mandos general protection error

Dick Middleton dick at fouter.net
Fri Jan 23 15:11:10 CET 2009 

Björn Påhlsson wrote:

>> Trying to connect - nothing much happens; reports error:
>>
>> sendmsg() to 0:0:ff02:: failed: Operation not permitted
> 
> It seems that it fails to use Avahi to find the ZeroConf service.  Do
> you have the avahi-daemon installed? 

It seems to be there (on client and server).  I assume it's the one on the 
server that matters?

> Any special conditions like SELinux

No, I don't think so.

> Is IPv6 support installed? 

That's a good question.  I think so but I don't know how to prove it.  It's 
possible IPv6 is disabled in some significant application.

> Any
> additional information here would help us to reproduce the error.

The server is Debian Lenny but nothing is installed unless needed. I.e. basic 
system, no X etc.

> You could try to use "strace" when starting mandos-client 

I've attached that (xxx.gz)

without
> - --connect and send us the output; 

> problem lies.  What user are you running mandos-client as?  

root both ends.

>> Anyway if I use --connect on mandos-client then it seems to run OK until
>> it gets a GPG error (see attached).
> 
> "--connect" with mandos-client bypasses Avahi/ZeroConf completely. Here
> I have no idea why it doesn't work, and I haven't been able to reproduce
> it.  Any manual installations of GnuTLS/libgcrypt11?

The gremlins are at work! I don't use gpg except where Debian has installed it 
for its own key checking.  I had a bit of bother installing the mandos keys as a 
result.  Maybe there's something missing.

Same with avahi.  No idea what it's for - it's only installed because some app 
demanded it.  Could be a configuration problem with that.

I get the same symptoms on 2 different client systems.

>> On the server in syslog I get:
>>
>> Jan 22 19:24:20 Geronimo kernel: [769771.374160] mandos[22960] general
>> protection ip:b7a6b4bc sp:bfa94dd4 error:0 in
>> libgcrypt.so.11.4.4[b7a49000+66000]
> 
> That sounds seriously weird.

I think the client side should be debugged first however sss.gz has session with 
general protection error (only seen in syslog and at client).  This is using 
--connect again.

Dick




-------------- next part --------------
A non-text attachment was scrubbed...
Name: xxx.gz
Type: application/gzip
Size: 7812 bytes
Desc: not available
Url : http://mail.fukt.bsnet.se/pipermail/mandos-dev/attachments/20090123/6240a27b/attachment-0002.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sss.gz
Type: application/gzip
Size: 27608 bytes
Desc: not available
Url : http://mail.fukt.bsnet.se/pipermail/mandos-dev/attachments/20090123/6240a27b/attachment-0003.bin

More information about the Mandos-Dev mailing list