[Bug 1908280] Re: Ubuntu 20.04: scapy fails to load BPF program

Launchpad Bug Tracker 1908280 at bugs.launchpad.net
Wed Feb 3 15:36:36 UTC 2021 

This bug was fixed in the package scapy - 2.4.4-4ubuntu1

---------------
scapy (2.4.4-4ubuntu1) hirsute; urgency=medium

  * debian/patches/scapy-lp1908280-hirsute.patch:
    scapy fails to load BPF program
    sock_fprog needs to be used instead of bpf_program
    Thanks to Ilya Leoshkevich (LP: #1908280)

 -- Frank Heimes <frank.heimes at canonical.com>  Tue, 02 Feb 2021 20:10:19
+0100

** Changed in: scapy (Ubuntu Hirsute)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1908280

Title:
  Ubuntu 20.04: scapy fails to load BPF program

Status in Ubuntu on IBM z Systems:
  Triaged
Status in scapy package in Ubuntu:
  Fix Released
Status in scapy source package in Focal:
  New
Status in scapy source package in Groovy:
  New
Status in scapy source package in Hirsute:
  Fix Released

Bug description:
  SRU Bug Template:
  =================

  [Impact]

   * There is an endianess problem in sock_fprog on s390x.

   * Compared to bpf_program where an int is used, sock_fprog uses a
  ushort length field.

   * This results in a different layout on big-endian machines and
  eventually prevents scapy to load BPF programs.

   * The fix is to define sock_fprog and copy the field values over from
  bpf_program.

  [Fix]

   * 474eb1f6930601e444227445f9e315b35c06a996 474eb1f6 "Use sock_fprog instead of bpf_program on Linux"
   
  [Test Case]

   * Have an Ubuntu Server 20.04 system or newer installed on LPAR, z/VM or KVM that comes with scapy 2.4.3.
   
   * Run the python test script: 'tlb.py' provided in the original bug descripton
     (like: python /bin/tlb.py 191.168.100.100 81 2001)

   * Verify the output returned by the python script
   
   * An error that indicates "socket.error: [Errno 22] Invalid argument" that this issue still exists.
   
   [Where problems could occur]

   * It's not simply possible to replace ushort by int, since this would
  break FreeBSD.

   * So this got fixed by defining sock_fprog and copying over field
  values from bpf_program.

   * In case the modification is broken it can have an impact on other
  architectures.

   * The fix for PyPy got moved and slightly changed - in case of a
  problem with the affected versions this may have no or a false effect.

   * But the changes are traceable, were discussed upstream in issue
  3298, the fix was tested by IBM and is upstream accepted.

   * Further more a patched Ubuntu package was build and shared in PPA: https://launchpad.net/~fheimes/+archive/ubuntu/lp1908280.
  __________

  The scapy sniff() function loads a BPF program into the kernel which
  apparently fails to load on s390x (Ubuntu 20.04).

  Contact Information = Alexander Schmidt

  ---uname output---
  Linux pok1-qz1-sr1-rk011-s21 5.4.0-51-generic #56-Ubuntu SMP Mon Oct 5 14:25:32 UTC 2020 s390x s390x s390x GNU/Linux

  Machine Type = 8562

  ---Steps to Reproduce---
   root at e4943f38d89b:/# cat /bin/tlb.py
  #!/usr/bin/env python

  import argparse
  from scapy.all import scapy, sniff, Ether, IP, TCP

  def tlb_sniff_cb(dip, dport):

      def send_pkt_to_target_vm(x):
          x[Ether].src = x[Ether].dst
          x[Ether].dst = None
          del x[IP].chksum
          x[IP].dst = dip
          if x.haslayer(TCP):
              del x[TCP].chksum
              x[TCP].dport = dport
              scapy.sendrecv.sendp(x)
      return send_pkt_to_target_vm

  def main():
      parser = argparse.ArgumentParser(description="TLB Simulator")
      parser.add_argument("dip", help="IP address of the target VM")
      parser.add_argument("dport", type=int, help="Dst port")
      parser.add_argument("lport", type=int, help="lb listener port")

      args = parser.parse_args()

      sniff(filter="dst port " + str(args.lport),
  prn=tlb_sniff_cb(args.dip, args.dport))

  if __name__ == "__main__":
      main()
  root at e4943f38d89b:/# python /bin/tlb.py 191.168.100.100 81 2001
  Traceback (most recent call last):
    File "/bin/tlb.py", line 33, in <module>
      main()
    File "/bin/tlb.py", line 29, in main
      sniff(filter="dst port " + str(args.lport), prn=tlb_sniff_cb(args.dip, args.dport))
    File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 731, in sniff
      *arg, **karg)] = iface
    File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 578, in __init__
      attach_filter(self.ins, filter, iface)
    File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 165, in attach_filter
      s.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp)
    File "/usr/lib/python2.7/socket.py", line 229, in meth
      return getattr(self._sock,name)(*args)
  socket.error: [Errno 22] Invalid argument

  Stack trace output:
   no

  Oops output:
   no

  System Dump Info:
    The system is not configured to capture a system dump.

  *Additional Instructions for Alexander Schmidt:
  -Attach sysctl -a output output to the bug.

  Upstream is fixed:
  https://github.com/secdev/scapy/commit/474eb1f6930601e444227445f9e315b35c06a996.
  It's a bit more complicated than s/int/ushort/, because that would
  break FreeBSD.

  This should be picked up by Canonical

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1908280/+subscriptions

More information about the Ubuntu-sponsors mailing list