On Fri, Oct 15, 2021 at 08:05:08PM +0200, Otto Moerbeek wrote:
[ some cut ]
> > Anything else I can collect.
>
> You might want to compile and install nsd wit debug symbols info:
>
> cd /usr/src/usr.sbin/nsd
> make -f Makefile.bsd-wrapper obj
> make -f Makefile.bsd-wrapper clean
> DEBUG=-g make -f Makefile.bsd-wrapper
> make -f Makefile.bsd-wrapper install
>
>
> Then: collect a gdb trace from a running process: install gdb from ports,
> run
> egdb --pid=pidofnsdchild /usr/sbin/nsd
>
> and wait for the crash.
>
> But I'm mostly unfamiliar with the nsd code and what has been changed
> recently. I's say make sure sthen@ and florian@ see this: move to
> bugs@ as I do not know if they read misc@.
>
> -Otto
Hi Otto and Mischa,
I'm watching this unfold and I'm trying to convert this packet with tr and
sed but I'm having a hard time, getting this to 101 bytes. It would be cool
if you could show this packet in a hex dump ie. kdump -X or kdump -x.
If you feel this really is a packet of nsd-death then I'd be interested in
seeing the hexdump privately. I know how to read some DNS formats but the
way it is in the kdump I'm having trouble converting that.
Best Regards,
-peter
> >
> > Mischa
> >
> >
> > >
> > > -Otto
> > >
> > > > 91127 nsd CALL
> > > > recvfrom(7,0xb2ac85b8000,0x20109,0,0xb2acfa96018,0xb27e485a968)
> > > > 91127 nsd GIO fd 7 read 101 bytes
> > > > "By\0\0\0\^A\0\0\0\0\0\^A\^A6\^A0\^A1\^A0\^A0\^A0\^A0\^A0\^A0\^A0\^A0\^A0\^A0\^A0\^A0\^A0\^A1\^A0\^A0\^A0\^A4\^A0\^A0\^A1\^A0\^A0\^A0\^A6\^A3\^A0\^Aa\^A2\^Cip6\^Darpa\0\0\f\0\
> > > > \^A\0\0)\^E\M-,\0\0\M^@\0\0\0"
> > > > 91127 nsd STRU struct sockaddr { AF_INET,
> > > > 141.101.75.185:10029 }
> > > > 91127 nsd RET recvfrom 101/0x65
> > > > 91127 nsd PSIG SIGSEGV SIG_DFL code SEGV_MAPERR<1> addr=0x10
> > > > trapno=6
> > > > 36104 nsd STRU struct pollfd [2] { fd=16, events=0x1<POLLIN>,
> > > > revents=0<> } { fd=15, events=0x1<POLLIN>, revents=0<> }
> > > > 36104 nsd PSIG SIGCHLD caught handler=0xb27e47fa340 mask=0<>
>
