problems building conntrack w/ uclibc - no output

problems building conntrack w/ uclibc - no output

[Alan Ezust]

[-- Attachment #1: Type: text/plain, Size: 2288 bytes --]

using libnetfilter_conntrack-0.0.31, libnfnetlink (SVN) and 
conntrack 1.00beta2. 

Hi Folks, I was just wondering, if I'm the only one in this boat. 

I'm trying to build conntrack for a box that runs uclibc, so I am using a 
scratchbox to build (i386-gcc-3.3.2-uclibc-0.9.26), and I've managed to build 
and insteall each of the three libraries, and they can run without any linker 
errors, but when I am running it on the embedded box, in -e mode, 
I see no output - when I strace, I see this in the output:

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000002}, 
msg_iov(1)=[{"\274\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
8192}], msg_controllen=0, msg_flags=0}, 0) = 188
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000002}, 
msg_iov(1)=[{"\274\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
8192}], msg_controllen=0, msg_flags=0}, 0) = 188
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000002}, 
msg_iov(1)=[{"\274\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
8192}], msg_controllen=0, msg_flags=0}, 0) = 188
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000004}, 
msg_iov(1)=[{"\244\0\0\0\2\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
8192}], msg_controllen=0, msg_flags=0}, 0) = 164
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000004}, 
msg_iov(1)=[{"\244\0\0\0\2\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
8192}], msg_controllen=0, msg_flags=0}, 0) = 164
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000004}, 
msg_iov(1)=[{"\244\0\0\0\2\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
8192}], msg_controllen=0, msg_flags=0}, 0) = 164
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000004}, 
msg_iov(1)=[{"\244\0\0\0\2\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
8192}], msg_controllen=0, msg_flags=0}, 0) = 164

So it seems conntrack is receiving messages but not printing them out 
properly. Has anyone else seen this problem? This is a hard problem to search 
for, since there are no error messages.


Any advice? 



-- 
Alan Ezust            www.presinet.com
Presinet, inc         alan.ezust@presinet.com
           Victoria, BC, Canada

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: problems building conntrack w/ uclibc - no output

[Pablo Neira Ayuso]

Alan Ezust wrote:
> using libnetfilter_conntrack-0.0.31, libnfnetlink (SVN) and 
> conntrack 1.00beta2. 
> 
> Hi Folks, I was just wondering, if I'm the only one in this boat. 
> 
> I'm trying to build conntrack for a box that runs uclibc, so I am using a 
> scratchbox to build (i386-gcc-3.3.2-uclibc-0.9.26), and I've managed to build 
> and insteall each of the three libraries, and they can run without any linker 
> errors, but when I am running it on the embedded box, in -e mode, 
> I see no output - when I strace, I see this in the output:
> 
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000002}, 
> msg_iov(1)=[{"\274\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
> 8192}], msg_controllen=0, msg_flags=0}, 0) = 188
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000002}, 
> msg_iov(1)=[{"\274\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
> 8192}], msg_controllen=0, msg_flags=0}, 0) = 188
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000002}, 
> msg_iov(1)=[{"\274\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
> 8192}], msg_controllen=0, msg_flags=0}, 0) = 188
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000004}, 
> msg_iov(1)=[{"\244\0\0\0\2\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
> 8192}], msg_controllen=0, msg_flags=0}, 0) = 164
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000004}, 
> msg_iov(1)=[{"\244\0\0\0\2\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
> 8192}], msg_controllen=0, msg_flags=0}, 0) = 164
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000004}, 
> msg_iov(1)=[{"\244\0\0\0\2\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
> 8192}], msg_controllen=0, msg_flags=0}, 0) = 164
> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000004}, 
> msg_iov(1)=[{"\244\0\0\0\2\1\0\0\0\0\0\0\0\0\0\0\2\0\0\0004\0\1\200\24"..., 
> 8192}], msg_controllen=0, msg_flags=0}, 0) = 164
> 
> So it seems conntrack is receiving messages but not printing them out 
> properly. Has anyone else seen this problem? This is a hard problem to search 
> for, since there are no error messages.
> 
> Any advice? 

Strange. Unfortunately I don't have access to such environment so I
would require a considerable amount of time to set it up and I'm
currently totally burden in many things. Could you run conntrack inside
gdb and try to figure out what it wrong?

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

Re: problems building conntrack w/ uclibc - no output

[Alan Ezust]

[-- Attachment #1: Type: text/plain, Size: 1635 bytes --]

On Monday 27 November 2006 18:36, Pablo Neira Ayuso wrote:

>
> Strange. Unfortunately I don't have access to such environment so I
> would require a considerable amount of time to set it up and I'm
> currently totally burden in many things. Could you run conntrack inside
> gdb and try to figure out what it wrong?

I can run gdb with conntrack on my own box (debian unstable x86), but that's 
got glibc and all the other modern libraries/tools. When I try to run it 
there, I now get a segfault (posted about earlier). I wonder if this is 
caused by one of the patchlets I applied from the patch-o-matic archive. In 
any case, I already posted the stack trace and info about that attempt.

But anyway, to get conntrack running the embedded box, I build conntrack and 
its related libs in scratchbox, and then I send the binaries over to the 
embedded box. And that's when I run into this weird problem which up to now 
I've only been able to get strace running. 

I am not sure how to debug conntrack in scratchbox because when I try to run 
it, recalc_rebind_subscriptions: bind(netlink): Operation not permitted
conntrack v1.00beta2: Can't open handler

I'm also not sure yet how to build gdb for the embedded box - so far, every 
time I try, it seems I am missing glibc or something that depends on glibc 
(termcap). Are there instructions for configuring gdb for an embedded system 
on top of uclibc anywhere? Or is there another debugger I should build 
instead?






-- 
Alan Ezust            www.presinet.com
Presinet, inc         alan.ezust@presinet.com
           Victoria, BC, Canada

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: problems building conntrack w/ uclibc - no output

[Alan Ezust]

[-- Attachment #1: Type: text/plain, Size: 2019 bytes --]

You can ignore my questions about building gdb. I have it on the embedded box 
now.
It's still not quite giving me what I want yet, but conntrack is hanging here:

root@PresiNET-99996:/root/ctdebug> gdb
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-pc-linux-gnu".
Using host libthread_db library "/lib/libthread_db.so.1".
Breakpoint 1 at 0x8049df0: file conntrack.c, line 606.

Breakpoint 1, main (argc=2, argv=0xbfe54f24) at conntrack.c:606
warning: Source file is more recent than executable.

606             unsigned int command = 0, options = 0;
Function "nfnl_listen()" not defined.
Function "nfct_get_conntrack()" not defined.
Breakpoint 2 at 0xb7f49b40: file libnetfilter_conntrack.c, line 1082.

Program received signal SIGINT, Interrupt.
0xb7f2dcdc in __socketcall () from /lib/libc.so.0
(gdb) where
#0  0xb7f2dcdc in __socketcall () from /lib/libc.so.0
#1  0xb7f1cd14 in recvmsg () from /lib/libc.so.0
#2  0xb7f4d55b in nfnl_listen () from /usr/local/lib/libnfnetlink.so.1
#3  0xb7f49cca in nfct_event_conntrack (cth=0x804db30) at 
libnetfilter_conntrack.c:1135
#4  0x0804b38c in main (argc=2, argv=0xbfe54f24) at conntrack.c:1090

Even though I'm building these libs with debugging symbols, gdb is having 
trouble finding them... I'll post more if I get more info.



On Tuesday 28 November 2006 09:38, Alan Ezust wrote:
> On Monday 27 November 2006 18:36, Pablo Neira Ayuso wrote:
> > Strange. Unfortunately I don't have access to such environment so I
> > would require a considerable amount of time to set it up and I'm
> > currently totally burden in many things. Could you run conntrack inside
> > gdb and try to figure out what it wrong?

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: problems building conntrack w/ uclibc - no output

[Pablo Neira Ayuso]

Alan Ezust wrote:
> Anyway, I'm still not quite sure what my problem is with building conntrack.
> I have an older executable that I somehow built successfully, and I can make  
> my currently needed changes to libnetfilter_conntrack and run the original 
> executable against my patched versions, so I am able to proceed for now, but 
> it would be so nice to know why my conntrack builds are always creating 
> executables that HANG here:
 >
> libnetfilter_conntrack.c
> int nfct_event_conntrack(struct nfct_handle *cth)
> {
> 	cth->handler = nfct_conntrack_netlink_handler;
> 	return nfnl_listen(cth->nfnlh, &callback_handler, cth); // NEVER RETURNS FROM 
> HERE
> }

It's *not* hanging, nfnl_listen blocks waiting to receive events from 
kernel space, this is the *expected behaviour*. Make sure you have 
enabled the conntrack event API.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of 
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris