to open raw socket (Invalid argument) > | Could not find which interface the ip address is hosted on. can not > release it > and > | common/system_linux.c:344 failed to open raw socket (Invalid argument) > > The corresponding parts in ctdb's code look like this: > | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); > converting IPPROTO_RAW to 0xff00 (from strace): > | socket(PF_INET, SOCK_RAW, 0xff00 /* IPPROTO_??? */) = -1 EINVAL > (Invalid argument) > > Removing htons() from both calls seems to fix the issue for us. Is it > possible that the call to htons is just wrong and should be removed? > > -- Adi > > [1] https://security-tracker.debian.org/tracker/CVE-2015-8543 >Thanks for reporting the issue. Yes, htons() in socket() call is wrong and should be removed. Can you create a bug report on bugzilla.samba.org against CTDB? Thanks. Amitay.
Hi!> Removing htons() from both calls seems to fix the issue for us. Is it > possible that the call to htons is just wrong and should be removed?[...]> Thanks for reporting the issue. Yes, htons() in socket() call is wrong > and should be removed. > > Can you create a bug report on [3]bugzilla.samba.org against CTDB?Done. See https://bugzilla.samba.org/show_bug.cgi?id=11705 Thanks, Adi
Maybe Matching Threads
- ctdb, raw sockets and CVE-2015-8543
- [Bug 734] New: Iptables on Arm Processor with Vanilla Kernel
- ctdb, raw sockets and CVE-2015-8543
- [Bug 467] iptables is complaining with bogus unknown error 18446744073709551615
- [Bug 541] New: bad error mesage when run as not root