On Fri, 29 Dec 2017, Luca Boccassi wrote:
> Control: close -1 3.7.0-1
>
> On Thu, 27 Aug 2015 17:32:02 +1000 [email protected] wrote:
> > Package: iproute2
> > Version: 3.16.0-2
> > Severity: normal
> >
> > 0-0-17:20:59, Thu Aug 27 tconnors@pi:~ (bash)
> > 7185,30> sudo ss -anu
> > State Recv-Q Send-Q Local
> Address:Port Peer Address:Port
> > 0-0-17:21:54, Thu Aug 27 tconnors@pi:~ (bash)
> >
> > Not sure whether it's a kernel 3.18 thing or not, because rkhunter
> > didn't use to false-detect that it thought a whole bunch of UDP ports
> > were being used. An another box running kernel 3.17, I do get
> > expected output:
> >
> > 445024,1> sudo ss -anu
> > State Recv-Q Send-Q Local
> Address:Port Peer Address:Port
> >
> UNCONN 0 0 *:36557
> *:*
> > ...
> >
> > Issue not fixed with iproute2 from testing.
> >
> >
> > Eg, from rkhunter:
> > Port number: UDP:123 is being used by /usr/sbin/ntpd
> >
> >
> > 6853,29> ps 714
> > PID TTY STAT TIME COMMAND
> > 714 ? Ss 2:32 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u
> 102:104
> >
> > 6854,30> cat /proc/714/net/udp
> > sl local_address rem_address st tx_queue rx_queue tr tm->when
> retrnsmt uid timeout inode ref pointer drops
> > 31: 00000000:82C3 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 9385 2 db301400 0
> > 57: 00000000:03DD 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 7244 2 db301180 0
> > 69: 00000000:14E9 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 110 0 8592 2 db300c80 0
> > 93: 00000000:0801 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 9363 2 db300280 0
> > 108: 00000000:A510 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 9660 2 d87fe280 0
> > 128: 00000000:8324 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 9693 2 d87fe500 0
> > 179: 00000000:0357 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 3555 2 db300000 0
> > 192: 00000000:B664 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 8067 2 db300a00 0
> > 203: 00000000:006F 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 7241 2 db300f00 0
> > 210: 00000000:9F76 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 110 0 8594 2 db300780 0
> > 215: 1C01A8C0:007B 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 9450 2 d87fe000 0
> > 215: 0100007F:007B 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 9449 2 db301b80 0
> > 215: 00000000:007B 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 9438 2 db301680 0
> > 245: 00000000:E899 00000000:0000 07 00000000:00000000 00:00000000
> 00000000 0 0 9729 2 d87fe780 0
> >
> > 6855,31> sudo lsof -p 714
> > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> > ntpd 714 ntp cwd DIR 0,13 4096 2 /
> (192.168.1.17:/piroot)
> > ntpd 714 ntp rtd DIR 0,13 4096 2 /
> (192.168.1.17:/piroot)
> > ntpd 714 ntp txt REG 0,13 453328 2054
> /usr/sbin/ntpd (192.168.1.17:/piroot)
> > ntpd 714 ntp mem REG 0,13 38612 171210 /lib/arm-
> linux-gnueabihf/libnss_nis-2.19.so (192.168.1.17:/piroot)
> > ntpd 714 ntp mem REG 0,13 71628 149467 /lib/arm-
> linux-gnueabihf/libnsl-2.19.so (192.168.1.17:/piroot)
> > ntpd 714 ntp mem REG 0,13 30592 166482 /lib/arm-
> linux-gnueabihf/libnss_compat-2.19.so (192.168.1.17:/piroot)
> > ntpd 714 ntp mem REG 0,13 75644 171217 /lib/arm-
> linux-gnueabihf/libresolv-2.19.so (192.168.1.17:/piroot)
> > ntpd 714 ntp mem REG 0,13 18048 171207 /lib/arm-
> linux-gnueabihf/libnss_dns-2.19.so (192.168.1.17:/piroot)
> > ntpd 714 ntp mem REG 0,13 9600 133334 /lib/arm-
> linux-gnueabihf/libnss_mdns4_minimal.so.2 (192.168.1.17:/piroot)
> > ntpd 714 ntp mem REG 0,13 42724 171208 /lib/arm-
> linux-gnueabihf/libnss_files-2.19.so (192.168.1.17:/piroot)
> > ntpd 714 ntp mem REG 0,13 17868 147644 /lib/arm-
> linux-gnueabihf/libattr.so.1.1.0 (192.168.1.17:/piroot)
>
> Hi,
>
> This was fixed upstream in 3.1.0, so closing this bug now.
Hmmm, something specific about the raspberry pi armv6l architecture?
Rerunning those same tests, still no ss output:
9229,1> uname -a
Linux pi 4.9.59+ #1047 Sun Oct 29 11:47:10 GMT 2017 armv6l GNU/Linux
0-0-18:24:32, Sat Dec 30 tconnors@pi:~ (bash)
9230,2> pidof ntpd
4388
0-0-18:24:44, Sat Dec 30 tconnors@pi:~ (bash)
9231,3> ps 4388
PID TTY STAT TIME COMMAND
4388 ? Ssl 0:01 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u
102:104
0-0-18:24:53, Sat Dec 30 tconnors@pi:~ (bash)
9232,4> sudo lsof -p 4388
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ntpd 4388 ntp cwd DIR 0,15 4096 2 /
(192.168.1.17:/piroot)
ntpd 4388 ntp rtd DIR 0,15 4096 2 /
(192.168.1.17:/piroot)
ntpd 4388 ntp txt REG 0,15 638704 9927 /usr/sbin/ntpd
(192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 75608 139227
/lib/arm-linux-gnueabihf/libresolv-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 18012 139220
/lib/arm-linux-gnueabihf/libnss_dns-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 9572 149171
/lib/arm-linux-gnueabihf/libnss_mdns4_minimal.so.2 (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 38588 139223
/lib/arm-linux-gnueabihf/libnss_nis-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 71604 139218
/lib/arm-linux-gnueabihf/libnsl-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 26456 139219
/lib/arm-linux-gnueabihf/libnss_compat-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 38560 139221
/lib/arm-linux-gnueabihf/libnss_files-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 116372 143562
/lib/arm-linux-gnueabihf/libgcc_s.so.1 (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 9800 139215
/lib/arm-linux-gnueabihf/libdl-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 1234700 139210
/lib/arm-linux-gnueabihf/libc-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 127300 139226
/lib/arm-linux-gnueabihf/libpthread-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 1827948 5797
/usr/lib/arm-linux-gnueabihf/libcrypto.so.1.1 (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 452152 139216
/lib/arm-linux-gnueabihf/libm-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 114088 27488
/usr/lib/arm-linux-gnueabihf/libopts.so.25.16.1 (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 17916 131560
/lib/arm-linux-gnueabihf/libcap.so.2.25 (192.168.1.17:/piroot)
ntpd 4388 ntp mem REG 0,15 138576 139174
/lib/arm-linux-gnueabihf/ld-2.24.so (192.168.1.17:/piroot)
ntpd 4388 ntp 0r CHR 1,3 0t0 3909 /dev/null
ntpd 4388 ntp 1r CHR 1,3 0t0 3909 /dev/null
ntpd 4388 ntp 2r CHR 1,3 0t0 3909 /dev/null
ntpd 4388 ntp 3u unix 0xd2b9a000 0t0 12215 type=DGRAM
ntpd 4388 ntp 16u IPv4 12227 0t0 UDP *:ntp
ntpd 4388 ntp 17u IPv4 12232 0t0 UDP localhost:ntp
ntpd 4388 ntp 18u IPv4 12234 0t0 UDP
pi.rather.puzzling.org:ntp
ntpd 4388 ntp 19u netlink 0t0 12235 ROUTE
ntpd 4388 ntp 20u unix 0xd2b9b300 0t0 12246 type=STREAM
ntpd 4388 ntp 21u unix 0xd2b9b560 0t0 12247 type=STREAM
0-0-18:25:11, Sat Dec 30 tconnors@pi:~ (bash)
9233,5> cat /proc/4388/net/udp
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt
uid timeout inode ref pointer drops
21: 00000000:006F 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 6754 2 dadf6840 0
24: 00000000:C272 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 7302 2 dadf7600 0
33: 1C01A8C0:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 12234 2 d0846580 0
33: 0100007F:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 12232 2 d0846000 0
33: 00000000:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 12227 2 d08462c0 0
36: 00000000:DE7E 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 7282 2 dadf7080 0
39: 00000000:0381 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 6755 2 dadf6580 0
41: 00000000:8883 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 7292 2 dadf7340 0
88: 00000000:03B2 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 4725 2 dadf62c0 0
120: 00000000:C9D2 00000000:0000 07 00000000:00000000 00:00000000 00000000
110 0 8573 2 dadf7b80 0
143: 00000000:14E9 00000000:0000 07 00000000:00000000 00:00000000 00000000
110 0 8571 2 dadf78c0 0
167: 00000000:0801 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 7237 2 dadf6b00 0
183: 00000000:E411 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 7246 2 dadf6dc0 0
0-0-18:25:21, Sat Dec 30 tconnors@pi:~ (bash)
9234,6> sudo ss -anu
State Recv-Q Send-Q Local Address:Port
Peer Address:Port
--
Tim Connors
