Opened 6 years ago

Closed 5 years ago

Last modified 4 years ago

#14958 closed defect (fixed)

address/get_if_addrs_ifaddrs and address/get_if_addrs_ioctl fail in FreeBSD jails

Reported by: reezer Owned by: rl1987
Priority: Medium Milestone:
Component: Core Tor/Tor Version: Tor: 0.2.6.3-alpha
Severity: Normal Keywords: tor-relay, 027-triaged-1-out
Cc: rl1987@…, seth+bugs@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When running Tor 2.6.3-alpha tests on FreeBSD 10.1 (inside a jail) I receive two FAILs.

http://pastebin.com/74nXVS7e

Verbose output:

$ ./src/test/test --verbose --info address/get_if_addrs_ifaddrs
Feb 19 22:41:59.715 [info] int crypto_early_init()(): OpenSSL version matches version from headers (100010af: OpenSSL 1.0.1j-freebsd 15 Oct 2014).
Feb 19 22:41:59.715 [info] int crypto_strongest_rand(uint8_t *, size_t)(): Reading entropy from "/dev/urandom"
Feb 19 22:41:59.715 [info] int crypto_global_init(int, const char *, const char *)(): NOT using OpenSSL engine support.
Feb 19 22:41:59.715 [info] int evaluate_evp_for_aes(int)(): This version of OpenSSL has a known-good EVP counter-mode implementation. Using it.
Feb 19 22:41:59.715 [info] int crypto_strongest_rand(uint8_t *, size_t)(): Reading entropy from "/dev/urandom"
address/get_if_addrs_ifaddrs: [forking] 
  	 OK src/test/test_address.c:227: assert(smartlist_len(results) >= 1): 1 vs 1
  FAIL src/test/test_address.c:228: assert(smartlist_contains_localhost_tor_addr(results))
  [get_if_addrs_ifaddrs FAILED]
1/1 TESTS FAILED. (0 skipped)
./src/test/test --verbose --info address/get_if_addrs_ioctl
Feb 19 22:44:26.198 [info] int crypto_early_init()(): OpenSSL version matches version from headers (100010af: OpenSSL 1.0.1j-freebsd 15 Oct 2014).
Feb 19 22:44:26.199 [info] int crypto_strongest_rand(uint8_t *, size_t)(): Reading entropy from "/dev/urandom"
Feb 19 22:44:26.199 [info] int crypto_global_init(int, const char *, const char *)(): NOT using OpenSSL engine support.
Feb 19 22:44:26.199 [info] int evaluate_evp_for_aes(int)(): This version of OpenSSL has a known-good EVP counter-mode implementation. Using it.
Feb 19 22:44:26.199 [info] int crypto_strongest_rand(uint8_t *, size_t)(): Reading entropy from "/dev/urandom"
address/get_if_addrs_ioctl: [forking] 
    OK src/test/test_address.c:440: assert(result)
  	 OK src/test/test_address.c:441: assert(smartlist_len(result) >= 1): 1 vs 1
  FAIL src/test/test_address.c:443: assert(smartlist_contains_localhost_tor_addr(result))
  [get_if_addrs_ioctl FAILED]
1/1 TESTS FAILED. (0 skipped)

Child Tickets

Change History (23)

comment:1 Changed 6 years ago by nickm

Cc: rl1987@… added
Keywords: tor-relay added
Milestone: Tor: 0.2.6.x-final

comment:2 Changed 6 years ago by nickm

Does this jail have a working localhost?

Does this work if you don't run it in a jail?

comment:3 Changed 6 years ago by reezer

It has a working localhost in the sense that I can ping it and it's shown in ifconfig. Also /etc/hosts is fine.

But yes, it seems to only happen inside jails. I will look into it further.

comment:4 Changed 6 years ago by reezer

Ah nonsense. The localhost in a FreeBSD jail is the host of the jail. That means that this test would always fail.

comment:5 Changed 6 years ago by reezer

Summary: address/get_if_addrs_ifaddrs and address/get_if_addrs_ioctl fail on FreeBSD 10.1address/get_if_addrs_ifaddrs and address/get_if_addrs_ioctl fail in FreeBSD jails

comment:6 Changed 6 years ago by nickm

"The localhost in a FreeBSD jail is the host of the jail."

If you list the interfaces in the jail, what do you get? Is there a 127.0.0.1?

comment:7 Changed 6 years ago by reezer

It is there, it just is not what it is supposed to be, cause the interface it refers to inside the jail is actually the loopback device of the host system. They are sharing it.

So for example you could on the host system run netcat and inside the jail do a telnet 127.0.0.1 <port> and one could connect to it.

That's a limitation of FreeBSD jails, as the network stack isn't completely virtualized yet. There is a project called VIMAGE to solve these limitations, but as of now I am not aware of any practical way to solve it.

ifconfig -a looks like this:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>

No IP there (it's really the complete output), but you can still listen on 127.0.0.1, just the interface is shared, which might have security implications of course. Maybe it's a good thing that Tor now has unix socket support in these scenarios where you run in a FreeBSD jail.

Last edited 6 years ago by reezer (previous) (diff)

comment:8 Changed 6 years ago by rl1987

Owner: set to rl1987
Status: newaccepted

comment:9 Changed 6 years ago by Sebastian

Does this test failing on freebsd jails actually indicate an issue for Tor's operation? If not it seems we could try and detect the situation and skip the test in that case?

comment:10 in reply to:  9 Changed 6 years ago by yawning

Replying to Sebastian:

Does this test failing on freebsd jails actually indicate an issue for Tor's operation? If not it seems we could try and detect the situation and skip the test in that case?

It's relatively harmless. There's fallback code in place that'll do the right thing. In the long run all of this code should go away, but that might be a while (#12377).

comment:11 Changed 6 years ago by nickm

Hmm. So, fix in 0.2.6? Detect jails and skip tests in 0.2.6? Leave failing in 0.2.6?

Options welcome.

comment:12 Changed 6 years ago by Sebastian

I think leave it failing is ok as it is the simplest answer that can't introduce new bugs and we have a good explanation of why it fails. Unless that means somehow freebsd ports cannot be made anymore?

comment:13 Changed 6 years ago by reezer

No, it's fine. It doesn't cause any problems for making ports.

comment:14 Changed 6 years ago by nickm

Milestone: Tor: 0.2.6.x-finalTor: 0.2.7.x-final

Okay, let's see if we can get the tests doing better in 0.2.7 then.

comment:15 Changed 6 years ago by reezer

For anyone working on this: A FreeBSD jail can easily be detected using sysctl -n security.jail.jailed, where 1 means jailed, 0 means not jailed.

comment:16 Changed 6 years ago by sysfu

Same problem with Tor-0.2.6.6 on OpenBSD 5.6-release

test-suite.log


FAIL: src/test/test
===================
<snip>
address/get_if_addrs_ioctl: [forking]

FAIL src/test/test_address.c:443: assert(smartlist_contains_localhost_tor_addr(result))
[get_if_addrs_ioctl FAILED]

<snip>
1/359 TESTS FAILED. (0 skipped)

Last edited 6 years ago by sysfu (previous) (diff)

comment:17 Changed 6 years ago by sysfu

Cc: seth+bugs@… added

comment:18 Changed 6 years ago by sysfu

Still an issue when building Tor 0.2.6.7 on OpenBSD 5.6-release

address/get_if_addrs_ioctl: [forking]

FAIL src/test/test_address.c:443: assert(smartlist_contains_localhost_tor_addr(result))
[get_if_addrs_ioctl FAILED]

comment:19 Changed 6 years ago by nickm

Keywords: 027-triaged-1-out added

Marking triaged-out items from first round of 0.2.7 triage.

comment:20 Changed 6 years ago by nickm

Milestone: Tor: 0.2.7.x-finalTor: 0.2.???

Make all non-needs_review, non-needs_revision, 027-triaged-1-out items belong to 0.2.???

comment:21 Changed 5 years ago by teor

Resolution: fixed
Severity: Normal
Status: acceptedclosed

This issue is fixed in 0.2.8-alpha-dev, please reopen this issue if the problem occurs again.

comment:22 Changed 4 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:23 Changed 4 years ago by nickm

Milestone: Tor: 0.3.???

Milestone deleted

Note: See TracTickets for help on using tickets.