Dear list,
This configuration is minimalistic and works on OBSD 5.2 I386 (as reported
by vortexx on #obsd freenode, on CC):
internal: lo0 port = 1080
external: axe0
method: username none
user.notprivileged: _sockd
logoutput: stderr
client pass {
from: 127.0.0.0/8 to: 0.0.0.0/0 #internal network
log: connect disconnect
}
pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
command: connect udpassociate
log: connect disconnect
}
On OBSD 5.2 AMD64 though, the dante-1.1.19p0 package produces this error:
Mar 23 22:39:13 (1364078353) sockd[23769]: created new negotiatorchild
Mar 23 22:40:28 (1364078428) sockd[23769]: an internal error was detected
at sockd_negotiate.c:407
value = 0, version = $Id: sockd_negotiate.c,v 1.90 2005/11/08 16:00:21
michaels Exp $: Undefined error: 0 (errno = 0)
Mar 23 22:40:28 (1364078428) sockd[21587]: eof from negotiatorchild 23769
I took the opportunity to check out row 407 there. This row is an assert,
SASSERT(CMSG_TOTLEN(msg) == CMSG_SPACE(sizeof(int) * fdexpect));
what happens on AMD64 is that CMSG_TOTLEN(msg) is 20 and
CMSG_SPACE(sizeof(int) * fdexpect) 24.
It looks like this is the recvmsg handling code for receiving a socket from
the child process that's supposed to handle the socks call (or the other
way around -t his is the child process trying to recvmsg a socket from the
parent process), and it fails to pick up the socket appropriately.
It makes perfect sense that there's an integer size mistake involved here -
the original code was written for I386 and it still works, and now with
different arch some involved variable is of different size, making that
assert fail.
Commenting out the assert causes SIGSEGV:
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd5.2"...
(gdb) run
Starting program: /home/pop/dante-1.1.19/sockd/sockd
Mar 23 22:47:36 (1364078856) sockd[25622]: socks_seteuid(): old: 0, new:
1016
Mar 23 22:47:36 (1364078856) sockd[25622]: socks_reseteuid(): current:
1016, new: 0
Mar 23 22:47:36 (1364078856) sockd[25622]: fixsettings(): setting the
libwrap uid to 0 is not recommended
[New process 25622]
Mar 23 22:47:36 (1364078856) sockd[5783]: created new negotiatorchild
Mar 23 22:47:36 (1364078856) sockd[26119]: created new requestchild
Mar 23 22:47:36 (1364078856) sockd[24308]: created new requestchild
Mar 23 22:47:36 (1364078856) sockd[693]: created new requestchild
Mar 23 22:47:36 (1364078856) sockd[4811]: created new requestchild
Mar 23 22:47:36 (1364078856) sockd[25622]: dante/server v1.1.19 running
Mar 23 22:47:36 (1364078856) sockd[29628]: created new iochild
Just for reference, length is 20 and we expected 24.
<- debug print
statement i added, replacing the failing assert
Mar 23 22:47:38 (1364078858) sockd[5783]: pass(1): tcp/accept [:
127.0.0.1.33837 -> 127.0.0.1.1080
Just for reference, length is 20 and we expected 24.
Mar 23 22:47:38 (1364078858) sockd[5783]: pass(1): tcp/accept [:
127.0.0.1.42458 -> 127.0.0.1.1080
Just for reference, length is 20 and we expected 24.
Mar 23 22:47:38 (1364078858) sockd[5783]: pass(1): tcp/accept [:
127.0.0.1.24579 -> 127.0.0.1.1080
Mar 23 22:47:38 (1364078858) sockd[25622]: an internal error was detected
at sockd_request.c:226
value = 0, version = $Id: sockd_request.c,v 1.176 2006/01/07 18:54:07
michaels Exp $: Undefined error: 0 (errno = 0)
Program received signal SIGABRT, Aborted.
0x0000000206c88bca in kill () from /usr/lib/libc.so.65.0
(gdb) bt
#0 0x0000000206c88bca in kill () from /usr/lib/libc.so.65.0
#1 0x0000000206cef791 in abort () at /usr/src/lib/libc/stdlib/abort.c:68
#2 0x000000000040d98d in recv_req (s=Variable "s" is not available.
) at sockd_request.c:226
#3 0x0000000000000000 in ?? ()
Now, while Dante 1.1.x seems to be the only one that compiles easily on
OBSD, it is 7 years old and the latest series are 1.4.X . If anyone would
be interested in porting the latest one, would be appreciated :D
It's pretty standard Unix code.
Thanks,
Mikael
