mandos general protection error
Dick Middleton
dick at fouter.net
Fri Jan 23 15:11:10 CET 2009
Björn Påhlsson wrote:
>> Trying to connect - nothing much happens; reports error:
>>
>> sendmsg() to 0:0:ff02:: failed: Operation not permitted
>
> It seems that it fails to use Avahi to find the ZeroConf service. Do
> you have the avahi-daemon installed?
It seems to be there (on client and server). I assume it's the one on the
server that matters?
> Any special conditions like SELinux
No, I don't think so.
> Is IPv6 support installed?
That's a good question. I think so but I don't know how to prove it. It's
possible IPv6 is disabled in some significant application.
> Any
> additional information here would help us to reproduce the error.
The server is Debian Lenny but nothing is installed unless needed. I.e. basic
system, no X etc.
> You could try to use "strace" when starting mandos-client
I've attached that (xxx.gz)
without
> - --connect and send us the output;
> problem lies. What user are you running mandos-client as?
root both ends.
>> Anyway if I use --connect on mandos-client then it seems to run OK until
>> it gets a GPG error (see attached).
>
> "--connect" with mandos-client bypasses Avahi/ZeroConf completely. Here
> I have no idea why it doesn't work, and I haven't been able to reproduce
> it. Any manual installations of GnuTLS/libgcrypt11?
The gremlins are at work! I don't use gpg except where Debian has installed it
for its own key checking. I had a bit of bother installing the mandos keys as a
result. Maybe there's something missing.
Same with avahi. No idea what it's for - it's only installed because some app
demanded it. Could be a configuration problem with that.
I get the same symptoms on 2 different client systems.
>> On the server in syslog I get:
>>
>> Jan 22 19:24:20 Geronimo kernel: [769771.374160] mandos[22960] general
>> protection ip:b7a6b4bc sp:bfa94dd4 error:0 in
>> libgcrypt.so.11.4.4[b7a49000+66000]
>
> That sounds seriously weird.
I think the client side should be debugged first however sss.gz has session with
general protection error (only seen in syslog and at client). This is using
--connect again.
Dick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xxx.gz
Type: application/gzip
Size: 7812 bytes
Desc: not available
Url : http://mail.fukt.bsnet.se/pipermail/mandos-dev/attachments/20090123/6240a27b/attachment-0002.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sss.gz
Type: application/gzip
Size: 27608 bytes
Desc: not available
Url : http://mail.fukt.bsnet.se/pipermail/mandos-dev/attachments/20090123/6240a27b/attachment-0003.bin
More information about the Mandos-Dev
mailing list