ocserv 0.9.0.1 not doing TLS handshake
Lemon Lam
alemonmk at gmail.com
Tue Jan 27 18:20:12 PST 2015
於 2015/1/28 上午 02:21, Nikos Mavrogiannopoulos 提到:
> On Tue, 2015-01-27 at 21:17 +0800, Lemon Lam wrote:
>> 於 2015/1/27 下午 09:10, Nikos Mavrogiannopoulos 提到:
>>> On Tue, Jan 27, 2015 at 10:39 AM, Lemon Lam <alemonmk at gmail.com> wrote:
>>>> 於 2015/1/27 下午 05:10, Nikos Mavrogiannopoulos 提到:
>>>>> On Tue, Jan 27, 2015 at 10:01 AM, Lemon Lam <alemonmk at gmail.com> wrote:
>>>>>>> Do you use linux-namespaces or seccomp? If yes try disabling it.
>>>>>>> Otherwise please provide more information about your build.
>>>>>> I can confirm that disabling seccomp do get rid of the problem.
>>>>> Then, could you provide more information about your kernel version,
>>>>> the cpu architecture, and the output of "strace -f" of ocserv?
>>>> Kernel is Linode's customised 3.18.1-x86_64, but the OS is i386.
>>>> strace output is attached.
>>>
>>> As far as I understand the seccomp filter does prevent select() from
>>> being executed. Do you have the latest libseccomp in that platform?
>>>
>> Yes, libseccomp2 from Debian repo is 2.1.1, same with the one on
>> sourceforge, aptitude tells me that it's up to date too.
>
> It looks like an issue in libseccomp. I've reported it to libseccomp ml,
> but I have no i686 system to reproduce. I'd appreciate if you could
> compile the attached select.c and report the output, here or in
> seccomp-discuss.
>
> https://sourceforge.net/p/libseccomp/mailman/message/33275762/
>
> regards,
> Nikos
>
select is blocked, as expected.
I've attached a strace output in case you need it.
regards,
Lam
-------------- next part --------------
execve("./a.out", ["./a.out"], [/* 17 vars */]) = 0
brk(0) = 0x9933000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7794000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=38983, ...}) = 0
mmap2(NULL, 38983, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf778a000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libseccomp.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20<\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=62976, ...}) = 0
mmap2(NULL, 65808, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf7779000
mmap2(0xf7786000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0xf7786000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\233\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1742588, ...}) = 0
mmap2(NULL, 1747580, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf75ce000
mmap2(0xf7773000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a5000) = 0xf7773000
mmap2(0xf7776000, 10876, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf7776000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf75cd000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf75cc000
set_thread_area({entry_number:-1, base_addr:0xf75cc700, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 (entry_number:12)
mprotect(0xf7773000, 8192, PROT_READ) = 0
mprotect(0xf7786000, 12288, PROT_READ) = 0
mprotect(0xf77b8000, 4096, PROT_READ) = 0
munmap(0xf778a000, 38983) = 0
open("/dev/null", O_RDONLY) = 3
brk(0) = 0x9933000
brk(0x9954000) = 0x9954000
prctl(PR_SET_NO_NEW_PRIVS, 0x1, 0, 0, 0) = 0
prctl(PR_SET_SECCOMP, 0x2, 0x9933048, 0, 0) = 0
write(2, "select is blocked!\n", 19) = 19
exit_group(1) = ?
+++ exited with 1 +++
More information about the openconnect-devel
mailing list