This also affects on openvas-manager. Maybe it should check first, if ipv6 stack is really enabled before enabling tcp-ip dual stack listening ?
-- Eero 2015-09-28 18:50 GMT+03:00 Eero Volotinen <[email protected]>: > Maybe it should read like this: > > --- gsad.eero.c 2015-09-28 17:45:41.773547864 +0200 > > +++ gsad.c 2015-09-28 17:46:53.099552951 +0200 > > @@ -4615,7 +4615,7 @@ > > { > > gsad_address->sin_addr.s_addr = INADDR_ANY; > > gsad_address6->sin6_addr = in6addr_any; > > - address.ss_family = AF_INET6; > > + address.ss_family = AF_INET; > > } > > return 0; > > } > > at least with this modification it works on ipv6 disabled machine by > default. I did not tested this modification on ipv6 enabled machine.. > > -- > Eero > > 2015-09-28 18:44 GMT+03:00 Eero Volotinen <[email protected]>: > >> I think this bug is triggered when gsad is started without --listen >> parameter on machine that has ipv6 stack disabled. >> >> by looking source code, it looks like this: >> >> /** >> >> * @brief Initalizes the address to listen on. >> >> * >> >> * @param[in] address_str Address to listen on. >> >> * @param[in] port Port to listen on. >> >> * >> >> * @return 0 on success, 1 on failure. >> >> */ >> >> static int >> >> gsad_address_init (const char *address_str, int port) >> >> { >> >> struct sockaddr_in *gsad_address = (struct sockaddr_in *) &address; >> >> struct sockaddr_in6 *gsad_address6 = (struct sockaddr_in6 *) &address; >> >> >> printf("gsad_address_init: debug %s, %d", address_str,port); >> >> >> gsad_address_set_port (port); >> >> if (address_str) >> >> { >> >> if (inet_pton (AF_INET6, address_str, &gsad_address6->sin6_addr) > >> 0) >> >> address.ss_family = AF_INET6; >> >> else if (inet_pton (AF_INET, address_str, &gsad_address->sin_addr) >> > 0) >> >> address.ss_family = AF_INET; >> >> else >> >> { >> >> g_warning ("Failed to create GSAD address %s", address_str); >> >> return 1; >> >> } >> >> } >> >> else >> >> { >> >> gsad_address->sin_addr.s_addr = INADDR_ANY; >> >> gsad_address6->sin6_addr = in6addr_any; >> >> address.ss_family = AF_INET6; >> >> } >> >> return 0; >> >> } >> >> So, if gsad is started without --listen string on ipv6 disabled machine, >> then this code block is triggered: >> >> else >> >> { >> >> gsad_address->sin_addr.s_addr = INADDR_ANY; >> >> gsad_address6->sin6_addr = in6addr_any; >> >> address.ss_family = AF_INET6; >> >> } >> >> >> and it sets address.ss_family = AF_INET6 even if machine does not support >> ipv6 ? >> >> >> this looks like a bug? >> >> >> Eero >> >> 2015-09-28 15:16 GMT+03:00 Eero Volotinen <[email protected]>: >> >>> Hi, >>> >>> I disabled ipv6 on kernel level (on rhel 7) and after that is not >>> possible to start gsad. >>> >>> See following strace log: >>> >>> 2748 socket(PF_INET6, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_IP <unfinished >>> ...> >>> 2749 <... socket resumed> ) = -1 EAFNOSUPPORT (Address >>> family not supported by protocol) >>> 2749 write(4, "gsad main:WARNING:2015-09-28 11h"..., 117) = 117 >>> 2749 write(4, "gsad main:WARNING:2015-09-28 11h"..., 90) = 90 >>> 2748 <... socket resumed> ) = -1 EAFNOSUPPORT (Address >>> family not supported by protocol) >>> 2749 close(4) = 0 >>> 2748 write(4, "gsad main:WARNING:2015-09-28 11h"..., 117) = 117 >>> 2749 open("/usr/local/var/run/gsad.pid", O_RDONLY) = 4 >>> 2748 write(4, "gsad main:WARNING:2015-09-28 11h"..., 107 <unfinished >>> ...> >>> 2749 fstat(4, <unfinished ...> >>> 2748 <... write resumed> ) = 107 >>> 2749 <... fstat resumed> {st_mode=S_IFREG|0644, st_size=5, ...}) = 0 >>> 2748 socket(PF_INET6, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_IP <unfinished >>> ...> >>> 2749 read(4, "2749\n", 5) = 5 >>> 2749 close(4) = 0 >>> 2749 unlink("/usr/local/var/run/gsad.pid") = 0 >>> 2749 exit_group(1) = ? >>> 2748 <... socket resumed> ) = -1 EAFNOSUPPORT (Address >>> family not supported by protocol) >>> 2748 write(4, "gsad main:WARNING:2015-09-28 11h"..., 117) = 117 >>> 2749 +++ exited with 1 +++ >>> 2748 write(4, "gsad main:CRITICAL:2015-09-28 11"..., 82) = 82 >>> 2748 kill(2749, SIGTERM) = -1 ESRCH (No such process) >>> 2748 close(4) = 0 >>> >>> how to modify source to enable to start gsad on this kind of machine? >>> looks like it still tries to >>> socket(PF_INET6.. ) even it's not supported by kernel? >>> >>> -- >>> Eero >>> >>> 2015-09-21 15:22 GMT+03:00 Lukas Grunwald <[email protected]> >>> : >>> >>>> Hi, >>>> >>>> On 21.09.2015 13:24, Eero Volotinen wrote: >>>> >>>>> Hi, >>>>> >>>>> Noticed that on dual stack ipv4/6 machines gsad by default listens >>>>> only ipv6, not ipv4? >>>>> >>>>> Is this bug or feature? >>>>> >>>> >>>> Feature ;-) >>>> >>>> tcp6 0 0 :::80 :::* LISTEN 4388/gsad >>>> >>>> That mean both ipv4 and ipv6 binding ;-) >>>> >>>> >>>>> >>>> -- >>>> Regards >>>> Lukas Grunwald >>>> http://www.greenbone.net >>>> mail: [email protected] >>>> Greenbone Networks GmbH >>>> AG Osnabrück, HR B 202460 >>>> Neuer Graben 17, 49074 Osnabrueck, Germany >>>> Tel. +49-541-33-5084-0 Mob. +49-1511-25-24-255 >>>> Fax. +49-541-33-5084-99 >>>> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner >>>> >>>> _______________________________________________ >>>> Openvas-discuss mailing list >>>> [email protected] >>>> >>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>> >>> >>> >> >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
