** Description changed: - The scapy sniff() function loads a BPF program into the kernel which apparently fails to load on s390x (Ubuntu 20.04). + SRU Bug Template: + ================= + + [Impact] + + * There is an endianess problem in sock_fprog on s390x. + + * Compared to bpf_program where an int is used, sock_fprog uses a + ushort length field. + + * This results in a different layout on big-endian machines and + eventually prevents scapy to load BPF programs. + + * The fix is to define sock_fprog and copy the field values over from + bpf_program. + + [Fix] + + * 474eb1f6930601e444227445f9e315b35c06a996 474eb1f6 "Use sock_fprog instead of bpf_program on Linux" - Contact Information = Alexander Schmidt + [Test Case] + + * Have an Ubuntu Server 20.04 system or newer installed on LPAR, z/VM or KVM that comes with scapy 2.4.3. + * Run the python test script: 'tlb.py' provided in the original bug descripton + (like: python /bin/tlb.py 191.168.100.100 81 2001) + + * Verify the output returned by the python script + + * An error that indicates "socket.error: [Errno 22] Invalid argument" that this issue still exists. + + [Where problems could occur] + + * It's not simply possible to replace ushort by int, since this would + break FreeBSD. + + * So this got fixed by defining sock_fprog and copying over field + values from bpf_program. + + * In case the modification is broken it can have an impact on other + architectures. + + * The fix for PyPy got moved and slightly changed - in case of a + problem with the affected versions this may have no or a false effect. + + * But the changes are traceable, were discussed upstream in issue 3298, + the fix was tested by IBM and is upstream accepted. + + * Further more a patched Ubuntu package was build and shared in PPA: https://launchpad.net/~fheimes/+archive/ubuntu/lp1908280. + __________ + + The scapy sniff() function loads a BPF program into the kernel which + apparently fails to load on s390x (Ubuntu 20.04). + + Contact Information = Alexander Schmidt + ---uname output--- Linux pok1-qz1-sr1-rk011-s21 5.4.0-51-generic #56-Ubuntu SMP Mon Oct 5 14:25:32 UTC 2020 s390x s390x s390x GNU/Linux - - Machine Type = 8562 - + + Machine Type = 8562 + ---Steps to Reproduce--- - root@e4943f38d89b:/# cat /bin/tlb.py + root@e4943f38d89b:/# cat /bin/tlb.py #!/usr/bin/env python import argparse from scapy.all import scapy, sniff, Ether, IP, TCP - def tlb_sniff_cb(dip, dport): - def send_pkt_to_target_vm(x): - x[Ether].src = x[Ether].dst - x[Ether].dst = None - del x[IP].chksum - x[IP].dst = dip - if x.haslayer(TCP): - del x[TCP].chksum - x[TCP].dport = dport - scapy.sendrecv.sendp(x) - return send_pkt_to_target_vm - + def send_pkt_to_target_vm(x): + x[Ether].src = x[Ether].dst + x[Ether].dst = None + del x[IP].chksum + x[IP].dst = dip + if x.haslayer(TCP): + del x[TCP].chksum + x[TCP].dport = dport + scapy.sendrecv.sendp(x) + return send_pkt_to_target_vm def main(): - parser = argparse.ArgumentParser(description="TLB Simulator") - parser.add_argument("dip", help="IP address of the target VM") - parser.add_argument("dport", type=int, help="Dst port") - parser.add_argument("lport", type=int, help="lb listener port") + parser = argparse.ArgumentParser(description="TLB Simulator") + parser.add_argument("dip", help="IP address of the target VM") + parser.add_argument("dport", type=int, help="Dst port") + parser.add_argument("lport", type=int, help="lb listener port") - args = parser.parse_args() + args = parser.parse_args() - sniff(filter="dst port " + str(args.lport), + sniff(filter="dst port " + str(args.lport), prn=tlb_sniff_cb(args.dip, args.dport)) - if __name__ == "__main__": - main() + main() root@e4943f38d89b:/# python /bin/tlb.py 191.168.100.100 81 2001 Traceback (most recent call last): - File "/bin/tlb.py", line 33, in <module> - main() - File "/bin/tlb.py", line 29, in main - sniff(filter="dst port " + str(args.lport), prn=tlb_sniff_cb(args.dip, args.dport)) - File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 731, in sniff - *arg, **karg)] = iface - File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 578, in __init__ - attach_filter(self.ins, filter, iface) - File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 165, in attach_filter - s.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp) - File "/usr/lib/python2.7/socket.py", line 229, in meth - return getattr(self._sock,name)(*args) + File "/bin/tlb.py", line 33, in <module> + main() + File "/bin/tlb.py", line 29, in main + sniff(filter="dst port " + str(args.lport), prn=tlb_sniff_cb(args.dip, args.dport)) + File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 731, in sniff + *arg, **karg)] = iface + File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 578, in __init__ + attach_filter(self.ins, filter, iface) + File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 165, in attach_filter + s.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp) + File "/usr/lib/python2.7/socket.py", line 229, in meth + return getattr(self._sock,name)(*args) socket.error: [Errno 22] Invalid argument - Stack trace output: - no - + no + Oops output: - no - + no + System Dump Info: - The system is not configured to capture a system dump. - - *Additional Instructions for Alexander Schmidt: + The system is not configured to capture a system dump. + + *Additional Instructions for Alexander Schmidt: -Attach sysctl -a output output to the bug. Upstream is fixed: https://github.com/secdev/scapy/commit/474eb1f6930601e444227445f9e315b35c06a996. It's a bit more complicated than s/int/ushort/, because that would break FreeBSD. This should be picked up by Canonical
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1908280 Title: Ubuntu 20.04: scapy fails to load BPF program To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1908280/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
