[Bug 1908280] [NEW] Ubuntu 20.04: scapy fails to load BPF program

Launchpad Bug Tracker 1908280 at bugs.launchpad.net
Tue Feb 2 20:26:23 UTC 2021


You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):

SRU Bug Template:
=================

[Impact]

 * There is an endianess problem in sock_fprog on s390x.

 * Compared to bpf_program where an int is used, sock_fprog uses a
ushort length field.

 * This results in a different layout on big-endian machines and
eventually prevents scapy to load BPF programs.

 * The fix is to define sock_fprog and copy the field values over from
bpf_program.

[Fix]

 * 474eb1f6930601e444227445f9e315b35c06a996 474eb1f6 "Use sock_fprog instead of bpf_program on Linux"
 
[Test Case]

 * Have an Ubuntu Server 20.04 system or newer installed on LPAR, z/VM or KVM that comes with scapy 2.4.3.
 
 * Run the python test script: 'tlb.py' provided in the original bug descripton
   (like: python /bin/tlb.py 191.168.100.100 81 2001)

 * Verify the output returned by the python script
 
 * An error that indicates "socket.error: [Errno 22] Invalid argument" that this issue still exists.
 
 [Where problems could occur]

 * It's not simply possible to replace ushort by int, since this would
break FreeBSD.

 * So this got fixed by defining sock_fprog and copying over field
values from bpf_program.

 * In case the modification is broken it can have an impact on other
architectures.

 * The fix for PyPy got moved and slightly changed - in case of a
problem with the affected versions this may have no or a false effect.

 * But the changes are traceable, were discussed upstream in issue 3298,
the fix was tested by IBM and is upstream accepted.

 * Further more a patched Ubuntu package was build and shared in PPA: https://launchpad.net/~fheimes/+archive/ubuntu/lp1908280.
__________

The scapy sniff() function loads a BPF program into the kernel which
apparently fails to load on s390x (Ubuntu 20.04).

Contact Information = Alexander Schmidt

---uname output---
Linux pok1-qz1-sr1-rk011-s21 5.4.0-51-generic #56-Ubuntu SMP Mon Oct 5 14:25:32 UTC 2020 s390x s390x s390x GNU/Linux

Machine Type = 8562

---Steps to Reproduce---
 root at e4943f38d89b:/# cat /bin/tlb.py
#!/usr/bin/env python

import argparse
from scapy.all import scapy, sniff, Ether, IP, TCP

def tlb_sniff_cb(dip, dport):

    def send_pkt_to_target_vm(x):
        x[Ether].src = x[Ether].dst
        x[Ether].dst = None
        del x[IP].chksum
        x[IP].dst = dip
        if x.haslayer(TCP):
            del x[TCP].chksum
            x[TCP].dport = dport
            scapy.sendrecv.sendp(x)
    return send_pkt_to_target_vm

def main():
    parser = argparse.ArgumentParser(description="TLB Simulator")
    parser.add_argument("dip", help="IP address of the target VM")
    parser.add_argument("dport", type=int, help="Dst port")
    parser.add_argument("lport", type=int, help="lb listener port")

    args = parser.parse_args()

    sniff(filter="dst port " + str(args.lport),
prn=tlb_sniff_cb(args.dip, args.dport))

if __name__ == "__main__":
    main()
root at e4943f38d89b:/# python /bin/tlb.py 191.168.100.100 81 2001
Traceback (most recent call last):
  File "/bin/tlb.py", line 33, in <module>
    main()
  File "/bin/tlb.py", line 29, in main
    sniff(filter="dst port " + str(args.lport), prn=tlb_sniff_cb(args.dip, args.dport))
  File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 731, in sniff
    *arg, **karg)] = iface
  File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 578, in __init__
    attach_filter(self.ins, filter, iface)
  File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 165, in attach_filter
    s.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp)
  File "/usr/lib/python2.7/socket.py", line 229, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 22] Invalid argument

Stack trace output:
 no

Oops output:
 no

System Dump Info:
  The system is not configured to capture a system dump.

*Additional Instructions for Alexander Schmidt:
-Attach sysctl -a output output to the bug.

Upstream is fixed:
https://github.com/secdev/scapy/commit/474eb1f6930601e444227445f9e315b35c06a996.
It's a bit more complicated than s/int/ushort/, because that would break
FreeBSD.

This should be picked up by Canonical

** Affects: ubuntu-z-systems
     Importance: Medium
     Assignee: Skipper Bug Screeners (skipper-screen-team)
         Status: Triaged

** Affects: scapy (Ubuntu)
     Importance: Medium
     Assignee: Frank Heimes (fheimes)
         Status: In Progress

** Affects: scapy (Ubuntu Focal)
     Importance: Undecided
         Status: New

** Affects: scapy (Ubuntu Groovy)
     Importance: Undecided
         Status: New

** Affects: scapy (Ubuntu Hirsute)
     Importance: Medium
     Assignee: Frank Heimes (fheimes)
         Status: In Progress


** Tags: architecture-s39064 bugnameltc-188965 patch severity-medium targetmilestone-inin20041 universe
-- 
Ubuntu 20.04: scapy fails to load BPF program
https://bugs.launchpad.net/bugs/1908280
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.



More information about the Ubuntu-sponsors mailing list